16.8.0-Commercial Release Notes

[hueniverse]

Summary

hapi v16.8.0 is a small release focused on extending support under a commercial license. It is built directly on v16.7.0 with additional support for node v10 and v11 (experimental). Due to the switch to commercial license and support, the isemail module had to be replaced with a new email validation module address. This requires some minor changes to those using email validation.

• Upgrade time: low - none to a couple of hours for most users
• Complexity: low - requires following the list of changes to verifying their impact
• Risk: low - validation changes are easy to apply and deprecated options are caught
• Dependencies: medium - existing plugins will work as-is but may require small changes if they use peerDependencies in their package file.

Breaking Changes

• Upgrade joi to commercial version 12 which replaced the previous options with a complete set of new options.

New Features

• Support for node v10 and v11 (experimental).

Bug fixes

• Fix usage of new Buffer().
• Fix email validation errors under node v8 and newer.

Migration Checklist

General

While this release is almost identical to the v16.7.0 release, it uses all new module deployments. This means the codebase as a whole has not gone through the same extensive public usage as previous versions. That's just the reality of building something new.

Every single dependency has been tested on all supported versions of node both locally and in CI. Code changes were limited to tests, new Buffer() cleanup, and migration to new email validation code. The mimos dependency has been improved to further limit the ability of outside maintainers to inject malicious code into the framework (wasn't really a concern before, but now even more mitigated).

Checklist

• Ensure full transition to the new commercial versions of:

  • @commercial/hoek: "4.x.x"
  • @commercial/boom: "5.x.x"
  • @commercial/accept: "2.x.x"
  • @commercial/wreck: "12.x.x"
  • @commercial/ammo: "2.x.x"
  • @commercial/call: "4.x.x"
  • @commercial/topo: "2.x.x"
  • @commercial/address: "1.x.x"
  • @commercial/joi: "12.x.x"
  • @commercial/catbox: "7.x.x"
  • @commercial/catbox-memory: "2.x.x"
  • @commercial/cryptiles: "3.x.x"
  • @commercial/heavy: "4.x.x"
  • @commercial/iron: "4.x.x"
  • @commercial/items: "2.x.x"
  • @commercial/mimos: "3.x.x"
  • @commercial/podium: "1.x.x"
  • @commercial/shot: "3.x.x"
  • @commercial/somever: "1.x.x"
  • @commercial/bourne: "1.x.x"
  • @commercial/statehood: "5.x.x"
  • @commercial/content: "3.x.x"
  • @commercial/b64: "3.x.x"
  • @commercial/vise: "2.x.x"
  • @commercial/nigel: "2.x.x"
  • @commercial/pez: "2.x.x"
  • @commercial/subtext: "5.x.x"

• If you use peerDependencies in custom plugins pointing to hapi, replace that with the plugin requirements option where you can specify the version of hapi supported as well as node.

Validation

By itself, this change will not break because in order to access the joi email validation changes, you must change your own joi dependency. There is no way to access the modified code via hapi owns copy of joi.

Once you switch to use @commercial/joi version 12, you will need to migrate any calls to Joi.string().email() where options are passed to the method. The following options are no longer supported:

• checkDNS (remains unsupported)
• errorLevel - unsupported with no replacement. The new validation rules treat quoted-strings, comments, obsolete formats, and domain literals as errors.
• minDomainAtoms - use minDomainSegments.
• tldBlacklist - use tlds.deny instead.
• tldWhitelist - use tlds.allow instead.

Checklist

• Scan you code for any reference to email( and check if options are passed. If they are, convert them to use the new options as described above.
• Ensure you understand that some email addresses considered valid before are no longer valid (specifically those with quoted strings "first last"@example.com and domain literals test@[127.0.0.1]).