Joi 14.1.0 presents a minor version update over its predecessor, 14.0.6, both maintaining the core function of object schema validation. While the fundamental purpose remains consistent, a key distinction lies in the development dependencies. Joi 14.1.0 upgrades lab from version 17.x.x to 18.x.x, hinting at potential enhancements in testing infrastructure or compatibility updates supporting the newer testing environment. The core dependencies on hoek, topo, and isemail remain unchanged, suggesting a stable underlying architecture for schema validation, which is reassuring for developers relying on consistent behavior.
The updated version, released a week after the previous one, also sees a small increase in unpackedSize, indicating a possible addition of features, tests or documentation improvements, small enough to maintain the same fileCount.
Both versions are licensed under the BSD-3-Clause license, ensuring open-source usability. Developers considering an upgrade should primarily focus on the implications of the lab update. Projects heavily invested in the lab testing framework should evaluate compatibility with version 18.x.x to ensure a smooth transition. The minimal changes in core dependencies make the update attractive for those wanting to stay current without risking breaking changes in the validation logic. Joi, as a robust validation library, remains steadfast in its purpose, promising developers a dependable means of enforcing data integrity.
All the vulnerabilities related to the version 14.1.0 of the package
hoek subject to prototype pollution via the clone function.
hoek versions prior to 8.5.1, and 9.x prior to 9.0.3 are vulnerable to prototype pollution in the clone function. If an object with the proto key is passed to clone() the key is converted to a prototype. This issue has been patched in version 9.0.3, and backported to 8.5.1.
