[Snyk] Upgrade core-js from 3.9.0 to 3.37.0 #5
Conversation
Snyk has created this PR to upgrade core-js from 3.9.0 to 3.37.0. See this package in npm: core-js See this project in Snyk: https://app.snyk.io/org/hawthorne001/project/23c8cc62-3539-4735-a796-98239d32a46b?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr
|
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is an install script?Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts. Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
1 participant
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade core-js from 3.9.0 to 3.37.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 88 versions ahead of your current version.
The recommended version was released a month ago, on 2024-04-16.
Release notes
Package name: core-js
-
3.37.0 - 2024-04-16
- Changes v3.36.1...v3.37.0
- New
- Built-ins:
- Moved to stable ES, April 2024 TC39 meeting
- Added
- Explicit Resource Management stage 3 proposal
- Some minor updates like explicit-resource-management/217
- Added
- Built-ins:
- Built-ins:
- Added optional arguments support, promise-try/16
- Moved to stage 2.7, April 2024 TC39 meeting
- Moved to hex-escape semantics, regex-escaping/67
- It's not the final change of the way of escaping, waiting for regex-escaping/77 soon
- Pattern matching stage 1 proposal:
- Built-ins:
- Once again, the used well-known symbol was renamed
- Added new entries for that
- Added Extractors stage 1 proposal:
- Built-ins:
- Since the
- Added
- Engines bugs fixes:
- Added a fix of Safari
- Added a fix of Safari bug with double call of constructor in
- Compat data improvements:
- New
- Added Opera Android 82 compat data mapping
-
3.36.1 - 2024-03-19
- Changes v3.36.0...v3.36.1
- Fixed some validation cases in
- Fixed the order of validations in
- Added a fix of Bun
- Added a fix of Bun
- Added a fix of Bun
- Compat data improvements:
- Added React Native 0.74 Hermes compat data,
- Added Deno 1.41.3 compat data mapping
- Added Opera Android 81 compat data mapping
- Added Samsung Internet 25 compat data mapping
- Added Oculus Quest Browser 32 compat data mapping
- Updated Electron 30 compat data mapping
-
3.36.0 - 2024-02-14
- Built-ins:
- Moved to stable ES, Febrary 2024 TC39 meeting
- Added
- Methods:
- Moved to stage 3, Febrary 2024 TC39 meeting
- Added
- Skipped adding new methods of writing to existing arrays to clarification some moments
- Added an entry point for the new TC39 proposals stage -
- Fixed regression in
- Fixed a missed check in
- Fixed a missed check in
- Fixed
- Fixed dependencies loading for modules from
- Dropped context workaround from collection static methods entries since with current methods semantic it's no longer required
- Added instance methods polyfills to entries of collections static methods that produce collection instances
- Added missed
- Added debugging info in some missed cases
- Compat data improvements:
- New
- Added Deno 1.40 compat data mapping
- Updated Electron 30 compat data mapping
-
3.35.1 - 2024-01-20
- Fixed internal
- Removed significant redundant code from
- Fixed setting names of methods with symbol keys in some old engines
- Minor fix of prototype methods export logic in the pure version
- Compat data improvements:
- Note that V8 ~ Chrome 122 add
- Added Oculus Quest Browser 31 compat data mapping
- Updated Electron 29 and added Electron 30 compat data mapping
-
3.35.0 - 2023-12-28
- Fixed handling some cases of non-enumerable symbol keys from
- Removed unneeded NodeJS domains-related logic from
- Fixed subclassing of wrapped
- Refactoring, many different minor optimizations
- Compat data improvements:
- It seems that the ancient
- Since
- Added Opera Android 80 and updated Opera Android 79 compat data mapping
- Added Samsung Internet 24 compat data mapping
-
3.34.0 - 2023-12-05
- Methods:
- Moved to stable ES, November 2023 TC39 meeting
- Added
- Method:
- Moved to stable ES, November 2023 TC39 meeting
- Added
