cloudinary_npm icon indicating copy to clipboard operation
cloudinary_npm copied to clipboard
verified publisher icon cloudinary

Possible Deprecation Warning from url.parse() when using Cloudinary in Next.js

Open Figumari opened this issue 2 months ago • 1 comments

Hi Cloudinary team 👋

I’m running into a Node.js deprecation warning in a Next.js (App Router) project while using cloudinary v2.8.0, and I’m not completely sure where it’s coming from. The warning looks like this: (node:15974) [DEP0169] DeprecationWarning: `url.parse()` behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for `url.parse()` vulnerabilities. I don’t use url.parse() anywhere in my own code, so I started looking through dependencies to see what might be triggering it.

What I Found (but not 100% sure)

When searching through node_modules, I noticed that Cloudinary still contains a few references to url.parse() in:

  • lib/api_client/execute_request.js
  • lib/config.js

I think these might be related to the warning I’m seeing at runtime, but I’m not entirely certain because Next.js bundles and executes code in ways that make it a bit tricky to track down the exact source.

Versions

  • cloudinary: 2.8.0
  • Next.js: 16.0.3 (App Router)
  • Node.js: 22

Question / Request

Would it make sense to update the remaining references to url.parse() to the WHATWG URL API? I’m not 100% sure Cloudinary is the source, but it seems likely based on what I found.

Thanks a lot for your work on the library! Let me know if you need more details or if I can help test something.

Figumari avatar Nov 25 '25 10:11 Figumari

Hi Figumari,

Thanks for reaching out!

I've passed on your query to our internal SDK team and will let you know as soon as there are any updates.

Best Regards, Deji

dejihastrup-cl avatar Nov 26 '25 14:11 dejihastrup-cl