chore(deps): update dependency validator to v13.15.20 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
validator	13.15.15 -> 13.15.20

GitHub Vulnerability Alerts

CVE-2025-56200

A URL validation bypass vulnerability exists in validator.js prior to version 13.15.20. The isURL() function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leading to XSS and Open Redirect attacks.

---

Release Notes

validatorjs/validator.js (validator)

v13.15.20

Compare Source

Fixes, New Locales and Enhancements

• #​2556 isMobilePhone: add ar-QA locale @​WardKhaddour
• #​2576 isAlpha/isAlphanuneric: add Indic locales (ta-IN, te-IN, kn-IN, ml-IN, gu-IN, pa-IN, or-IN) @​avadootharajesh
• #​2574 isBase64: improve padding regex @​KrayzeeKev
• #​2584 isVAT: improve FR locale @​iamAmer
• #​2608 isURL: improve protocol detection. Resolves CVE-2025-56200 @​theofidry
• Doc fixes and others:
  • #​2563 @​stoneLeaf
  • #​2581 @​camillobruni

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.