[Snyk] Upgrade core-js from 3.12.1 to 3.37.0 #259
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade core-js from 3.12.1 to 3.37.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-CACHEDPATHRELATIVE-2342653
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-DECODEURICOMPONENT-3149970
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-ENGINEIO-3136336
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-ES5EXT-6095076
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-Y18N-1021887
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-SEMVER-3247795
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-SEMVER-3247795
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-AXIOS-1579269
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-AXIOS-6032459
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-SOCKETIOPARSER-5596892
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-TAR-1536528
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-TAR-1536531
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-TAR-1579147
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-TAR-1579152
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-TAR-1579155
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-FOLLOWREDIRECTS-6141137
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-GETFUNCNAME-5923417
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-JSONSCHEMA-1920922
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-LOADERUTILS-3043105
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-QS-3153490
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-SEMVER-3247795
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-SEMVER-3247795
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-SHELLQUOTE-1766506
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-SIMPLEGET-2361683
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-NORMALIZEURL-1296539
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-BROWSERIFYSIGN-6037026
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-CONVENTIONALCOMMITSPARSER-1766960
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-COOKIEJAR-3149984
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-JSON5-3182856
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-EXPRESS-6474509
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-SOCKETIOPARSER-3091012
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-QS-3153490
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-QS-3153490
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-SHELLJS-2332187
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-SIMPLEGET-2361683
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-TERSER-2806366
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-FOLLOWREDIRECTS-6444610
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-GOT-2932019
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-GOT-2932019
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-JSON5-3182856
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-LOADERUTILS-3042992
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-PARSEURL-2935947
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-LOADERUTILS-3105943
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-PARSEURL-2942134
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-PATHPARSE-1077067
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-FOLLOWREDIRECTS-2332181
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-TRIMOFFNEWLINES-1296850
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-UGLIFYJS-1727251
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-LOG4JS-2348757
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-PARSEURL-2935944
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-TAR-1536758
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-FOLLOWREDIRECTS-2396346
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-PARSEURL-2936249
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-SOCKETIOPARSER-3091012
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-NODEFETCH-2342118
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-MINIMIST-2429795
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-BABELTRAVERSE-5962462
Why? Proof of Concept exploit, CVSS 7.3
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: core-js
Set
methods proposal:Set.prototype.intersection
Set.prototype.union
Set.prototype.difference
Set.prototype.symmetricDifference
Set.prototype.isSubsetOf
Set.prototype.isSupersetOf
Set.prototype.isDisjointFrom
es.
namespace modules,/es/
and/stable/
namespaces entriesMath.sumPrecise
stage 2.7 proposal:Math.sumPrecise
Promise.try
proposal:Promise.try
RegExp.escape
stage 2 proposal:Symbol.customMatcher
Symbol.customMatcher
Symbol.customMatcher
well-known symbol from the pattern matching proposal is also used in the exactors proposal, added an entry also for this proposalURL.parse
, url/825{ Object, Map }.groupBy
bug that does not support iterable primitivesArray.fromAsync
URL.parse
added and marked as supported from FF 126URL.parse
added and marked as supported from Bun 1.1.4URL.canParse
fixed and marked as supported from Bun 1.1.0Set
methods fixed in JavaScriptCore and marked as supported from Bun 1.1.1Object.setPrototypeOf
, #1329, thanks @ minseok-choeArray.from
, #1331, thanks @ minseok-choequeueMicrotask
arityURL.canParse
aritySuppressedError
extra arguments support and arityvalue
argument ofURLSearchParams.prototype.{ has, delete }
marked as supported from Bun 1.0.31Array.prototype.{ toSpliced, toReversed, with }
andatob
marked as supportedArrayBuffer.prototype.transfer
and friends proposal:ArrayBuffer.prototype.detached
ArrayBuffer.prototype.transfer
ArrayBuffer.prototype.transferToFixedLength
es.
namespace modules,/es/
and/stable/
namespaces entriesUint8Array
to / from base64 and hex proposal:Uint8Array.fromBase64
Uint8Array.fromHex
Uint8Array.prototype.toBase64
Uint8Array.prototype.toHex
/actual/
namespace entriesPromise.try
proposal has been resurrected and moved to stage 2, Febrary 2024 TC39 meetingcore-js/stage/2.7
- still emptySet.prototype.intersection
feature detectionArray.prototype.{ indexOf, lastIndexOf, includes }
, #1325, thanks @ minseok-choeArray.prototype.{ reduce, reduceRight }
, #1327, thanks @ minseok-choeArray.from
and some other methods with proxy targets, #1322, thanks @ minseok-choeArrayBuffer.prototype.transfer
and friends proposal in some specific cases in IE10-Date.prototype.toJSON
toJSON.stringify
entries dependencies{ Map, Object }.groupBy
,Promise.withResolvers
,ArrayBuffer.prototype.transfer
and friends marked as supported from Safari 17.4Set
methods fixed and marked as supported from V8 ~ Chrome 123Symbol.metadata
marked as supported from Deno 1.40.4ToLength
operation with bigints, #1318String#split
polyfillIterator
helpers proposal methods marked as supported from V8 ~ Chrome 122Set
methods, but they have a bug similar to Safariself
marked as fixed from Bun 1.0.22SuppressedError
andSymbol.{ dispose, asyncDispose }
marked as supported from Bun 1.0.23{ Map, Set, WeakMap, WeakSet }.{ from, of }
became non-generic, following this and some other notes. Now they can be invoked withoutthis
, but no longer return subclass instancesSymbol
polyfillqueueMicrotask
polyfillArrayBuffer
Array.fromAsync
marked as supported from V8 ~ Chrome 121Array.prototype.push
bug is fixed in V8 ~ Chrome 122 (Hallelujah!)ArrayBuffer.prototype.transfer
and friends proposal features marked as supported from FF 122 and Bun 1.0.19Object.groupBy
andMap.groupBy
marked as supported from Bun 1.0.19Iterator
helpers proposal methods are still not disabled in Deno, the web compatibility issue why it was disabled in Chromium makes no sense for Deno and fixed in the spec, they marked as supported from Deno 1.37Array
grouping proposal:Object.groupBy
Map.groupBy
es.
namespace modules,/es/
and/stable/
namespaces entriesPromise.withResolvers
proposal:Promise.withResolvers
es.
namespace module,/es/
and/stable/
namespaces entriesIterator
helpers proposal, proposal-iterator-helpers/287 and some following changes, November 2023 TC39 meetingUint8Array
to / from base64 and hex stage 2 proposal:Uint8Array.fromBase64
Uint8Array.fromHex
Uint8Array.prototype.toBase64
Uint8Array.prototype.toHex
Number.fromString
validation before clarification of proposal-number-fromstring/24@@ toStringTag
property descriptors on DOM collections, #1312Array
iteration methods, #1313atob
/btoa
improvementsPromise.withResolvers
marked as shipped from FF121[[DedentMap]]
fromString.dedent
proposal betweencore-js
instances before stabilization of the proposalArray.fromAsync
marked as supported from Deno 1.38Symbol.{ dispose, asyncDispose }
marked as supported from Deno 1.38structuredClone
polyfill, avoided second tree pass in cases of transferringSuppressedError
tostructuredClone
polyfillArrayBuffer
andDataView
dependencies ofstructuredClone
lack of which could cause errors in some entries in IE10-Number.fromString
URL.canParse
marked as supported from Chromium 120Symbol
polyfill on global object, #1289type: commonjs
inpackage.json
of all packages to avoid potential breakage in future Node versions, see this issueString.prototype.{ isWellFormed, toWellFormed }
marked as supported from FF119Commit messages
Package name: core-js
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs