chore: update dependency validator to ^13.15.20 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
validator	^13.15.15 -> ^13.15.20

GitHub Vulnerability Alerts

CVE-2025-56200

A URL validation bypass vulnerability exists in validator.js prior to version 13.15.20. The isURL() function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leading to XSS and Open Redirect attacks.

---

Release Notes

validatorjs/validator.js (validator)

v13.15.20

Compare Source

Fixes, New Locales and Enhancements

• #​2556 isMobilePhone: add ar-QA locale @​WardKhaddour
• #​2576 isAlpha/isAlphanuneric: add Indic locales (ta-IN, te-IN, kn-IN, ml-IN, gu-IN, pa-IN, or-IN) @​avadootharajesh
• #​2574 isBase64: improve padding regex @​KrayzeeKev
• #​2584 isVAT: improve FR locale @​iamAmer
• #​2608 isURL: improve protocol detection. Resolves CVE-2025-56200 @​theofidry
• Doc fixes and others:
  • #​2563 @​stoneLeaf
  • #​2581 @​camillobruni

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coveralls]

Pull Request Test Coverage Report for Build 18854100685

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• 1 unchanged line in 1 file lost coverage.
• Overall coverage decreased (-0.008%) to 54.898%

---

Files with Coverage Reduction	New Missed Lines	%
packages/core/src/application.ts	1	70.28%

Totals
Change from base Build 18853888709:	-0.008%
Covered Lines:	9572
Relevant Lines:	12457

---

💛 - Coveralls