🚨 [security] [spiderseries] Update validator 13.11.0 → 13.15.20 (minor)

[depfu]

---

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

---

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ validator (13.11.0 → 13.15.20) · Repo · Changelog

Security Advisories 🚨

🚨 validator.js has a URL validation bypass vulnerability in its isURL function

A URL validation bypass vulnerability exists in validator.js prior to version 13.15.20. The isURL() function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leading to XSS and Open Redirect attacks.

Release Notes

13.15.20

Fixes, New Locales and Enhancements

• #2556 isMobilePhone: add ar-QA locale @WardKhaddour
• #2576 isAlpha/isAlphanuneric: add Indic locales (ta-IN, te-IN, kn-IN, ml-IN, gu-IN, pa-IN, or-IN) @avadootharajesh
• #2574 isBase64: improve padding regex @KrayzeeKev
• #2584 isVAT: improve FR locale @iamAmer
• #2608 isURL: improve protocol detection. Resolves CVE-2025-56200 @theofidry
• Doc fixes and others:
  • #2563 @stoneLeaf
  • #2581 @camillobruni

New Contributors

• @stoneLeaf made their first contribution in #2563
• @WardKhaddour made their first contribution in #2556
• @avadootharajesh made their first contribution in #2576
• @KrayzeeKev made their first contribution in #2574
• @iamAmer made their first contribution in #2584
• @camillobruni made their first contribution in #2581
• @theofidry made their first contribution in #2608

Full Changelog: 13.15.15...13.15.20

13.15.15

Fixes, New Locales and Enhancements

• isMobilePhone
  • #2514 improve el-CY locale @rezk2ll
  • #2512 improve pt-AO locale @renaldodev
  • #2502 improve ar-OM locale @tomcastro
• #2089 isIP: allow usage of option object @pixelbucket-dev
• #2526 isPassportNumber: improve CA locale @evanbechtol
• #2491 isBase64: improve validation based on RFC4648 @aseyfpour
• #2479 isPostalCode: improve FR locale @Rajput-Balram
• #2088 isBefore: allow usage of option object @pixelbucket-dev
• #2346 isRgbColor: allow second digit in rgba alpha value @controlol
• #2453 isIP: improve IPv6 regex @ShreySinha02
• #2052 isPostalCode: add PK locale @mateeni-dev
• #2529 isPostalCode: improve TW locale @Crocsx
• #2550 isPassportNumber: improve US locale @yitzchak-schechter
• #2553 isUUID: add loose option @bc-m
• #2551 isPostalCode: add BD locale @tanvirrb
• #2555 isLicensePlate: improve pt-PT locale @castrosu
• Doc fixes and others:
  • #2372 @EmersonRabelo
  • #2538 @WikiRik
  • #2539 @WikiRik
  • #2540 @WikiRik
  • #2549 @WikiRik
  • #2537 @sgress454

New Contributors

• @pixelbucket-dev made their first contribution in #2089
• @evanbechtol made their first contribution in #2526
• @aseyfpour made their first contribution in #2491
• @Rajput-Balram made their first contribution in #2479
• @controlol made their first contribution in #2346
• @rezk2ll made their first contribution in #2514
• @renaldodev made their first contribution in #2512
• @greenbea made their first contribution in #2521
• @tomcastro made their first contribution in #2502
• @EmersonRabelo made their first contribution in #2372
• @ShreySinha02 made their first contribution in #2453
• @mateeni-dev made their first contribution in #2052
• @Crocsx made their first contribution in #2529
• @yitzchak-schechter made their first contribution in #2550
• @bc-m made their first contribution in #2553
• @sgress454 made their first contribution in #2537
• @castrosu made their first contribution in #2555

Full Changelog: 13.15.0...13.15.15

13.15.0

13.15.0

Thanks to @WikiRik for prepping the release <3

New Features / Validators

• #2399 isISO31661Numeric @RobinvanderVliet
• #2294 isULID @arafatkn
• #2215 isISO15924 @xDivisionByZerox

Fixes, New Locales and Enhancements

• isMobilePhone
  • #2395 add es-GT locale @ignaciosuarezquilis
  • #1971 improve en-GB locale @ihmpavel
  • #2359 improve uk-UA locale @arttiger
  • #2350 improve ky-KG locale @sadraliev
  • #2482 improve en-ZM locale @sonikishan
  • #2362 improve en-GH locale @NanaAb-116
  • #2500 add mk-MK locale @eshward95
  • #2534 improve sq-AL locale @nichoola
• #2406 isBtcAddress support all address formats and testnets @madoke
• #2339 isIBAN improve VG regex @ST-DDT
• #2332 isISO4217 update currency codes @cbodtorf
• #2291 isIdentityCard add PK locale @Daniyal-Qureshi
• #2414 isEmail fix blacklist_chars @keshavlingala
• #2416 isInt/isFloat handle undefined and null values @Daniyal-Qureshi
• #2415 isPostalCode add CO locale @jorgevrgs
• #2404 isPassportNumber export passportNumberLocales @derekparnell
• #2029 isRgbColor add allowSpaces option @a-h-i
• #2421 isUUID require valid variant field and require RFC9562 UUID in version all @broofa
• #2439 isURL add max_allowed_length option @pinkiesky
• #2437 isEmail reject starting with double quotes @code0emperor
• #2333 isLicensePlate add en-SG locale @Sabarinathan07
• #2441 normalizeEmail add yandex_convert_yandexru option @AayushGH
• #2443 isDate return false instead of Error in certain cases @pano9000
• #2474 isLength add discreteLengths option @Suven-p
• #2481 isDate disallow mismatching length in strictMode @sonikishan
• #2492 isISO6346 set check digit to 0 if remainder is 10 @joelcuy
• #2493 isPostalCode improve BR locale @ticmaisdev
• #2494 isEmail allow regexp in host_whitelist and host_blacklist @weikangchia
• #2518 isIBAN improve IE/PS regex @Tarasz57
• Doc fixes and others:
  • #2402 @BibhushanKarki
  • #2394 @RobinvanderVliet
  • #1732 @alguerocode
  • #2413 @rubiin
  • #2408 @profnandaa
  • #2411 @rubiin
  • #2325 @ovarn
  • #2418 @ihmpavel
  • #2323 @ovarn
  • #2423 @rubiin
  • #2409 @profnandaa
  • #2442 @pano9000

