[Snyk] Upgrade joi from 17.3.0 to 17.12.2

[rodcko]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade joi from 17.3.0 to 17.12.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 28 versions ahead of your current version.
• The recommended version was released a month ago, on 2024-02-21.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Information Exposure SNYK-JS-MONGODB-5871303	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SIDEWAYFORMULA-3317169	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: joi

• 17.12.2 - 2024-02-21
  

  17.12.2

• 17.12.1 - 2024-01-29
  

  17.12.1

• 17.12.0 - 2024-01-17
  

  17.12.0

• 17.11.1 - 2024-01-15
  

  17.11.1

• 17.11.0 - 2023-10-04
  

  17.11.0

• 17.10.2 - 2023-09-17
  

  17.10.2

• 17.10.1 - 2023-08-31
  

  17.10.1

• 17.10.0 - 2023-08-27
  

  17.10.0

• 17.9.2 - 2023-04-24
  

  17.9.2

• 17.9.1 - 2023-03-21
• 17.9.0 - 2023-03-20
• 17.8.4 - 2023-03-14
• 17.8.3 - 2023-02-21
• 17.8.2 - 2023-02-21
• 17.8.1 - 2023-02-19
• 17.8.0 - 2023-02-19
• 17.7.1 - 2023-02-10
• 17.7.0 - 2022-11-01
• 17.6.4 - 2022-10-22
• 17.6.3 - 2022-10-11
• 17.6.2 - 2022-09-29
• 17.6.1 - 2022-09-22
• 17.6.0 - 2022-01-26
• 17.5.0 - 2021-12-02
• 17.4.3 - 2021-12-01
• 17.4.2 - 2021-08-01
• 17.4.1 - 2021-07-11
• 17.4.0 - 2021-02-08
• 17.3.0 - 2020-10-24

from joi GitHub release notes

Commit messages

Package name: joi

• d279aa0 17.12.2
• 1e58834 correct type definition
• 48f6f54 17.12.1
• 8b7d0eb Merge pull request #3016 from hapijs/chore/backport-domain-tld
• 360bfd2 fix: domain default tld validation
• e7687b1 17.12.0
• adba13c Merge pull request #3014 from hapijs/feat/hex-prefix
• 336a338 feat: improve over #3011
• b532225 add tests
• 821b268 allow hex with prefix
• fb5926c 17.11.1
• 6d11457 chore: bump packages to latest versions
• 5451b3b Fix for #2874
• 83c2fa7 fix: do not override existing labels of underlying schemas in alternatives
• fe89d2d fix: LanguageMessages type now supports languages in TypeScript
• 9f60493 Merge pull request #3013 from hapijs/fix/multiple-precision
• cf2b6fa chore: add v17 branch to CI targets
• a06fbe2 fix: precision issue on number().multiple()
• aed0920 17.11.0
• ea6557c Merge pull request #2988 from hapijs/feat/custom-expression-functions
• 6a835c1 feat: allow custom expression functions
• 01bff41 17.10.2
• 81348f4 Merge pull request #2986 from hapijs/fix/missing-template-reference
• df7f8d2 fix: missing template reference should return null

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
expressjs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Mar 28, 2024 0:39am