Update dependencies #35
Conversation
|
you're correct in that only devDependencies here are vulnerable. i like the idea of updating everything, i just need to take a few minutes and make sure there's nothing that warrants a major version bump here (i don't think there is, since it's all internal usage libraries anyway) i'll get this released shortly. thanks for your help! |
| @@ -353,37 +353,31 @@ internals.addHeaders = function (request, h) { | |||
|
|
|||
| internals.validateOptions = function (options) { | |||
|
|
|||
| let result; | |||
| const { error, value } = Schema.validate(options); | |||
There was a problem hiding this comment.
.validate with a callback parameter seems to be deprecated.
| @@ -30,5 +30,5 @@ module.exports = Joi.object({ | |||
| styleSrc: Joi.array().items(Joi.string()).single().default(['self']) | |||
| .when('generateNonces', { is: [false, 'script'], then: Joi.array().items(Joi.string().valid('strict-dynamic').forbidden()) }), | |||
| workerSrc: Joi.array().items(Joi.string()).single().default(['self']), | |||
| generateNonces: Joi.alternatives().try([Joi.boolean(), Joi.string().valid('script', 'style')]).default(true) | |||
| generateNonces: Joi.alternatives().try(Joi.boolean(), Joi.string().valid('script', 'style')).default(true) | |||
There was a problem hiding this comment.
Joi migration. They transitioned to using spread args instead of an array of args.
| @@ -439,7 +439,7 @@ describe('Generic headers', () => { | |||
| url: '/' | |||
| }); | |||
|
|
|||
| expect(res.statusCode).to.equal(200); | |||
| expect(res.statusCode).to.equal(204); | |||
There was a problem hiding this comment.
return '' on line 433 is being treated as an empty response and is a 204 (no content) rather than a 200 like before.
| @@ -24,6 +24,6 @@ describe('Blankie', () => { | |||
| options: { | |||
| reportOnly: 'invalid value' | |||
| } | |||
| }])).to.reject(Error, 'child "reportOnly" fails because ["reportOnly" must be a boolean]'); | |||
| }])).to.reject(Error, '"reportOnly" must be a boolean'); | |||
There was a problem hiding this comment.
Joi error string format changed here.
|
Bumped that version again due to a new hapijs/hapi#4017 I'd probably bump the major version because node v11 is unsupported by hapi going forward. Even if hoek still works fine with v11, it could break in a minor version update without warning. |
|
published as 5.0.0 |
This package has started reporting vulnerabilities in
npm audit. I'm fairly certain that only test dependencies are vulnerable, but wanted to get this fixed up anyway.The first commit is enough to stop
npm auditcomplaints.The second commit is a complete update of all dependencies and requires some joi validation migrations.
Let me know if this works, I'd love to get it in so we don't need to manage a fork.