Update dependency validator to v13

[dev-mend-for-github-com]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
validator	dependencies	major	^9.0.0 → ^13.0.0
validator	dependencies	major	^9.4.1 → ^13.0.0

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	Vulnerability	Reachability
High	7.5	CVE-2021-3765

---

Release Notes

validatorjs/validator.js (validator)

v13.7.0

Compare Source

New Features

• #​1706 isISO4217, currency code validator @​jpaya17

Fixes and Enhancements

• #​1647 isFQDN: add allow_wildcard option @​fasenderos
• #​1654 isRFC3339: Disallow prepended and appended strings to RFC 3339 date-time @​jmacmahon
• #​1658 maintenance: increase code coverage @​tux-tn
• #​1669 IBAN export list of country codes that implement IBAN @​dror-heller @​fedeci
• #​1676 isBoolean: add loose option @​brybrophy
• #​1697 maintenance: fix npm installation error @​rubiin
• #​1708 isISO31661Alpha3: perf @​jpaya17
• #​1711 isDate: allow users to strictly validate dates with . as delimiter @​flymans
• #​1715 isCreditCard: fix for Union Pay cards @​shreyassai123
• #​1718 isEmail: replace all dots in GMail length validation @​DasDingGehtNicht
• #​1721 isURL: add allow_fragments and allow_query_components @​cowboy-bebug
• #​1724 isISO31661Alpha2: perf @​jpaya17
• #​1730 isMagnetURI @​tux-tn
• #​1738 rtrim: remove regex to prevent ReDOS attack @​tux-tn
• #​1747 maintenance: run scripts in parallel for build and clean @​sachinraja
• #​1748 isURL: higher priority to whitelist @​deepanshu2506
• #​1751 isURL: allow url with colon and no port @​MatteoPierro
• #​1777 isUUID: fix for null version argument @​theteladras
• #​1799 isFQDN: check more special chars @​MatteoPierro
• #​1833 isURL: allow URL with an empty user @​MiguelSavignano
• #​1835 unescape: fixed bug where intermediate string contains escaped @​Marcholio
• #​1836 contains: can check that string contains seed multiple times @​Marcholio
• #​1844 docs: add CDN instructions @​luiscobits
• #​1848 isUUID: add support for validation of v1 and v2 @​theteladras
• #​1941 isEmail: add host_blacklist option @​fedeci

New and Improved Locales

• isAlpha, isAlphanumeric:

  • #​1716 hi-IN @​MiKr13
  • #​1837 fi-FI @​Marcholio

• isPassportNumber:

  • #​1656 ID @​rubiin
  • #​1714 CN @​anirudhgiri
  • #​1809 PL @​Ronqn
  • #​1810 RU @​Theta-Dev

• isPostalCode:

  • #​1788 LK @​nimanthadilz

• isIdentityCard:

  • #​1657 TH @​tithanayut
  • #​1745 PL @​wiktorwojcik112 @​fedeci @​tux-tn
  • #​1786 LK @​nimanthadilz @​tux-tn
  • #​1838 FI @​Marcholio

• isMobilePhone:

  • #​1679 de-DE @​AnnaMariaJansen
  • #​1689 vi-VN @​luisrivas
  • #​1695 #​1682 zh-CN @​laulujan @​yisibl
  • #​1734 es-VE @​islasjuanp
  • #​1746 nl-BE @​divikshrivastava
  • #​1765 es-CU @​pasagedev
  • #​1766 es-SV, @​hereje
  • #​1767 ar-PS, @​brendan-c
  • #​1769 en-BM @​HackProAIT
  • #​1770 dz-BT @​lakshayr003
  • #​1771 en-BW, @​mgndolan
  • #​1772 fr-CM @​beckettnormington
  • #​1778 en-PK @​ammad20120 @​tux-tn
  • #​1780 tk-TM, @​Husan-Eshonqulov
  • #​1784 en-GY, @​mfkrause
  • #​1785 si-LK @​Madhavi96
  • #​1797 fr-PF, @​hereje
  • #​1820 en-KI, @​c-tanner
  • #​1826 hu-HU @​danielTiringer
  • #​1834 fr-BF, en-NA @​lakshayr003
  • #​1846 tg-TJ @​mgnss

• isLicensePlate:

  • #​1565 cs-CZ @​filiptronicek
  • #​1790 fi-FI @​Marcholio

• isVAT:

  • #​1825 NL @​zeno4ever

13.6.1

• New features:

  • #​1495 isLicensePlate @​firlus

• Fixes and Enhancements:

