[Snyk] Upgrade core-js from 3.16.0 to 3.24.1 #8
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade core-js from 3.16.0 to 3.24.1.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-Y18N-1021887
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-XSS-1584355
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-URLPARSE-2407770
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-URLPARSE-2407770
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-TMPL-1583443
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-SSRI-1246392
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-SIMPLEGET-2361683
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-SHELLJS-2332187
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-SETVALUE-450213
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-SETVALUE-1540541
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-SETVALUE-450213
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-SETVALUE-1540541
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-PRISMJS-1585202
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-PRISMJS-1585202
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-PRISMJS-1314893
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-PRISMJS-1076581
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-URLPARSE-2412697
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-URLPARSE-2407759
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-URLPARSE-2401205
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-URLPARSE-2412697
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-URLPARSE-2407759
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-URLPARSE-2401205
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-URLPARSE-1533425
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-TERSER-2806366
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-TERSER-2806366
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-RAMDA-1582370
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-PRISMJS-2404333
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-PRISMJS-2404333
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-POSTCSS-1255640
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-POSTCSS-1090595
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-POSTCSS-1255640
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-POSTCSS-1090595
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-POSTCSS-1255640
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-POSTCSS-1090595
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-PARSEURL-2942134
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-PARSEURL-2936249
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-OBJECTPATH-1585658
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-NORMALIZEURL-1296539
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-MOMENT-2944238
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-MOMENT-2440688
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-JSONSCHEMA-1920922
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-JPEGJS-2859218
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-INI-1048974
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-AXIOS-1579269
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-ASYNC-2441827
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-ANSIHTML-1296849
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-AJV-584908
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-AJV-584908
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-AJV-584908
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-PARSEURL-2935947
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-PARSEURL-2935944
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-NWSAPI-2841516
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-NODEFETCH-2342118
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-NANOID-2332193
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-MINIMIST-559764
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-MINIMIST-559764
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-JPEGJS-570039
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-HOSTEDGITINFO-1088355
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-FOLLOWREDIRECTS-2332181
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-EVENTSOURCE-2823375
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-ELLIPTIC-1064899
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-MINIMIST-2429795
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-MINIMIST-2429795
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-MINIMIST-2429795
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-KINDOF-537849
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-FOLLOWREDIRECTS-2396346
Why? Proof of Concept exploit, CVSS 7.3
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: core-js
IS_BROWSER
detection to avoid a false positive withjsdom
, #1110@@ species
support inPromise
in some old engines{ Array, %TypedArray% }.prototype.{ findLast, findLastIndex }
marked as shipped in FF104.asIndexedPairs
renamed to.indexed
, proposal-iterator-helpers/183:Iterator.prototype.asIndexedPairs
->Iterator.prototype.indexed
AsyncIterator.prototype.asIndexedPairs
->AsyncIterator.prototype.indexed
%AsyncFromSyncIteratorPrototype%
inAsyncIterator.from
andIterator.prototype.toAsync
, proposal-iterator-helpers/182, proposal-iterator-helpers/202%WrapForValidAsyncIteratorPrototype%.next
, proposal-iterator-helpers/197%WrapForValid(Async)IteratorPrototype%.next
, proposal-iterator-helpers/197 and proposal-iterator-helpers/205.next
/.return
to an underlying iterator by the extended iterator protocol, a part of proposal-iterator-helpers/194.throw
methods removed from all wrappers / helpers prototypes, a part of proposal-iterator-helpers/194{ Iterator, AsyncIterator }.prototype.flatMap
proxy iterators on.return
, proposal-iterator-helpers/195RangeError
onNaN
in{ Iterator, AsyncIterator }.prototype.{ drop, take }
, proposal-iterator-helpers/181%TypedArray%.prototype.toSpliced
method removed from the change array by copy proposal and marked as obsolete incore-js
, proposal-change-array-by-copy/88Promise
withunhandledrejection
event support (browser style) in Deno < 1.24core-js-compat
/core-js-builder
and added compat data for them:bun
), compat data for 0.1.1-0.1.5, #1103hermes
), compat data for 0.1-0.11, #1099oculus
), compat data mapping for 3.0-22.0, #1098structuredClone
feature detection, #1106core-js
structuredClone
bugs (1774866 (fixed in FF104) and 1777321 (still not fixed)) that now can clone errors, but.stack
of the clone is an empty string{ Map, WeakMap }.prototype.emplace
logic, #1102%TypedArray%.prototype.toSpliced
following proposal-change-array-by-copy/89%TypedArray%
constructors in new methods, #1092 (comment)core-js
copies, #1091v
flag toRegExp.prototype.flags
implementation in case if current V8 bugs will not be fixed before this flag implementationArray
find from last moved to the stable ES, according to June 2022 TC39 meeting:Array.prototype.findLast
Array.prototype.findLastIndex
%TypedArray%.prototype.findLast
%TypedArray%.prototype.findLastIndex
Array
grouping proposal renamed, according to June 2022 TC39 meeting:Array.prototype.groupBy
->Array.prototype.group
Array.prototype.groupByToMap
->Array.prototype.groupToMap
%TypedArray%.prototype.with
following proposal-change-array-by-copy/86, according to June 2022 TC39 meetingSymbol.metadataKey
replacesSymbol.metadata
Array.prototype.push
polyfill with some fixes for modern enginesArray.prototype.unshift
polyfill with some fixes for modern enginesRegExp.prototype.flags
in the actual version of V8Math
andNumber
constantsArrayBufferDetaching
protector cell invalidation and performance degradation onstructuredClone
feature detection, one more case of #679structuredClone
that can not cloneDOMException
(just in case for future versions that will fix other issues)ToBigInt
/ToNumber
conversion of the argument passed to%TypedArray%.prototype.fill
in V8 ~ Chrome < 59, Safari < 14.1, FF < 55, Edge <=18DeletePropertyOrThrow
in IE9-TypeError
instead ofError
) on incorrectexec
result inRegExp.prototype.test
polyfill{ actual, full, features }/typed-array/at
entriesCommit messages
Package name: core-js
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs