fix(deps): update dependency validator to v13.7.0 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
validator	13.6.0 -> 13.7.0

GitHub Vulnerability Alerts

CVE-2021-3765

validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity

GHSA-xx4c-jj58-r7x6

Impact

Versions of validator prior to 13.7.0 are affected by an inefficient Regular Expression complexity when using the rtrim and trim sanitizers.

Patches

The problem has been patched in validator 13.7.0

---

Release Notes

validatorjs/validator.js (validator)

v13.7.0

Compare Source

New Features

• #​1706 isISO4217, currency code validator @​jpaya17

Fixes and Enhancements

• #​1647 isFQDN: add allow_wildcard option @​fasenderos
• #​1654 isRFC3339: Disallow prepended and appended strings to RFC 3339 date-time @​jmacmahon
• #​1658 maintenance: increase code coverage @​tux-tn
• #​1669 IBAN export list of country codes that implement IBAN @​dror-heller @​fedeci
• #​1676 isBoolean: add loose option @​brybrophy
• #​1697 maintenance: fix npm installation error @​rubiin
• #​1708 isISO31661Alpha3: perf @​jpaya17
• #​1711 isDate: allow users to strictly validate dates with . as delimiter @​flymans
• #​1715 isCreditCard: fix for Union Pay cards @​shreyassai123
• #​1718 isEmail: replace all dots in GMail length validation @​DasDingGehtNicht
• #​1721 isURL: add allow_fragments and allow_query_components @​cowboy-bebug
• #​1724 isISO31661Alpha2: perf @​jpaya17
• #​1730 isMagnetURI @​tux-tn
• #​1738 rtrim: remove regex to prevent ReDOS attack @​tux-tn
• #​1747 maintenance: run scripts in parallel for build and clean @​sachinraja
• #​1748 isURL: higher priority to whitelist @​deepanshu2506
• #​1751 isURL: allow url with colon and no port @​MatteoPierro
• #​1777 isUUID: fix for null version argument @​theteladras
• #​1799 isFQDN: check more special chars @​MatteoPierro
• #​1833 isURL: allow URL with an empty user @​MiguelSavignano
• #​1835 unescape: fixed bug where intermediate string contains escaped @​Marcholio
• #​1836 contains: can check that string contains seed multiple times @​Marcholio
• #​1844 docs: add CDN instructions @​luiscobits
• #​1848 isUUID: add support for validation of v1 and v2 @​theteladras
• #​1941 isEmail: add host_blacklist option @​fedeci

New and Improved Locales

• isAlpha, isAlphanumeric:

  • #​1716 hi-IN @​MiKr13
  • #​1837 fi-FI @​Marcholio

• isPassportNumber:

  • #​1656 ID @​rubiin
  • #​1714 CN @​anirudhgiri
  • #​1809 PL @​Ronqn
  • #​1810 RU @​Theta-Dev

• isPostalCode:

  • #​1788 LK @​nimanthadilz

• isIdentityCard:

  • #​1657 TH @​tithanayut
  • #​1745 PL @​wiktorwojcik112 @​fedeci @​tux-tn
  • #​1786 LK @​nimanthadilz @​tux-tn
  • #​1838 FI @​Marcholio

• isMobilePhone:

  • #​1679 de-DE @​AnnaMariaJansen
  • #​1689 vi-VN @​luisrivas
  • #​1695 #​1682 zh-CN @​laulujan @​yisibl
  • #​1734 es-VE @​islasjuanp
  • #​1746 nl-BE @​divikshrivastava
  • #​1765 es-CU @​pasagedev
  • #​1766 es-SV, @​hereje
  • #​1767 ar-PS, @​brendan-c
  • #​1769 en-BM @​HackProAIT
  • #​1770 dz-BT @​lakshayr003
  • #​1771 en-BW, @​mgndolan
  • #​1772 fr-CM @​beckettnormington
  • #​1778 en-PK @​ammad20120 @​tux-tn
  • #​1780 tk-TM, @​Husan-Eshonqulov
  • #​1784 en-GY, @​mfkrause
  • #​1785 si-LK @​Madhavi96
  • #​1797 fr-PF, @​hereje
  • #​1820 en-KI, @​c-tanner
  • #​1826 hu-HU @​danielTiringer
  • #​1834 fr-BF, en-NA @​lakshayr003
  • #​1846 tg-TJ @​mgnss

• isLicensePlate:

  • #​1565 cs-CZ @​filiptronicek
  • #​1790 fi-FI @​Marcholio

• isVAT:

  • #​1825 NL @​zeno4ever

13.6.1

• New features:

  • #​1495 isLicensePlate @​firlus

• Fixes and Enhancements:

  • #​1651 fix ReDOS vulnerabilities in isHSL and isEmail @​tux-tn
  • #​1644 isURL: Allow URLs to have only a username in the userinfo subcomponent @​jbuchmann-coosto
  • #​1633 isISIN: optimization @​bmacnaughton
  • #​1632 isIP: improved pattern for IPv4 and IPv6 @​ognjenjevremovic
  • #​1625 fix [A-z] regex range on some validators @​bmacnaughton
  • #​1620 fix docs @​prahaladbelavadi
  • #​1616 isMacAddress: improve regexes and options @​fedeci
  • #​1603 fix ReDOS vulnerabilities in isSlug and rtrim @​fedeci
  • #​1594 isIPRange: add support for IPv6 @​neilime
  • #​1577 isEAN: add support for EAN-14 @​varsubham @​tux-tn
  • #​1566 isStrongPassword: add @ as a valid symbol @​stingalleman
  • #​1548 isBtcAddress: add base58 @​ezkemboi
  • #​1546 isFQDN: numeric domain names @​tux-tn

• New and Improved locales:

  • isIdentityCard, isPassportNumber:
    • #​1595 IR @​mhf-ir @​fedeci
    • #​1583 ar-LY @​asghaier76 @​tux-tn
    • #​1574 MY @​stranger26 @​tux-tn
  • isMobilePhone:
    • #​1642 zh-CN @​Akira0705
    • #​1638 lv-LV @​AntonLukichev
    • #​1635 en-GH @​ankorGH
    • #​1604 mz-MZ @​salmento @​tux-tn
    • #​1575 vi-VN @​kyled7
    • #​1573 en-SG @​liliwei25
    • #​1554 de-CH, fr-CH, it-CH @​dinfekted
    • #​1541 #​1623 es-CO @​ezkemboi @​tux-tn
    • #​1506 ar-OM @​dev-sna
    • #​1505 pt-AO @​AdilsonFuxe
  • isPostalCode:
    • #​1628 KR @​greatSumini
  • isTaxID:
    • #​1613 pt-BR @​mschunke
    • #​1529 el-GR @​dspinellis
  • isVAT:
    • #​1536 IT @​fedeci

13.5.0 13.5.1

• New features:

  • isVAT #​1463 @​ CodingNagger
  • isTaxID #​1446 @​tplessas
  • isBase58 #​1445 @​ezkemboi
  • isStrongPassword #​1348 @​door-bell

• Fixes and Enhancements:

  • #​1486 isISO8601: add strictSeparator @​brostone51
  • #​1474 isFQDN: make more strict @​CristhianMotoche
  • #​1469 isFQDN: allow_underscore option @​gibson042
  • #​1449 isEmail: character blacklisting @​rubiin
  • #​1436 isURL: added require_port option @​yshanli
  • #​1435 isEmail: respect ignore_max_length option @​evantahler
  • #​1402 isDate: add strictMode and prevent mixed delimiters @​tux-tn
  • #​1286 isAlpha: support ignore option @​mum-never-proud

• New and Improved locales:

  • isAlpha, isAlphanumeric:
    • #​1528 multiple fixes @​tux-tn @​purell
    • #​1513 id-ID and docs update @​bekicot
    • #​1484 #​1481 th-TH @​ipiranhaa
    • #​1455 fa-IR @​fakhrip
    • #​1447 az-AZ @​saidfagan
  • isMobilePhone:
    • #​1521 ar-MA @​artpumpkin
    • #​1492 de-LU,it-SM, sq-AL and ga-IE @​firlus
    • #​1487 en-HN @​jehielmartinez
    • #​1473 ar-LB, es-PE, ka-GE @​rubiin
    • #​1470 es-DO @​devrasec
    • #​1460 es-BO @​rubiin
    • #​1444 es-AR @​csrgt
    • #​1407 pt-BR @​viniciushvsilva
  • isPostalCode:
    • #​1534 CN @​httpsbao
    • #​1515 IR @​masoudDaliriyan
    • #​1502 SG, MY @​stranger26
    • #​1480 TH @​ipiranhaa
    • #​1459 BY @​rubiin
    • #​1456 DO and HT @​yomed
  • isPassportNumber:
    • #​1468 BY @​zenby
    • #​1467 RU @​dkochetkov

_{— this release is dedicated to @​dbnandaa 🧒}

13.1.17

• New features:

  • None

• Fixes and chores:

  • #​1425 fix validation for userinfo part for isURL @​heanzyzabala
  • #​1419 fix isBase32 and isBase64 to validate empty strings properly @​AberDerBart
  • #​1408 tests for isTaxId @​dspinellis
  • #​1397 added validate_length option for isURL @​tomgrossman
  • #​1383 #​1428 doc typos @​0xflotus @​timgates42
  • #​1376 add missing tests and switch to Coverall @​tux-tn
  • #​1373 improve code coverage @​ezkemboi
  • #​1357 add Node v6 on build pipeline @​profnandaa

• New and Improved locales:

  • isMobilePhone:
    • #​1439 az-AZ @​saidfagan
    • #​1420 uz-Uz @​icyice0217
    • #​1391 de-DE @​heanzyzabala
    • #​1388 en-PH @​stinkymonkeyph
    • #​1370 es-ES @​rubiin
    • #​1356 bs-BA @​MladenZeljic
    • #​1303 zh-CN @​heathcliff-hu
  • isPostalCode:
    • #​1439 AZ @​saidfagan
    • #​1370 ES @​rubiin
    • #​1367 IL @​rubiin
  • isAlpha, isAlphanumeric:
    • #​1411 fa-AF, fa-IR @​stinkymonkeyph
    • #​1371 vi-VN @​rubiin
  • isBAN:
    • #​1394 EG, SV @​heanzyzabala
  • isIdentityCard:
    • #​1384 IT @​lorenzodb1

13.1.1

• Hotfix for a regex incompatibility in some browsers
  (#​1355

13.1.0

• Added an isIMEI() validator
  (#​1346)
• Added an isDate() validator
  (#​1270)
• Added an isTaxID() validator
  (#​1336)
• Added DMS support to isLatLong()
  (#​1340)
• Added support for URL-safe base64 validation
  (#​1277)
• Added support for primitives in isJSON()
  (#​1328)
• Added support for case-insensitive matching to contains()
  (#​1334)
• Support additional cards in isCreditCard()
  (#​1177)
• Support additional currencies in isCurrency()
  (#​1306)
• Fixed isFQDN() handling of certain special chars
  (#​1091)
• Fixed a bug in isSlug()
  (#​1338)
• New and improved locales
  (#​1112,
  #​1167,
  #​1198,
  #​1199,
  #​1273,
  #​1279,
  #​1281,
  #​1293,
  #​1294,
  #​1311,
  #​1312,
  #​1313,
  #​1314,
  #​1315,
  #​1317,
  #​1322,
  #​1324,
  #​1330,
  #​1337)

13.0.0

• Added isEthereumAddress() validator
  to validate Ethereum addresses
  (#​1117)
• Added isBtcAddress() validator
  to validate Bitcoin addresses
  (#​1163)
• Added isIBAN() validator
  to validate International Bank Account Numbers
  (#​1243)
• Added isEAN() validator
  to validate International Article Numbers
  (#​1244)
• Added isSemVer() validator
  to validate Semantic Version Numbers
  (#​1246)
• Added isPassportNumber() validator
  (#​1250)
• Added isRgbColor() validator
  (#​1141)
• Added isHSL() validator
  (#​1159)
• Added isLocale() validator
  (#​1072)
• Improved the isIP() validator
  (#​1211)
• Improved the isMACAddress() validator
  (#​1267)
• New and improved locales
  (#​1238,
  #​1265)

12.2.0

• Support CSS Colors Level 4 spec
  (#​1233)
• Improve the toFloat() sanitizer
  (#​1227)
• New and improved locales
  (#​1200,
  #​1207,
  #​1213,
  #​1217,
  #​1234)

12.1.0

• ES module for webpack tree shaking
  (#​1015)
• Updated isIP() to accept scoped IPv6 addresses
  (#​1160)
• New and improved locales
  (#​1162,
  #​1183,
  #​1187,
  #​1191)

12.0.0

• Added isOctal() validator
  (#​1153)
• Added isSlug() validator
  (#​1096)
• Added isBIC() validator for bank identification codes
  (#​1071)
• Allow uppercase chars in isHash()
  (#​1062)
• Allow additional prefixes in isHexadecimal()
  (#​1147)
• Allow additional separators in isMACAddress()
  (#​1065)
• Better defaults for isLength()
  (#​1070)
• Bug fixes
  (#​1074)
• New and improved locales
  (#​1059,
  #​1060,
  #​1069,
  #​1073,
  #​1082,
  #​1092,
  #​1121,
  #​1125,
  #​1132,
  #​1152,
  #​1165,
  #​1166,
  #​1174)

11.1.0

• Code coverage improvements
  (#​1024)
• New and improved locales
  (#​1035,
  #​1040,
  #​1041,
  #​1048,
  #​1049,
  #​1052,
  #​1054,
  #​1055,
  #​1056,
  #​1057)

11.0.0

• Added a isBase32() validator
  (#​1023)
• Updated isEmail() to validate display names according to RFC2822
  (#​1004)
• Updated isEmail() to check total email length
  (#​1007)
• The internal toString() util is no longer exported
  (0277eb)
• New and improved locales
  (#​999,
  #​1010,
  #​1017,
  #​1022,
  #​1031,
  #​1032)

10.11.0

• Fix imports like import .. from "validator/lib/.."
  (#​961)
• New locale
  (#​958)

10.10.0

• isISO8601() strict mode now works in the browser
  (#​932)
• New and improved locales
  (#​931,
  #​933,
  #​947,
  #​950)

10.9.0

• Added an option to isURL() to reject email-like URLs
  (#​901)
• Added a strict option to isISO8601()
  (#​910)
• Relaxed isJWT() signature requirements
  (#​906)
• New and improved locales
  (#​899,
  #​904,
  #​913,
  #​916,
  #​925,
  #​928)

10.8.0

• Added isIdentityCard()
  (#​846)
• Better error when validators are passed an invalid type
  (#​895)
• Locales are now exported
  (#​890,
  #​892)
• New locale
  (#​896)

10.7.1

• Ignore case when checking URL protocol
  (#​887)
• Locale fix
  (#​889)

10.7.0

• Added isMagnetURI() to validate magnet URIs
  (#​884)
• Added isJWT() to validate JSON web tokens
  (#​885)

10.6.0

• Updated isMobilePhone() to match any locale's pattern by default
  (#​874)
• Added an option to ignore whitespace in isEmpty()
  (#​880)
• New and improved locales
  (#​878,
  #​879)

10.5.0

• Disabled domain-specific email validation
  (#​873)
• Added support for IP hostnames in isEmail()
  (#​845)
• Added a no_symbols option to isNumeric()
  (#​848)
• Added a no_colons option to isMACAddress()
  (#​849)
• Updated isURL() to reject protocol relative URLs unless a flag is set
  (#​860)
• New and improved locales
  (#​801,
  #​856,
  #​859,
  #​861,
  #​862,
  #​863,
  #​864,
  #​870,
  #​872)

10.4.0

• Added an isIPRange() validator
  (#​842)
• Accept an array of locales in isMobilePhone()
  (#​742)
• New locale
  (#​843)

10.3.0

• Strict Gmail validation in isEmail()
  (#​832)
• New locales
  (#​831,
  #​835,
  #​836)

10.2.0

• Export the list of supported locales in isPostalCode()
  (#​830)

10.1.0

• Added an isISO31661Alpha3() validator
  (#​809)

10.0.0

• Allow floating points in isNumeric()
  (#​810)
• Disallow GMail addresses with multiple consecutive dots, or leading/trailing dots
  (#​820)
• Added an isRFC3339() validator
  (#​816)
• Reject domain parts longer than 63 octets in isFQDN(), isURL() and isEmail()
  (bb3e542)
• Added a new Amex prefix to isCreditCard()
  (#​805)
• Fixed isFloat() min/max/gt/lt filters when a locale with a comma decimal is used
  (2b70821)
• Normalize Yandex emails
  (#​807)
• New locales
  (#​803)

9.4.1

• Patched a REDOS vulnerability in isDataURI
• New and improved locales
  (#​788)

9.4.0

• Added an option to isMobilePhone to require a country code
  (#​769)
• New and improved locales
  (#​785)

9.3.0

• New and improved locales
  (#​763,
  #​768,
  #​774,
  #​777,
  #​779)

9.2.0

• Added an isMimeType() validator
  (#​760)
• New and improved locales
  (#​753,
  #​755,
  #​764)

9.1.2

• Fixed a bug with the isFloat validator
  (#​752)

9.1.1

• Locale fixes
  (#​738,
  #​739)

9.1.0

• Added an isISO31661Alpha2() validator
  (#​734)
• New locales
  (#​735,
  #​737)

9.0.0

• normalizeEmail() no longer validates the email address
  (#​725)
• Added locale-aware validation to isFloat() and isDecimal()
  (#​721)
• Added an isPort() validator
  (#​733)
• New locales
  (#​731)

8.2.0

• Added an isHash() validator
  (#​711)
• Control decimal places in isCurrency()
  (#​713)
• New and improved locales
  (#​700,
  #​701,
  #​714,
  #​715,
  #​718)

8.1.0

• Fix require('validator/lib/isIS8601') calls
  (#​688)
• Added an isLatLong() and isPostalCode() validator
  (#​684)
• Allow comma in email display names
  (#​692)
• Add missing string to unescape()
  (#​690)
• Fix isMobilePhone() with Node <= 6.x
  (#​681)
• New locales
  (#​695)

8.0.0

• isURL() now requires the require_tld: false option to validate localhost
  (#​675)
• isURL() now rejects URLs that are protocol only
  (#​642)
• Fixed a bug where isMobilePhone() would silently return false if the locale was invalid or unsupported
  (#​657)

7.2.0

• Added an option to validate any phone locale
  (#​663)
• Fixed a bug in credit card validation
  (#​672)
• Disallow whitespace, including unicode whitespace, in TLDs
  (#​677)
• New locales
  (#​673,
  #​676)

7.1.0

• Added an isISRC() validator for ISRC
  (#​660)
• Fixed a bug in credit card validation
  (#​670)
• Reduced the maximum allowed address in isEmail() based on
  RFC3696 errata
  (#​655)
• New locales
  (#​647,
  #​667,
  #​667,
  #​671)

7.0.0

• Remove isDate()

6.3.0

• Allow values like -.01 in isFloat()
  (#​618)
• New locales
  (#​616,
  #​622,
  #​627,
  #​630)

6.2.1

• Disallow < and > in URLs
  (#​613)
• New locales
  (#​610)

6.2.0

• Added an option to require an email display name
  (#​607)
• Added support for lt and gt to isInt()
  (#​588)
• New locales
  (#​601)

6.1.0

• Added support for greater or less than in isFloat()
  (#​544)
• Added support for ISSN validation via isISSN()
  (#​593)
• Fixed a bug in normalizeEmail()
  (#​594)
• New locales
  (#​585)

6.0.0

• Renamed isNull() to isEmpty()
  (#​574)
• Backslash is now escaped in escape()
  (#​516)
• Improved normalizeEmail()
  (#​583)
• Allow leading zeroes by default in isInt()
  (#​532)

5.7.0

• Added support for IPv6 in isURL()
  (#​564)
• Added support for urls without a host (e.g. file:///foo.txt) in isURL()
  (#​563)
• Added support for regular expressions in the isURL() host whitelist and blacklist
  (#​562)
• Added support for MasterCard 2-Series BIN
  (#​576)
• New locales
  (#​575,
  #​552)

5.6.0

• Added an isMD5() validator
  (#​557)
• Fixed an exceptional case in isDate()
  (#​566)
• New locales
  (#​559,
  #​568,
  #​571,
  #​573)

5.5.0

• Fixed a regex denial of service in trim() and rtrim()
  (#​556)
• Added an Algerian locale to isMobilePhone()
  (#​540)
• Fixed the Hungarian locale in isAlpha() and isAlphanumeric()
  (#​541)
• Added a Polish locale to isMobilePhone()
  (#​545)

5.4.0

• Accept Union Pay credit cards in isCreditCard()
  (#​539)
• Added Danish locale to isMobilePhone()
  (#​538)
• Added Hungarian locales to isAlpha(), isAlphanumeric() and isMobilePhone()
  (#​537)

5.3.0

• Added an allow_leading_zeroes option to isInt()
  (#​532)
• Adjust Chinese mobile phone validation
  (#​523)
• Added a Canadian locale to isMobilePhone()
  (#​524)

5.2.0

• Added a isDataURI() validator
  (#​521)
• Added Czech locales
  (#​522)
• Fixed a bug with isURL() when protocol was missing and "://" appeared in the query
  (#​518)

5.1.0

• Added a unescape() HTML function
  (#​509)
• Added a Malaysian locale to isMobilePhone()
  (#​507)
• Added Polish locales to isAlpha() and isAlphanumeric()
  (#​506)
• Added Turkish locales to isAlpha(), isAlphanumeric() and isMobilePhone()
  (#​512)
• Allow >1 underscore in hostnames when using allow_underscores
  (#​510)

5.0.0

• Migrate to ES6
  (#​496)
• Break the library up so that individual functions can be imported
  (#​496)
• Remove auto-coercion of input to a string
  (#​496)
• Remove the extend() function
  (#​496)
• Added Arabic locales to isAlpha() and isAlphanumeric()
  ([#​496](https://redirect.github.com/validatorjs/validator.js/pull/496#issue

---

Configuration

📅 Schedule: Branch creation - "" in timezone Asia/Tokyo, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.