Closed yoieh closed 4 years ago
@yoieh thanks for the thorough report! I agree, it is due time to upgrade some of rest-hapi's major dependencies. This project is still being maintained, though resources are very limited. The needed updates (especially joi) look to require a sizable amount of work, which is why they've been put off until now.
Note that there has been an effort to keep dependencies somewhat up to date: https://github.com/JKHeadley/rest-hapi/pull/201/files#diff-b9cfc7f2cdf78a7f4b91a753d10865a2
I will begin an effort to update all of the @hapi family dependencies. In the meantime, thank you for your patience, and feel free to contribute!
@yoieh rest-hapi v2.0 is now available with updated hapi modules and plugins. Please see the release notes for changes: https://github.com/JKHeadley/rest-hapi/issues/230
awesome! and thanks for the grate work to you all and this awesome project it saves a major chunk of time!
Is your feature request related to a problem? Please describe.
and is the latest version of joi that still exists and I can get this to work with.
I tried to upgrade hapi-swagger to later versions and there required versions of
@hapi/hapi
and@hapi/joi
with no luck.hapi-swagger Compatibility tabel:
joi 16 and up semis to need validators in custom api routs with out any modules like
validate.payload
.object be raped inJoi.object()
witch breaks swagger.json given an 500 error when accessing swagger ui and this error:Not using
Joi.object()
in >16 gives errorHapi 19 added a requirement to register validators as joi
Adding this to the rout works but this version dosen't work and brakes generation from models from this package.
Also there are vulnerabilities detected in the dependencies of this package.
Describe the solution you'd like First of all I do understand that this package is a major shortcut to develop a rest api and has an MIT that has no warranty but is still a awesome concept. But if this package in the future ever would be used for more than just prototyping an api the package and dependencies need to be up to date with hapi. Also the different demo projects would have to be updated.
Describe alternatives you've considered If this packages purpose is to no longer be maintained it should be presented like an out dated/deprecated packages not to be used in any production environment and just to build prototypes.
Additional context I'm in no way and expert on Node.js, hapi or joi. There could be a solution for this to be used in newer versions with out vulnerabilities.