chore: update package.json resolutions to include joi@18.2.1

[radist2s]

No description provided.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 1290d6d

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[greptile-apps]

Greptile Summary

This PR adds a Yarn resolution to pin joi@^17.9.2 to 18.2.1, forcing a major version upgrade for the two Docusaurus packages (@docusaurus/types and @docusaurus/utils-validation) that declare joi@^17.9.2. The yarn.lock updates accordingly, swapping out the old @sideway/* sub-dependencies for their renamed @hapi/* equivalents and bumping @hapi/hoek from v9 to v11. Two unrelated lockfile-only bumps (shell-quote 1.8.3→1.8.4 and tmp 0.2.5→0.2.7) are also included.

• package.json: Adds "joi@npm:^17.9.2": "npm:18.2.1" under resolutions, forcing all consumers of joi@^17.9.2 to receive 18.2.1 instead of the latest 17.x release.
• yarn.lock: Reflects the forced resolution — joi entry changes from 17.13.3 to 18.2.1, @sideway/* packages are removed, and their @hapi/* counterparts are added at newer versions.

Confidence Score: 4/5

Safe to merge if the Docusaurus website and e2e builds are verified to pass, since joi@18 is functionally API-compatible with joi@17 for typical usage patterns.

The resolution forces joi@17 consumers in Docusaurus to receive joi@18 at runtime. joi@18's only stated breaking change is an internal dependency rename (@sideway/* → @hapi/*), with no documented user-facing API removals. In practice Docusaurus uses joi for config-schema validation through its own wrapper, and that API surface is stable between versions. The risk is real but narrow: any subtle behavioral change in joi@18 validation (error messages, coercion edge cases) could affect Docusaurus config handling without a compile-time error to catch it.

The package.json resolution line and the corresponding Docusaurus website/e2e test output deserve a close look to confirm no config-validation regressions were introduced.

Important Files Changed

Filename	Overview
package.json	Adds a Yarn resolution pinning joi@^17.9.2 to 18.2.1, a forced major version bump; the resolution key syntax is correct for Yarn v4 scoped resolutions.
yarn.lock	Lockfile updated to reflect joi 18.2.1 with @hapi/* sub-deps replacing @sideway/*; also includes incidental version bumps for shell-quote and tmp within their existing semver ranges.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["@docusaurus/types@3.10.1\n(declares joi@^17.9.2)"] --> R
    B["@docusaurus/utils-validation@3.10.1\n(declares joi@^17.9.2)"] --> R

    R["Yarn resolution\n joi@npm:^17.9.2 → 18.2.1"]

    R --> J["joi@18.2.1"]

    J --> H1["@hapi/hoek@^11.0.7"]
    J --> H2["@hapi/address@^5.1.1"]
    J --> H3["@hapi/formula@^3.0.2"]
    J --> H4["@hapi/pinpoint@^2.0.1"]
    J --> H5["@hapi/tlds@^1.1.1"]
    J --> H6["@hapi/topo@^6.0.2"]
    J --> H7["@standard-schema/spec@^1.1.0"]

    OLD["joi@17.13.3 (previous)"]:::removed --> OLD_H1["@hapi/hoek@^9.3.0"]:::removed
    OLD --> OLD_H2["@sideway/address@^4.1.5"]:::removed
    OLD --> OLD_H3["@sideway/formula@^3.0.1"]:::removed
    OLD --> OLD_H4["@sideway/pinpoint@^2.0.0"]:::removed
    OLD --> OLD_H5["@hapi/topo@^5.1.0"]:::removed

    classDef removed fill:#fdd,stroke:#f00,color:#900

Loading

_{Reviews (1): Last reviewed commit: "chore: update package.json resolutions t..." | Re-trigger Greptile}

[greptile-apps]

Forced major-version upgrade via resolution

The resolution key "joi@npm:^17.9.2" maps to 18.2.1, which is a major-version jump. Yarn resolutions bypass semver safety, so both @docusaurus/types and @docusaurus/utils-validation (the only two consumers in the lockfile, both declaring joi@^17.9.2) will silently receive joi@18 at runtime even though they were built and tested against joi@17. joi's own 18.0.0 release notes describe the breaking change as "Upgrade all modules" — replacing the @sideway/* sub-packages with @hapi/* equivalents. The public validation API appears unchanged for the patterns Docusaurus uses, but any subtle difference in error-message formatting, coercion behavior, or schema internals could cause Docusaurus config validation to silently produce wrong results or throw. Verifying that the Docusaurus website/e2e builds and site-config validation still pass after this change is strongly recommended.