DeprecationWarning: punycode module used by dependencies

[mikeciffone]

Environment details

• OS: macOS 14.4, 23E214
• Node.js version: v21.4.0
• npm version: 10.2.4
• googleapis version: 134.0.0

Steps to reproduce

1. Set up a basic Node.js project using the googleapis package.
2. Run a script that initiates a call to the Google Sheets API, for instance, fetching data from a sheet.
3. Observe the DeprecationWarning in the console output.

Note: The script is run with the --trace-deprecation flag to show where the warning was created.

Expected behavior

No deprecation warnings should be displayed when using up-to-date and maintained dependencies within googleapis.

Actual behavior

A DeprecationWarning related to the punycode module is displayed in the console output. The warning is as follows:

(node:61405) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
    at node:punycode:3:9
    at BuiltinModule.compileForInternalLoader (node:internal/bootstrap/realm:397:7)
    at BuiltinModule.compileForPublicLoader (node:internal/bootstrap/realm:333:10)
    at loadBuiltinModule (node:internal/modules/helpers:101:7)
    at Module._load (node:internal/modules/cjs/loader:1001:17)
    at Module.require (node:internal/modules/cjs/loader:1235:19)
    at require (node:internal/modules/helpers:176:18)
    at Object.<anonymous> (/Users/mike/myapp/node_modules/whatwg-url/lib/url-state-machine.js:2:18)
    at Module._compile (node:internal/modules/cjs/loader:1376:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1435:10)

The trace leads back to the whatwg-url module, used by a dependency chain initiated by googleapis.

Specifically, the chain is as follows: googleapis > google-auth-library > gaxios > node-fetch > whatwg-url.

I understand that this warning does not currently affect functionality, but I thought it might be helpful to report this. I believe that I've done my due diligence to check that this has not been resolved or is already open. However, this is my first time opening an issue on a project, so pardon me if I've overlooked something.

Here is the output of npm ls whatwg-url for reference:

[email protected] /Users/mike/myapp
└─┬ [email protected]
  └─┬ [email protected]
    └─┬ [email protected]
      └─┬ [email protected]
        └── [email protected]

[EvilJordan]

Unfortunately/fortunately, the only real, lasting option is an upgrade from node-fetch@2 to node-fetch@3 (or using the internal node fetch library). Why google is not on top of this, I do not know.

[mevero]

temporary solution: add override in package.json
"overrides": { "whatwg-url": "^14.0.0" },

[micttyoid]

Note the solution here is told temporary until the drop of Node 10 to upgrade node-fetch to v3. With the upgrade, new configuration may reflect that the dependency whatwg-url is no longer needed