jkchao / blog-service

blog service @nestjs
213 stars 49 forks source link

chore(deps): bump class-validator from 0.9.1 to 0.14.0 #40

Open dependabot[bot] opened 1 year ago

dependabot[bot] commented 1 year ago

Bumps class-validator from 0.9.1 to 0.14.0.

Changelog

Sourced from class-validator's changelog.

0.14.0 (2022-12-09)

Added

  • add @IsTimeZone decorator to check if given string is valid IANA time zone
  • add @IsISO4217CurrencyCode decorator to check if the string is an ISO 4217 currency code
  • add @IsStrongPassword decorator to check if given password matches specific complexity criteria
  • add @IsBase58 decorator to check if a string is base58 encoded
  • add @IsTaxId decorator to check if a given string is a valid tax ID in a given locale
  • add support for passing function as date generator in @MinDate and @MaxDate decorators
  • add option to print constraint error message instead of constraint type in validation error
  • improve decorator metadata lookup performance
  • return possible values in error message for @IsEnum decorator

Fixed

  • re-added @types/validator as dependency
  • fix error generation when using @NestedValidation
  • pass validation options correctly to validator in @IsDateString decorator
  • support passing Symbol as parameter in error message generation
  • specify supported locales for @IsAlphanumeric decorator
  • correctly assign decorator name in metadata instead of loosing it
  • fix various spelling errors in documentation
  • fix various spelling errors and inconsistencies in JSDoc for decorators

Changed

  • enable forbidUnknownValues option by default
  • remove documentation about deprecated schema based validation and added warning
  • update warning message logged about missing decorator metadata
  • update libphonenumber-js to ^1.10.14 from ^1.9.43
  • update various dev-dependencies

BREAKING CHANGES

forbidUnknownValues option is enabled by default

From this release the forbidUnknownValues is enabled by default. This is the desired behavior for majority of use-cases, but this change may break validation for some. The two scenarios that results in failed validation:

  • when attempting to validate a class instance without metadata for it
  • when using group validation and the specified validation group results in zero validation applied

The old behavior can be restored via specifying forbidUnknownValues: false option when calling the validate functions.

For more details see [PR #1798](typestack/class-validator#1798) and #1422 (comment).

@NestedValidation decorator correctly assigns validation errors

Until now the errors from a nested validation in some cases were incorrectly assigned

... (truncated)

Commits
  • 5f0d424 merge: release 0.14.0 (#1841)
  • e3d0708 build: bump version to 0.14.0
  • ad76890 docs: add changelog for 0.14.0
  • 9a775c5 build(deps-dev): bump @​types/node from 18.11.11 to 18.11.12 (#1840)
  • 53bc9f6 build(deps-dev): bump @​typescript-eslint/eslint-plugin (#1837)
  • d9b4072 build(deps-dev): bump @​typescript-eslint/parser from 5.45.1 to 5.46.0 (#1838)
  • f993e9e build(deps-dev): bump typescript from 4.9.3 to 4.9.4 (#1835)
  • ad1a41d build(deps-dev): bump @​rollup/plugin-commonjs from 23.0.3 to 23.0.4 (#1836)
  • 42b4f7f build(deps-dev): bump prettier from 2.8.0 to 2.8.1 (#1834)
  • 0c986d4 build(deps-dev): bump @​types/node from 18.11.10 to 18.11.11 (#1833)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by typestack-release-bot, a new releaser for class-validator since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jkchao/blog-service/network/alerts).