[Snyk] Fix for 66 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	584/1000 Why? Has a fix available, CVSS 7.4	Directory Traversal SNYK-JS-ADMZIP-1065796	No	No Known Exploit
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-EXPRESSFILEUPLOAD-473997	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-EXPRESSFILEUPLOAD-595969	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	No	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-469063	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	No	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-HANDLEBARS-534988	No	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-HANDLEBARS-567742	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-JQUERY-174006	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-JQUERY-565129	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-JQUERY-567880	Yes	Proof of Concept
	715/1000 Why? Has a fix available, CVSS 9.8	DLL Injection SNYK-JS-KERBEROS-568900	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	No Known Exploit
	434/1000 Why? Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-174116	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451540	No	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS ) SNYK-JS-MARKED-584281	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-MONGODB-473855	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MONGOOSE-1086688	Yes	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Information Exposure SNYK-JS-MONGOOSE-472486	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MQUERY-1050858	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MQUERY-1089718	Yes	Proof of Concept
	801/1000 Why? Mature exploit, Has a fix available, CVSS 8.3	Prototype Pollution SNYK-JS-TYPEORM-590152	No	Mature
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	899/1000 Why? Mature exploit, Has a fix available, CVSS 9.4	Arbitrary File Write via Archive Extraction (Zip Slip) npm:adm-zip:20180415	No	Mature
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	No Known Exploit
	644/1000 Why? Has a fix available, CVSS 8.6	Code Injection npm:dustjs-linkedin:20160819	No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution npm:ejs:20161128	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Cross-site Scripting (XSS) npm:ejs:20161130	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) npm:ejs:20161130-1	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:fresh:20170908	No	No Known Exploit
	484/1000 Why? Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) npm:jquery:20150627	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	Proof of Concept
	654/1000 Why? Has a fix available, CVSS 8.8	Cross-site Scripting (XSS) npm:marked:20150520	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Cross-site Scripting (XSS) npm:marked:20170112	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Cross-site Scripting (XSS) npm:marked:20170815	No	No Known Exploit
	454/1000 Why? Has a fix available, CVSS 4.8	Cross-site Scripting (XSS) npm:marked:20170815-1	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:marked:20170907	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:marked:20180225	No	Proof of Concept
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:moment:20161019	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:moment:20170905	No	No Known Exploit
	641/1000 Why? Mature exploit, Has a fix available, CVSS 5.1	Remote Memory Exposure npm:mongoose:20160116	No	Mature
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:negotiator:20160616	Yes	No Known Exploit
	756/1000 Why? Mature exploit, Has a fix available, CVSS 7.4	Uninitialized Memory Exposure npm:npmconf:20180512	Yes	Mature
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:semver:20150403	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Directory Traversal npm:st:20140206	No	Proof of Concept
	644/1000 Why? Mature exploit, Has a fix available, CVSS 4.3	Open Redirect npm:st:20171013	Yes	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: adm-zip

The new version differs by 134 commits.

• c5aeed4 Incremented version number
• 119dcad Fixed path traversal issue GHSL-2020-198
• 1d22ff6 Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path #341 from 5saviahv/history
• 492d148 added changelog
• dd415ae Incremented version
• 0f011a3 Fixed outFileName
• bc19fee Added extra parameter to extractEntryTo so target filename can be renamed
• 92e9836 Updated dev dependency
• 2b8d9ab Merge pull request [Snyk-dev Update] New fixes for 54 vulnerable dependency paths #315 from enecciari/work_in_browser
• 4fe58d1 Merge pull request [Snyk-dev Update] New fixes for 14 vulnerable dependency paths #322 from cthackers/dependabot/npm_and_yarn/lodash-4.17.19
• 49218a4 Merge pull request [Snyk-dev Update] New fixes for 15 vulnerable dependency paths #327 from kosuke-suzuki/multibyte-comment
• a7e8932 Merge pull request [Snyk-dev] Fix for 65 vulnerable dependency paths #331 from 5saviahv/master
• 7db0eda modified addLocalFolder method
• e114929 typo
• dc81063 modified addLocalFile method
• bc0f594 Deflate needs min V2.0
• dde4f51 Node v6
• 003d4cf Added ZipCrypto decrypting ability
• 63ed6e2 Detect and throw error with encrypted files
• c64ac14 LICENSE filename in package.json
• 1a334b2 add multibyte-encoded comment with byte length instead of character length
• 96d492a Bump lodash from 4.17.15 to 4.17.19
• b77f380 now it works in browser
• 218feee Merge remote-tracking branch 'upstream/master'

See the full diff

Package name: body-parser

The new version differs by 221 commits.

• 0f1bed0 1.17.1
• 0532096 lint: remove unreachable code branches
• b34aab5 build: [email protected]
• 77b1ca1 build: [email protected]
• e51dbc5 deps: [email protected]
• 79bc939 1.17.0
• e6140e1 build: [email protected]
• 42f467d deps: [email protected]
• 4954aec build: test against Node.js 8.x nightly
• e2050df build: [email protected]
• 2f941c4 build: [email protected]
• 6549617 build: [email protected]
• d1c2c7f deps: http-errors@~1.6.1
• e7b86ba build: [email protected]
• 7b630f7 1.16.1
• de574bf build: [email protected]
• 889bcc9 build: [email protected]
• dba8ac4 deps: [email protected]
• 95a3ebb docs: fix history file with incorrect qs version
• c5a73d5 1.16.0
• 9744dda deps: [email protected]
• 7807757 deps: [email protected]
• 0e44768 lint: use standard style in the README
• 14952be build: [email protected]

See the full diff

Package name: cfenv

The new version differs by 3 commits.

• fb0a2aa update dependencies, now at version 1.2.4
• 63e072a version 1.2.3
• 02bb92d Issue 45 Remove '.cfignore'

See the full diff

Package name: errorhandler

The new version differs by 85 commits.

• c41e9aa 1.4.3
• ffce329 build: [email protected]
• 90a8777 build: [email protected]
• 38b745b deps: accepts@~1.3.0
• 80aea51 deps: escape-html@~1.0.3
• b0be93a docs: fix typo in readme
• 2f688d0 build: support Node.js 5.x
• 1238ed4 build: [email protected]
• fdeb13c build: [email protected]
• cc6fd1f build: support Node.js 4.x
• 3a2117a build: support io.js 3.x
• 75b9ee1 build: reduce runtime versions to one per major
• 6797752 tests: add test for util.inspect in HTML response
• b6e53d7 docs: add more documentation regarding util.inspect
• 88b9a58 deps: accepts@~1.2.13
• ac75d3f build: [email protected]
• 5ee62b7 deps: [email protected]
• 1e89ae7 build: [email protected]
• ef1e8f1 build: [email protected]
• a7a6dce 1.4.2
• 692e2e7 deps: accepts@~1.2.12
• 6f2e8d2 build: [email protected]
• 564c117 build: fix running Node.js 0.8 tests on Travis CI
• 2dfd872 1.4.1

See the full diff

Package name: express

The new version differs by 250 commits.

• f974d22 4.16.0
• 8d4ceb6 docs: add more information to installation
• c0136d8 Add express.json and express.urlencoded to parse bodies
• 86f5df0 deps: [email protected]
• 4196458 deps: [email protected]
• ddeb713 tests: add maxAge option tests for res.sendFile
• 7154014 Add "escape json" setting for res.json and res.jsonp
• 628438d deps: update example dependencies
• a24fd0c Add options to res.download
• 95fb5cc perf: remove dead .charset set in res.jsonp
• 44591fe deps: vary@~1.1.2
• 2df1ad2 Improve error messages when non-function provided as middleware
• 12c3712 Use safe-buffer for improved Buffer API
• fa272ed docs: fix typo in jsdoc comment
• d9d09b8 perf: re-use options object when generating ETags
• 02a9d5f deps: proxy-addr@~2.0.2
• c2f4fb5 deps: [email protected]
• 673d51f deps: [email protected]
• 5cc761c deps: parseurl@~1.3.2
• ad7d96d deps: [email protected]
• e62bb8b deps: etag@~1.8.1
• 70589c3 deps: content-type@~1.0.4
• 9a99c15 deps: accepts@~1.3.4
• 550043c deps: [email protected]

See the full diff

Package name: express-fileupload

The new version differs by 250 commits.

• 9f22db7 version bump
• 9fca550 Merge pull request [Snyk Update] New fixes for 2 vulnerable dependency paths #240 from AmazingMech2418/patch-1
• 1530cf5 Make Travis happy
• e43bfcf Fix typo
• 8bf7427 Update processNested.js
• fd40389 version bump
• 94c9cf9 prototype pollution fix add qs, just to see what it'll do #2
• 829f395 version bump
• db49535 Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path #237 from richardgirges/fix-236-proto-pollution
• d81bee9 Upgrade latest packages; run npm audit fix; add logic to prevent prototype pollution in parseNested
• e9848fc Update package-lock.json
• d536cfb Update package.json
• c7a6b9c Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path #233 from RomanBurunkov/master
• a53b93f Update tests to support empty files
• d8c00c5 Add empty files support for tempFileHandler
• b24233d Comment extra condition in fileFactory(issue Test #1), add more logging
• d57ee02 Formatting utilities
• b6097df Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path #232 from RomanBurunkov/master
• 05004b7 Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path #230 from Code42Cate/readme-timeout
• 1afa527 Update dependencies
• 880c2b7 Improve timeout option documentation
• 3f130b0 Add timeout option to README.MD
• d55fa83 Merge pull request [Snyk Update] New fixes for 2 vulnerable dependency paths #222 from wbt/patch-1
• d61f02f Fix some small typos

See the full diff

Package name: hbs

The new version differs by 107 commits.

• 00764e0 v4.1.2
• 8dcac86 tests: add test for layout that does not exist
• 1046191 test: add test for layout using async helper
• 9c6ee6f test: add test for async helper with layout
• b109867 lint: fix redeclared variable
• 7920ac6 build: [email protected]
• 5623682 deps: [email protected]
• 81ee48a build: [email protected]
• c90ac58 build: [email protected]
• 5179777 build: [email protected]
• 4c73a69 build: [email protected]
• 0826373 build: [email protected]
• 711c4fa build: [email protected]
• a48b2bf build: [email protected]
• c9ba0a3 build: [email protected]
• dfc44e3 build: [email protected]
• f3f5697 build: [email protected]
• b2a461b build: [email protected]
• 3852e7c build: [email protected]
• 67c942d build: [email protected]
• 14c84ff build: [email protected]
• 1fcbd8b build: [email protected]
• 20afe45 build: [email protected]
• bd96ad1 build: [email protected]

See the full diff

Package name: marked

The new version differs by 250 commits.

• 1ad8e69 Merge pull request #1731 from UziTech/release-1.1.1
• 7e17526 1.1.1
• 7fbee6e Merge pull request #1730 from UziTech/update-deps
• 6f7522f Merge pull request #1729 from UziTech/quick-ref
• f8024eb remove ending slash
• 524ae66 remove ending slash
• 0d6e056 build
• 04ac593 update dev deps
• f36f676 🗜️ build [skip ci]
• dddf9ae Merge pull request #1686 from calculuschild/EmphasisFixes
• 6b729ed Merge branch 'EmphasisFixes' of https://github.com/calculuschild/marked into EmphasisFixes
• e27e6f9 Sorted strong and em into sub-objects
• a761316 Merge pull request #1726 from UziTech/show-rules
• f8193ed add npm run rules
• ad720c1 Make emEnd const
• 1fb141d Make strEnd const
• 226bbe7 Lint
• cc778ad Removed redundancy in "startEM" check
• 211b9f9 Removed Lookbehinds
• 982b57e Merge pull request #1720 from vassudanagunta/docs-patch-1
• 2a847e6 clarify level of support for Markdown flavors
• bd4f8c4 Fix unrestricted "any character" for REDOS
• 4e7902e Gaaaah lint
• 4db32dc Links are masked only once per inline string

See the full diff

Package name: mongoose

The new version differs by 250 commits.

• f8d2721 chore: release 5.12.3
• 58cad73 fix(connection): use queueing instead of event emitter for `createCollection()` and other helpers to avoid event emitter warning
• 5382408 fix(index.d.ts): add `transform` to PopulateOptions interface
• dca1d70 Merge branch 'master' of github.com:Automattic/mongoose
• 2648088 fix(index.d.ts): add DocumentQuery type for backwards compatibility
• 966770f Merge pull request #10063 from Automattic/gh-10044
• 9e4a083 style: fix lint
• f3cd3a8 chore: use variable instead of function
• f24953c fix(query): add `writeConcern()` method to avoid writeConcern deprecation warning
• 7d2e9c9 chore: upgrade mquery -> 3.2.5 re: Security Fix for Prototype Pollution - huntr.dev mongoosejs/mquery#121
• d1a9a1e made requested changes
• cf1b666 Merge pull request #10078 from pezzu/master
• 2aef528 Merge pull request #10062 from Automattic/gh-10025
• 452c77c Fixes #10072
• c9bfb30 Update model.indexes.test.js
• 6f0133a removed comments
• 9e98cd8 Merge pull request #10055 from emrebass/patch-1
• 1c20044 Merge pull request #10054 from coro101/add-discriminator-type
• 4e74ea7 TIL that includes() is also not supported in all browsers
• f231d7b should work and is designed to handle multiple text fields
• c4897f9 TIL Object.values in not supported on all browsers
• 391ecec collation not added to text indexes
• 7a93c16 linter fix
• 6deb668 fix: connection ids are now scoped

See the full diff

Package name: ms

The new version differs by 19 commits.

• 9b88d15 2.0.0
• 94b995c Invalidated cache for slack badge
• bcf5715 Bumped dependencies to the latest version
• b1eaab7 Ignored logs coming from npm
• caae298 Limit str to 100 to avoid ReDoS of 0.3s ([Snyk] Fix for 33 vulnerable dependency paths #89)
• b83b36d chore(package): update eslint to version 3.19.0 ([Snyk] Fix for 33 vulnerable dependency paths #88)
• 3f2a4d7 chore(package): update husky to version 0.13.3 ([Snyk] Fix for 33 vulnerable dependency paths #86)
• 7daf984 1.0.0
• ee91f30 More suitable name for file containing tests
• e818c35 Removed browser testing
• c9b1fd3 Test on LTS version of Node
• 389840b Badge for XO removed
• 1fbbe97 Removed component specification
• 57b3ef8 Use `prettier` and `eslint`
• 94068ea Removed XO
• 4b7f48f chore(package): update serve to version 5.0.4 ([Snyk] Fix for 33 vulnerable dependency paths #85)
• bd49cec chore(package): update xo to version 0.18.0 ([Snyk] Fix for 33 vulnerable dependency paths #84)
• d4a94b1 chore(package): update serve to version 5.0.3 (feat: added support for CloudFoundry #83)
• 923eee1 chore(package): update serve to version 5.0.2 ([Snyk Update] New fixes for 2 vulnerable dependency paths #82)

See the full diff

Package name: tap

The new version differs by 110 commits.

• fa3f6e2 12.6.2
• b8be134 new computer, phantom png changes
• 3833522 update js-yaml and nyc for vuln advisories
• 1871736 12.6.1
• 066f159 updates for npm audit --fix
• ad3bed4 Passes `-r ts-node/register` argument to node
• 4645ecf Fix font-family typo
• 63ff608 12.6.0
• 040f61f Add --no-esm flag to disable '-r esm' behavior
• e2c0c1d update tap-mocha-reporter
• a73e95b update esm, and audit fix
• 2233376 12.5.3
• b45105f [email protected]
• 611ced8 12.5.2
• 99a989c update write-file-atomic
• e255dd9 update ts-node and typescript
• b674382 [email protected]
• 555ecd4 including esm.js in stack traces is almost never helpful
• ccf2b44 Don't emit end while waiting for pipes to clear
• d3bf1f7 less impact
• 7fbf13f try something else
• b97f460 fix: allow for pipes to drain
• 740e695 [email protected]
• d03f383 12.5.1

See the full diff

Package name: validator

The new version differs by 45 commits.

• 24b3fd3 13.6.1
• b986f3d fix: ReDOS in isEmail and isHSL (#1651)
• 2a3a1c3 13.6.0
• 1fa0959 chore: add typeof utility (#1648)
• cf403d0 fix(isMobilePhone): add Sierra Leone phone and fix Sri Lanka phone (#1558)
• 3f70b8e feat(isPassportNumber, isIBAN, isMobilePhone): add Mozambique locale (#1604)
• 05ceb18 isURL(): Allow URLs to have only a username in the userinfo subcomponent (#1644)
• 9ee1b6b fix(isMobilePhone): update china zh-CN locale (#1642)
• b82f4f2 fix(docs): typo in README.md (#1640)
• 615547f feat(isMobilePhone): add Latvia lv-LV locale (#1638)
• d006e08 fix(isMobilePhone): add support for new networks codes in GH (#1635)
• c33fca6 fix(isISIN): optimization (#1633)
• 2ef84e4 fix(isIP): validator patterns for IPv4 and IPv6 RegExp formats (#1632)
• 67a200d feat(isPostalCode): add KR locale (#1628)
• b65ddc5 fix: fix A-z ranges (#1625)
• 39830a9 feat: IR passport and identityCard, respect .gitignore files (#1595)
• 5d6db63 feat(isIPRange): add support for IP version 4 or 6 (#1594)
• a31c116 fix: update isMobilePhone validation for en-SG (#1573)
• 63b6162 chore: add gitter chatroom badge (#1592)
• bb0dba6 feat(isPassportNumber): add MY locale (#1574)
• 7989e5b feat(isLicensePlate): add support for pt-BR locale (#1588)
• 3c771e8 feat(pt-BR): tax id, passport and license plates (#1613)
• 418df05 fix(isMobilePhone): prevent allowing landline numbers in es-CO (#1623)
• 6262f62 chore: improving code coverage to 100% branches (#1624)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic