Bump the npm_and_yarn group across 1 directory with 9 updates

[dependabot]

Bumps the npm_and_yarn group with 8 updates in the / directory:

Package	From	To
axios	1.12.2	1.13.5
pm2	6.0.11	6.0.14
js-yaml	3.14.1	3.14.2
body-parser	2.2.0	2.2.2
minimatch	3.1.2	3.1.5
tar	7.4.3	7.5.9
valibot	0.37.0	1.2.0
validator	13.15.20	13.15.23

Updates axios from 1.12.2 to 1.13.5

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

• Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)
• Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

• Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

• Fix/5657. (PR #7313)
• Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

• Add input validation to isAbsoluteURL. (PR #7326)
• Refactor: bump minor package versions. (PR #7356)

Documentation

• Clarify object-check comment. (PR #7323)
• Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

• Chore: fix issues with YAML. (PR #7355)
• CI: update workflow YAMLs. (PR #7372)
• CI: fix run condition. (PR #7373)
• Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)
• Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

• @​sachin11063 (first contribution — PR #7323)
• @​asmitha-16 (first contribution — PR #7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

• fix: issues with version 1.13.3 (#7352) (ee90dfc)
  • Fixed issues discovered in v1.13.3 release

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

• http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
• interceptor: handle the error in the same interceptor (#6269) (5945e40)
• main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
• package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
• silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
• turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
• types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
• types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
• unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

• add undefined as a value in AxiosRequestConfig (#5560) (095033c)
• add automatic minor and patch upgrades to dependabot (#6053) (65a7584)
• add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)
• added copilot instructions (3f83143)
• compatibility with frozen prototypes (#6265) (860e033)
• enhance pipeFileToResponse with error handling (#7169) (88d7884)
• types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

• Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
• deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

• Ashvin Tiwari
• Nikunj Mochi
• Anchal Singh
• jasonsaayman
• Julian Dax
• Akash Dhar Dubey
• Madhumita
• Tackoil
• Justin Dhillon
• Rudransh
• WuMingDao
• codenomnom
• Nandan Acharya
• Eric Dubé
• Tibor Pilz
• Gabriel Quaresma
• Turadg Aleahmad

... (truncated)

Commits

• 29f7542 chore(release): prepare release 1.13.5 (#7379)
• 431c3a3 ci: fix run condition (#7373)
• 9ff3a78 ci: update ymls (#7372)
• 265b712 docs: fix deprecated Buffer constructor and formatting issues in README (#7371)
• 475e75a feat: add input validation to isAbsoluteURL (#7326)
• 28c7215 fix: Denial of Service via proto Key in mergeConfig (#7369)
• 04cf019 docs: clarify object check comment (#7323)
• 696fa75 fix: status is missing in AxiosError on and after v1.13.3 (#7368)
• 569f028 fix: added a option to choose between legacy and the new request/response int...
• 44b7c9f chore(deps-dev): bump karma-sourcemap-loader (#7360)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.

Updates pm2 from 6.0.11 to 6.0.14

Release notes

Sourced from pm2's releases.

v6.0.14

6.0.14

• Fixed version of @​pm2/pm2-version-check #6055
• CVE-2025-64718 Update js-yaml
• replace fs.R_OK with fs.constants.T_OK #6012 #6019

v6.0.13

• fix blessed dep

v6.0.12

• #6037 Drop npm-shrinkwrap in favor of fixed dependencies versions
• #5577 fix pm2 monit crash

Changelog

Sourced from pm2's changelog.

6.0.14

• Fixed version of @​pm2/pm2-version-check #6055
• CVE-2025-64718 Update js-yaml
• replace fs.R_OK with fs.constants.T_OK #6012 #6019

6.0.13

• Fix blessed package import

6.0.12

• #6037 Drop npm-shrinkwrap in favor of fixed dependencies versions
• #5577 fix pm2 monit crash

Commits

• ff1ca97 pm2@6.0.14
• 34e6c01 CVE-2025-64718 Update js-yaml
• 4c8b733 replace fs.R_OK with fs.constants.T_OK #6012 #6019
• 6edb9c0 Merge pull request #6055 from d-oliveros/master
• 13ab5f4 Fixed version of @​pm2/pm2-version-check
• 2c44471 pm2@6.0.13
• d6f299d pm2@6.0.12
• 5ff07ee update package-lock.json
• 0b5d575 debug@4.4.3
• 4c309aa use forked blessed #5577
• Additional commits viewable in compare view

Updates js-yaml from 3.14.1 to 3.14.2

Changelog

Sourced from js-yaml's changelog.

