Joi version 14.3.0 represents a minor update to the popular JavaScript object schema validation library, building upon the foundation laid by version 14.2.0. Examining the metadata, the core dependencies remain consistent, utilizing the same versions of hoek, topo, and isemail for internal utilities. Similarly, the development dependencies for testing and documentation – lab, code, and hapitoc – are unchanged. This suggests that the update doesn't involve major overhauls of the underlying architecture or testing methodologies. The license remains under the BSD-3-Clause ensuring the package is production ready.
The key difference lies in the unpacked size of the distribution, with 14.3.0 weighing in at 192729 bytes compared to 14.2.0's 192013 bytes. This small increase suggests minor additions and refinements rather than extensive new features or significant code restructuring. Developers considering upgrading should note the release date difference - there are six hours between versions, making this a bug fix roll out. They'd be best placed reviewing the changelog for specific bug fixes and incremental validation improvements introduced in 14.3.0 to assess relevance to their projects. While both versions are stable, the update promises a slightly refined validation experience, although the impact on performance and overall functionality is likely to be minimal.
All the vulnerabilities related to the version 14.3.0 of the package
hoek subject to prototype pollution via the clone function.
hoek versions prior to 8.5.1, and 9.x prior to 9.0.3 are vulnerable to prototype pollution in the clone function. If an object with the proto key is passed to clone() the key is converted to a prototype. This issue has been patched in version 9.0.3, and backported to 8.5.1.
