build(deps): bump the npm_and_yarn group across 1 directory with 42 updates

[dependabot]

Bumps the npm_and_yarn group with 25 updates in the / directory:

Package	From	To
ejs	1.0.0	3.1.10
express-fileupload	0.0.5	1.4.0
hbs	4.0.4	4.2.0
jquery	2.2.4	3.5.0
marked	0.3.5	4.0.10
moment	2.15.1	2.29.4
mongodb	3.5.9	3.5.10
mongoose	4.2.4	5.13.20
npmconf	0.0.24	2.1.3
st	0.2.4	1.2.2
typeorm	0.2.24	0.3.0
validator	13.5.2	13.7.0
snyk	1.278.1	1.1064.0
ajv	6.10.2	6.12.6
cached-path-relative	1.0.2	1.1.0
debug	2.2.0	4.3.7
express	4.12.4	4.21.1
diff	1.4.0	5.2.0
tap	11.1.5	21.0.1
elliptic	6.4.1	6.5.7
qs	2.2.4	6.13.0
body-parser	1.9.0	1.20.3
shell-quote	1.6.1	1.8.1
underscore	1.9.1	1.12.1
cfenv	1.2.2	1.2.4

Updates ejs from 1.0.0 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

v3.1.8

Version 3.1.8

v3.1.7

Version 3.1.7

v3.1.6

Version 3.1.6

v3.1.5

Version 3.1.5

v3.0.2

No release notes provided.

v2.7.4

Bug fixes

• Fixed Node 4 support, which broke in v2.7.3 (mde/ejs@5e42d6c, @​mde)

v2.7.3

Bug fixes

• Made the post-install message more discreet by following the example of opencollective-postinstall (mde/ejs@228d8e4, @​mde)

v2.7.2

Features

• Added support for destructuring locals (#452, @​ExE-Boss)
• Added support for disabling legacy include directives (#458, #459, @​ExE-Boss)
• Compiled functions are now shown in the debugger (#456, @​S2-)
• function.name is now set to the file base name in environments that support this (#466, @​ExE-Boss)

Bug Fixes

• The error message when async != true now correctly mention the existence of the async option (#460, @​ExE-Boss)
• Improved performance of HTML output generation (#470, @​nwoltman)

v2.7.1

Deprecated:

• Added deprecation notice for use of require.extensions (@​mde)

v2.6.2

• Correctly pass custom escape function to includes (@​alecgibson)

... (truncated)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by mde, a new releaser for ejs since your current version.

Updates express-fileupload from 0.0.5 to 1.4.0

Release notes

Sourced from express-fileupload's releases.

v1.4.0

What's Changed

• Bump minimist from 1.2.5 to 1.2.6 by @​dependabot in richardgirges/express-fileupload#310
• Upgrade busboy version by @​duterte in richardgirges/express-fileupload#315

New Contributors

• @​dependabot made their first contribution in richardgirges/express-fileupload#310
• @​duterte made their first contribution in richardgirges/express-fileupload#315

Full Changelog: richardgirges/express-fileupload@v1.3.1...v1.4.0

1.3.1

Updates

• Have promiseCallback make callbacks and promises behave the same (#302)
• Fix prototype pollution in utilities.js (#301)
• Switch to CircleCI (ddf553060a1041c1f36a696b1ae8b52d24083140)
• End support for Node versions < 12 (ab3d252a28c8eb1c003528fecc5e1ef38f8954c3)

1.2.1

Updates:

• (Fix) Stopped additional responses from being sent if a limit handler exists (#264)
• Unhandled promise rejection warning (#257)
• Changed example (#255)
• Passing a Buffer body will pollute req.body when used along with processNested (#291)

1.2.0

Bug Fixes

#241 Cleanup temporary files - @​nusu

1.1.10

Updates:

Additional prototype-pollution security fix when using processNested (#239)

1.1.9

Updates:

Second prototype pollution security vulnerability fix when using processNested (#236)

1.1.8

Updates:

Fixed prototype pollution security vulnerability when using processNested (#236)

1.1.7-alpha.4

Updates:

• Updated README.md thanks to @​tycrek , @​eartharoid, @​Code42Cate
• Some code refactoring to make it lighter and more readable.
• Updated dependencies.

Fixes:

• Fix empty file issue(#226)
• Fix temp file write timing issue(#184). Thanks to @​somewind

... (truncated)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by richardgirges, a new releaser for express-fileupload since your current version.

Updates hbs from 4.0.4 to 4.2.0

Changelog

Sourced from hbs's changelog.

4.2.0 / 2021-11-16

• Add rename option to registerPartials
• Ensure all partials are registered before rendering
• Fix function context in async helpers
• deps: walk@2.3.15

4.1.2 / 2021-04-15

• deps: handlebars@4.7.7

4.1.1 / 2020-04-03

• deps: handlebars@4.7.6

4.1.0 / 2020-01-14

• deps: handlebars@4.5.3
  • Add handlebars.parseWithoutProcessing
  • Add support for iterable objects in #each helper
  • Block access to non-enumerable special properties on objects
  • Fix error when helper defined with array properties
  • Fix parsing of empty raw blocks
  • Fix work-around for constructor blocking
  • Validate arguments to #if, #unless and #with helpers

4.0.6 / 2019-10-09

• deps: handlebars@4.3.5
  • Fix error object inheritance
  • Fix work-around for constructor blocking

4.0.5 / 2019-09-27

• Fix async helpers not working when cache enabled
• Fix handling of exceptions from layout
• Fix handling of exceptions when cache enabled
• deps: handlebars@4.3.3
  • Block calling helperMissing and blockHelperMissing from templates
  • Fix work-around for constructor blocking
• deps: walk@2.3.14

Commits

• 5790e5e v4.2.0
• 1ef46ee build: Node.js@16.13
• 9771a6f build: mocha@9.1.3
• e501201 build: update CI for npm TLS upgrade
• 9f1fee2 docs: fix linux build badge
• 9bd9de2 docs: add preamble to install section
• 73559c1 Add rename option to registerPartials
• 3b34543 build: Node.js@16.10
• df4fd3d build: Node.js@14.18
• e5e6e39 deps: walk@2.3.15
• Additional commits viewable in compare view

Updates jquery from 2.2.4 to 3.5.0

Release notes

Sourced from jquery's releases.

jQuery 3.5.0 Released!

See the blog post: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ and the upgrade guide: https://jquery.com/upgrade-guide/3.5/

NOTE: Despite being a minor release, this update includes a breaking change that we had to make to fix a security issue ( CVE-2020-11022). Please follow the blog post & the upgrade guide for more details.

Commits

• 7a0a850 3.5.0
• 8570a08 Release: Update AUTHORS.txt
• da3dd85 Ajax: Do not execute scripts for unsuccessful HTTP responses
• 065143c Ajax: Overwrite s.contentType with content-type header value, if any
• 1a4f10d Tests: Blacklist one focusin test in IE
• 9e15d6b Event: Use only one focusin/out handler per matching window & document
• 966a709 Manipulation: Skip the select wrapper for <option> outside of IE 9
• 1d61fd9 Manipulation: Make jQuery.htmlPrefilter an identity function
• 04bf577 Selector: Update Sizzle from 2.3.4 to 2.3.5
• 7506c9c Build: Resolve Travis config warnings
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by mgol, a new releaser for jquery since your current version.

Updates marked from 0.3.5 to 4.0.10

Release notes

Sourced from marked's releases.

v4.0.10

4.0.10 (2022-01-13)

Bug Fixes

• security: fix redos vulnerabilities (8f80657)

v4.0.9

4.0.9 (2022-01-06)

Bug Fixes

• retain line breaks in tokens properly (#2341) (a9696e2)

v4.0.8

4.0.8 (2021-12-19)

Bug Fixes

• spaces on a newline after a table (#2319) (f82ea2c)

v4.0.7

4.0.7 (2021-12-09)

Bug Fixes

• Fix every third list item broken (#2318) (346b162), closes #2314

v4.0.6

4.0.6 (2021-12-02)

Bug Fixes

• speed up parsing long lists (#2302) (e0005d8)

v4.0.5

4.0.5 (2021-11-25)

Bug Fixes

• table after paragraph without blank line (#2298) (5714212)

v4.0.4

4.0.4 (2021-11-19)

... (truncated)

Commits

• ae01170 chore(release): 4.0.10 [skip ci]
• fceda57 🗜️ build [skip ci]
• 8f80657 fix(security): fix redos vulnerabilities
• c4a3ccd Merge pull request from GHSA-rrrm-qjm4-v8hf
• d7212a6 chore(deps-dev): Bump jasmine from 4.0.0 to 4.0.1 (#2352)
• 5a84db5 chore(deps-dev): Bump rollup from 2.62.0 to 2.63.0 (#2350)
• 2bc67a5 chore(deps-dev): Bump markdown-it from 12.3.0 to 12.3.2 (#2351)
• 98996b8 chore(deps-dev): Bump @​babel/preset-env from 7.16.5 to 7.16.7 (#2353)
• ebc2c95 chore(deps-dev): Bump highlight.js from 11.3.1 to 11.4.0 (#2354)
• e5171a9 chore(release): 4.0.9 [skip ci]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by tonybrix, a new releaser for marked since your current version.

Updates moment from 2.15.1 to 2.29.4

Changelog

Sourced from moment's changelog.

2.29.4

• Release Jul 6, 2022
  • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

• Release Apr 17, 2022
  • #5995 [bugfix] Remove const usage
  • #5990 misc: fix advisory link

2.29.2 See full changelog

• Release Apr 3 2022

Address GHSA-8hfj-j24r-96c4

2.29.1 See full changelog

• Release Oct 6, 2020

Updated deprecation message, bugfix in hi locale

2.29.0 See full changelog

• Release Sept 22, 2020

New locales (es-mx, bn-bd). Minor bugfixes and locale improvements. More tests. Moment is in maintenance mode. Read more at this link: https://momentjs.com/docs/#/-project-status/

2.28.0 See full changelog

• Release Sept 13, 2020

Fix bug where .format() modifies original instance, and locale updates

2.27.0 See full changelog

• Release June 18, 2020

Added Turkmen locale, other locale improvements, slight TypeScript fixes

2.26.0 See full changelog

• Release May 19, 2020

... (truncated)

Commits

• 000ac18 Build 2.24.4
• f2006b6 Bump version to 2.24.4
• 536ad0c Update changelog for 2.29.4
• 9a3b589 [bugfix] Fix redos in preprocessRFC2822 regex (#6015)
• 6374fd8 Merge branch 'master' into develop
• b4e6153 Revert "[bugfix] Fix redos in preprocessRFC2822 regex (#6015)"
• 7aebb16 [bugfix] Fix redos in preprocessRFC2822 regex (#6015)
• 57c9062 Build 2.29.3
• aaf50b6 Fixup release complaints
• 26f4aef Bump version to 2.29.3
• Additional commits viewable in compare view

Updates mongodb from 3.5.9 to 3.5.10

Release notes

Sourced from mongodb's releases.

v3.5.10

The MongoDB Node.js team is pleased to announce version 3.5.10 of the driver

NOTE: This will be the final release in the 3.5.x branch, please consider upgrading to 3.6.0

Release Highlights

TypeError: Cannot read property 'documents' of null

@​adrian-gierakowski helped us identify a bug with our ChangeStreamCursor, specifically when the cursor was complete it would not return a valid document but instead a null value.

Command helper not respecting server selection specification rules

The server selection specification indicates that the "runCommand" helper should act as a read operation for the purposes of server selection, and that it should use a default read preference of "primary" which can only be overridden by the helper itself. The driver had a bug where it would inherit the read preference from its "parent" type (Collection, Db, MongoClient) which is at odds with the specified behavior.

mongodb+srv invalid IPv6 support

Due to a bug in how we referred to ipv6 addresses internal to the driver, if a mongodb+srv connection string was provided with an ipv6 address the driver would never be able to connect and would result in a the following error RangeError: Maximum call stack size exceeded.

maxStalenessSeconds not accepted when provided via options

There was a bug in our connection string and MongoClient options parsing where a value provided for maxStalenessSeconds would not end up being reflected in the ReadPreference used internal to the driver.

Sessions are prohibited with unacknowledged writes

MongoDB can provide no guarantees around unacknowledged writes when used within a session. The driver will now silently remove the lsid field from all writes issued with { w: 0 }, and will return an error in these situations in the upcoming 4.0 major release.

Documentation

Reference: http://mongodb.github.io/node-mongodb-native/3.5/ API: http://mongodb.github.io/node-mongodb-native/3.5/api/ Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.5/HISTORY.md

We invite you to try the driver immediately, and report any issues to the NODE project.

Thanks very much to all the community members who contributed to this release!

Release Notes

... (truncated)

Commits

• 40b1d17 chore(release): 3.5.10
• 8f1ea7b fix: silently ignore session with unacknowledged write
• 72a743d fix: ReadPreference maxStalenessSeconds from options
• 53cbdb0 docs: add link to new reference docs
• a1be593 fix: ipv6 is not supported when using dns service discovery
• c3b36cd chore: parameterize sdam_viz write workloads
• eeea8ac chore: update sdam_viz to include a write workload
• f7a50e2 fix: db.command to not inherit options from parent
• 5082971 test: adds SPEC-1511 to lift restriction on authSource option
• 2d39822 test: use sinon mock timers for determinstic timer testing
• Additional commits viewable in compare view

Updates mongoose from 4.2.4 to 5.13.20

Changelog

Sourced from mongoose's changelog.

8.7.1 / 2024-10-09

• fix: set flattenObjectIds to false when calling toObject() for internal purposes #14938
• fix: add mongodb 8 to test matrix #14937
• fix: handle buffers stored in MongoDB as EJSON representation with { $binary } #14932
• docs: indicate that Mongoose 8.7 is required for full MongoDB 8 support #14937

8.7.0 / 2024-09-27

• feat(model): add Model.applyVirtuals() to apply virtuals to a POJO #14905 #14818
• feat: upgrade mongodb -> 6.9.0 #14914
• feat(query): cast $rename to string #14887 #3027
• feat(SchemaType): add getEmbeddedSchemaType() method to SchemaTypes #14880 #8389
• fix(model): throw MongooseBulkSaveIncompleteError if bulkSave() didn't completely succeed #14884 #14763
• fix(connection): avoid returning readyState = connected if connection state is stale #14812 #14727
• fix: depopulate if push() or addToSet() with an ObjectId on a populated array #14883 #1635
• types: make __v a number, only set __v on top-level documents #14892

8.6.4 / 2024-09-26

• fix(document): avoid massive perf degradation when saving new doc with 10 level deep subdocs #14910 #14897
• fix(model): skip applying static hooks by default if static name conflicts with aggregate middleware #14904 dragontaek-lee
• fix(model): filter applying static hooks by default if static name conflicts with mongoose middleware #14908 dragontaek-lee

7.8.2 / 2024-09-25

• fix(projection): avoid setting projection to unknown exclusive/inclusive if elemMatch on a Date, ObjectId, etc. #14894 #14893

8.6.3 / 2024-09-17

• fix: make getters convert uuid to string when calling toObject() and toJSON() #14890 #14869
• fix: fix missing Aggregate re-exports for ESM #14886 wongsean
• types(document): add generic param to depopulate() to allow updating properties #14891 #14876

6.13.2 / 2024-09-12

• fix(document): make set() respect merge option on deeply nested objects #14870 #14878

8.6.2 / 2024-09-11

• fix: make set merge deeply nested objects #14870 #14861 ianHeydoc
• types: allow arbitrary keys in query filters again (revert #14764) #14874 #14863 #14862 #14842
• types: make SchemaType static setters property accessible in TypeScript #14881 #14879
• type(inferrawdoctype): infer Date types as JS dates rather than Mongoose SchemaType Date #14882 #14839

8.6.1 / 2024-09-03

• fix(document): avoid unnecessary clone() in applyGetters() that was preventing getters from running on 3-level deep subdocuments #14844 #14840 #14835
• fix(model): throw error if bulkSave() did not insert or update any documents #14837 #14763
• fix(cursor): throw error in ChangeStream constructor if changeStreamThunk() throws a sync error #14846

... (truncated)

Commits

• 0f3997a chore: release 5.13.20
• f1efabf fix: avoid prototype pollution on init
• 98e0762 chore: release 5.13.19
• 7e36d21 chore: release 5.13.18
• 6759c60 undo accidental changes and actually pin @​types/json-schema
• 4ed4a89 chore: pin version of @​types/json-schema because of install issues on node v4...
• 9a9536d Merge pull request #13535 from lorand-horvath/patch-12
• 26424d5 5.x - bump mongodb driver to 3.7.4
• 4b8b0a9 add versionNumber to 5.x
• 1bc07ec chore: release 5.13.17
• Additional commits viewable in compare view

Updates npmconf from 0.0.24 to 2.1.3

Commits

• See full diff in compare view

Updates st from 0.2.4 to 1.2.2

Commits

• 0e87caf 1.2.2
• 579960c improved traversal detection & location redirect
• ae7b676 1.2.1
• 5744d49 update deps
• 473a344 update mime dependency to avoid ReDoS vulnerability
• 2a5f970 1.2.0
• fad0367 update deps
• 67a521e Test command-line switches, --host in particular
• 128c6fd Introduce -localhost resp. -l abbreviation
• cc20690 Make the host configurable
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by rvagg, a new releaser for st since your current version.

Updates typeorm from 0.2.24 to 0.3.0

Release notes

Sourced from typeorm's releases.

0.3.0

Changes in the version includes changes from the next branch and typeorm@next version. They were pending their migration from 2018. Finally, they are in the master branch and master version.

Features

• compilation target now is es2020. This requires Node.JS version 14+

• TypeORM now properly works when installed within different node_modules contexts (often happen if TypeORM is a dependency of another library or TypeORM is heavily used in monorepo projects)

• Connection was renamed to DataSource. Old Connection is still there, but now it's deprecated. It will be completely removed in next version. New API:

export const dataSource = new DataSource({
    // ... options ...
})
// load entities, establish db connection, sync schema, etc.
await dataSource.connect()

Previously, you could use new Connection(), createConnection(), getConnectionManager().create(), etc. They all deprecated in favour of new syntax you can see above.

New way gives you more flexibility and simplicity in usage.

• new custom repositories syntax:

export const UserRepository = myDataSource.getRepository(UserEntity).extend({
    findUsersWithPhotos() {
        return this.find({
            relations: {
                photos: true
            }
        })
    }
})

Old ways of custom repository creation were dropped.

• added new option on relation load strategy called relationLoadStrategy. Relation load strategy is used on entity load and determines how relations must be loaded when you query entities and their relations from the database. Used on find* methods and QueryBuilder. Value can be set to join or query.

  • join - loads relations using SQL JOIN expression

... (truncated)

Changelog

Sourced from typeorm's changelog.

0.3.0 (2022-03-17)

Changes in the version includes changes from the next branch and typeorm@next version. They were pending their migration from 2018. Finally, they are in the master branch and master version.

Features

• compilation target now is es2020. This requires Node.JS version 14+

• TypeORM now properly works when installed within different node_modules contexts (often happen if TypeORM is a dependency of another library or TypeORM is heavily used in monorepo projects)

• Connection was renamed to DataSource. Old Connection is still there, but now it's deprecated. It will be completely removed in next version. New API:

export const dataSource = new DataSource({
    // ... options ...
})
// load entities, establish db connection, sync schema, etc.
await dataSource.connect()

Previously, you could use new Connection(), createConnection(), getConnectionManager().create(), etc. They all deprecated in favour of new syntax you can see above.

New way gives you more flexibility and simplicity in usage.

• new custom repositories syntax:

export const UserRepository = myDataSource.getRepository(UserEntity).extend({
    findUsersWithPhotos() {
        return this.find({
            relations: {
                photos: true,
            },
        })
    },
})

Old ways of custom repository creation were dropped.

• added new option on relation load strategy called relationLoadStrategy. Relation load strategy is used on entity load and determines how relations must be loaded when you query entities and their relations from the database. Used on find* methods and QueryBuilder. Value can be set to join or query.

... (truncated)

Commits

• 941b584 version bump
• 3b8a031 0.3.0 (#8616)
• 5608956 refactor: remove spaces for consistency (#8751)
• 486f8c5 version bump
• 0fc093d fix: discard duplicated columns on update (#8724)
• f3cfdd2 fix: allow clearing database inside a transaction (#8712)
• 96ac8f7 feat: add transformer to ViewColumnOptions (#8717)
• 32549fe refactor: DefaultNamingStrategy#getTableName should be protected, not private...
• 411fa54 fix: force web bundlers to ignore index.mjs and use the browser ESM version d...
• 10f46d9 fixing failing test
• Additional commits viewable in compare view

Updates validator from 13.5.2 to 13.7.0

Release notes

Sourced from validator's releases.

