Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency validator to v13.7.0 [security] #677

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Aug 6, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
validator 13.6.0 -> 13.7.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2021-3765

validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity

GHSA-xx4c-jj58-r7x6

Impact

Versions of validator prior to 13.7.0 are affected by an inefficient Regular Expression complexity when using the rtrim and trim sanitizers.

Patches

The problem has been patched in validator 13.7.0


Release Notes

validatorjs/validator.js (validator)

v13.7.0

Compare Source

New Features
Fixes and Enhancements
New and Improved Locales
13.6.1
13.5.0 13.5.1

— this release is dedicated to @​dbnandaa 🧒

13.1.17
13.1.1
  • Hotfix for a regex incompatibility in some browsers
    (#​1355
13.1.0
13.0.0
12.2.0
12.1.0
12.0.0
11.1.0
11.0.0
10.11.0
  • Fix imports like import .. from "validator/lib/.."
    (#​961)
  • New locale
    (#​958)
10.10.0
10.9.0
10.8.0
10.7.1
  • Ignore case when checking URL protocol
    (#​887)
  • Locale fix
    (#​889)
10.7.0
10.6.0
  • Updated isMobilePhone() to match any locale's pattern by default
    (#​874)
  • Added an option to ignore whitespace in isEmpty()
    (#​880)
  • New and improved locales
    (#​878,
    #​879)
10.5.0
10.4.0
  • Added an isIPRange() validator
    (#​842)
  • Accept an array of locales in isMobilePhone()
    (#​742)
  • New locale
    (#​843)
10.3.0
10.2.0
  • Export the list of supported locales in isPostalCode()
    (#​830)
10.1.0
  • Added an isISO31661Alpha3() validator
    (#​809)
10.0.0
  • Allow floating points in isNumeric()
    (#​810)
  • Disallow GMail addresses with multiple consecutive dots, or leading/trailing dots
    (#​820)
  • Added an isRFC3339() validator
    (#​816)
  • Reject domain parts longer than 63 octets in isFQDN(), isURL() and isEmail()
    (bb3e542)
  • Added a new Amex prefix to isCreditCard()
    (#​805)
  • Fixed isFloat() min/max/gt/lt filters when a locale with a comma decimal is used
    (2b70821)
  • Normalize Yandex emails
    (#​807)
  • New locales
    (#​803)
9.4.1
  • Patched a REDOS vulnerability in isDataURI
  • New and improved locales
    (#​788)
9.4.0
  • Added an option to isMobilePhone to require a country code
    (#​769)
  • New and improved locales
    (#​785)
9.3.0
9.2.0
9.1.2
  • Fixed a bug with the isFloat validator
    (#​752)
9.1.1
9.1.0
9.0.0
  • normalizeEmail() no longer validates the email address
    (#​725)
  • Added locale-aware validation to isFloat() and isDecimal()
    (#​721)
  • Added an isPort() validator
    (#​733)
  • New locales
    (#​731)
8.2.0
8.1.0
  • Fix require('validator/lib/isIS8601') calls
    (#​688)
  • Added an isLatLong() and isPostalCode() validator
    (#​684)
  • Allow comma in email display names
    (#​692)
  • Add missing string to unescape()
    (#​690)
  • Fix isMobilePhone() with Node <= 6.x
    (#​681)
  • New locales
    (#​695)
8.0.0
  • isURL() now requires the require_tld: false option to validate localhost
    (#​675)
  • isURL() now rejects URLs that are protocol only
    (#​642)
  • Fixed a bug where isMobilePhone() would silently return false if the locale was invalid or unsupported
    (#​657)
7.2.0
  • Added an option to validate any phone locale
    (#​663)
  • Fixed a bug in credit card validation
    (#​672)
  • Disallow whitespace, including unicode whitespace, in TLDs
    (#​677)
  • New locales
    (#​673,
    #​676)
7.1.0
7.0.0
  • Remove isDate()
6.3.0
6.2.1
6.2.0
  • Added an option to require an email display name
    (#​607)
  • Added support for lt and gt to isInt()
    (#​588)
  • New locales
    (#​601)
6.1.0
  • Added support for greater or less than in isFloat()
    (#​544)
  • Added support for ISSN validation via isISSN()
    (#​593)
  • Fixed a bug in normalizeEmail()
    (#​594)
  • New locales
    (#​585)
6.0.0
  • Renamed isNull() to isEmpty()
    (#​574)
  • Backslash is now escaped in escape()
    (#​516)
  • Improved normalizeEmail()
    (#​583)
  • Allow leading zeroes by default in isInt()
    (#​532)
5.7.0
  • Added support for IPv6 in isURL()
    (#​564)
  • Added support for urls without a host (e.g. file:///foo.txt) in isURL()
    (#​563)
  • Added support for regular expressions in the isURL() host whitelist and blacklist
    (#​562)
  • Added support for MasterCard 2-Series BIN
    (#​576)
  • New locales
    (#​575,
    #​552)
5.6.0
5.5.0
  • Fixed a regex denial of service in trim() and rtrim()
    (#​556)
  • Added an Algerian locale to isMobilePhone()
    (#​540)
  • Fixed the Hungarian locale in isAlpha() and isAlphanumeric()
    (#​541)
  • Added a Polish locale to isMobilePhone()
    (#​545)
5.4.0
  • Accept Union Pay credit cards in isCreditCard()
    (#​539)
  • Added Danish locale to isMobilePhone()
    (#​538)
  • Added Hungarian locales to isAlpha(), isAlphanumeric() and isMobilePhone()
    (#​537)
5.3.0
  • Added an allow_leading_zeroes option to isInt()
    (#​532)
  • Adjust Chinese mobile phone validation
    (#​523)
  • Added a Canadian locale to isMobilePhone()
    (#​524)
5.2.0
  • Added a isDataURI() validator
    (#​521)
  • Added Czech locales
    (#​522)
  • Fixed a bug with isURL() when protocol was missing and "://" appeared in the query
    (#​518)
5.1.0
  • Added a unescape() HTML function
    (#​509)
  • Added a Malaysian locale to isMobilePhone()
    (#​507)
  • Added Polish locales to isAlpha() and isAlphanumeric()
    (#​506)
  • Added Turkish locales to isAlpha(), isAlphanumeric() and isMobilePhone()
    (#​512)
  • Allow >1 underscore in hostnames when using allow_underscores
    (#​510)
5.0.0

Configuration

📅 Schedule: Branch creation - "" in timezone Asia/Tokyo, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Aug 6, 2024
@renovate renovate bot changed the title fix(deps): update dependency validator to v13.7.0 [security] fix(deps): update dependency validator to v13.7.0 [security] - abandoned Dec 8, 2024
Copy link
Contributor Author

renovate bot commented Dec 8, 2024

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.

@renovate renovate bot changed the title fix(deps): update dependency validator to v13.7.0 [security] - abandoned fix(deps): update dependency validator to v13.7.0 [security] Dec 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants