Replace uri-js abandoned dependency

[xavierraffin]

This is not exactly an installation issue but it may become one.

The uri-js package is unmaintained and abandoned: garycourt/uri-js#96
This is also a kown security issue: #1978

This dependency should be replaced (maybe with https://github.com/andreinwald/uri-js-replace or maybe with something else).

The version of Ajv you are using

6.12.6

Operating system and node.js version

Reproduce on Linux, MacOS and Windows

Package manager and its version

[email protected]

Link to (or contents of) package.json

uri-js:4.4.1

ajv/package.json

Line 108 in f06766f

"uri-js": "^4.4.1"

Error messages

Warning message at runtime (will break with future node versions):

(node:81876) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
(Use `node --trace-deprecation ...` to show where the warning was created)

[jasoniangreen]

Ah yes, interesting point. We recently moved over the actual default uri lib to fast-uri but there was always tests for both of them in the repo. Right now the old uri-js is not being used by default, but it is in the repo. I will have a look at removing it, I don't think it adds much value anymore.

Oh and I see you are using AJV 6.12.6? If you update to the latest you'll find we've changed it to fast-uri.

[HowieG]

@jasoniangreen thanks for clarifying! eslint is pinned to [email protected] and it seems it was decided not to upgrade to v8. However there's this chore and this PR either of which would replace uri-js with fast-uri. Just FYI if people report the DeprecationWarning from eslint

[jasoniangreen]

Thanks for the extra context @HowieG - So if this is specifically due to eslint using an old version of AJV then I will close this ticket as there's not much to be done. If, however, we are finding that even having uri-js as a DEV dependency is causing problems, then please let me know and I will reopen.