New Contributors

• @ihmpavel made their first contribution in #1971
• @madoke made their first contribution in #2406
• @ignaciosuarezquilis made their first contribution in #2395
• @BibhushanKarki made their first contribution in #2402
• @alguerocode made their first contribution in #1732
• @cbodtorf made their first contribution in #2332
• @Daniyal-Qureshi made their first contribution in #2291
• @keshavlingala made their first contribution in #2414
• @ovarn made their first contribution in #2325
• @jorgevrgs made their first contribution in #2415
• @derekparnell made their first contribution in #2404
• @a-h-i made their first contribution in #2029
• @broofa made their first contribution in #2421
• @arafatkn made their first contribution in #2294
• @pinkiesky made their first contribution in #2439
• @code0emperor made their first contribution in #2437
• @Sabarinathan07 made their first contribution in #2333
• @AayushGH made their first contribution in #2441
• @sadraliev made their first contribution in #2350
• @Suven-p made their first contribution in #2474
• @sonikishan made their first contribution in #2482
• @joelcuy made their first contribution in #2492
• @NanaAb-116 made their first contribution in #2362
• @ticmaisdev made their first contribution in #2493
• @weikangchia made their first contribution in #2494
• @Tarasz57 made their first contribution in #2518
• @eshward95 made their first contribution in #2500
• @xDivisionByZerox made their first contribution in #2215
• @nichoola made their first contribution in #2534

Full Changelog: 13.12.0...13.15.0

13.12.0

What's Changed

New Features / Validators

• #2143 isAbaRouting @songyuew

Fixes, New Locales and Enhancements

• #2207 isLicensePlate add Pakistani en-PK locale @anasshakil
• #2208 isPort fix invalid leading zeros @anasshakil
• #2224 isTaxID added Argentina es-AR locale @estefrare
• #2257 isDate timezone offset fix @tomaspanek
• #2265 isPassportNumber added ZA locale @GMorris-professional
• isMobilePhone:
  • #2267 added en-MW locale @SimranSiddiqui
  • #2140 fix am-AM locale @AlexKrupko
• #2271 isPostalAddress fix NL locale @RobinvanderVliet
• #2273 isISO4217 add SLE currency @urg
• #2278 isStrongPassword fix symbolRegex to include \ @nandavikas
• #2279 isVAT fixed KZ locale @MatthieuLemoine
• #2285 isAlpha, isAlphanumeric added eo locale @RobinvanderVliet
• #2320 isIBAN add Algeria DZ locale @thibault-lr
• #2343 isVATimprove AU locale @matthewberryman
• #2345 isUUID add support for v7 @ruscon
• #2358 isTaxID add Ukraine uk-UA locale @arttiger
• #2381 isDate disallow hiphen before year @Sumit-tech-joshi
• Doc fixes and others:
  • #2276 @meyfa
  • #2341 @WikiRik
  • #2364 @rubiin
  • #2368 @ZhulinskiiDanil
  • #2371 @devmanbud
  • #2386 @alinaghale88

New Contributors

• @tomaspanek made their first contribution in #2257
• @estefrare made their first contribution in #2224
• @GMorris-professional made their first contribution in #2265
• @SimranSiddiqui made their first contribution in #2267
• @ZhulinskiiDanil made their first contribution in #2368
• @devmanbud made their first contribution in #2371
• @ruscon made their first contribution in #2345
• @amaliacatalina made their first contribution in #2284
• @RobinvanderVliet made their first contribution in #2285
• @anasshakil made their first contribution in #2211
• @AlexKrupko made their first contribution in #2140
• @urg made their first contribution in #2273
• @meyfa made their first contribution in #2276
• @nandavikas made their first contribution in #2278
• @MatthieuLemoine made their first contribution in #2279
• @thibault-lr made their first contribution in #2320
• @alinaghale88 made their first contribution in #2386
• @Sumit-tech-joshi made their first contribution in #2381
• @arttiger made their first contribution in #2358
• @matthewberryman made their first contribution in #2343

Full Changelog: 13.11.0...13.12.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu cancel merge

Cancels automatic merging of this PR

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)