Closed mallikde-kore closed 2 years ago
@mallikde-kore You could help by making a PR, please?
we don't use either of those validators, just isBase64
so we should be ok. That said I'd still gladly update the package version if it doesn't break anything.
Should be resolved since the package.json
is pointing at ^13.7.0
now
Issue:
validator package versions before 13.6.0 are vulnerable to ReDOS (Regular Expression Denial of Service) via isEmail and isHSL. The vulnerability can happen when checking if the crafted string is an email.
Suggestion: Please update validator package to latest version to fix this vulnerability.