url: runtime deprecate url.parse

PR-URL: https://github.com/nodejs/node/pull/55017
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>

doc/api/deprecations.md

@@ -3453,6 +3453,10 @@ Node-API callbacks.
 
 <!-- YAML
 changes:
+  - version:
+      - REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/55017
+    description: Application deprecation.
   - version:
       - v19.9.0
       - v18.17.0
@@ -3465,7 +3469,7 @@ changes:
     description: Documentation-only deprecation.
 -->
 
-Type: Documentation-only (supports [`--pending-deprecation`][])
+Type: Application (non-`node_modules` code only)
 
 [`url.parse()`][] behavior is not standardized and prone to errors that
 have security implications. Use the [WHATWG URL API][] instead. CVEs are not

lib/url.js

@@ -46,6 +46,7 @@ const {
 // This ensures setURLConstructor() is called before the native
 // URL::ToObject() method is used.
 const { spliceOne } = require('internal/util');
+const { isInsideNodeModules } = internalBinding('util');
 
 // WHATWG URL implementation provided by internal/url
 const {
@@ -63,8 +64,6 @@ const {
 
 const bindingUrl = internalBinding('url');
 
-const { getOptionValue } = require('internal/options');
-
 // Original url.parse() API
 
 function Url() {
@@ -125,7 +124,7 @@ const {
 let urlParseWarned = false;
 
 function urlParse(url, parseQueryString, slashesDenoteHost) {
-  if (!urlParseWarned && getOptionValue('--pending-deprecation')) {
+  if (!urlParseWarned && !isInsideNodeModules(100, true)) {
     urlParseWarned = true;
     process.emitWarning(
       '`url.parse()` behavior is not standardized and prone to ' +

test/parallel/test-url-parse-invalid-input.js

@@ -90,12 +90,12 @@ if (common.hasIntl) {
   });
 
   // Warning should only happen once per process.
-  const expectedWarning = [
-    `The URL ${badURLs[0]} is invalid. Future versions of Node.js will throw an error.`,
-    'DEP0170',
-  ];
   common.expectWarning({
-    DeprecationWarning: expectedWarning,
+    DeprecationWarning: {
+      // eslint-disable-next-line @stylistic/js/max-len
+      DEP0169: '`url.parse()` behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for `url.parse()` vulnerabilities.',
+      DEP0170: `The URL ${badURLs[0]} is invalid. Future versions of Node.js will throw an error.`,
+    },
   });
   badURLs.forEach((badURL) => {
     url.parse(badURL);

typings/internalBinding/util.d.ts

@@ -45,4 +45,5 @@ export interface UtilBinding {
   guessHandleType(fd: number): 'TCP' | 'TTY' | 'UDP' | 'FILE' | 'PIPE' | 'UNKNOWN';
   parseEnv(content: string): Record<string, string>;
   styleText(format: Array<string> | string, text: string): string;
+  isInsideNodeModules(frameLimit: number, defaultValue: unknown): boolean;
 }