[3.14.2] - 2025-11-15

Security

• Backported v4.1.1 fix to v3

[4.1.1] - 2025-11-12

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

• Types are now exported as yaml.types.XXX.
• Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

• Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021-01-03

Changed

• Check migration guide to see details for all breaking changes.
• Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.
• Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.
• yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.
• yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.
• !!binary now always mapped to Uint8Array on load.
• Reduced nesting of /lib folder.
• Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).
• dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.
• Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.
• Code snippet created in exceptions now contains multiple lines with line numbers.
• dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.
• dump() with skipInvalid=true now serializes invalid items in collections as null.
• Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.
• Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

• Added .mjs (es modules) support.
• Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.
• Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.

... (truncated)

Commits

• 9963d36 3.14.2 released
• 10d3c8e dist rebuild
• 5278870 fix prototype pollution in merge (<<) (#731)
• See full diff in compare view

Updates body-parser from 2.2.0 to 2.2.2

Release notes

Sourced from body-parser's releases.

v2.2.2

What's Changed

• docs: update README links by @​efekrskl in expressjs/body-parser#673
• docs: release notes for the v1.20.4 release by @​Phillip9587 in expressjs/body-parser#674
• docs: update URL-encoded parser description to include ISO-8859-1 encoding support by @​Phillip9587 in expressjs/body-parser#679
• docs: use standard jsdoc tags everywhere by @​Phillip9587 in expressjs/body-parser#677
• deps: qs@^6.14.1 by @​UlisesGascon in expressjs/body-parser#689
• refactor(json): simplify strict mode error string construction by @​jonchurch in expressjs/body-parser#693
• Release: 2.2.2 by @​UlisesGascon in expressjs/body-parser#691

New Contributors

• @​efekrskl made their first contribution in expressjs/body-parser#673

Full Changelog: expressjs/body-parser@v2.2.1...v2.2.2

v2.2.1

Important: Security

• Security fix for CVE-2025-13466 (GHSA-wqch-xfxh-vrr4)

What's Changed

• ci: add dependabot by @​Phillip9587 in expressjs/body-parser#593
• ci: use full SHAs for github action versions by @​Phillip9587 in expressjs/body-parser#594
• deps: type-is@^2.0.1 by @​Phillip9587 in expressjs/body-parser#599
• build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @​dependabot[bot] in expressjs/body-parser#609
• build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by @​dependabot[bot] in expressjs/body-parser#610
• build(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by @​dependabot[bot] in expressjs/body-parser#611
• build(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by @​dependabot[bot] in expressjs/body-parser#613
• build(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by @​dependabot[bot] in expressjs/body-parser#612
• ci: add codeql github workflows scanning by @​Phillip9587 in expressjs/body-parser#614
• ci: update CodeQL config to ignore the test directory by @​Phillip9587 in expressjs/body-parser#615
• build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @​dependabot[bot] in expressjs/body-parser#620
• build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by @​dependabot[bot] in expressjs/body-parser#619
• chore(deps): unpin devDependencies by @​Phillip9587 in expressjs/body-parser#616
• ci: add node.js 24 to test matrix by @​Phillip9587 in expressjs/body-parser#621
• build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @​dependabot[bot] in expressjs/body-parser#623
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​dependabot[bot] in expressjs/body-parser#624
• chore: add funding to package.json by @​Phillip9587 in expressjs/body-parser#617
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @​dependabot[bot] in expressjs/body-parser#625
• build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @​dependabot[bot] in expressjs/body-parser#630
• refactor: move common request validation to read function by @​Phillip9587 in expressjs/body-parser#600
• deps: bump iconv-lite by @​bjohansebas in expressjs/body-parser#631
• doc: pull beta changelog forward into 2.0.0 by @​jonchurch in expressjs/body-parser#629
• refactor: optimize raw and text parsers with shared passthrough function by @​Phillip9587 in expressjs/body-parser#634
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in expressjs/body-parser#640
• build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @​dependabot[bot] in expressjs/body-parser#639
• build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by @​dependabot[bot] in expressjs/body-parser#636
• build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by @​dependabot[bot] in expressjs/body-parser#637
• build(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by @​dependabot[bot] in expressjs/body-parser#638
• deps: raw-body@^3.0.1 by @​Phillip9587 in expressjs/body-parser#641

... (truncated)

Changelog

Sourced from body-parser's changelog.

2.2.2 / 2026-01-07

• deps: qs@^6.14.1
• refactor(json): simplify strict mode error string construction

2.2.1 / 2025-11-24

• Security fix for GHSA-wqch-xfxh-vrr4
• deps:
  • type-is@^2.0.1
  • iconv-lite@^0.7.0
    • Handle split surrogate pairs when encoding UTF-8
    • Avoid false positives in encodingExists by using prototype-less objects
  • raw-body@^3.0.1
  • debug@^4.4.3

Commits

• 3d24866 2.2.2 (#691)
• 8474a98 refactor(json): simplify strict mode error string construction (#693)
• 03f17c2 deps: qs@^6.14.1 (#689)
• ea1f25e docs: use standard jsdoc tags everywhere (#677)
• d7deef8 docs: update URL-encoded parser description to include ISO-8859-1 encoding su...
• b6f52aa docs: release notes for the v1.20.4 release (#674)
• 2965ca4 docs: update links (#673)
• d96b63d 2.2.1 (#659)
• b204886 sec: security patch for CVE-2025-13466
• e20e351 feat: remove history.md from being packaged on publish (#660)
• Additional commits viewable in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

• 7bba978 3.1.5
• bd25942 docs: add warning about ReDoS
• 1a9c27c fix partial matching of globstar patterns
• 1a2e084 3.1.4
• ae24656 update lockfile
• b100374 limit recursion for **, improve perf considerably
• 26ffeaa lockfile update
• 9eca892 lock node version to 14
• 00c323b 3.1.3
• 30486b2 update CI matrix and actions
• Additional commits viewable in compare view

Updates qs from 6.14.0 to 6.15.0

Changelog

Sourced from qs's changelog.

6.15.0

• [New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)
• [Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

• [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)
• [Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue
• [Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)
• [Fix] parse: enforce arrayLimit on comma-parsed values
• [Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)
• [Robustness] avoid .push, use void
• [readme] document that addQueryPrefix does not add ? to empty output (#418)
• [readme] clarify parseArrays and arrayLimit documentation (#543)
• [readme] replace runkit CI badge with shields.io check-runs badge
• [meta] fix changelog typo (arrayLength → arrayLimit)
• [actions] fix rebase workflow permissions

6.14.1

• [Fix] ensure arrayLimit applies to [] notation as well
• [Fix] parse: when a custom decoder returns null for a key, ignore that key
• [Refactor] parse: extract key segment splitting helper
• [meta] add threat model
• [actions] add workflow permissions
• [Tests] stringify: increase coverage
• [Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

Commits

• d9b4c66 v6.15.0
• cb41a54 [New] parse: add strictMerge option to wrap object/primitive conflicts in...
• 88e1563 [Fix] duplicates option should not apply to bracket notation keys
• 9d441d2 Merge backport release tags v6.0.6–v6.13.3 into main
• 85cc8ca v6.12.5
• ffc12aa v6.11.4
• 0506b11 [actions] update reusable workflows
• 6a37faf [actions] update reusable workflows
• 8e8df5a [Fix] fix regressions from robustness refactor
• d60bab3 v6.10.7
• Additional commits viewable in compare view

Updates tar from 7.4.3 to 7.5.9

Changelog

Sourced from tar's changelog.

Changelog

7.5

• Added zstd compression support.
• Consistent TOCTOU behavior in sync t.list
• Only read from ustar block if not specified in Pax
• Fix sync tar.list when file size reduces while reading
• Sanitize absolute linkpaths properly
• Prevent writing hardlink entries to the archive ahead of their file target

7.4

• Deprecate onentry in favor of onReadEntry for clarity.

7.3

• Add onWriteEntry option

7.2

• DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

• Update minipass to v7.1.0
• Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

• Drop support for node <18
• Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
• Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
• Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
• Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

... (truncated)

Commits

• 1f0c2c9 7.5.9
• fbb0851 build minified version as default export
• 6b8eba0 7.5.8
• 2cb1120 fix(unpack): improve UnpackSync symlink error "into" path accuracy
• d18e4e1 fix: do not write linkpaths through symlinks
• 4a37eb9 7.5.7
• f4a7aa9 fix: properly sanitize hard links containing ..
• 394ece6 7.5.6
• 7d4cc17 fix race puting a Link ahead of its target File
• 26ab904 7.5.5
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates valibot from 0.37.0 to 1.2.0

Release notes

Sourced from valibot's releases.

v1.2.0

Many thanks to @​EskiMojo14, @​makenowjust, @​ysknsid25 and @​jacekwilczynski for contributing to this release.

Read the release notes on our website for a quick overview of the most exciting new features in this release.

• Add toBigint, toBoolean, toDate, toNumber and toString transformation actions (pull request #1212)
• Add examples action to add example values to a schema (pull request #1199)
• Add getExamples method to extract example values from a schema (pull request #1199)
• Add isbn validation action to validate ISBN-10 and ISBN-13 strings (pull request #1097)
• Add exports for RawCheckAddIssue, RawCheckContext, RawCheckIssueInfo, RawTransformAddIssue, RawTransformContext and RawTransformIssueInfo types for better developer experience with rawCheck and rawTransform actions (pull request #1359)
• Change build step to tsdown
• Fix ReDoS vulnerability in EMOJI_REGEX used by emoji action

v1.2.0 (to-json-schema)

Many thanks to @​cruzdanilo and @​Xiot for contributing to this release.

• Add support for title, description and examples in metadata action (pull request #1189)
• Add new override configurations to override default behaviour of JSON Schema conversion (pull request #1197)
• Add storage for global definitions with addGlobalDefs and getGlobalDefs (pull request #1197)
• Add new toJsonSchemaDefs function to convert Valibot schema definitions to JSON Schema definitions (pull request #1197)

v1.1.0

Many thanks to @​EltonLobo07, @​sacrosanctic, @​muningis, @​EskiMojo14, @​MOZGIII, @​vktrl and @​jasperteo for contributing to this release.

Read the release notes on our website for a quick overview of the most exciting new features in this release.

• Add message method to overwrite local error message configuration of a schema (pull request #1103)
• Add summarize method to summarize issues into a pretty-printable multi-line string (pull request #1158)
• Add getTitle, getDescription and getMetadata methods to extract metadata of a schema (pull request #1154)
• Add minEntries and maxEntries validation action to validate number of object entries (pull request #1100)
• Add entries and notEntries validation action to validate number of object entries (pull request #1156)
• Add parseJson and stringifyJson transformation action to parse and stringify JSON (pull request #1137)
• Add flavor transformation action to flavor the output type of a schema (pull request #950)
• Add support for bigints to multipleOf validation action (pull request #1164)
• Change implementation of variant and variantAsync schema to improve performance by aborting validation of discriminators early (pull request #1110)
• Change name of NanoIDAction and NanoIDIssue interface to NanoIdAction and NanoIdIssue (pull request #1171)
• Fix internal MarkOptional type to fix input and output type of objects in edge cases (issue #1176)

v1.1.0 (to-json-schema)

Many thanks to @​sruenwg, @​muningis and @​EltonLobo07 for contributing to this release.

• Add support for minEntries and maxEntries action (pull request #1100)
• Add support for entries action (pull request #1156)
• Change Valibot peer dependency to v1.1.0
• Fix toJsonSchema to be independent of definition order (pull request #1133)
• Fix additionalItems for tuple schemas and add minItems (pull request #1126)

v1.0.0

This is a summary of the changes between v0 and v1. Many thanks to everyone who contributed to this release.

... (truncated)

Commits

• 053ae97 Bump version to 1.2.0 and update changelog
• de76d7c Merge pull request #1361 from open-circle/v1.2-blog-post
• c14f092 Add security fix for ReDoS vulnerability in emoji action and update release n...
• cfb799d Merge commit from fork
• 36fafd0 Add release notes blog post for Valibot v1.2 to website
• 83c07ca Merge pull request #1097 from ysknsid25/feat/add-isbn-validation
• 6957e0d Add beta annotation to JSDoc comment of isbn action
• 6c7f9c0 Add docs for new isbn action to website
• ca902e6 Refactor ISBN regex constants and update validation logic
• e7a4f17 Refactor and improve new isbn action and update changelog
• Additional commits viewable in compare view

Updates validator from 13.15.20 to 13.15.23

Release notes

Sourced from validator's releases.

13.15.23

Fixes, New Locales and Enhancements

• Doc fixes and others:
  • #2631 @​WikiRik

Full Changelog: validatorjs/validator.js@13.15.22...13.15.23

13.15.22

Fixes, New Locales and Enhancements

• #2622 isURL: fix regression with hostnames with ports @​mbtools
• #2616 isLength: improve handling Unicode variation selectors @​koral--
• Doc fixes and others:
  • #2621 @​mbtools

New Contributors

• @​mbtools made their first contribution in validatorjs/validator.js#2622
• @​koral-- made their first contribution in validatorjs/validator.js#2616

Full Changelog: validatorjs/validator.js@13.15.20...13.15.22

Changelog

Sourced from validator's changelog.

13.15.23

Fixes, New Locales and Enhancements

• Doc fixes and others:
  • #2631 @​WikiRik

13.15.22

Fixes, New Locales and Enhancements

• #2622 isURL: fix regression with hostnames with ports @​mbtools
• #2616 isLength: improve handling Unicode variation selectors @​koral--
• Doc fixes and others:
  • #2621 @​mbtools

Commits

• 9113304 fix(build): move to trusted publishing (#2631)
• f2b5c17 maintenance: 2511 release (#2627)
• d457eca fix(isLength): correctly handle Unicode variation selectors (#2616)
• f2e3633 docs: add install instructions to contibution guide (#2621)
• cf40145 fix: URL validation for hostnames with ports (no protocol) (#2622)
• 4af6124 maintenance: 2510 release (#2585)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for validator since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.