Joi version 14.2.0 represents a minor update over the previous stable version, 14.1.1, in the popular object schema validation library. Both versions maintain the same core dependencies including "hoek", "topo", and "isemail," ensuring continued compatibility and reliability in existing projects. The developer experience remains consistent, as evidenced by identical development dependencies like "lab," "code," and "hapitoc," suggesting seamless transition for testing and documentation workflows.
The key differences between the versions are subtle, with the most noticeable change being a slight increase in the unpacked size of the package, from 190069 bytes in version 14.1.1 to 192013 bytes in version 14.2.0. This likely indicates the inclusion of minor enhancements, bug fixes, or documentation updates. Furthermore, version 14.2.0 was released on November 25, 2018, just a day after version 14.1.1. Developers considering upgrading should review the changelog for joi between these versions to identify any specific fixes relevant to their use cases. Although the changes appear minimal, staying up-to-date with the latest minor versions often brings improvements in performance, security, and overall stability benefiting all joi users. Both versions are licensed under the BSD-3-Clause license, offering flexibility in commercial and open-source projects.
All the vulnerabilities related to the version 14.2.0 of the package
hoek subject to prototype pollution via the clone function.
hoek versions prior to 8.5.1, and 9.x prior to 9.0.3 are vulnerable to prototype pollution in the clone function. If an object with the proto key is passed to clone() the key is converted to a prototype. This issue has been patched in version 9.0.3, and backported to 8.5.1.
