Fix validator security vulnerability CVE in isLength() (#484)

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: samanhappy <2755122+samanhappy@users.noreply.github.com>
2025-12-23 18:29:21 -05:00 · 2025-12-05 17:40:29 +08:00
parent 1921a0363b
commit 71667dab2c
2 changed files with 10 additions and 10 deletions
--- a/package.json
+++ b/package.json
@@ -60,7 +60,7 @@
    "dotenv": "^16.6.1",
    "dotenv-expand": "^12.0.2",
    "express": "^4.21.2",
-    "express-validator": "^7.2.1",
+    "express-validator": "^7.3.1",
    "i18next": "^25.5.0",
    "i18next-fs-backend": "^2.6.0",
    "jsonwebtoken": "^9.0.2",
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -59,8 +59,8 @@ importers:
        specifier: ^4.21.2
        version: 4.22.0
      express-validator:
-        specifier: ^7.2.1
-        version: 7.2.1
+        specifier: ^7.3.1
+        version: 7.3.1
      i18next:
        specifier: ^25.5.0
        version: 25.6.0(typescript@5.9.2)
@@ -2629,8 +2629,8 @@ packages:
    peerDependencies:
      express: '>= 4.11'

-  express-validator@7.2.1:
-    resolution: {integrity: sha512-CjNE6aakfpuwGaHQZ3m8ltCG2Qvivd7RHtVMS/6nVxOM7xVGqr4bhflsm4+N5FP5zI7Zxp+Hae+9RE+o8e3ZOQ==}
+  express-validator@7.3.1:
+    resolution: {integrity: sha512-IGenaSf+DnWc69lKuqlRE9/i/2t5/16VpH5bXoqdxWz1aCpRvEdrBuu1y95i/iL5QP8ZYVATiwLFhwk3EDl5vg==}
    engines: {node: '>= 8.0.0'}

  express@4.22.0:
@@ -4482,8 +4482,8 @@ packages:
    resolution: {integrity: sha512-kiGUalWN+rgBJ/1OHZsBtU4rXZOfj/7rKQxULKlIzwzQSvMJUUNgPwJEEh7gU6xEVxC0ahoOBvN2YI8GH6FNgA==}
    engines: {node: '>=10.12.0'}

-  validator@13.12.0:
-    resolution: {integrity: sha512-c1Q0mCiPlgdTVVVIJIrBuxNicYE+t/7oKeI9MWLj3fh/uq2Pxh/3eeWbVZ4OcGW1TUf53At0njHw5SMdA3tmMg==}
+  validator@13.15.23:
+    resolution: {integrity: sha512-4yoz1kEWqUjzi5zsPbAS/903QXSYp0UOtHsPpp7p9rHAw/W+dkInskAE386Fat3oKRROwO98d9ZB0G4cObgUyw==}
    engines: {node: '>= 0.10'}

  vary@1.1.2:
@@ -6965,10 +6965,10 @@ snapshots:
    dependencies:
      express: 5.2.1

-  express-validator@7.2.1:
+  express-validator@7.3.1:
    dependencies:
      lodash: 4.17.21
-      validator: 13.12.0
+      validator: 13.15.23

  express@4.22.0:
    dependencies:
@@ -9024,7 +9024,7 @@ snapshots:
      '@types/istanbul-lib-coverage': 2.0.6
      convert-source-map: 2.0.0

-  validator@13.12.0: {}
+  validator@13.15.23: {}

  vary@1.1.2: {}