  • #​1651 fix ReDOS vulnerabilities in isHSL and isEmail @​tux-tn
  • #​1644 isURL: Allow URLs to have only a username in the userinfo subcomponent @​jbuchmann-coosto
  • #​1633 isISIN: optimization @​bmacnaughton
  • #​1632 isIP: improved pattern for IPv4 and IPv6 @​ognjenjevremovic
  • #​1625 fix [A-z] regex range on some validators @​bmacnaughton
  • #​1620 fix docs @​prahaladbelavadi
  • #​1616 isMacAddress: improve regexes and options @​fedeci
  • #​1603 fix ReDOS vulnerabilities in isSlug and rtrim @​fedeci
  • #​1594 isIPRange: add support for IPv6 @​neilime
  • #​1577 isEAN: add support for EAN-14 @​varsubham @​tux-tn
  • #​1566 isStrongPassword: add @ as a valid symbol @​stingalleman
  • #​1548 isBtcAddress: add base58 @​ezkemboi
  • #​1546 isFQDN: numeric domain names @​tux-tn

• New and Improved locales:

  • isIdentityCard, isPassportNumber:
    • #​1595 IR @​mhf-ir @​fedeci
    • #​1583 ar-LY @​asghaier76 @​tux-tn
    • #​1574 MY @​stranger26 @​tux-tn
  • isMobilePhone:
    • #​1642 zh-CN @​Akira0705
    • #​1638 lv-LV @​AntonLukichev
    • #​1635 en-GH @​ankorGH
    • #​1604 mz-MZ @​salmento @​tux-tn
    • #​1575 vi-VN @​kyled7
    • #​1573 en-SG @​liliwei25
    • #​1554 de-CH, fr-CH, it-CH @​dinfekted
    • #​1541 #​1623 es-CO @​ezkemboi @​tux-tn
    • #​1506 ar-OM @​dev-sna
    • #​1505 pt-AO @​AdilsonFuxe
  • isPostalCode:
    • #​1628 KR @​greatSumini
  • isTaxID:
    • #​1613 pt-BR @​mschunke
    • #​1529 el-GR @​dspinellis
  • isVAT:
    • #​1536 IT @​fedeci

13.5.0 13.5.1

• New features:

  • isVAT #​1463 @​ CodingNagger
  • isTaxID #​1446 @​tplessas
  • isBase58 #​1445 @​ezkemboi
  • isStrongPassword #​1348 @​door-bell

• Fixes and Enhancements:

  • #​1486 isISO8601: add strictSeparator @​brostone51
  • #​1474 isFQDN: make more strict @​CristhianMotoche
  • #​1469 isFQDN: allow_underscore option @​gibson042
  • #​1449 isEmail: character blacklisting @​rubiin
  • #​1436 isURL: added require_port option @​yshanli
  • #​1435 isEmail: respect ignore_max_length option @​evantahler
  • #​1402 isDate: add strictMode and prevent mixed delimiters @​tux-tn
  • #​1286 isAlpha: support ignore option @​mum-never-proud

• New and Improved locales:

  • isAlpha, isAlphanumeric:
    • #​1528 multiple fixes @​tux-tn @​purell
    • #​1513 id-ID and docs update @​bekicot
    • #​1484 #​1481 th-TH @​ipiranhaa
    • #​1455 fa-IR @​fakhrip
    • #​1447 az-AZ @​saidfagan
  • isMobilePhone:
    • #​1521 ar-MA @​artpumpkin
    • #​1492 de-LU,it-SM, sq-AL and ga-IE @​firlus
    • #​1487 en-HN @​jehielmartinez
    • #​1473 ar-LB, es-PE, ka-GE @​rubiin
    • #​1470 es-DO @​devrasec
    • #​1460 es-BO @​rubiin
    • #​1444 es-AR @​csrgt
    • #​1407 pt-BR @​viniciushvsilva
  • isPostalCode:
    • #​1534 CN @​httpsbao
    • #​1515 IR @​masoudDaliriyan
    • #​1502 SG, MY @​stranger26
    • #​1480 TH @​ipiranhaa
    • #​1459 BY @​rubiin
    • #​1456 DO and HT @​yomed
  • isPassportNumber:
    • #​1468 BY @​zenby
    • #​1467 RU @​dkochetkov

_{— this release is dedicated to @​dbnandaa 🧒}

13.1.17

• New features:

  • None

• Fixes and chores:

  • #​1425 fix validation for userinfo part for isURL @​heanzyzabala
  • #​1419 fix isBase32 and isBase64 to validate empty strings properly @​AberDerBart
  • #​1408 tests for isTaxId @​dspinellis
  • #​1397 added validate_length option for isURL @​tomgrossman
  • #​1383 #​1428 doc typos @​0xflotus @​timgates42
  • #​1376 add missing tests and switch to Coverall @​tux-tn
  • #​1373 improve code coverage @​ezkemboi
  • #​1357 add Node v6 on build pipeline @​profnandaa

• New and Improved locales:

  • isMobilePhone:
    • #​1439 az-AZ @​saidfagan
    • #​1420 uz-Uz @​icyice0217
    • #​1391 de-DE @​heanzyzabala
    • #​1388 en-PH @​stinkymonkeyph
    • #​1370 es-ES @​rubiin
    • #​1356 bs-BA @​MladenZeljic
    • #​1303 zh-CN @​heathcliff-hu
  • isPostalCode:
    • #​1439 AZ @​saidfagan
    • #​1370 ES @​rubiin
    • #​1367 IL @​rubiin
  • isAlpha, isAlphanumeric:
    • #​1411 fa-AF, fa-IR @​stinkymonkeyph
    • #​1371 vi-VN @​rubiin
  • isBAN:
    • #​1394 EG, SV @​heanzyzabala
  • isIdentityCard:
    • #​1384 IT @​lorenzodb1

13.1.1

• Hotfix for a regex incompatibility in some browsers
  (#​1355

13.1.0

• Added an isIMEI() validator
  (#​1346)
• Added an isDate() validator
  (#​1270)
• Added an isTaxID() validator
  (#​1336)
• Added DMS support to isLatLong()
  (#​1340)
• Added support for URL-safe base64 validation
  (#​1277)
• Added support for primitives in isJSON()
  (#​1328)
• Added support for case-insensitive matching to contains()
  (#​1334)
• Support additional cards in isCreditCard()
  (#​1177)
• Support additional currencies in isCurrency()
  (#​1306)
• Fixed isFQDN() handling of certain special chars
  (#​1091)
• Fixed a bug in isSlug()
  (#​1338)
• New and improved locales
  (#​1112,
  #​1167,
  #​1198,
  #​1199,
  #​1273,
  #​1279,
  #​1281,
  #​1293,
  #​1294,
  #​1311,
  #​1312,
  #​1313,
  #​1314,
  #​1315,
  #​1317,
  #​1322,
  #​1324,
  #​1330,
  #​1337)

13.0.0

• Added isEthereumAddress() validator
  to validate Ethereum addresses
  (#​1117)
• Added isBtcAddress() validator
  to validate Bitcoin addresses
  (#​1163)
• Added isIBAN() validator
  to validate International Bank Account Numbers
  (#​1243)
• Added isEAN() validator
  to validate International Article Numbers
  (#​1244)
• Added isSemVer() validator
  to validate Semantic Version Numbers
  (#​1246)
• Added isPassportNumber() validator
  (#​1250)
• Added isRgbColor() validator
  (#​1141)
• Added isHSL() validator
  (#​1159)
• Added isLocale() validator
  (#​1072)
• Improved the isIP() validator
  (#​1211)
• Improved the isMACAddress() validator
  (#​1267)
• New and improved locales
  (#​1238,
  #​1265)

12.2.0

• Support CSS Colors Level 4 spec
  (#​1233)
• Improve the toFloat() sanitizer
  (#​1227)
• New and improved locales
  (#​1200,
  #​1207,
  #​1213,
  #​1217,
  #​1234)

12.1.0

• ES module for webpack tree shaking
  (#​1015)
• Updated isIP() to accept scoped IPv6 addresses
  (#​1160)
• New and improved locales
  (#​1162,
  #​1183,
  #​1187,
  #​1191)

12.0.0

• Added isOctal() validator
  (#​1153)
• Added isSlug() validator
  (#​1096)
• Added isBIC() validator for bank identification codes
  (#​1071)
• Allow uppercase chars in isHash()
  (#​1062)
• Allow additional prefixes in isHexadecimal()
  (#​1147)
• Allow additional separators in isMACAddress()
  (#​1065)
• Better defaults for isLength()
  (#​1070)
• Bug fixes
  (#​1074)
• New and improved locales
  (#​1059,
  #​1060,
  #​1069,
  #​1073,
  #​1082,
  #​1092,
  #​1121,
  #​1125,
  #​1132,
  #​1152,
  #​1165,
  #​1166,
  #​1174)

11.1.0

• Code coverage improvements
  (#​1024)
• New and improved locales
  (#​1035,
  #​1040,
  #​1041,
  #​1048,
  #​1049,
  #​1052,
  #​1054,
  #​1055,
  #​1056,
  #​1057)

11.0.0

• Added a isBase32() validator
  (#​1023)
• Updated isEmail() to validate display names according to RFC2822
  (#​1004)
• Updated isEmail() to check total email length
  (#​1007)
• The internal toString() util is no longer exported
  (0277eb)
• New and improved locales
  (#​999,
  #​1010,
  #​1017,
  #​1022,
  #​1031,
  #​1032)

10.11.0

• Fix imports like import .. from "validator/lib/.."
  (#​961)
• New locale
  (#​958)

10.10.0

• isISO8601() strict mode now works in the browser
  (#​932)
• New and improved locales
  (#​931,
  #​933,
  #​947,
  #​950)

10.9.0

• Added an option to isURL() to reject email-like URLs
  (#​901)
• Added a strict option to isISO8601()
  (#​910)
• Relaxed isJWT() signature requirements
  (#​906)
• New and improved locales
  (#​899,
  #​904,
  #​913,
  #​916,
  #​925,
  #​928)

10.8.0

• Added isIdentityCard()
  (#​846)
• Better error when validators are passed an invalid type
  (#​895)
• Locales are now exported
  (#​890,
  #​892)
• New locale
  (#​896)

10.7.1

• Ignore case when checking URL protocol
  (#​887)
• Locale fix
  (#​889)

10.7.0

• Added isMagnetURI() to validate magnet URIs
  (#​884)
• Added isJWT() to validate JSON web tokens
  (#​885)

10.6.0

• Updated isMobilePhone() to match any locale's pattern by default
  (#​874)
• Added an option to ignore whitespace in isEmpty()
  (#​880)
• New and improved locales
  (#​878,
  #​879)

10.5.0

• Disabled domain-specific email validation
  (#​873)
• Added support for IP hostnames in isEmail()
  (#​845)
• Added a no_symbols option to isNumeric()
  (#​848)
• Added a no_colons option to isMACAddress()
  (#​849)
• Updated isURL() to reject protocol relative URLs unless a flag is set
  (#​860)
• New and improved locales
  (#​801,
  #​856,
  #​859,
  #​861,
  #​862,
  #​863,
  #​864,
  #​870,
  #​872)

10.4.0

• Added an isIPRange() validator
  (#​842)
• Accept an array of locales in isMobilePhone()
  (#​742)
• New locale
  (#​843)

10.3.0

• Strict Gmail validation in isEmail()
  (#​832)
• New locales
  (#​831,
  #​835,
  #​836)

10.2.0

• Export the list of supported locales in isPostalCode()
  (#​830)

10.1.0

• Added an isISO31661Alpha3() validator
  (#​809)

10.0.0

• Allow floating points in isNumeric()
  (#​810)
• Disallow GMail addresses with multiple consecutive dots, or leading/trailing dots
  (#​820)
• Added an isRFC3339() validator
  (#​816)
• Reject domain parts longer than 63 octets in isFQDN(), isURL() and isEmail()
  (bb3e542)
• Added a new Amex prefix to isCreditCard()
  (#​805)
• Fixed isFloat() min/max/gt/lt filters when a locale with a comma decimal is used
  (2b70821)
• Normalize Yandex emails
  (#​807)
• New locales
  (#​803)

9.4.1

• Patched a REDOS vulnerability in isDataURI
• New and improved locales
  (#​788)

9.4.0

• Added an option to isMobilePhone to require a country code
  (#​769)
• New and improved locales
  (#​785)

9.3.0

• New and improved locales
  (#​763,
  #​768,
  #​774,
  #​777,
  #​779)

9.2.0

• Added an isMimeType() validator
  (#​760)
• New and improved locales
  (#​753,
  #​755,
  #​764)

9.1.2

• Fixed a bug with the isFloat validator
  (#​752)

9.1.1

• Locale fixes
  (#​738,
  #​739)

9.1.0

• Added an isISO31661Alpha2() validator
  (#​734)
• New locales
  (#​735,
  #​737)

9.0.0

• normalizeEmail() no longer validates the email address
  (#​725)
• Added locale-aware validation to isFloat() and isDecimal()
  (#​721)
• Added an isPort() validator
  (#​733)
• New locales
  (#​731)

8.2.0

• Added an isHash() validator
  (#​711)
• Control decimal places in isCurrency()
  (#​713)
• New and improved locales
  (#​700,
  #​701,
  #​714,
  #​715,
  #​718)

