• Upgraded Validator to v13.15.23 (#1338, #1343)

• Upgraded validator to v13.12.15 (see their release notes: https://github.com/validatorjs/validator.js/releases/tag/13.15.15)

• Clone non-primitive replacement values when using #default()/#replace() to avoid object reference reuse (#1316)

• Add hide() method (#1304, #1305)
• Add wildcard values to custom validator's metadata (#1297, #1308)
• Correctly select properties of primitives (#1245, #1279)

• Upgraded validator to v13.12.0 (see their release notes: https://github.com/validatorjs/validator.js/releases/tag/13.12.0)
• Added missing fields to IsURLOptions (#1258, #1259)
• Added isULID() validator (#1248)
• Several improvements to docs

• Fixed checkSchema() warning that known validators are unknown when its value is false - #1223

🚀 🙌 First major version in almost 4 years! 🚀 🤯
Thanks everybody for having the patience. Hopefully this version brings many improvements to your developer experience!

Breaking changes 💥

• Minimum supported Node.js version is now 14+
• Removed deprecated APIs - #993
  • Import paths express-validator/check and express-validator/filter
  • Sanitization-only middlewares (e.g. sanitize(), sanitizeBody(), etc)
  • Deprecated TypeScript types (ValidationParamSchema and ValidationSchema)
• isObject() validator now assumes options.strict = true by default
• Validation errors changed shape
  • Field validation errors param property has been renamed to path
  • oneOf() validation errors no longer have a param: '_error' property
• (TypeScript only) The ValidationError type is now a discriminated union, it might be necessary to use switch or if statements to check that you're dealing with the type that you want to debug/format
• oneOf() signature changed: from oneOf(chains, message) to oneOf(chains, options: { message, errorType })
• oneOf() default error structure now groups errors by their... validation group!, instead of in a flat list

Checkout the migration guide for examples on how to work around some of these:
https://express-validator.github.io/docs/migration-v6-to-v7

New features ✨

• Added validation for no unknown fields - #558, #578, #612, #1148, #809, #927, #1204
• Added globstars (deep wildcard) support - #790, #1137, #1216
• Added support for multiple custom validators/sanitizers in checkSchema() - #552, #1180
• Added request-level bail - #1100, #1214
• Added a ExpressValidator class which allows adding "persistent" custom validators, sanitizers, and options - #1077, #1079, #1209
• Added oneOf() support to .if() - #1170
• Added new error types to oneOf() - #956, #1022

Bug fixes 🐛

• Validating/sanitizing arrays no longer drops all but the first value - #791, #755, #704, #1002
• Added missing ko-KR to MobilePhoneLocale - #1218, #1219
• Don't silently fail when setting withMessage and not in schemas - #664

New Contributors

• @Yoowatney made their first contribution in #1219

Full Changelog: v6.15.0...v7.0.0

What's Changed

• chore(deps): bump ua-parser-js from 0.7.32 to 0.7.33 by @dependabot in #1208
• chore(deps): bump eta from 1.12.3 to 2.0.0 by @dependabot in #1211
• chore(deps): bump http-cache-semantics from 4.1.0 to 4.1.1 by @dependabot in #1210
• feat: update to support validator 13.9.0 by @fedeci in #1212

Full Changelog: v6.14.3...v6.15.0

What's Changed

• docs: fixed typo in sanitization chain example by @ankushknr19 in #1195
• fixed infinite recursion when the request has a field called * (#1205)

New Contributors

• @ankushknr19 made their first contribution in #1195

Full Changelog: v6.14.2...v6.14.3

What's Changed

• correctly run .matches when passing regex object by @tonysamperi in #1156

New Contributors

• @tonysamperi made their first contribution in #1156

Full Changelog: v6.14.1...v6.14.2