Skip to content

[Snyk] Upgrade core-js from 3.21.0 to 3.23.4 #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade core-js from 3.21.0 to 3.23.4 #10

wants to merge 1 commit into from

Conversation

@zachjonesnoel
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade core-js from 3.21.0 to 3.23.4.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 15 versions ahead of your current version.
  • The recommended version was released 23 days ago, on 2022-07-09.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-NODEFETCH-2964180		 554/1000
Why? Proof of Concept exploit, Recently disclosed, CVSS 7.5		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: core-js
  • 3.23.4 - 2022-07-09
    • Added a workaround of the Bun ~ 0.1.1 bug that define some globals with incorrect property descriptors and that causes a crash of core-js
    • Added a fix of the FF103+ structuredClone bugs (1774866 (fixed in FF104) and 1777321 (still not fixed)) that now can clone errors, but .stack of the clone is an empty string
    • Fixed { Map, WeakMap }.prototype.emplace logic, #1102
    • Fixed order of errors throwing on iterator helpers
  • 3.23.3 - 2022-06-25
  • 3.23.2 - 2022-06-20
    • Avoided creation of extra properties for the handling of %TypedArray% constructors in new methods, #1092 (comment)
    • Added Deno 1.23 compat data mapping
  • 3.23.1 - 2022-06-14
    • Fixed possible error on multiple core-js copies, #1091
    • Added v flag to RegExp.prototype.flags implementation in case if current V8 bugs will not be fixed before this flag implementation
  • 3.23.0 - 2022-06-13
    • Array find from last moved to the stable ES, according to June 2022 TC39 meeting:
      • Array.prototype.findLast
      • Array.prototype.findLastIndex
      • %TypedArray%.prototype.findLast
      • %TypedArray%.prototype.findLastIndex
    • Methods from the Array grouping proposal renamed, according to June 2022 TC39 meeting:
      • Array.prototype.groupBy -> Array.prototype.group
      • Array.prototype.groupByToMap -> Array.prototype.groupToMap
    • Changed the order of operations in %TypedArray%.prototype.with following proposal-change-array-by-copy/86, according to June 2022 TC39 meeting
    • Decorator Metadata proposal extracted from Decorators proposal as a separate stage 2 proposal, according to March 2022 TC39 meeting, Symbol.metadataKey replaces Symbol.metadata
    • Added Array.prototype.push polyfill with some fixes for modern engines
    • Added Array.prototype.unshift polyfill with some fixes for modern engines
    • Fixed a bug in the order of getting flags in RegExp.prototype.flags in the actual version of V8
    • Fixed property descriptors of some Math and Number constants
    • Added a workaround of V8 ArrayBufferDetaching protector cell invalidation and performance degradation on structuredClone feature detection, one more case of #679
    • Added detection of NodeJS bug in structuredClone that can not clone DOMException (just in case for future versions that will fix other issues)
    • Compat data:
      • Added NodeJS 18.3 compat data mapping
      • Added and fixed Deno 1.22 and 1.21 compat data mapping
      • Added Opera Android 69 compat data mapping
      • Updated Electron 20.0 compat data mapping
  • 3.22.8 - 2022-06-01
    • Fixed possible multiple call of ToBigInt / ToNumber conversion of the argument passed to %TypedArray%.prototype.fill in V8 ~ Chrome < 59, Safari < 14.1, FF < 55, Edge <=18
    • Fixed some cases of DeletePropertyOrThrow in IE9-
    • Fixed the kind of error (TypeError instead of Error) on incorrect exec result in RegExp.prototype.test polyfill
    • Fixed dependencies of { actual, full, features }/typed-array/at entries
    • Added Electron 20.0 compat data mapping
    • Added iOS Safari 15.5 compat data mapping
    • Refactoring
  • 3.22.7 - 2022-05-24
    • Added a workaround for V8 ~ Chrome 53 bug with non-writable prototype of some methods, #1083
  • 3.22.6 - 2022-05-22
    • Fixed possible double call of ToNumber conversion on arguments of Math.{ fround, trunc } polyfills
    • Array.prototype.includes marked as fixed in FF102
  • 3.22.5 - 2022-05-10
    • Ensured that polyfilled constructors .prototype is non-writable
    • Ensured that polyfilled methods .prototype is not defined
    • Added detection and fix of a V8 ~ Chrome <103 bug of struturedClone that returns null if cloned object contains multiple references to one error
  • 3.22.4 - 2022-05-02
    • Ensured proper .length of polyfilled functions even in compressed code (excepting some ancient engines)
    • Ensured proper .name of polyfilled accessors (excepting some ancient engines)
    • Ensured proper source / ToString conversion of polyfilled accessors
    • Actualized Rhino compat data
    • Refactoring
  • 3.22.3 - 2022-04-28
  • 3.22.2 - 2022-04-21
  • 3.22.1 - 2022-04-19
  • 3.22.0 - 2022-04-15
  • 3.21.1 - 2022-02-16
  • 3.21.0 - 2022-02-01
from core-js GitHub release notes
Commit messages
Package name: core-js
  • fe00e9c 3.23.4
  • 369786c minor refactoring
  • 0b5d53d fix `.emplace` logic, #1102
  • 0134fd1 improve a note
  • e245f94 clarify links to FF bugs
  • 87bf578 add a little more info
  • 0342bfa update a comment
  • e41db12 add a fix for the FF103 `structuredClone` bug that now can clone errors, but `.stack` of the clone is an empty string
  • cb8d8e0 add a workaround for Bun ~ 0.1.1 bug that define some globals with incorrect property descriptors
  • aeb28b6 use `getIteratorDirect` for proper order of error throwing on iterator helpers
  • cd4c263 some stylistic changes
  • bc63ebd replace deprecated `avoid-escape` via `avoidEscape`
  • 595227c update dependencies
  • 5d42952 Merge pull request #1100 from dev-itsheng/patch-2
  • f2e6605 fix(*): change all backticks to `'`
  • f6582da fix(*): Typo
  • f8e29e6 update dependencies
  • f33766c some stylistic changes
  • ac364f5 change the param of the `usage` script
  • 7510ecd update dependencies
  • 7bbe874 update dependencies
  • 569ee6c update dependencies
  • 08d8143 bump version in `SECURITY.md`
  • 11e024a update dependencies

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@zachjonesnoel @snyk-bot