8.1.0

• Fix require('validator/lib/isIS8601') calls
  (#​688)
• Added an isLatLong() and isPostalCode() validator
  (#​684)
• Allow comma in email display names
  (#​692)
• Add missing string to unescape()
  (#​690)
• Fix isMobilePhone() with Node <= 6.x
  (#​681)
• New locales
  (#​695)

8.0.0

• isURL() now requires the require_tld: false option to validate localhost
  (#​675)
• isURL() now rejects URLs that are protocol only
  (#​642)
• Fixed a bug where isMobilePhone() would silently return false if the locale was invalid or unsupported
  (#​657)

7.2.0

• Added an option to validate any phone locale
  (#​663)
• Fixed a bug in credit card validation
  (#​672)
• Disallow whitespace, including unicode whitespace, in TLDs
  (#​677)
• New locales
  (#​673,
  #​676)

7.1.0

• Added an isISRC() validator for ISRC
  (#​660)
• Fixed a bug in credit card validation
  (#​670)
• Reduced the maximum allowed address in isEmail() based on
  RFC3696 errata
  (#​655)
• New locales
  (#​647,
  #​667,
  #​667,
  #​671)

7.0.0

• Remove isDate()

6.3.0

• Allow values like -.01 in isFloat()
  (#​618)
• New locales
  (#​616,
  #​622,
  #​627,
  #​630)

6.2.1

• Disallow < and > in URLs
  (#​613)
• New locales
  (#​610)

6.2.0

• Added an option to require an email display name
  (#​607)
• Added support for lt and gt to isInt()
  (#​588)
• New locales
  (#​601)

6.1.0

• Added support for greater or less than in isFloat()
  (#​544)
• Added support for ISSN validation via isISSN()
  (#​593)
• Fixed a bug in normalizeEmail()
  (#​594)
• New locales
  (#​585)

6.0.0

• Renamed isNull() to isEmpty()
  (#​574)
• Backslash is now escaped in escape()
  (#​516)
• Improved normalizeEmail()
  (#​583)
• Allow leading zeroes by default in isInt()
  (#​532)

5.7.0

• Added support for IPv6 in isURL()
  (#​564)
• Added support for urls without a host (e.g. file:///foo.txt) in isURL()
  (#​563)
• Added support for regular expressions in the isURL() host whitelist and blacklist
  (#​562)
• Added support for MasterCard 2-Series BIN
  (#​576)
• New locales
  (#​575,
  #​552)

5.6.0

• Added an isMD5() validator
  (#​557)
• Fixed an exceptional case in isDate()
  (#​566)
• New locales
  (#​559,
  #​568,
  #​571,
  #​573)

5.5.0

• Fixed a regex denial of service in trim() and rtrim()
  (#​556)
• Added an Algerian locale to isMobilePhone()
  (#​540)
• Fixed the Hungarian locale in isAlpha() and isAlphanumeric()
  (#​541)
• Added a Polish locale to isMobilePhone()
  (#​545)

5.4.0

• Accept Union Pay credit cards in isCreditCard()
  (#​539)
• Added Danish locale to isMobilePhone()
  (#​538)
• Added Hungarian locales to isAlpha(), isAlphanumeric() and isMobilePhone()
  (#​537)

5.3.0

• Added an allow_leading_zeroes option to isInt()
  (#​532)
• Adjust Chinese mobile phone validation
  (#​523)
• Added a Canadian locale to isMobilePhone()
  (#​524)

5.2.0

• Added a isDataURI() validator
  (#​521)
• Added Czech locales
  (#​522)
• Fixed a bug with isURL() when protocol was missing and "://" appeared in the query
  (#​518)

5.1.0

• Added a unescape() HTML function
  (#​509)
• Added a Malaysian locale to isMobilePhone()
  (#​507)
• Added Polish locales to isAlpha() and isAlphanumeric()
  (#​506)
• Added Turkish locales to isAlpha(), isAlphanumeric() and isMobilePhone()
  (#​512)
• Allow >1 underscore in hostnames when using allow_underscores
  (#​510)

5.0.0

• Migrate to ES6
  (#​496)
• Break the library up so that individual functions can be imported
  (#​496)
• Remove auto-coercion of input to a string
  (#​496)
• Remove the extend() function
  (#​496)
• Added Arabic locales to isAlpha() and isAlphanumeric()
  (#​496)
• Fix validation of very large base64 strings
  (#​503)

4.9.0

• Added a Russian locale to isAlpha() and isAlphanumeric()
  (#​499)
• Remove the restriction on adjacent hyphens in hostnames
  (#​500)

4.8.0

• Added Spanish, French, Por