fix(deps): update dependency validator to v13.15.20 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
validator	13.12.0 -> 13.15.20

GitHub Vulnerability Alerts

CVE-2025-56200

A URL validation bypass vulnerability exists in validator.js prior to version 13.15.20. The isURL() function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leading to XSS and Open Redirect attacks.

---

Release Notes

validatorjs/validator.js (validator)

v13.15.20

Compare Source

Fixes, New Locales and Enhancements

• #​2556 isMobilePhone: add ar-QA locale @​WardKhaddour
• #​2576 isAlpha/isAlphanuneric: add Indic locales (ta-IN, te-IN, kn-IN, ml-IN, gu-IN, pa-IN, or-IN) @​avadootharajesh
• #​2574 isBase64: improve padding regex @​KrayzeeKev
• #​2584 isVAT: improve FR locale @​iamAmer
• #​2608 isURL: improve protocol detection. Resolves CVE-2025-56200 @​theofidry
• Doc fixes and others:
  • #​2563 @​stoneLeaf
  • #​2581 @​camillobruni

v13.15.15

Compare Source

Fixes, New Locales and Enhancements

• isMobilePhone
  • #​2514 improve el-CY locale @​rezk2ll
  • #​2512 improve pt-AO locale @​renaldodev
  • #​2502 improve ar-OM locale @​tomcastro
• #​2089 isIP: allow usage of option object @​pixelbucket-dev
• #​2526 isPassportNumber: improve CA locale @​evanbechtol
• #​2491 isBase64: improve validation based on RFC4648 @​aseyfpour
• #​2479 isPostalCode: improve FR locale @​Rajput-Balram
• #​2088 isBefore: allow usage of option object @​pixelbucket-dev
• #​2346 isRgbColor: allow second digit in rgba alpha value @​controlol
• #​2453 isIP: improve IPv6 regex @​ShreySinha02
• #​2052 isPostalCode: add PK locale @​mateeni-dev
• #​2529 isPostalCode: improve TW locale @​Crocsx
• #​2550 isPassportNumber: improve US locale @​yitzchak-schechter
• #​2553 isUUID: add loose option @​bc-m
• #​2551 isPostalCode: add BD locale @​tanvirrb
• #​2555 isLicensePlate: improve pt-PT locale @​castrosu
• Doc fixes and others:
  • #​2372 @​EmersonRabelo
  • #​2538 @​WikiRik
  • #​2539 @​WikiRik
  • #​2540 @​WikiRik
  • #​2549 @​WikiRik
  • #​2537 @​sgress454

v13.15.0

Compare Source

New Features / Validators

• #​2399 isISO31661Numeric @​RobinvanderVliet
• #​2294 isULID @​arafatkn
• #​2215 isISO15924 @​xDivisionByZerox

Fixes, New Locales and Enhancements

• isMobilePhone
  • #​2395 add es-GT locale @​ignaciosuarezquilis
  • #​1971 improve en-GB locale @​ihmpavel
  • #​2359 improve uk-UA locale @​arttiger
  • #​2350 improve ky-KG locale @​sadraliev
  • #​2482 improve en-ZM locale @​sonikishan
  • #​2362 improve en-GH locale @​NanaAb-116
  • #​2500 add mk-MK locale @​eshward95
  • #​2534 improve sq-AL locale @​nichoola
• #​2406 isBtcAddress support all address formats and testnets @​madoke
• #​2339 isIBAN improve VG regex @​ST-DDT
• #​2332 isISO4217 update currency codes @​cbodtorf
• #​2291 isIdentityCard add PK locale @​Daniyal-Qureshi
• #​2414 isEmail fix blacklist_chars @​keshavlingala
• #​2416 isInt/isFloat handle undefined and null values @​Daniyal-Qureshi
• #​2415 isPostalCode add CO locale @​jorgevrgs
• #​2404 isPassportNumber export passportNumberLocales @​derekparnell
• #​2029 isRgbColor add allowSpaces option @​a-h-i
• #​2421 isUUID require valid variant field and require RFC9562 UUID in version all @​broofa
• #​2439 isURL add max_allowed_length option @​pinkiesky
• #​2437 isEmail reject starting with double quotes @​code0emperor
• #​2333 isLicensePlate add en-SG locale @​Sabarinathan07
• #​2441 normalizeEmail add yandex_convert_yandexru option @​AayushGH
• #​2443 isDate return false instead of Error in certain cases @​pano9000
• #​2474 isLength add discreteLengths option @​Suven-p
• #​2481 isDate disallow mismatching length in strictMode @​sonikishan
• #​2492 isISO6346 set check digit to 0 if remainder is 10 @​joelcuy
• #​2493 isPostalCode improve BR locale @​ticmaisdev
• #​2494 isEmail allow regexp in host_whitelist and host_blacklist @​weikangchia
• #​2518 isIBAN improve IE/PS regex @​Tarasz57
• Doc fixes and others:
  • #​2402 @​BibhushanKarki
  • #​2394 @​RobinvanderVliet
  • #​1732 @​alguerocode
  • #​2413 @​rubiin
  • #​2408 @​profnandaa
  • #​2411 @​rubiin
  • #​2325 @​ovarn
  • #​2418 @​ihmpavel
  • #​2323 @​ovarn
  • #​2423 @​rubiin
  • #​2409 @​profnandaa
  • #​2442 @​pano9000

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 87.10%. Comparing base (b0e31a2) to head (1ac8891).

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #1711   +/-   ##
=======================================
  Coverage   87.10%   87.10%           
=======================================
  Files         780      780           
  Lines       17761    17761           
  Branches     3734     3728    -6     
=======================================
  Hits        15471    15471           
  Misses       2215     2215           
  Partials       75       75           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.