From 4d2a7df11023b25517ece74468fc0a8f1893778b Mon Sep 17 00:00:00 2001
From: Miki <miki@amazon.com>
Date: Wed, 26 Apr 2023 14:59:56 -0700
Subject: [PATCH] Bump `joi` to v14 to avoid the possibility of prototype
 poisoning in a nested dependency

Signed-off-by: Miki <miki@amazon.com>
---
 CHANGELOG.md                            |  3 ++-
 package.json                            |  2 +-
 packages/osd-config-schema/package.json |  2 +-
 packages/osd-test/package.json          |  2 +-
 yarn.lock                               | 15 +++++----------
 5 files changed, 10 insertions(+), 14 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6f969dec126..f2924cdc1c1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -22,7 +22,8 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - [CVE-2023-25653] Bump node-jose to 2.2.0 ([#3445](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3445))
 - [CVE-2023-26486][cve-2023-26487] Bump vega from 5.22.1 to 5.23.0 ([#3533](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3533))
 - [CVE-2023-0842] Bump xml2js from 0.4.23 to 0.5.0 ([#3842](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3842))
-- [Multi DataSource] Add private IP blocking validation on server side([#3912](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3912))
+- [Multi DataSource] Add private IP blocking validation on server side ([#3912](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3912))
+- Bump `joi` to v14 to avoid the possibility of prototype poisoning in a nested dependency ([#3952](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3952))
 - [CVE-2023-2251] Bump yaml to 2.2.2 ([#3947](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3947))
 
 ### 📈 Features/Enhancements
diff --git a/package.json b/package.json
index 04856baeb20..2b894a95897 100644
--- a/package.json
+++ b/package.json
@@ -184,7 +184,7 @@
     "https-proxy-agent": "^5.0.0",
     "inline-style": "^2.0.0",
     "ip-cidr": "^2.1.0",
-    "joi": "^13.5.2",
+    "joi": "^14.3.1",
     "js-yaml": "^4.1.0",
     "json-stable-stringify": "^1.0.1",
     "json-stringify-safe": "5.0.1",
diff --git a/packages/osd-config-schema/package.json b/packages/osd-config-schema/package.json
index 52471e29527..c88afe609e1 100644
--- a/packages/osd-config-schema/package.json
+++ b/packages/osd-config-schema/package.json
@@ -16,7 +16,7 @@
   },
   "peerDependencies": {
     "lodash": "^4.17.21",
-    "joi": "^13.5.2",
+    "joi": "^14.3.1",
     "moment": "^2.24.0",
     "type-detect": "^4.0.8"
   }
diff --git a/packages/osd-test/package.json b/packages/osd-test/package.json
index 69fa50828fc..c1ee4f1687c 100644
--- a/packages/osd-test/package.json
+++ b/packages/osd-test/package.json
@@ -31,7 +31,7 @@
     "exit-hook": "^2.2.0",
     "getopts": "^2.2.5",
     "glob": "^7.1.7",
-    "joi": "^13.5.2",
+    "joi": "^14.3.1",
     "lodash": "^4.17.21",
     "parse-link-header": "^2.0.0",
     "rxjs": "^6.5.5",
diff --git a/yarn.lock b/yarn.lock
index 64c5873a2e3..c424c6592eb 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -9589,11 +9589,6 @@ hmac-drbg@^1.0.1:
     minimalistic-assert "^1.0.0"
     minimalistic-crypto-utils "^1.0.1"
 
-hoek@5.x.x:
-  version "5.0.4"
-  resolved "https://registry.yarnpkg.com/hoek/-/hoek-5.0.4.tgz#0f7fa270a1cafeb364a4b2ddfaa33f864e4157da"
-  integrity sha512-Alr4ZQgoMlnere5FZJsIyfIjORBqZll5POhDsF4q64dPuJR6rNxXdDxtHSQq8OXRurhmx+PWYEE8bXRROY8h0w==
-
 hoek@6.x.x:
   version "6.1.3"
   resolved "https://registry.yarnpkg.com/hoek/-/hoek-6.1.3.tgz#73b7d33952e01fe27a38b0457294b79dd8da242c"
@@ -11187,12 +11182,12 @@ jmespath@0.16.0:
   resolved "https://registry.yarnpkg.com/jmespath/-/jmespath-0.16.0.tgz#b15b0a85dfd4d930d43e69ed605943c802785076"
   integrity sha512-9FzQjJ7MATs1tSpnco1K6ayiYE3figslrXA72G2HQ/n76RzvYlofyi5QM+iX4YRs/pu3yzxlVQSST23+dMDknw==
 
-joi@^13.5.2:
-  version "13.7.0"
-  resolved "https://registry.yarnpkg.com/joi/-/joi-13.7.0.tgz#cfd85ebfe67e8a1900432400b4d03bbd93fb879f"
-  integrity sha512-xuY5VkHfeOYK3Hdi91ulocfuFopwgbSORmIwzcwHKESQhC7w1kD5jaVSPnqDxS2I8t3RZ9omCKAxNwXN5zG1/Q==
+joi@^14.3.1:
+  version "14.3.1"
+  resolved "https://registry.yarnpkg.com/joi/-/joi-14.3.1.tgz#164a262ec0b855466e0c35eea2a885ae8b6c703c"
+  integrity sha512-LQDdM+pkOrpAn4Lp+neNIFV3axv1Vna3j38bisbQhETPMANYRbFJFUyOZcOClYvM/hppMhGWuKSFEK9vjrB+bQ==
   dependencies:
-    hoek "5.x.x"
+    hoek "6.x.x"
     isemail "3.x.x"
     topo "3.x.x"