[Snyk] Upgrade core-js from 3.8.3 to 3.15.1

[snyk-bot]

Snyk has created this PR to upgrade core-js from 3.8.3 to 3.15.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 16 versions ahead of your current version.
• The recommended version was released 23 days ago, on 2021-06-22.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-1089716	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Prototype Pollution SNYK-JS-GETOBJECT-1054932	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	No Known Exploit
	Remote Memory Exposure SNYK-JS-DNSPACKET-1293563	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	No Known Exploit
	Improper Input Validation SNYK-JS-URLPARSE-1078283	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	No Known Exploit
	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Cryptographic Weakness SNYK-JS-JSRSASIGN-1244072	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	No Known Exploit
	Arbitrary Code Injection SNYK-JS-EJS-1049328	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-1298035	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: core-js

• 3.15.1 - 2021-06-22
  
  • Fixed cloning of regex through RegExp constructor, #948
• 3.15.0 - 2021-06-20
  
  • Added RegExp named capture groups polyfill, #521, #944
  • Added RegExp dotAll flag polyfill, #792, #944
  • Added missed polyfills of Annex B features (required mainly for some non-browser engines), #336, #945:
    • escape
    • unescape
    • String.prototype.substr
    • Date.prototype.getYear
    • Date.prototype.setYear
    • Date.prototype.toGMTString
  • Fixed detection of forbidden host code points in URL polyfill
  • Allowed rhino target in core-js-compat / core-js-builder, added compat data for rhino 1.7.13, #942, thanks @ gausie
  • .at marked as supported from FF90
• 3.14.0 - 2021-06-05
  
  • Added polyfill of stable sort in { Array, %TypedArray% }.prototype.sort, #769
  • Fixed Safari 14.0- %TypedArray%.prototype.sort validation of arguments bug
  • .at marked as supported from V8 9.2
• 3.13.1 - 2021-05-29
  
  • Overwrites get-own-property-symbols third-party Symbol polyfill if it's used since it causes a stack overflow, #774
  • Added a workaround of possible browser crash on Object.prototype accessors methods in WebKit ~ Android 4.0, #232
• 3.13.0 - 2021-05-25
  
  • Accessible Object#hasOwnProperty (Object.hasOwn) proposal moved to the stage 3, May 2021 TC39 meeting
• 3.12.1 - 2021-05-08
  
  • Fixed some cases of Function#toString with multiple core-js instances
  • Fixed some possible String#split polyfill problems in V8 5.1
• 3.12.0 - 2021-05-06
  
  • Added well-known symbol Symbol.metadata for decorators stage 2 proposal
  • Added well-known symbol Symbol.matcher for pattern matching stage 1 proposal
  • Fixed regression of V8 ~ Node 0.12 String(Symbol()) bug, #933
• 3.11.3 - 2021-05-05
  
  • Native promise-based APIs Promise#{ catch, finally } returns polyfilled Promise instances when it's required
• 3.11.2 - 2021-05-03
  
  • Added a workaround of WebKit ~ iOS 10.3 Safari Promise bug, #932
  • Promise#then of incorrect native Promise implementations with correct subclassing no longer wrapped
  • Changed the order of Promise feature detection, removed unhandled rejection tracking check in non-browser non-node platforms
• 3.11.1 - 2021-04-28
  
  • Made instanceof Promise and .constructor === Promise work with polyfilled Promise for all native promise-based APIs
  • Added a workaround for some buggy V8 versions ~4.5 related to fixing of %TypedArray% static methods, #564
• 3.11.0 - 2021-04-22
• 3.10.2 - 2021-04-19
• 3.10.1 - 2021-04-07
• 3.10.0 - 2021-03-31
• 3.9.1 - 2021-02-28
• 3.9.0 - 2021-02-18
• 3.8.3 - 2021-01-19

from core-js GitHub release notes

Commit messages

Package name: core-js

• d7409d1 3.15.1
• aa66fb2 fix cloning of regex through `RegExp` constructor, close Rail Fence Cipher with both encoding and decoding gchq/CyberChef#948
• e8d9527 update dependencies
• 4f7f304 3.15.0
• 1449fe6 fix a typo
• 219b688 fix dotAll entry
• 8d931af add links to PRs
• 913625f Merge pull request Feature request: convert an SQL table to CVS gchq/CyberChef#944 from zloirock/re
• 12e0678 disable `.groups` prototype check because of a bug in Safari implementation
• bae33e0 revert test of delegation to `.exec().groups` in `.replace`
• 70842e9 add some tests
• 9a91e18 some stylistic changes
• dded201 some more tests
• bccff54 some protections
• 3b9c785 update compat data
• e485690 some improvements
• f7b619d simplify `fix-regexp-well-known-symbol-logic`
• 3646a74 some improvements
• 3f5640c untangle `fix-regexp-well-known-symbol-logic` by moving feature detection to related modules
• 1a510ac add basic NCG support
• 0efc25a add `.dotAll` support
• fad1d44 Merge pull request Allow custom ports for Grunt dev task gchq/CyberChef#945 from zloirock/annex-b
• 5c63b94 update the readme
• 94d5432 update the readme

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[pull-request-quantifier-deprecated]

This PR has 2 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

---

Quantification details

Label      : Extra Small
Size       : +1 -1
Percentile : 0.8%

Total files changed: 1

Change summary by file extension:
.json : +1 -1

Change counts above are quantified counts, based on the PullRequestQuantifier customizations.

Why proper sizing of changes matters

Optimal pull request sizes drive a better predictable PR flow as they strike a
balance between between PR complexity and PR review overhead. PRs within the
optimal size (typical small, or medium sized PRs) mean:

• Fast and predictable releases to production:
  • Optimal size changes are more likely to be reviewed faster with fewer
    iterations.
  • Similarity in low PR complexity drives similar review times.
• Review quality is likely higher as complexity is lower:
  • Bugs are more likely to be detected.
  • Code inconsistencies are more likely to be detetcted.
• Knowledge sharing is improved within the participants:
  • Small portions can be assimilated better.
• Better engineering practices are exercised:
  • Solving big problems by dividing them in well contained, smaller problems.
  • Exercising separation of concerns within the code changes.

What can I do to optimize my changes

• Use the PullRequestQuantifier to quantify your PR accurately
  • Create a context profile for your repo using the context generator
  • Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the Excluded section from your prquantifier.yaml context profile.
  • Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your prquantifier.yaml context profile.
  • Only use the labels that matter to you, see context specification to customize your prquantifier.yaml context profile.
• Change your engineering behaviors
  • For PRs that fall outside of the desired spectrum, review the details and check if:
    • Your PR could be split in smaller, self-contained PRs instead
    • Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR).

How to interpret the change counts in git diff output

• One line was added: +1 -0
• One line was deleted: +0 -1
• One line was modified: +1 -1 (git diff doesn't know about modified, it will
  interpret that line like one addition plus one deletion)
• Change percentiles: Change characteristics (addition, deletion, modification)
  of this PR in relation to all other PRs within the repository.

---

Was this comment helpful? 👍  :ok_hand:  :thumbsdown: (Email)
Customize PullRequestQuantifier for this repository.