[Snyk] Upgrade core-js from 3.22.8 to 3.36.0 #4
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade core-js from 3.22.8 to 3.36.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-SOCKETIOPARSER-3091012
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00261, Social Trends: No, Days since published: 523, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.9, Score Version: V5
SNYK-JS-BABELTRAVERSE-5962462
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00261, Social Trends: No, Days since published: 523, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.9, Score Version: V5
SNYK-JS-BROWSERIFYSIGN-6037026
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00261, Social Trends: No, Days since published: 523, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.9, Score Version: V5
SNYK-JS-DECODEURICOMPONENT-3149970
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00261, Social Trends: No, Days since published: 523, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.9, Score Version: V5
SNYK-JS-ES5EXT-6095076
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00261, Social Trends: No, Days since published: 523, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.9, Score Version: V5
SNYK-JS-FOLLOWREDIRECTS-6141137
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00261, Social Trends: No, Days since published: 523, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.9, Score Version: V5
SNYK-JS-EXPRESS-6474509
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00261, Social Trends: No, Days since published: 523, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.9, Score Version: V5
SNYK-JS-FOLLOWREDIRECTS-6444610
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00261, Social Trends: No, Days since published: 523, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.9, Score Version: V5
SNYK-JS-JSON5-3182856
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00261, Social Trends: No, Days since published: 523, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.9, Score Version: V5
SNYK-JS-JSON5-3182856
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00261, Social Trends: No, Days since published: 523, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.9, Score Version: V5
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: core-js
ArrayBuffer.prototype.transfer
and friends proposal:ArrayBuffer.prototype.detached
ArrayBuffer.prototype.transfer
ArrayBuffer.prototype.transferToFixedLength
es.
namespace modules,/es/
and/stable/
namespaces entriesUint8Array
to / from base64 and hex proposal:Uint8Array.fromBase64
Uint8Array.fromHex
Uint8Array.prototype.toBase64
Uint8Array.prototype.toHex
/actual/
namespace entriesPromise.try
proposal has been resurrected and moved to stage 2, Febrary 2024 TC39 meetingcore-js/stage/2.7
- still emptySet.prototype.intersection
feature detectionArray.prototype.{ indexOf, lastIndexOf, includes }
, #1325, thanks @ minseok-choeArray.prototype.{ reduce, reduceRight }
, #1327, thanks @ minseok-choeArray.from
and some other methods with proxy targets, #1322, thanks @ minseok-choeArrayBuffer.prototype.transfer
and friends proposal in some specific cases in IE10-Date.prototype.toJSON
toJSON.stringify
entries dependencies{ Map, Object }.groupBy
,Promise.withResolvers
,ArrayBuffer.prototype.transfer
and friends marked as supported from Safari 17.4Set
methods fixed and marked as supported from V8 ~ Chrome 123Symbol.metadata
marked as supported from Deno 1.40.4ToLength
operation with bigints, #1318String#split
polyfillIterator
helpers proposal methods marked as supported from V8 ~ Chrome 122Set
methods, but they have a bug similar to Safariself
marked as fixed from Bun 1.0.22SuppressedError
andSymbol.{ dispose, asyncDispose }
marked as supported from Bun 1.0.23{ Map, Set, WeakMap, WeakSet }.{ from, of }
became non-generic, following this and some other notes. Now they can be invoked withoutthis
, but no longer return subclass instancesSymbol
polyfillqueueMicrotask
polyfillArrayBuffer
Array.fromAsync
marked as supported from V8 ~ Chrome 121Array.prototype.push
bug is fixed in V8 ~ Chrome 122 (Hallelujah!)ArrayBuffer.prototype.transfer
and friends proposal features marked as supported from FF 122 and Bun 1.0.19Object.groupBy
andMap.groupBy
marked as supported from Bun 1.0.19Iterator
helpers proposal methods are still not disabled in Deno, the web compatibility issue why it was disabled in Chromium makes no sense for Deno and fixed in the spec, they marked as supported from Deno 1.37Array
grouping proposal:Object.groupBy
Map.groupBy
es.
namespace modules,/es/
and/stable/
namespaces entriesPromise.withResolvers
proposal:Promise.withResolvers
es.
namespace module,/es/
and/stable/
namespaces entriesIterator
helpers proposal, proposal-iterator-helpers/287 and some following changes, November 2023 TC39 meetingUint8Array
to / from base64 and hex stage 2 proposal:Uint8Array.fromBase64
Uint8Array.fromHex
Uint8Array.prototype.toBase64
Uint8Array.prototype.toHex
Number.fromString
validation before clarification of proposal-number-fromstring/24@@ toStringTag
property descriptors on DOM collections, #1312Array
iteration methods, #1313atob
/btoa
improvementsPromise.withResolvers
marked as shipped from FF121[[DedentMap]]
fromString.dedent
proposal betweencore-js
instances before stabilization of the proposalArray.fromAsync
marked as supported from Deno 1.38Symbol.{ dispose, asyncDispose }
marked as supported from Deno 1.38structuredClone
polyfill, avoided second tree pass in cases of transferringSuppressedError
tostructuredClone
polyfillArrayBuffer
andDataView
dependencies ofstructuredClone
lack of which could cause errors in some entries in IE10-Number.fromString
URL.canParse
marked as supported from Chromium 120Symbol
polyfill on global object, #1289type: commonjs
inpackage.json
of all packages to avoid potential breakage in future Node versions, see this issueString.prototype.{ isWellFormed, toWellFormed }
marked as supported from FF119RegExp
escaping stage 2 proposal, September 2023 TC39 meeting:RegExp.escape
method with the new set of symbols for escapingcore-js
, but it was removed after rejecting the old version of this proposalArrayBuffer.prototype.{ transfer, transferToFixedLength }
and support transferring ofArrayBuffer
s viastructuredClone
to engines withMessageChannel
Math.f16round
polyfillMath.f16round
andDataView.prototype.{ getFloat16, setFloat16 }
Observable
proposal because of incompatibility with the new WHATWGObservable
proposalSymbol
polyfill, #1289Iterator
helpers because of some Web compatibility issuesPromise.withResolvers
marked as supported from V8 ~ Chrome 119Array
grouping proposal features marked as supported from FF119value
argument ofURLSearchParams.prototype.{ has, delete }
marked as properly supported from V8 ~ Chrome 118URL.canParse
andURLSearchParams.prototype.size
marked as supported from Bun 1.0.2structuredClone
feature detection[email protected]
bug, #1288eval
bug, #1287Commit messages
Package name: core-js
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs