search

mdn / express-locallibrary-tutorial

Local Library website written in NodeJS/Express; example for the MDN server-side development NodeJS module: https://developer.mozilla.org/en-US/docs/Learn/Server-side/Express_Nodejs.
Creative Commons Zero v1.0 Universal
1.23k stars 695 forks source link

Bump express-validator from 6.15.0 to 7.0.1 #179

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps express-validator from 6.15.0 to 7.0.1.

Release notes

Sourced from express-validator's releases.

v7.0.1

  • Fixed checkSchema() warning that known validators are unknown when its value is false - #1223

v7.0.0

πŸš€ πŸ™Œ First major version in almost 4 years! πŸš€ 🀯 Thanks everybody for having the patience. Hopefully this version brings many improvements to your developer experience!

Breaking changes πŸ’₯

  • Minimum supported Node.js version is now 14+
  • Removed deprecated APIs - #993
    • Import paths express-validator/check and express-validator/filter
    • Sanitization-only middlewares (e.g. sanitize(), sanitizeBody(), etc)
    • Deprecated TypeScript types (ValidationParamSchema and ValidationSchema)
  • isObject() validator now assumes options.strict = true by default
  • Validation errors changed shape
    • Field validation errors param property has been renamed to path
    • oneOf() validation errors no longer have a param: '_error' property
  • (TypeScript only) The ValidationError type is now a discriminated union, it might be necessary to use switch or if statements to check that you're dealing with the type that you want to debug/format
  • oneOf() signature changed: from oneOf(chains, message) to oneOf(chains, options: { message, errorType })
  • oneOf() default error structure now groups errors by their... validation group!, instead of in a flat list

Checkout the migration guide for examples on how to work around some of these: https://express-validator.github.io/docs/migration-v6-to-v7

New features ✨

  • Added validation for no unknown fields - #558, #578, #612, #1148, #809, #927, #1204
  • Added globstars (deep wildcard) support - #790, #1137, #1216
  • Added support for multiple custom validators/sanitizers in checkSchema() - #552, #1180
  • Added request-level bail - #1100, #1214
  • Added a ExpressValidator class which allows adding "persistent" custom validators, sanitizers, and options - #1077, #1079, #1209
  • Added oneOf() support to .if() - #1170
  • Added new error types to oneOf() - #956, #1022

Bug fixes πŸ›

  • Validating/sanitizing arrays no longer drops all but the first value - #791, #755, #704, #1002
  • Added missing ko-KR to MobilePhoneLocale - #1218, #1219
  • Don't silently fail when setting withMessage and not in schemas - #664

New Contributors

Full Changelog: https://github.com/express-validator/express-validator/compare/v6.15.0...v7.0.0

Commits
  • 924cbb6 7.0.1
  • cf7687f Schema: don't warn when schema entry is falsy
  • a7d76ad docs: add missing list of links at end of Getting Started guide
  • caf9555 docs: fix broken links
  • c75d364 7.0.0
  • 16fb680 docs: cut new version
  • b873319 fix AlternativeMessageFactory test
  • ecb37e4 exists: add values option + missing docs
  • d43834e Update build badge on readme
  • 5d5da09 checkSchema: don't silently fail when using not/withMessage
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)