[Bug]: punycode deprecation warning on Node 22 LTS

[camsteffen]

Version

29.7.0

Steps to reproduce

Run any test suite with jest environment jsdom using Node 22.

Expected behavior

No deprecation warning is printed.

Actual behavior

The following warning is printed before tests run.

(node:57226) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
(Use `node --trace-deprecation ...` to show where the warning was created)

Additional context

This problem is also mentioned in #15148, but while upgrading jest-environment-jsdom is a possible solution, I'd like to specifically track the deprecation warning happening on the stable release (#15148 seems to be about the alpha release).

Environment

System:
OS: macOS 15.0.1
CPU: (12) arm64 Apple M2 Pro
Binaries:
Node: 22.11.0 - ~/.local/state/fnm_multishells/98505_1730127764871/bin/node
npm: 10.9.0 - ~/.local/state/fnm_multishells/98505_1730127764871/bin/npm
npmPackages:
jest: ^29.7.0 => 29.7.0

[tylerd-canva]

relevant #15276

[github-actions]

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 30 days.

[camsteffen]

(no activity indeed)

[alfaproject]

Jest feels abandoned ):

[ginosanterre]

It looks like that. Are you going to replace it with something else? What are the options?

[Smrtnyk]

@ginosanterre https://github.com/vitest-dev/vitest is currently the most popular option

[ashwintmbi]

Anyone successfully patch this?

[MirKml]

This clumsy npm overrides works for our app. It also fixes punycode problem in other our deps. packages.
Because punycode problem is warning only and will be same for a long time, I hope it will be fixed in jest@next at least. 🙏

 "overrides": {
    "psl": "npm:@imput/psl@2.0.4",
    "data-urls@3.*": {
      "whatwg-url": "12.0.1"
    },
    "jest-environment-jsdom": {
      "jsdom": {
        "whatwg-url": "12.0.1"
      }
    }
  }

[LiviuSosu]

@MirKml where did you write that snippet? I've already looked into the pakage.json and similar files, but I could not get a hint of where should I write that code snippet.

Many thanks in advance to anyone who cold answer.

[MirKml]

@LiviuSosu into package.json. Overrides are supported by npm itself https://docs.npmjs.com/cli/v10/configuring-npm/package-json#overrides
other package managers have also this feature, maybe with another syntax ....

NPM has also some bugs in overrides implementation, npm ls and google are your friends. Using overrides is always clumsy workaround :-) (for me)

[SimenB]

You don't need overrides, just update psl in your lockfile (or tough-cookie which will update psl for you)

[alfaproject]

Not sure what kind of answer is that. Even if it works for npm, it doesn't work for other package managers without explicit overrides because they'll just revert to what's currently needed by jest-environment-jsdom@29.7.0

Which at the time of writing, requires jsdom@20.0.3 which in turn requires tough-cookie@4.1.4 which in turns require punycode directly, hence the problem

[LiviuSosu]

Hi @alfaproject

@MirKml clarified for me whete to put the code snippet. It fixed my problem (or hid it, as I am using npm) but he also stated that it is a clumsy solution. I am working on a side project for learning purposes, so... thank you again MirKml. I didn't want to coment because I feared reopening the issue.

@SimenB , with a due respect and regret, I didn't get your answer, in case @alfaproject is reffering to yours. Maybe you could explain it for someone who doesn't have your knowlegde.

For example " just update psl in your lockfile (or tough-cookie ..." there are my psls in my package.lockfile.json. I don't know which one I should update and expecially how (what should I write instead)?

[SimenB]

JSDOM doesn't lock down its version of tough-cookie (https://www.runpkg.com/?jsdom@20.0.3/package.json#41), so it doesn't matter what package manager you're using, just update the version of tough-cookie in your project. yarn up -R tough-cookie with (modern) yarn, and something else for npm or pnpm etc.

[alfaproject]

@SimenB I think you missed the rest of my reply. This is the version that matches jsdom@20.0.3: https://www.runpkg.com/?tough-cookie@4.1.4/package.json#106

[LiviuSosu]

also, my packages are always up to date. I am cecking for updates on a weekly basis.

[SimenB]

punycode dep was never the issue directly, it was psl importing punycode in a way node 22 deprecated.

lupomontero/psl#298

Updating psl should resolve it.

[alfaproject]

I see, that makes sense and I'm an idiot. Sorry for the noise

[MirKml]

Fine that psl is solved, but I think psl is only one of punycode related problematic package in jest ecosystem @SimenB.
after solving psl, my tests still complain about punycode and traces ends in tr46

(node:57226) [DEP0040] DeprecationWarning: The punycodemodule is deprecated. Please use a userland alternative instead. (Usenode --trace-deprecation ... to show where the warning was created)

Problematic tr46 is dependency for whatwg-url@11.0.0 which is dependency for jsdom@20.0.3, which is dependency for jest-environment-jsdom@29.7.0

└─┬ jest-environment-jsdom@29.7.0
  └─┬ jsdom@20.0.3
    ├─┬ data-urls@3.0.2
    │ └─┬ whatwg-url@11.0.0
    │   └── tr46@3.0.0
    └─┬ whatwg-url@11.0.0
      └── tr46@3.0.0

So I think problem isn't solved and issue needs to be reopen.
Does anyone else still have the problem?

[geemorin]

some CSS parsing problems with jsdom<26.0.0 too because of not supporting @layer and so on...

Maybe there is something I don't understand but why don't we want to keep dependencies up to date? Is this version too invasive?