frontend-app-admin-portal icon indicating copy to clipboard operation
frontend-app-admin-portal copied to clipboard

Published 20 hours ago verified publisher icon openedx

fix(deps): update dependency validator to v13 [security]

Open renovate[bot] opened this issue 3 years ago • 2 comments

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
validator 10.11.0 -> 13.7.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2021-3765

validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity

Release Notes

validatorjs/validator.js (validator)

v13.7.0

Compare Source

New Features
Fixes and Enhancements
New and Improved Locales
13.6.1
~~13.5.0~~ 13.5.1

— this release is dedicated to @​dbnandaa 🧒

13.1.17
13.1.1
  • Hotfix for a regex incompatibility in some browsers (#​1355
13.1.0
13.0.0
12.2.0
12.1.0
12.0.0
11.1.0
11.0.0
10.11.0
  • Fix imports like import .. from "validator/lib/.." (#​961)
  • New locale (#​958)
10.10.0
10.9.0
10.8.0
10.7.1
  • Ignore case when checking URL protocol (#​887)
  • Locale fix (#​889)
10.7.0
10.6.0
  • Updated isMobilePhone() to match any locale's pattern by default (#​874)
  • Added an option to ignore whitespace in isEmpty() (#​880)
  • New and improved locales (#​878, #​879)
10.5.0
10.4.0
  • Added an isIPRange() validator (#​842)
  • Accept an array of locales in isMobilePhone() (#​742)
  • New locale (#​843)
10.3.0
10.2.0
  • Export the list of supported locales in isPostalCode() (#​830)
10.1.0
  • Added an isISO31661Alpha3() validator (#​809)
10.0.0
  • Allow floating points in isNumeric() (#​810)
  • Disallow GMail addresses with multiple consecutive dots, or leading/trailing dots (#​820)
  • Added an isRFC3339() validator (#​816)
  • Reject domain parts longer than 63 octets in isFQDN(), isURL() and isEmail() (bb3e542)
  • Added a new Amex prefix to isCreditCard() (#​805)
  • Fixed isFloat() min/max/gt/lt filters when a locale with a comma decimal is used (2b70821)
  • Normalize Yandex emails (#​807)
  • New locales (#​803)
9.4.1
  • Patched a REDOS vulnerability in isDataURI
  • New and improved locales (#​788)
9.4.0
  • Added an option to isMobilePhone to require a country code (#​769)
  • New and improved locales (#​785)
9.3.0
9.2.0
9.1.2
  • Fixed a bug with the isFloat validator (#​752)
9.1.1
9.1.0
9.0.0
  • normalizeEmail() no longer validates the email address (#​725)
  • Added locale-aware validation to isFloat() and isDecimal() (#​721)
  • Added an isPort() validator (#​733)
  • New locales (#​731)
8.2.0
8.1.0
  • Fix require('validator/lib/isIS8601') calls (#​688)
  • Added an isLatLong() and isPostalCode() validator (#​684)
  • Allow comma in email display names (#​692)
  • Add missing string to unescape() (#​690)
  • Fix isMobilePhone() with Node <= 6.x (#​681)
  • New locales (#​695)
8.0.0
  • isURL() now requires the require_tld: false option to validate localhost (#​675)
  • isURL() now rejects URLs that are protocol only (#​642)
  • Fixed a bug where isMobilePhone() would silently return false if the locale was invalid or unsupported (#​657)
7.2.0
  • Added an option to validate any phone locale (#​663)
  • Fixed a bug in credit card validation (#​672)
  • Disallow whitespace, including unicode whitespace, in TLDs (#​677)
  • New locales (#​673, #​676)
7.1.0
7.0.0
  • Remove isDate()
6.3.0
6.2.1
6.2.0
  • Added an option to require an email display name (#​607)
  • Added support for lt and gt to isInt() (#​588)
  • New locales (#​601)
6.1.0
  • Added support for greater or less than in isFloat() (#​544)
  • Added support for ISSN validation via isISSN() (#​593)
  • Fixed a bug in normalizeEmail() (#​594)
  • New locales (#​585)
6.0.0
  • Renamed isNull() to isEmpty() (#​574)
  • Backslash is now escaped in escape() (#​516)
  • Improved normalizeEmail() (#​583)
  • Allow leading zeroes by default in isInt() (#​532)
5.7.0
  • Added support for IPv6 in isURL() (#​564)
  • Added support for urls without a host (e.g. file:///foo.txt) in isURL() (#​563)
  • Added support for regular expressions in the isURL() host whitelist and blacklist (#​562)
  • Added support for MasterCard 2-Series BIN (#​576)
  • New locales (#​575, #​552)
5.6.0
5.5.0
  • Fixed a regex denial of service in trim() and rtrim() (#​556)
  • Added an Algerian locale to isMobilePhone() (#​540)
  • Fixed the Hungarian locale in isAlpha() and isAlphanumeric() (#​541)
  • Added a Polish locale to isMobilePhone() (#​545)
5.4.0
  • Accept Union Pay credit cards in isCreditCard() (#​539)
  • Added Danish locale to isMobilePhone() (#​538)
  • Added Hungarian locales to isAlpha(), isAlphanumeric() and isMobilePhone() (#​537)
5.3.0
  • Added an allow_leading_zeroes option to isInt() (#​532)
  • Adjust Chinese mobile phone validation (#​523)
  • Added a Canadian locale to isMobilePhone() (#​524)
5.2.0
  • Added a isDataURI() validator (#​521)
  • Added Czech locales (#​522)
  • Fixed a bug with isURL() when protocol was missing and "://" appeared in the query (#​518)
5.1.0
  • Added a unescape() HTML function (#​509)
  • Added a Malaysian locale to isMobilePhone() (#​507)
  • Added Polish locales to isAlpha() and isAlphanumeric() (#​506)
  • Added Turkish locales to isAlpha(), isAlphanumeric() and isMobilePhone() (#​512)
  • Allow >1 underscore in hostnames when using allow_underscores (#​510)
5.0.0
  • Migrate to ES6 (#​496)
  • Break the library up so that individual functions can be imported (#​496)
  • Remove auto-coercion of input to a string (#​496)
  • Remove the extend() function (#​496)
  • Added Arabic locales to isAlpha() and isAlphanumeric() (#​496)
  • Fix validation of very large base64 strings (#​503)
4.9.0
  • Added a Russian locale to isAlpha() and isAlphanumeric() (#​499)
  • Remove the restriction on adjacent hyphens in hostnames (#​500)
4.8.0
  • Added Spanish, French, Portuguese and Dutch support for isAlpha() and isAlphanumeric() (#​492)
  • Added a Brazilian locale to isMobilePhone() (#​489)
  • Reject IPv4 addresses with invalid zero padding (#​490)
  • Fix the client-side version when used with RequireJS (#​494)
4.7.1
4.7.0
  • Print a deprecation warning if validator input is not a string (1f67e1e). Note that this will be an error in v5.
  • Added a German locale to isMobilePhone(), isAlpha() and isAlphanumeric() (#​477)
  • Added a Finnish locale to isMobilePhone() (#​455)
4.6.1
  • Fix coercion of objects: Object.toString() is [object Object] not "" (a57f3c8)
4.6.0
  • Added a Spanish locale to isMobilePhone() (#​481)
  • Fix string coercion of objects created with Object.create(null) (#​484)
4.5.2
  • Fix a timezone issue with short-form ISO 8601 dates, e.g. validator.isDate('2011-12-21') (#​480)
4.5.1
  • Make isLength() / isByteLength() accept {min, max} as options object. (#​474)
4.5.0
  • Add validation for Indian mobile phone numbers (#​471)
  • Tweak Greek and Chinese mobile phone validation (#​467, #​468)
  • Fixed a bug in isDate() when validating ISO 8601 dates without a timezone (#​472)
4.4.1
  • Allow triple hyphens in IDNA hostnames (#​466)
4.4.0
  • Added isMACAddress() validator (#​458)
  • Added isWhitelisted() validator (#​462)
  • Added a New Zealand locale to isMobilePhone() (#​452)
  • Added options to control GMail address normalization (#​460)
4.3.0
  • Support Ember CLI module definitions (#​448)
  • Added a Vietnam locale to isMobilePhone() (#​451)
4.2.1
  • Fix isDate() handling of RFC2822 timezones (#​447)
4.2.0
  • Fix isDate() handling of ISO8601 timezones (#​444)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] avatar Nov 03 '21 19:11 renovate[bot]

Codecov Report

Merging #643 (8d2ad0f) into master (1a48bd0) will not change coverage. The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master     #643   +/-   ##
=======================================
  Coverage   76.05%   76.05%           
=======================================
  Files         273      273           
  Lines        5587     5587           
  Branches     1245     1245           
=======================================
  Hits         4249     4249           
  Misses       1317     1317           
  Partials       21       21

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 1a48bd0...8d2ad0f. Read the comment docs.

codecov[bot] avatar Nov 03 '21 19:11 codecov[bot]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 85.38%. Comparing base (a29388e) to head (daf1458).

Additional details and impacted files 
@@           Coverage Diff           @@
##           master     #643   +/-   ##
=======================================
  Coverage   85.38%   85.38%           
=======================================
  Files         541      541           
  Lines       11933    11933           
  Branches     2550     2514   -36     
=======================================
  Hits        10189    10189           
- Misses       1685     1686    +1     
+ Partials       59       58    -1

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov[bot] avatar Jan 06 '22 00:01 codecov[bot]