- Fixed a web incompatibility issue of
- Added
- Methods:
- Relaxed some specific cases of
- Fixed
- Fixed the order of arguments validation in
- Some minor
- Compat data improvements:
-
3.33.3 - 2023-11-19
- Fixed an issue getting the global object on Duktape, #1303
- Avoid sharing internal
- Some internal untangling
- Compat data improvements:
- Added Deno 1.38 compat data mapping
- Added Opera Android 79 compat data mapping
- Added Oculus Quest Browser 30 compat data mapping
- Updated Electron 28 and 29 compat data mapping
-
3.33.2 - 2023-10-30
- Simplified
- Added support of
- Removed unspecified unnecessary
- Fixed handling of fractional number part in
- Compat data improvements:
- Updated Opera Android 78 compat data mapping
- Added Electron 29 compat data mapping
-
3.33.1 - 2023-10-20
- Added one more workaround of possible error with
- Directly specified
- Prevented potential issue with lack of some dependencies after automatic optimization polyfills of some methods in the pure version
- Some minor internal fixes and optimizations
- Compat data improvements:
- Added React Native 0.73 Hermes compat data, mainly fixes of some issues
- Added NodeJS 21.0 compat data mapping
-
3.33.0 - 2023-10-01
-
3.32.2 - 2023-09-07
-
3.32.1 - 2023-08-18
-
3.32.0 - 2023-07-27
-
3.31.1 - 2023-07-06
-
3.31.0 - 2023-06-11
-
3.30.2 - 2023-05-06
-
3.30.1 - 2023-04-13
-
3.30.0 - 2023-04-03
-
3.29.1 - 2023-03-13
-
3.29.0 - 2023-02-26
-
3.28.0 - 2023-02-13
-
3.27.2 - 2023-01-18
-
3.27.1 - 2022-12-29
-
3.27.0 - 2022-12-25
-
3.26.1 - 2022-11-13
-
3.26.0 - 2022-10-23
-
3.25.5 - 2022-10-03
-
3.25.4 - 2022-10-02
-
3.25.3 - 2022-09-25
-
3.25.2 - 2022-09-18
-
3.25.1 - 2022-09-07
-
3.25.0 - 2022-08-24
-
3.24.1 - 2022-07-29
-
3.24.0 - 2022-07-25
-
3.23.5 - 2022-07-17
-
3.23.4 - 2022-07-09
-
3.23.3 - 2022-06-25
-
3.23.2 - 2022-06-20
-
3.23.1 - 2022-06-14
-
3.23.0 - 2022-06-13
-
3.22.8 - 2022-06-01
-
3.22.7 - 2022-05-24
-
3.22.6 - 2022-05-22
-
3.22.5 - 2022-05-10
-
3.22.4 - 2022-05-02
-
3.22.3 - 2022-04-28
-
3.22.2 - 2022-04-21
-
3.22.1 - 2022-04-19
-
3.22.0 - 2022-04-15
-
3.21.1 - 2022-02-16
-
3.21.0 - 2022-02-01
-
3.20.3 - 2022-01-15
-
3.20.2 - 2022-01-01
-
3.20.1 - 2021-12-23
-
3.20.0 - 2021-12-15
-
3.19.3 - 2021-12-06
-
3.19.2 - 2021-11-29
-
3.19.1 - 2021-11-02
-
3.19.0 - 2021-10-25
-
3.18.3 - 2021-10-12
-
3.18.2 - 2021-10-05
-
3.18.1 - 2021-09-26
-
3.18.0 - 2021-09-19
-
3.17.3 - 2021-09-09
-
3.17.2 - 2021-09-02
-
3.17.1 - 2021-09-01
-
3.17.0 - 2021-09-01
-
3.16.4 - 2021-08-29
-
3.16.3 - 2021-08-24
-
3.16.2 - 2021-08-17
-
3.16.1 - 2021-08-08
-
3.16.0 - 2021-07-30
-
3.15.2 - 2021-06-29
-
3.15.1 - 2021-06-22
-
3.15.0 - 2021-06-20
-
3.14.0 - 2021-06-05
-
3.13.1 - 2021-05-29
-
3.13.0 - 2021-05-25
-
3.12.1 - 2021-05-08
-
3.12.0 - 2021-05-06
-
3.11.3 - 2021-05-05
-
3.11.2 - 2021-05-03
-
3.11.1 - 2021-04-28
-
3.11.0 - 2021-04-22
-
3.10.2 - 2021-04-19
-
3.10.1 - 2021-04-07
-
3.10.0 - 2021-03-31
-
3.9.1 - 2021-02-28
-
3.9.0 - 2021-02-18
from core-js GitHub release notesSetmethods proposal:Set.prototype.intersectionSet.prototype.unionSet.prototype.differenceSet.prototype.symmetricDifferenceSet.prototype.isSubsetOfSet.prototype.isSupersetOfSet.prototype.isDisjointFromes.namespace modules,/es/and/stable/namespaces entriesMath.sumPrecisestage 2.7 proposal:Math.sumPrecisePromise.tryproposal:Promise.tryRegExp.escapestage 2 proposal:Symbol.customMatcherSymbol.customMatcherSymbol.customMatcherwell-known symbol from the pattern matching proposal is also used in the exactors proposal, added an entry also for this proposalURL.parse, url/825{ Object, Map }.groupBybug that does not support iterable primitivesArray.fromAsyncURL.parseadded and marked as supported from FF 126URL.parseadded and marked as supported from Bun 1.1.4URL.canParsefixed and marked as supported from Bun 1.1.0Setmethods fixed in JavaScriptCore and marked as supported from Bun 1.1.1Object.setPrototypeOf, #1329, thanks @ minseok-choeArray.from, #1331, thanks @ minseok-choequeueMicrotaskarityURL.canParsearitySuppressedErrorextra arguments support and arityvalueargument ofURLSearchParams.prototype.