Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency validator to v13 [SECURITY] - abandoned #43

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Mar 7, 2022

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
validator ^10.2.0 -> ^13.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2021-3765

validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity


Release Notes

validatorjs/validator.js

v13.7.0

Compare Source

New Features
Fixes and Enhancements
New and Improved Locales
13.6.1
13.5.0 13.5.1

— this release is dedicated to @​dbnandaa 🧒

13.1.17
13.1.1
  • Hotfix for a regex incompatibility in some browsers
    (#​1355
13.1.0
13.0.0
12.2.0
12.1.0
12.0.0
11.1.0
11.0.0
10.11.0
  • Fix imports like import .. from "validator/lib/.."
    (#​961)
  • New locale
    (#​958)
10.10.0
10.9.0
10.8.0
10.7.1
  • Ignore case when checking URL protocol
    (#​887)
  • Locale fix
    (#​889)
10.7.0
10.6.0
  • Updated isMobilePhone() to match any locale's pattern by default
    (#​874)
  • Added an option to ignore whitespace in isEmpty()
    (#​880)
  • New and improved locales
    (#​878,
    #​879)
10.5.0
10.4.0
  • Added an isIPRange() validator
    (#​842)
  • Accept an array of locales in isMobilePhone()
    (#​742)
  • New locale
    (#​843)
10.3.0
10.2.0
  • Export the list of supported locales in isPostalCode()
    (#​830)
10.1.0
  • Added an isISO31661Alpha3() validator
    (#​809)
10.0.0
  • Allow floating points in isNumeric()
    (#​810)
  • Disallow GMail addresses with multiple consecutive dots, or leading/trailing dots
    (#​820)
  • Added an isRFC3339() validator
    (#​816)
  • Reject domain parts longer than 63 octets in isFQDN(), isURL() and isEmail()
    (bb3e542)
  • Added a new Amex prefix to isCreditCard()
    (#​805)
  • Fixed isFloat() min/max/gt/lt filters when a locale with a comma decimal is used
    (2b70821)
  • Normalize Yandex emails
    (#​807)
  • New locales
    (#​803)
9.4.1
  • Patched a REDOS vulnerability in isDataURI
  • New and improved locales
    (#​788)
9.4.0
  • Added an option to isMobilePhone to require a country code
    (#​769)
  • New and improved locales
    (#​785)
9.3.0
9.2.0
9.1.2
  • Fixed a bug with the isFloat validator
    (#​752)
9.1.1
9.1.0
9.0.0
  • normalizeEmail() no longer validates the email address
    (#​725)
  • Added locale-aware validation to isFloat() and isDecimal()
    (#​721)
  • Added an isPort() validator
    (#​733)
  • New locales
    (#​731)
8.2.0
8.1.0
  • Fix require('validator/lib/isIS8601') calls
    (#​688)
  • Added an isLatLong() and isPostalCode() validator
    (#​684)
  • Allow comma in email display names
    (#​692)
  • Add missing string to unescape()
    (#​690)
  • Fix isMobilePhone() with Node <= 6.x
    (#​681)
  • New locales
    (#​695)
8.0.0
  • isURL() now requires the require_tld: false option to validate localhost
    (#​675)
  • isURL() now rejects URLs that are protocol only
    (#​642)
  • Fixed a bug where isMobilePhone() would silently return false if the locale was invalid or unsupported
    (#​657)
7.2.0
  • Added an option to validate any phone locale
    (#​663)
  • Fixed a bug in credit card validation
    (#​672)
  • Disallow whitespace, including unicode whitespace, in TLDs
    (#​677)
  • New locales
    (#​673,
    #​676)
7.1.0
7.0.0
  • Remove isDate()
6.3.0
6.2.1
6.2.0
  • Added an option to require an email display name
    (#​607)
  • Added support for lt and gt to isInt()
    (#​588)
  • New locales
    (#​601)
6.1.0
  • Added support for greater or less than in isFloat()
    (#​544)
  • Added support for ISSN validation via isISSN()
    (#​593)
  • Fixed a bug in normalizeEmail()
    (#​594)
  • New locales
    (#​585)
6.0.0
  • Renamed isNull() to isEmpty()
    (#​574)
  • Backslash is now escaped in escape()
    (#​516)
  • Improved normalizeEmail()
    (#​583)
  • Allow leading zeroes by default in isInt()
    (#​532)
5.7.0
  • Added support for IPv6 in isURL()
    (#​564)
  • Added support for urls without a host (e.g. file:///foo.txt) in isURL()
    (#​563)
  • Added support for regular expressions in the isURL() host whitelist and blacklist
    (#​562)
  • Added support for MasterCard 2-Series BIN
    (#​576)
  • New locales
    (#​575,
    #​552)
5.6.0
5.5.0
  • Fixed a regex denial of service in trim() and rtrim()
    (#​556)
  • Added an Algerian locale to isMobilePhone()
    (#​540)
  • Fixed the Hungarian locale in isAlpha() and isAlphanumeric()
    (#​541)
  • Added a Polish locale to isMobilePhone()
    (#​545)
5.4.0
  • Accept Union Pay credit cards in isCreditCard()
    (#​539)
  • Added Danish locale to isMobilePhone()
    (#​538)
  • Added Hungarian locales to isAlpha(), isAlphanumeric() and isMobilePhone()
    (#​537)
5.3.0
  • Added an allow_leading_zeroes option to isInt()
    (#​532)
  • Adjust Chinese mobile phone validation
    (#​523)
  • Added a Canadian locale to isMobilePhone()
    (#​524)
5.2.0
  • Added a isDataURI() validator
    (#​521)
  • Added Czech locales
    (#​522)
  • Fixed a bug with isURL() when protocol was missing and "://" appeared in the query
    (#​518)
5.1.0
  • Added a unescape() HTML function
    (#​509)
  • Added a Malaysian locale to isMobilePhone()
    (#​507)
  • Added Polish locales to isAlpha() and isAlphanumeric()
    (#​506)
  • Added Turkish locales to isAlpha(), isAlphanumeric() and isMobilePhone()
    (#​512)
  • Allow >1 underscore in hostnames when using allow_underscores
    (#​510)
5.0.0
  • Migrate to ES6
    (#​496)
  • Break the library up so that individual functions can be imported
    (#​496)
  • Remove auto-coercion of input to a string
    (#​496)
  • Remove the extend() function
    (#​496)
  • Added Arabic locales to isAlpha() and isAlphanumeric()
    (#​496)
  • Fix validation of very large base64 strings
    (#​503)
4.9.0
  • Added a Russian locale to isAlpha() and isAlphanumeric()
    (#​499)
  • Remove the restriction on adjacent hyphens in hostnames
    (#​500)
4.8.0
  • Added Spanish, French, Portuguese and Dutch support for isAlpha() and isAlphanumeric()
    (#​492)
  • Added a Brazilian locale to isMobilePhone()
    (#​489)
  • Reject IPv4 addresses with invalid zero padding
    (#​490)
  • Fix the client-side version when used with RequireJS
    (#​494)
4.7.1
4.7.0
  • Print a deprecation warning if validator input is not a string
    (1f67e1e).
    Note that this will be an error in v5.
  • Added a German locale to isMobilePhone(), isAlpha() and isAlphanumeric()
    (#​477)
  • Added a Finnish locale to isMobilePhone()
    (#​455)
4.6.1
  • Fix coercion of objects: Object.toString() is [object Object] not ""
    (a57f3c8)
4.6.0
  • Added a Spanish locale to isMobilePhone()
    (#​481)
  • Fix string coercion of objects created with Object.create(null)
    (#​484)
4.5.2
  • Fix a timezone issue with short-form ISO 8601 dates, e.g.
    validator.isDate('2011-12-21')
    (#​480)
4.5.1
  • Make isLength() / isByteLength() accept {min, max} as options object.
    (#​474)
4.5.0
  • Add validation for Indian mobile phone numbers
    (#​471)
  • Tweak Greek and Chinese mobile phone validation
    (#​467,
    #​468)
  • Fixed a bug in isDate() when validating ISO 8601 dates without a timezone
    (#​472)
4.4.1
  • Allow triple hyphens in IDNA hostnames
    (#​466)
4.4.0
  • Added isMACAddress() validator
    (#​458)
  • Added isWhitelisted() validator
    (#​462)
  • Added a New Zealand locale to isMobilePhone()
    (#​452)
  • Added options to control GMail address normalization
    (#​460)
4.3.0
  • Support Ember CLI module definitions
    (#​448)
  • Added a Vietnam locale to isMobilePhone()
    (#​451)
4.2.1
  • Fix isDate() handling of RFC2822 timezones
    (#​447)
4.2.0
  • Fix isDate() handling of ISO8601 timezones
    (#​444)
  • Fix the incorrect isFloat('.') === true
    ([#​443]

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate
Copy link
Author

renovate bot commented Mar 24, 2023

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@renovate renovate bot changed the title Update dependency validator to v13 [SECURITY] Update dependency validator to v13 [SECURITY] - abandoned May 28, 2023
@renovate
Copy link
Author

renovate bot commented May 28, 2023

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant