[Snyk] Upgrade validator from 13.15.20 to 13.15.23

[xak1234]

Snyk has created this PR to upgrade validator from 13.15.20 to 13.15.23.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 2 versions ahead of your current version.

• The recommended version was released 22 days ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Incomplete Filtering of One or More Instances of Special Elements SNYK-JS-VALIDATOR-13653476	828	Proof of Concept

Release notes

Package name: validator

• 13.15.23 - 2025-11-10
  

  Fixes, New Locales and Enhancements

  • Doc fixes and others:
    • #2631 @ WikiRik

  Full Changelog: 13.15.22...13.15.23

• 13.15.22 - 2025-11-09
  

  Fixes, New Locales and Enhancements

  • #2622 isURL: fix regression with hostnames with ports @ mbtools
  • #2616 isLength: improve handling Unicode variation selectors @ koral--
  • Doc fixes and others:
    • #2621 @ mbtools

  New Contributors

  • @ mbtools made their first contribution in #2622
  • @ koral-- made their first contribution in #2616

  Full Changelog: 13.15.20...13.15.22

• 13.15.20 - 2025-10-26
  

  Fixes, New Locales and Enhancements

  • #2556 isMobilePhone: add ar-QA locale @ WardKhaddour
  • #2576 isAlpha/isAlphanuneric: add Indic locales (ta-IN, te-IN, kn-IN, ml-IN, gu-IN, pa-IN, or-IN) @ avadootharajesh
  • #2574 isBase64: improve padding regex @ KrayzeeKev
  • #2584 isVAT: improve FR locale @ iamAmer
  • #2608 isURL: improve protocol detection. Resolves CVE-2025-56200 @ theofidry
  • Doc fixes and others:
    • #2563 @ stoneLeaf
    • #2581 @ camillobruni

  New Contributors

  • @ stoneLeaf made their first contribution in #2563
  • @ WardKhaddour made their first contribution in #2556
  • @ avadootharajesh made their first contribution in #2576
  • @ KrayzeeKev made their first contribution in #2574
  • @ iamAmer made their first contribution in #2584
  • @ camillobruni made their first contribution in #2581
  • @ theofidry made their first contribution in #2608

  Full Changelog: 13.15.15...13.15.20

from validator GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[gemini-code-assist]

Summary of Changes

Hello @xak1234, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request, automatically generated by Snyk, updates the validator dependency to its latest stable version, 13.15.23. This essential upgrade primarily aims to patch a critical high-severity security vulnerability and incorporates several bug fixes and enhancements from intermediate versions, ensuring the project benefits from improved validation logic and security.

Highlights

• Dependency Upgrade: The validator package has been upgraded from version 13.15.20 to 13.15.23, incorporating two minor version updates.
• Security Fix: This upgrade addresses a high-severity vulnerability (SNYK-JS-VALIDATOR-13653476) related to 'Incomplete Filtering of One or More Instances of Special Elements', improving the application's security posture.
• Bug Fixes and Enhancements: The updated versions include fixes for isURL (addressing a regression with hostnames and improving protocol detection to resolve CVE-2025-56200) and isLength (improving handling of Unicode variation selectors), along with new locale support and documentation updates.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Summary of Changes

Hello @xak1234, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request, automatically generated by Snyk, updates the validator package to its latest version, 13.15.23. The primary motivation for this upgrade is to mitigate a high-severity security vulnerability and incorporate several bug fixes and enhancements that improve the robustness and functionality of the validation library.

Highlights

• Dependency Upgrade: The validator package has been upgraded from version 13.15.20 to 13.15.23.
• Security Fix: This upgrade addresses a high-severity vulnerability (SNYK-JS-VALIDATOR-13653476) related to 'Incomplete Filtering of One or More Instances of Special Elements', improving the security posture of the project.
• Bug Fixes and Enhancements: The updated versions include fixes for isURL regression with hostnames and improved isLength handling for Unicode, along with various documentation updates and new locale support.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This Snyk pull request upgrades the validator package to fix a high-severity security vulnerability. The update is correct and important. I've suggested pinning the dependency version in package.json to ensure deterministic builds and prevent potential issues from future patch releases. With that change, this PR is ready to merge.

[gemini-code-assist]

For better build reproducibility and to prevent accidentally pulling in future patch releases that might contain regressions, it's a good practice to pin the exact version of the dependency. This ensures that every installation uses the exact version that has been tested.

Suggested change

	"validator": "^13.15.23"
	"validator": "13.15.23"

[gemini-code-assist]

Code Review

This pull request, generated by Snyk, upgrades the validator dependency from version 13.15.20 to 13.15.23. This is a crucial update that patches a high-severity security vulnerability (SNYK-JS-VALIDATOR-13653476) related to incomplete filtering. The changes are confined to package.json and package-lock.json and correctly reflect the version bump. The update is necessary and the PR is ready to be merged.