{ has, delete }marked as supported from Bun 1.0.31Array.prototype.{ toSpliced, toReversed, with }andatobmarked as supportedArrayBuffer.prototype.transferand friends proposal:ArrayBuffer.prototype.detachedArrayBuffer.prototype.transferArrayBuffer.prototype.transferToFixedLengthes.namespace modules,/es/and/stable/namespaces entriesUint8Arrayto / from base64 and hex proposal:Uint8Array.fromBase64Uint8Array.fromHexUint8Array.prototype.toBase64Uint8Array.prototype.toHex/actual/namespace entriesPromise.tryproposal has been resurrected and moved to stage 2, Febrary 2024 TC39 meetingcore-js/stage/2.7- still emptySet.prototype.intersectionfeature detectionArray.prototype.{ indexOf, lastIndexOf, includes }, #1325, thanks @ minseok-choeArray.prototype.{ reduce, reduceRight }, #1327, thanks @ minseok-choeArray.fromand some other methods with proxy targets, #1322, thanks @ minseok-choeArrayBuffer.prototype.transferand friends proposal in some specific cases in IE10-Date.prototype.toJSONtoJSON.stringifyentries dependencies{ Map, Object }.groupBy,Promise.withResolvers,ArrayBuffer.prototype.transferand friends marked as supported from Safari 17.4Setmethods fixed and marked as supported from V8 ~ Chrome 123Symbol.metadatamarked as supported from Deno 1.40.4ToLengthoperation with bigints, #1318String#splitpolyfillIteratorhelpers proposal methods marked as supported from V8 ~ Chrome 122Setmethods, but they have a bug similar to Safariselfmarked as fixed from Bun 1.0.22SuppressedErrorandSymbol.{ dispose, asyncDispose }marked as supported from Bun 1.0.23{ Map, Set, WeakMap, WeakSet }.{ from, of }became non-generic, following this and some other notes. Now they can be invoked withoutthis, but no longer return subclass instancesSymbolpolyfillqueueMicrotaskpolyfillArrayBufferArray.fromAsyncmarked as supported from V8 ~ Chrome 121Array.prototype.pushbug is fixed in V8 ~ Chrome 122 (Hallelujah!)ArrayBuffer.prototype.transferand friends proposal features marked as supported from FF 122 and Bun 1.0.19Object.groupByandMap.groupBymarked as supported from Bun 1.0.19Iteratorhelpers proposal methods are still not disabled in Deno, the web compatibility issue why it was disabled in Chromium makes no sense for Deno and fixed in the spec, they marked as supported from Deno 1.37Arraygrouping proposal:Object.groupByMap.groupByes.namespace modules,/es/and/stable/namespaces entriesPromise.withResolversproposal:Promise.withResolverses.namespace module,/es/and/stable/namespaces entriesIteratorhelpers proposal, proposal-iterator-helpers/287 and some following changes, November 2023 TC39 meetingUint8Arrayto / from base64 and hex stage 2 proposal:Uint8Array.fromBase64Uint8Array.fromHexUint8Array.prototype.toBase64Uint8Array.prototype.toHexNumber.fromStringvalidation before clarification of proposal-number-fromstring/24@@ toStringTagproperty descriptors on DOM collections, #1312Arrayiteration methods, #1313atob/btoaimprovementsPromise.withResolversmarked as shipped from FF121[[DedentMap]]fromString.dedentproposal betweencore-jsinstances before stabilization of the proposalArray.fromAsyncmarked as supported from Deno 1.38Symbol.{ dispose, asyncDispose }marked as supported from Deno 1.38structuredClonepolyfill, avoided second tree pass in cases of transferringSuppressedErrortostructuredClonepolyfillArrayBufferandDataViewdependencies ofstructuredClonelack of which could cause errors in some entries in IE10-Number.fromStringURL.canParsemarked as supported from Chromium 120Symbolpolyfill on global object, #1289type: commonjsinpackage.jsonof all packages to avoid potential breakage in future Node versions, see this issueString.prototype.{ isWellFormed, toWellFormed }marked as supported from FF119Commit messages
Package name: core-js
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs
Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.