13.7.0

13.7.0

New Features

• #1706 isISO4217, currency code validator @​jpaya17

Fixes and Enhancements

• #1647 isFQDN: add allow_wildcard option @​fasenderos
• #1654 isRFC3339: Disallow prepended and appended strings to RFC 3339 date-time @​jmacmahon
• #1658 maintenance: increase code coverage @​tux-tn
• #1669 IBAN export list of country codes that implement IBAN @​dror-heller @​fedeci
• #1676 isBoolean: add loose option @​brybrophy
• #1697 maintenance: fix npm installation error @​rubiin
• #1708 isISO31661Alpha3: perf @​jpaya17
• #1711 isDate: allow users to strictly validate dates with . as delimiter @​flymans
• #1715 isCreditCard: fix for Union Pay cards @​shreyassai123
• #1718 isEmail: replace all dots in GMail length validation @​DasDingGehtNicht
• #1721 isURL: add allow_fragments and allow_query_components @​cowboy-bebug
• #1724 isISO31661Alpha2: perf @​jpaya17
• #1730 isMagnetURI @​tux-tn
• #1738 trim: remove regex to prevent ReDOS attack @​tux-tn
• #1747 maintenance: run scripts in parallel for build and clean @​sachinraja
• #1748 isURL: higher priority to whitelist @​deepanshu2506
• #1751 isURL: allow url with colon and no port @​MatteoPierro
• #1777 isUUID: fix for null version argument @​theteladras
• #1799 isFQDN: check more special chars @​MatteoPierro
• #1833 isURL: allow URL with an empty user @​MiguelSavignano
• #1835 unescape: fixed bug where intermediate string contains escaped @​Marcholio
• #1836 contains: can check that string contains seed multiple times @​Marcholio
• #1844 docs: add CDN instructions @​luiscobits
• #1848 isUUID: add support for validation of v1 and v2 @​theteladras
• #1941 isEmail: add host_blacklist option @​fedeci

New and Improved Locales

• isAlpha, isAlphanumeric:

  • #1716 hi-IN @​MiKr13
  • #1837 fi-FI @​Marcholio

• isPassportNumber:

  • #1656 ID @​rubiin
  • #1714 CN @​anirudhgiri
  • #1809 PL @​Ronqn
  • #1810 RU @​Theta-Dev

• isPostalCode:

  • #1788 LK @​nimanthadilz

... (truncated)

Changelog

Sourced from validator's changelog.

13.7.0

New Features

• #1706 isISO4217, currency code validator @​jpaya17

Fixes and Enhancements

• #1647 isFQDN: add allow_wildcard option @​fasenderos
• #1654 isRFC3339: Disallow prepended and appended strings to RFC 3339 date-time @​jmacmahon
• #1658 maintenance: increase code coverage @​tux-tn
• #1669 IBAN export list of country codes that implement IBAN @​dror-heller @​fedeci
• #1676 isBoolean: add loose option @​brybrophy
• #1697 maintenance: fix npm installation error @​rubiin
• #1708 isISO31661Alpha3: perf @​jpaya17
• #1711 isDate: allow users to strictly validate dates with . as delimiter @​flymans
• #1715 isCreditCard: fix for Union Pay cards @​shreyassai123
• #1718 isEmail: replace all dots in GMail length validation @​DasDingGehtNicht
• #1721 isURL: add allow_fragments and allow_query_components @​cowboy-bebug
• #1724 isISO31661Alpha2: perf @​jpaya17
• #1730 isMagnetURI @​tux-tn
• #1738 rtrim: remove regex to prevent ReDOS attack @​tux-tn
• #1747 maintenance: run scripts in parallel for build and clean @​sachinraja
• #1748 isURL: higher priority to whitelist @​deepanshu2506
• #1751 isURL: allow url with colon and no port @​MatteoPierro
• #1777 isUUID: fix for null version argument @​theteladras
• #1799 isFQDN: check more special chars @​MatteoPierro
• #1833 isURL: allow URL with an empty user @​MiguelSavignano
• #1835 unescape: fixed bug where intermediate string contains escaped @​Marcholio
• #1836 contains: can check that string contains seed multiple times @​Marcholio
• #1844 docs: add CDN instructions @​luiscobits
• #1848 isUUID: add support for validation of v1 and v2 @​theteladras
• #1941 isEmail: add host_blacklist option @​fedeci

New and Improved Locales

• isAlpha, isAlphanumeric:

  • #1716 hi-IN @​MiKr13
  • #1837 fi-FI @​Marcholio

• isPassportNumber:

  • #1656 ID @​rubiin
  • #1714 CN @​anirudhgiri
  • #1809 PL @​Ronqn
  • #1810 RU @​Theta-Dev

• isPostalCode:

  • #1788 LK @​nimanthadilz

• isIdentityCard:

... (truncated)

Commits

• 47ee5ad 13.7.0
• 496fc8b fix(rtrim): remove regex to prevent ReDOS at...

  Description has been truncated