Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade core-js from 3.24.1 to 3.29.1 #312

Merged
merged 3 commits into from
May 25, 2023

Conversation

snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented Apr 8, 2023

Snyk has created this PR to upgrade core-js from 3.24.1 to 3.29.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 14 versions ahead of your current version.
  • The recommended version was released a month ago, on 2023-03-13.
Release notes
Package name: core-js
  • 3.29.1 - 2023-03-13
  • 3.29.0 - 2023-02-26
    • Added URLSearchParams.prototype.size getter, url/734
    • Allowed cloning resizable ArrayBuffers in the structuredClone polyfill
    • Fixed wrong export in /(stable|actual|full)/instance/unshift entries, #1207
    • Compat data improvements:
      • Set methods proposal marked as supported from Bun 0.5.7
      • String.prototype.toWellFormed marked as fixed from Bun 0.5.7
      • Added Deno 1.31 compat data mapping
  • 3.28.0 - 2023-02-13

    I highly recommend reading this: So, what's next?

    • Change Array by copy proposal:
      • Methods:
        • Array.prototype.toReversed
        • Array.prototype.toSorted
        • Array.prototype.toSpliced
        • Array.prototype.with
        • %TypedArray%.prototype.toReversed
        • %TypedArray%.prototype.toSorted
        • %TypedArray%.prototype.with
      • Moved to stable ES, January 2023 TC39 meeting
      • Added es. namespace modules, /es/ and /stable/ namespaces entries
    • Added JSON.parse source text access Stage 3 proposal
      • Methods:
        • JSON.parse patched for support source in reviver function arguments
        • JSON.rawJSON
        • JSON.isRawJSON
        • JSON.stringify patched for support JSON.rawJSON
    • Added ArrayBuffer.prototype.transfer and friends Stage 3 proposal:
      • Built-ins:
        • ArrayBuffer.prototype.detached
        • ArrayBuffer.prototype.transfer (only in runtimes with native structuredClone with ArrayBuffer transfer support)
        • ArrayBuffer.prototype.transferToFixedLength (only in runtimes with native structuredClone with ArrayBuffer transfer support)
      • In backwards, in runtimes with native ArrayBuffer.prototype.transfer, but without proper structuredClone, added ArrayBuffer transfer support to structuredClone polyfill
    • Iterator Helpers proposal:
    • Explicit Resource Management Stage 3 and Async Explicit Resource Management Stage 2 proposals:
    • Added Symbol predicates Stage 2 proposal
      • Methods:
        • Symbol.isRegistered
        • Symbol.isWellKnown
    • Number.range Stage 1 proposal and method renamed to Iterator.range
    • Function.prototype.unThis Stage 0 proposal and method renamed to Function.prototype.demethodize
    • Fixed Safari String.prototype.toWellFormed ToString conversion bug
    • Improved some cases handling of array-replacer in JSON.stringify symbols handling fix
    • Fixed many other old JSON.{ parse, stringify } bugs (numbers instead of strings as keys in replacer, handling negative zeroes, spaces, some more handling symbols cases, etc.)
    • Fixed configurability and ToString conversion of some accessors
    • Added throwing proper errors on an incorrect context in some ArrayBuffer and DataView methods
    • Some minor DataView and %TypedArray% polyfills optimizations
    • Added proper error on the excess number of trailing = in the atob polyfill
    • Fixed theoretically possible ReDoS vulnerabilities in String.prototype.{ trim, trimEnd, trimRight }, parse(Int|Float), Number, atob, and URL polyfills in some ancient engines
    • Compat data improvements:
      • RegExp.prototype.flags marked as fixed from V8 ~ Chrome 111
      • Added Opera Android 73 compat data mapping
    • Added TypeScript definitions to core-js-builder
  • 3.27.2 - 2023-01-18
    • Set methods proposal updates:
      • Closing of iterators of Set-like objects on early exit, proposal-set-methods/85
      • Some other minor internal changes
    • Added one more workaround of a webpack dev server bug on IE global methods, #1161
    • Fixed possible String.{ raw, cooked } error with empty template array
    • Used non-standard V8 Error.captureStackTrace instead of stack parsing in new error classes / wrappers where it's possible
    • Added detection correctness of iteration to Promise.{ allSettled, any } feature detection, Hermes issue
    • Compat data improvements:
      • Change Array by copy proposal marked as supported from V8 ~ Chrome 110
      • Added Samsung Internet 20 compat data mapping
      • Added Quest Browser 25 compat data mapping
      • Added React Native 0.71 Hermes compat data
      • Added Electron 23 and 24 compat data mapping
      • self marked as fixed in Deno 1.29.3, deno/17362
