-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk] Upgrade core-js from 3.9.0 to 3.37.0 #5
base: master
Are you sure you want to change the base?
Conversation
Snyk has created this PR to upgrade core-js from 3.9.0 to 3.37.0. See this package in npm: core-js See this project in Snyk: https://app.snyk.io/org/hawthorne001/project/23c8cc62-3539-4735-a796-98239d32a46b?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is an install script?Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts. Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade core-js from 3.9.0 to 3.37.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 88 versions ahead of your current version.
The recommended version was released a month ago, on 2024-04-16.
Release notes
Package name: core-js
Set
methods proposal:Set.prototype.intersection
Set.prototype.union
Set.prototype.difference
Set.prototype.symmetricDifference
Set.prototype.isSubsetOf
Set.prototype.isSupersetOf
Set.prototype.isDisjointFrom
es.
namespace modules,/es/
and/stable/
namespaces entriesMath.sumPrecise
stage 2.7 proposal:Math.sumPrecise
Promise.try
proposal:Promise.try
RegExp.escape
stage 2 proposal:Symbol.customMatcher
Symbol.customMatcher
Symbol.customMatcher
well-known symbol from the pattern matching proposal is also used in the exactors proposal, added an entry also for this proposalURL.parse
, url/825{ Object, Map }.groupBy
bug that does not support iterable primitivesArray.fromAsync
URL.parse
added and marked as supported from FF 126URL.parse
added and marked as supported from Bun 1.1.4URL.canParse
fixed and marked as supported from Bun 1.1.0Set
methods fixed in JavaScriptCore and marked as supported from Bun 1.1.1Object.setPrototypeOf
, #1329, thanks @ minseok-choeArray.from
, #1331, thanks @ minseok-choequeueMicrotask
arityURL.canParse
aritySuppressedError
extra arguments support and arityvalue
argument ofURLSearchParams.prototype.{ has, delete }
marked as supported from Bun 1.0.31Array.prototype.{ toSpliced, toReversed, with }
andatob
marked as supportedArrayBuffer.prototype.transfer
and friends proposal:ArrayBuffer.prototype.detached
ArrayBuffer.prototype.transfer
ArrayBuffer.prototype.transferToFixedLength
es.
namespace modules,/es/
and/stable/
namespaces entriesUint8Array
to / from base64 and hex proposal:Uint8Array.fromBase64
Uint8Array.fromHex
Uint8Array.prototype.toBase64
Uint8Array.prototype.toHex
/actual/
namespace entriesPromise.try
proposal has been resurrected and moved to stage 2, Febrary 2024 TC39 meetingcore-js/stage/2.7
- still emptySet.prototype.intersection
feature detectionArray.prototype.{ indexOf, lastIndexOf, includes }
, #1325, thanks @ minseok-choeArray.prototype.{ reduce, reduceRight }
, #1327, thanks @ minseok-choeArray.from
and some other methods with proxy targets, #1322, thanks @ minseok-choeArrayBuffer.prototype.transfer
and friends proposal in some specific cases in IE10-Date.prototype.toJSON
toJSON.stringify
entries dependencies{ Map, Object }.groupBy
,Promise.withResolvers
,ArrayBuffer.prototype.transfer
and friends marked as supported from Safari 17.4Set
methods fixed and marked as supported from V8 ~ Chrome 123Symbol.metadata
marked as supported from Deno 1.40.4ToLength
operation with bigints, #1318String#split
polyfillIterator
helpers proposal methods marked as supported from V8 ~ Chrome 122Set
methods, but they have a bug similar to Safariself
marked as fixed from Bun 1.0.22SuppressedError
andSymbol.{ dispose, asyncDispose }
marked as supported from Bun 1.0.23{ Map, Set, WeakMap, WeakSet }.{ from, of }
became non-generic, following this and some other notes. Now they can be invoked withoutthis
, but no longer return subclass instancesSymbol
polyfillqueueMicrotask
polyfillArrayBuffer
Array.fromAsync
marked as supported from V8 ~ Chrome 121Array.prototype.push
bug is fixed in V8 ~ Chrome 122 (Hallelujah!)ArrayBuffer.prototype.transfer
and friends proposal features marked as supported from FF 122 and Bun 1.0.19Object.groupBy
andMap.groupBy
marked as supported from Bun 1.0.19Iterator
helpers proposal methods are still not disabled in Deno, the web compatibility issue why it was disabled in Chromium makes no sense for Deno and fixed in the spec, they marked as supported from Deno 1.37Array
grouping proposal:Object.groupBy
Map.groupBy
es.
namespace modules,/es/
and/stable/
namespaces entriesPromise.withResolvers
proposal:Promise.withResolvers
es.
namespace module,/es/
and/stable/
namespaces entriesIterator
helpers proposal, proposal-iterator-helpers/287 and some following changes, November 2023 TC39 meetingUint8Array
to / from base64 and hex stage 2 proposal:Uint8Array.fromBase64
Uint8Array.fromHex
Uint8Array.prototype.toBase64
Uint8Array.prototype.toHex
Number.fromString
validation before clarification of proposal-number-fromstring/24@@ toStringTag
property descriptors on DOM collections, #1312Array
iteration methods, #1313atob
/btoa
improvementsPromise.withResolvers
marked as shipped from FF121[[DedentMap]]
fromString.dedent
proposal betweencore-js
instances before stabilization of the proposalArray.fromAsync
marked as supported from Deno 1.38Symbol.{ dispose, asyncDispose }
marked as supported from Deno 1.38structuredClone
polyfill, avoided second tree pass in cases of transferringSuppressedError
tostructuredClone
polyfillArrayBuffer
andDataView
dependencies ofstructuredClone
lack of which could cause errors in some entries in IE10-Number.fromString
URL.canParse
marked as supported from Chromium 120Symbol
polyfill on global object, #1289type: commonjs
inpackage.json
of all packages to avoid potential breakage in future Node versions, see this issueString.prototype.{ isWellFormed, toWellFormed }
marked as supported from FF119Commit messages
Package name: core-js
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs
Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.