Hi Cloudinary team 👋
I’m running into a Node.js deprecation warning in a Next.js (App Router) project while using cloudinary v2.8.0, and I’m not completely sure where it’s coming from. The warning looks like this:
(node:15974) [DEP0169] DeprecationWarning: `url.parse()` behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for `url.parse()` vulnerabilities.
I don’t use url.parse() anywhere in my own code, so I started looking through dependencies to see what might be triggering it.
What I Found (but not 100% sure)
When searching through node_modules, I noticed that Cloudinary still contains a few references to url.parse() in:
- lib/api_client/execute_request.js
- lib/config.js
I think these might be related to the warning I’m seeing at runtime, but I’m not entirely certain because Next.js bundles and executes code in ways that make it a bit tricky to track down the exact source.
Versions
- cloudinary: 2.8.0
- Next.js: 16.0.3 (App Router)
- Node.js: 22
Question / Request
Would it make sense to update the remaining references to url.parse() to the WHATWG URL API?
I’m not 100% sure Cloudinary is the source, but it seems likely based on what I found.
Thanks a lot for your work on the library! Let me know if you need more details or if I can help test something.
Hi Cloudinary team 👋
I’m running into a Node.js deprecation warning in a Next.js (App Router) project while using cloudinary v2.8.0, and I’m not completely sure where it’s coming from. The warning looks like this:
(node:15974) [DEP0169] DeprecationWarning: `url.parse()` behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for `url.parse()` vulnerabilities.I don’t use url.parse() anywhere in my own code, so I started looking through dependencies to see what might be triggering it.
What I Found (but not 100% sure)
When searching through node_modules, I noticed that Cloudinary still contains a few references to url.parse() in:
I think these might be related to the warning I’m seeing at runtime, but I’m not entirely certain because Next.js bundles and executes code in ways that make it a bit tricky to track down the exact source.
Versions
Question / Request
Would it make sense to update the remaining references to url.parse() to the WHATWG URL API?
I’m not 100% sure Cloudinary is the source, but it seems likely based on what I found.
Thanks a lot for your work on the library! Let me know if you need more details or if I can help test something.