    • Minor tweaks of minification settings for core-js-bundle
    • Refactoring, some minor fixes, improvements, optimizations
  • 3.27.1 - 2022-12-29
    • Fixed a Chakra-based MS Edge (18-) bug that unfreeze (O_o) frozen arrays used as WeakMap keys
    • Fixing of the previous bug also fixes some cases of String.dedent in MS Edge
    • Fixed dependencies of some entries
  • 3.27.0 - 2022-12-25
    • Iterator Helpers proposal:
      • Built-ins:
        • Iterator
          • Iterator.from
          • Iterator.prototype.drop
          • Iterator.prototype.every
          • Iterator.prototype.filter
          • Iterator.prototype.find
          • Iterator.prototype.flatMap
          • Iterator.prototype.forEach
          • Iterator.prototype.map
          • Iterator.prototype.reduce
          • Iterator.prototype.some
          • Iterator.prototype.take
          • Iterator.prototype.toArray
          • Iterator.prototype.toAsync
          • Iterator.prototype[@@ toStringTag]
        • AsyncIterator
          • AsyncIterator.from
          • AsyncIterator.prototype.drop
          • AsyncIterator.prototype.every
          • AsyncIterator.prototype.filter
          • AsyncIterator.prototype.find
          • AsyncIterator.prototype.flatMap
          • AsyncIterator.prototype.forEach
          • AsyncIterator.prototype.map
          • AsyncIterator.prototype.reduce
          • AsyncIterator.prototype.some
          • AsyncIterator.prototype.take
          • AsyncIterator.prototype.toArray
          • AsyncIterator.prototype[@@ toStringTag]
      • Moved to Stage 3, November 2022 TC39 meeting
      • Added /actual/ entries, unconditional forced replacement disabled for features that survived to Stage 3
      • .from accept strings, .flatMap throws on strings returned from the callback, proposal-iterator-helpers/244, proposal-iterator-helpers/250
      • .from and .flatMap throws on non-object iterators, proposal-iterator-helpers/253
    • Set methods proposal:
      • Built-ins:
        • Set.prototype.intersection
        • Set.prototype.union
        • Set.prototype.difference
        • Set.prototype.symmetricDifference
        • Set.prototype.isSubsetOf
        • Set.prototype.isSupersetOf
        • Set.prototype.isDisjointFrom
      • Moved to Stage 3, November 2022 TC39 meeting
      • Reimplemented with new semantics:
        • Optimized performance (iteration over lowest set)
        • Accepted only Set-like objects as an argument, not all iterables
        • Accepted only Sets as this, no @@ species support, and other minor changes
      • Added /actual/ entries, unconditional forced replacement changed to feature detection
      • For avoiding breaking changes:
        • New versions of methods are implemented as new modules and available in new entries or entries where old versions of methods were not available before (like /actual/ namespace)
        • In entries where they were available before (like /full/ namespace), those methods are available with fallbacks to old semantics (in addition to Set-like, they accept iterable objects). This behavior will be removed from the next major release
    • Well-Formed Unicode Strings proposal:
      • Methods:
        • String.prototype.isWellFormed
        • String.prototype.toWellFormed
      • Moved to Stage 3, November 2022 TC39 meeting
      • Added /actual/ entries, disabled unconditional forced replacement
    • Explicit resource management Stage 3 and Async explicit resource management Stage 2 proposals:
      • Renamed from "using statement" and splitted into 2 (sync and async) proposals
      • In addition to already present well-known symbols, added new built-ins:
        • Symbol.dispose
        • Symbol.asyncDispose
        • SuppressedError
        • DisposableStack
          • DisposableStack.prototype.dispose
          • DisposableStack.prototype.use
          • DisposableStack.prototype.adopt
          • DisposableStack.prototype.defer
          • DisposableStack.prototype.move
          • DisposableStack.prototype[@@ dispose]
        • AsyncDisposableStack
          • AsyncDisposableStack.prototype.disposeAsync
          • AsyncDisposableStack.prototype.use
          • AsyncDisposableStack.prototype.adopt
          • AsyncDisposableStack.prototype.defer
          • AsyncDisposableStack.prototype.move
          • AsyncDisposableStack.prototype[@@ asyncDispose]
        • Iterator.prototype[@@ dispose]
        • AsyncIterator.prototype[@@ asyncDispose]
      • Sync version of this proposal moved to Stage 3, November 2022 TC39 meeting
      • Added /actual/ namespace entries for Stage 3 proposal
    • Added String.dedent stage 2 proposal
      • Method String.dedent
      • Throws an error on non-frozen raw templates for avoiding possible breaking changes in the future, proposal-string-dedent/75
    • Compat data targets improvements:
      • React Native from 0.70 shipped with Hermes as the default engine. However, bundled Hermes versions differ from standalone Hermes releases. So added react-native target for React Native with bundled Hermes.
      • According to the documentation, Oculus Browser was renamed to Meta Quest Browser, so oculus target was renamed to quest.
      • opera_mobile target name is confusing since it contains data for the Chromium-based Android version, but iOS Opera is Safari-based. So opera_mobile target was renamed to opera-android.
      • android target name is also confusing for someone - that means Android WebView, some think thinks that it's Chrome for Android, but they have some differences. For avoiding confusion, added chrome-android target.
      • For consistency with two previous cases, added firefox-android target.
      • For avoiding breaking changes, the oculus and opera_mobile fields are available in the compat data till the next major release.
    • Compat data improvements:
    • { Map, WeakMap }.prototype.emplace became stricter by the spec draft
    • Smoothed behavior of some conflicting proposals
    • Removed some generic behavior (like @@ species pattern) of some .prototype methods from the new collections methods proposal and the Array deduplication proposal that most likely will not be implemented since it contradicts the current TC39 policy
    • Added pure version of the Number constructor, #1154, #1155, thanks @ trosos
    • Added set(Timeout|Interval|Immediate) extra arguments fix for Bun 0.3.0- (similarly to IE9-), bun/1633
    • Fixed handling of sparse arrays in structuredClone, #1156
    • Fixed a theoretically possible future conflict of polyfills definitions in the pure version
    • Some refactoring and optimization
  • 3.26.1 - 2022-11-13
    • Disabled forced replacing of Array.fromAsync since it's on Stage 3
    • Avoiding a check of the target in the internal function-uncurry-this helper where it's not required - minor optimization and preventing problems in some broken environments, a workaround of #1141
    • V8 will not ship Array.prototype.{ group, groupToMap } in V8 ~ Chromium 108, proposal-array-grouping/44
  • 3.26.0 - 2022-10-23
    Read more
  • 3.25.5 - 2022-10-03
    • Fixed regression with an error on reuse of some built-in methods from another realm, #1133
  • 3.25.4 - 2022-10-02
    • Added a workaround of a Nashorn bug with Function.prototype.{ call, apply, bind } on string methods, #1128
    • Updated lists of [Serializable] and [Transferable] objects in the structuredClone polyfill. Mainly, for better error messages if polyfilling of cloning such types is impossible
    • Array.prototype.{ group, groupToMap } marked as supported from V8 ~ Chromium 108
    • Added Electron 22 compat data mapping
  • 3.25.3 - 2022-09-25
  • 3.25.2 - 2022-09-18
  • 3.25.1 - 2022-09-07
  • 3.25.0 - 2022-08-24
  • 3.24.1 - 2022-07-29
from core-js GitHub release notes
Commit messages
Package name: core-js
  • f50b58e 3.29.1
  • 8682a18 a month has passed, return the original readme
  • 3a6698e update dependencies
  • 94dad66 fix dependencies of some entries
  • 20899d5 update the changelog
  • c256cff fix `/{ actual, full }/array` entries
  • 7a69adf update dependencies
  • 76f8648 fix dependencies of `/full/instance/replace-all` entry
  • 8e5c031 fix `to-set-like` final return -> better error message for obsolete versions of `Set` helpers
  • ce955d0 fix `ToString` conversion / built-ins nature of some accessors
  • dbc1d6b update dependencies
  • 63f9f86 reduce number of intermediate entries for the root entry
  • 52ca37e fix dependencies of some entries
  • d220771 add Opera Android 74 compat data mapping
  • 5c09b8b mark `String.prototype.{ isWellFormed, toWellFormed }` as supported from V8 ~ Chrome 111
  • a28c80e drop `{ Iterator, AsyncIterator }.prototype.indexed` compat test since they removed from the proposal
  • 344e24a update `publint`
  • 71ea97c update dependencies
  • 7b1bcff update `playwright-extra`
  • 3a04527 add a note
  • 2cabf5f add a note
  • cd27fd6 update `zx`
  • 8c77615 3.29.0
  • 615d44e update dependencies

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@ytetsuro ytetsuro force-pushed the snyk-upgrade-8ce2484b5f5e0f59d6bcf4e33e4897a0 branch from 8484cd8 to aafe7fe Compare May 25, 2023 16:06
@ytetsuro ytetsuro merged commit 36eddc6 into develop May 25, 2023
@ytetsuro ytetsuro deleted the snyk-upgrade-8ce2484b5f5e0f59d6bcf4e33e4897a0 branch May 25, 2023 16:45
@github-actions
Copy link

🎉 This PR is included in version 0.2.2 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants