This repository has been archived by the owner on Jan 31, 2025. It is now read-only.
Upgrade dependencies to support hapi 19 #173
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 7 commits
March 28, 2020 19:42
This upgrade required two main changes: 1. There is no longer a way to query the strategies registered with the server. The previous behavior was to warn that a strategy was not registered, then continue creating the route without the specified auth options. With this change, the route options will be added as long as they are specified. If the auth strategy is not registered, then an error will be thrown when registering the route. This seems to be inline with README. 2. Hapi 19 no longer allows uncompiled top-level validation schemas unless a validator is configured with the server. In previous versions, Joi was used by default. To address this, after the validators are created for a path/operation, any top-level object that is not already a Joi schema is wrapped in Joi.object().
Upgrade enjoi to latest and joi to latest that is supported by enjoi. Additional work needs to be done once enjoi supports @hapi/joi >= 16.
This upgrade addresses a vulnerability found by npm audit
This aligns @hapi/joi with the peer dependency requirement for enjoi.
|
Thank you so much for the very detail description and PR. Changes look good but builds are failing for node 8 & 10. |
Hapi v19 requires node >= 12. This change will make that more apparent to consumers.
|
@tlivings Correct. According to hapijs/hapi#4017, Hapi v19 does not support node 11 or older. Based on this, for hapi-openapi to support hapi v19, I think the same restriction will be true. I updated the |
|
Ok, you'll need to update the travis yaml too in that case. |
tlivings
approved these changes
Apr 5, 2020
|
can you release ? |
|
Published as |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes:
This PR updates several dependencies (list below). The hapi upgrade includes two important changes:
There is no longer a way to query the strategies registered with the server. The previous behavior allowed hapi-openapi to issue a warning that an auth strategy was not registered, then continue creating the route without the specified auth options. With this change, the route options will be added as long as they are specified. If the auth strategy is not registered, then an error will be thrown when registering the route. This seems to be inline with the existing text in README.md.
Hapi 19 no longer allows uncompiled top-level validation schemas unless a validator is configured with the server. In previous versions, Joi was used by default. To address this, after the validators are created for a path/operation, any top-level object that is not already a Joi schema is wrapped in Joi.object(). I went with this approach rather than setting a default validator on the server so that the host codebase could still have flexibility to use a different default validator for any routes that may be created outside hapi-openapi.
Dependencies upgraded:
At the time of this PR, all vulnerabilities found with
npm audithave been addressed.Issues addressed:
This PR addresses or partially addresses the following issues: