Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade core-js from 3.8.0 to 3.30.1 #2

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented May 5, 2023

Snyk has created this PR to upgrade core-js from 3.8.0 to 3.30.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 76 versions ahead of your current version.
  • The recommended version was released 22 days ago, on 2023-04-13.
Release notes
Package name: core-js
  • 3.30.1 - 2023-04-13
  • 3.30.0 - 2023-04-03
  • 3.29.1 - 2023-03-13
  • 3.29.0 - 2023-02-26
    • Added URLSearchParams.prototype.size getter, url/734
    • Allowed cloning resizable ArrayBuffers in the structuredClone polyfill
    • Fixed wrong export in /(stable|actual|full)/instance/unshift entries, #1207
    • Compat data improvements:
      • Set methods proposal marked as supported from Bun 0.5.7
      • String.prototype.toWellFormed marked as fixed from Bun 0.5.7
      • Added Deno 1.31 compat data mapping
  • 3.28.0 - 2023-02-13

    I highly recommend reading this: So, what's next?

    • Change Array by copy proposal:
      • Methods:
        • Array.prototype.toReversed
        • Array.prototype.toSorted
        • Array.prototype.toSpliced
        • Array.prototype.with
        • %TypedArray%.prototype.toReversed
        • %TypedArray%.prototype.toSorted
        • %TypedArray%.prototype.with
      • Moved to stable ES, January 2023 TC39 meeting
      • Added es. namespace modules, /es/ and /stable/ namespaces entries
    • Added JSON.parse source text access Stage 3 proposal
      • Methods:
        • JSON.parse patched for support source in reviver function arguments
        • JSON.rawJSON
        • JSON.isRawJSON
        • JSON.stringify patched for support JSON.rawJSON
    • Added ArrayBuffer.prototype.transfer and friends Stage 3 proposal:
      • Built-ins:
        • ArrayBuffer.prototype.detached
        • ArrayBuffer.prototype.transfer (only in runtimes with native structuredClone with ArrayBuffer transfer support)
        • ArrayBuffer.prototype.transferToFixedLength (only in runtimes with native structuredClone with ArrayBuffer transfer support)
      • In backwards, in runtimes with native ArrayBuffer.prototype.transfer, but without proper structuredClone, added ArrayBuffer transfer support to structuredClone polyfill
    • Iterator Helpers proposal:
    • Explicit Resource Management Stage 3 and Async Explicit Resource Management Stage 2 proposals:
    • Added Symbol predicates Stage 2 proposal
      • Methods:
        • Symbol.isRegistered
        • Symbol.isWellKnown
    • Number.range Stage 1 proposal and method renamed to Iterator.range
    • Function.prototype.unThis Stage 0 proposal and method renamed to Function.prototype.demethodize
    • Fixed Safari String.prototype.toWellFormed ToString conversion bug
    • Improved some cases handling of array-replacer in JSON.stringify symbols handling fix
    • Fixed many other old JSON.{ parse, stringify } bugs (numbers instead of strings as keys in replacer, handling negative zeroes, spaces, some more handling symbols cases, etc.)
    • Fixed configurability and ToString conversion of some accessors
    • Added throwing proper errors on an incorrect context in some ArrayBuffer and DataView methods
    • Some minor DataView and %TypedArray% polyfills optimizations
    • Added proper error on the excess number of trailing = in the atob polyfill
    • Fixed theoretically possible ReDoS vulnerabilities in String.prototype.{ trim, trimEnd, trimRight }, parse(Int|Float), Number, atob, and URL polyfills in some ancient engines
    • Compat data improvements:
      • RegExp.prototype.flags marked as fixed from V8 ~ Chrome 111
      • Added Opera Android 73 compat data mapping
    • Added TypeScript definitions to core-js-builder
  • 3.27.2 - 2023-01-18
    • Set methods proposal updates:
      • Closing of iterators of Set-like objects on early exit, proposal-set-methods/85
      • Some other minor internal changes
    • Added one more workaround of a webpack dev server bug on IE global methods, #1161
    • Fixed possible String.{ raw, cooked } error with empty template array
    • Used non-standard V8 Error.captureStackTrace instead of stack parsing in new error classes / wrappers where it's possible
    • Added detection correctness of iteration to Promise.{ allSettled, any } feature detection, Hermes issue
    • Compat data improvements:
      • Change Array by copy proposal marked as supported from V8 ~ Chrome 110
      • Added Samsung Internet 20 compat data mapping
      • Added Quest Browser 25 compat data mapping
      • Added React Native 0.71 Hermes compat data
      • Added Electron 23 and 24 compat data mapping
      • self marked as fixed in Deno 1.29.3, deno/17362
    • Minor tweaks of minification settings for core-js-bundle
    • Refactoring, some minor fixes, improvements, optimizations
  • 3.27.1 - 2022-12-29
    • Fixed a Chakra-based MS Edge (18-) bug that unfreeze (O_o) frozen arrays used as WeakMap keys
    • Fixing of the previous bug also fixes some cases of String.dedent in MS Edge
    • Fixed dependencies of some entries
  • 3.27.0 - 2022-12-25
    Read more
  • 3.26.1 - 2022-11-13
    • Disabled forced replacing of Array.fromAsync since it's on Stage 3
    • Avoiding a check of the target in the internal function-uncurry-this helper where it's not required - minor optimization and preventing problems in some broken environments, a workaround of #1141
    • V8 will not ship Array.prototype.{ group, groupToMap } in V8 ~ Chromium 108, proposal-array-grouping/44
  • 3.26.0 - 2022-10-23
  • 3.25.5 - 2022-10-03
  • 3.25.4 - 2022-10-02
  • 3.25.3 - 2022-09-25
  • 3.25.2 - 2022-09-18
  • 3.25.1 - 2022-09-07
  • 3.25.0 - 2022-08-24
  • 3.24.1 - 2022-07-29
  • 3.24.0 - 2022-07-25
  • 3.23.5 - 2022-07-17
  • 3.23.4 - 2022-07-09
  • 3.23.3 - 2022-06-25
  • 3.23.2 - 2022-06-20
  • 3.23.1 - 2022-06-14
  • 3.23.0 - 2022-06-13
  • 3.22.8 - 2022-06-01
  • 3.22.7 - 2022-05-24
  • 3.22.6 - 2022-05-22
  • 3.22.5 - 2022-05-10
  • 3.22.4 - 2022-05-02
  • 3.22.3 - 2022-04-28
  • 3.22.2 - 2022-04-21
  • 3.22.1 - 2022-04-19
  • 3.22.0 - 2022-04-15
  • 3.21.1 - 2022-02-16
  • 3.21.0 - 2022-02-01
  • 3.20.3 - 2022-01-15
  • 3.20.2 - 2022-01-01
  • 3.20.1 - 2021-12-23
  • 3.20.0 - 2021-12-15
  • 3.19.3 - 2021-12-06
  • 3.19.2 - 2021-11-29
  • 3.19.1 - 2021-11-02
  • 3.19.0 - 2021-10-25
  • 3.18.3 - 2021-10-12
  • 3.18.2 - 2021-10-05
  • 3.18.1 - 2021-09-26
  • 3.18.0 - 2021-09-19
  • 3.17.3 - 2021-09-09
  • 3.17.2 - 2021-09-02
  • 3.17.1 - 2021-09-01
  • 3.17.0 - 2021-09-01
  • 3.16.4 - 2021-08-29
  • 3.16.3 - 2021-08-24
  • 3.16.2 - 2021-08-17
  • 3.16.1 - 2021-08-08
  • 3.16.0 - 2021-07-30
  • 3.15.2 - 2021-06-29
  • 3.15.1 - 2021-06-22
  • 3.15.0 - 2021-06-20
  • 3.14.0 - 2021-06-05
  • 3.13.1 - 2021-05-29
  • 3.13.0 - 2021-05-25
  • 3.12.1 - 2021-05-08
  • 3.12.0 - 2021-05-06
  • 3.11.3 - 2021-05-05
  • 3.11.2 - 2021-05-03
  • 3.11.1 - 2021-04-28
  • 3.11.0 - 2021-04-22
  • 3.10.2 - 2021-04-19
  • 3.10.1 - 2021-04-07
  • 3.10.0 - 2021-03-31
  • 3.9.1 - 2021-02-28
  • 3.9.0 - 2021-02-18
  • 3.8.3 - 2021-01-19
  • 3.8.2 - 2021-01-03
  • 3.8.1 - 2020-12-06
  • 3.8.0 - 2020-11-25
from core-js GitHub release notes

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant