[Snyk] Upgrade core-js from 3.16.0 to 3.24.1

[MarcelRaschke]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade core-js from 3.16.0 to 3.24.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 39 versions ahead of your current version.
• The recommended version was released 21 days ago, on 2022-07-29.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-XSS-1584355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Improper Input Validation SNYK-JS-URLPARSE-2407770	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-2407770	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Information Exposure SNYK-JS-SIMPLEGET-2361683	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Improper Privilege Management SNYK-JS-SHELLJS-2332187	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-450213	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-1540541	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-450213	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-1540541	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1585202	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1585202	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1314893	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1076581	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Authorization Bypass SNYK-JS-URLPARSE-2407759	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Authorization Bypass SNYK-JS-URLPARSE-2407759	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Open Redirect SNYK-JS-URLPARSE-1533425	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-RAMDA-1582370	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-PRISMJS-2404333	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-PRISMJS-2404333	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2942134	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-2936249	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-OBJECTPATH-1585658	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NORMALIZEURL-1296539	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Directory Traversal SNYK-JS-MOMENT-2440688	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Denial of Service (DoS) SNYK-JS-JPEGJS-2859218	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Information Exposure SNYK-JS-PARSEURL-2935947	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2935944	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Information Exposure SNYK-JS-NODEFETCH-2342118	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Information Exposure SNYK-JS-NANOID-2332193	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-JPEGJS-570039	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Information Exposure SNYK-JS-EVENTSOURCE-2823375	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Validation Bypass SNYK-JS-KINDOF-537849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: core-js

• 3.24.1 - 2022-07-29
  
  • NodeJS is ignored in IS_BROWSER detection to avoid a false positive with jsdom, #1110
  • Fixed detection of @@ species support in Promise in some old engines
  • { Array, %TypedArray% }.prototype.{ findLast, findLastIndex } marked as shipped in FF104
  • Added iOS Safari 15.6 compat data mapping
  • Fixed Opera 15 compat data mapping
• 3.24.0 - 2022-07-25
  
  • Recent updates of the iterator helpers proposal, #1101:
    • .asIndexedPairs renamed to .indexed, proposal-iterator-helpers/183:
      • Iterator.prototype.asIndexedPairs -> Iterator.prototype.indexed
      • AsyncIterator.prototype.asIndexedPairs -> AsyncIterator.prototype.indexed
    • Avoid exposing spec fiction %AsyncFromSyncIteratorPrototype% in AsyncIterator.from and Iterator.prototype.toAsync, proposal-iterator-helpers/182, proposal-iterator-helpers/202
    • Avoid unnecessary promise creation in %WrapForValidAsyncIteratorPrototype%.next, proposal-iterator-helpers/197
    • Do not validate value in %WrapForValid(Async)IteratorPrototype%.next, proposal-iterator-helpers/197 and proposal-iterator-helpers/205
    • Do not forward the parameter of .next / .return to an underlying iterator by the extended iterator protocol, a part of proposal-iterator-helpers/194
    • .throw methods removed from all wrappers / helpers prototypes, a part of proposal-iterator-helpers/194
    • Close inner iterators of { Iterator, AsyncIterator }.prototype.flatMap proxy iterators on .return, proposal-iterator-helpers/195
    • Throw RangeError on NaN in { Iterator, AsyncIterator }.prototype.{ drop, take }, proposal-iterator-helpers/181
    • Many other updates and fixes of this proposal
  • %TypedArray%.prototype.toSpliced method removed from the change array by copy proposal and marked as obsolete in core-js, proposal-change-array-by-copy/88
  • Polyfill Promise with unhandledrejection event support (browser style) in Deno < 1.24
  • Available new targets in core-js-compat / core-js-builder and added compat data for them:
    • Bun (bun), compat data for 0.1.1-0.1.5, #1103
    • Hermes (hermes), compat data for 0.1-0.11, #1099
    • Oculus Browser (oculus), compat data mapping for 3.0-22.0, #1098
  • Added Samsung Internet 18.0 compat data mapping
• 3.23.5 - 2022-07-17
  
  • Fixed a typo in the structuredClone feature detection, #1106
  • Added Opera Android 70 compat data mapping
• 3.23.4 - 2022-07-09
  
  • Added a workaround of the Bun ~ 0.1.1 bug that define some globals with incorrect property descriptors and that causes a crash of core-js
  • Added a fix of the FF103+ structuredClone bugs (1774866 (fixed in FF104) and 1777321 (still not fixed)) that now can clone errors, but .stack of the clone is an empty string
  • Fixed { Map, WeakMap }.prototype.emplace logic, #1102
  • Fixed order of errors throwing on iterator helpers
• 3.23.3 - 2022-06-25
  
  • Changed the order of operations in %TypedArray%.prototype.toSpliced following proposal-change-array-by-copy/89
  • Fixed regression of some IE8- issues
• 3.23.2 - 2022-06-20
  
  • Avoided creation of extra properties for the handling of %TypedArray% constructors in new methods, #1092 (comment)
  • Added Deno 1.23 compat data mapping
• 3.23.1 - 2022-06-14
  
  • Fixed possible error on multiple core-js copies, #1091
  • Added v flag to RegExp.prototype.flags implementation in case if current V8 bugs will not be fixed before this flag implementation
• 3.23.0 - 2022-06-13
  
  • Array find from last moved to the stable ES, according to June 2022 TC39 meeting:
    • Array.prototype.findLast
    • Array.prototype.findLastIndex
    • %TypedArray%.prototype.findLast
    • %TypedArray%.prototype.findLastIndex
  • Methods from the Array grouping proposal renamed, according to June 2022 TC39 meeting:
    • Array.prototype.groupBy -> Array.prototype.group
    • Array.prototype.groupByToMap -> Array.prototype.groupToMap
  • Changed the order of operations in %TypedArray%.prototype.with following proposal-change-array-by-copy/86, according to June 2022 TC39 meeting
  • Decorator Metadata proposal extracted from Decorators proposal as a separate stage 2 proposal, according to March 2022 TC39 meeting, Symbol.metadataKey replaces Symbol.metadata
  • Added Array.prototype.push polyfill with some fixes for modern engines
  • Added Array.prototype.unshift polyfill with some fixes for modern engines
  • Fixed a bug in the order of getting flags in RegExp.prototype.flags in the actual version of V8
  • Fixed property descriptors of some Math and Number constants
  • Added a workaround of V8 ArrayBufferDetaching protector cell invalidation and performance degradation on structuredClone feature detection, one more case of #679
  • Added detection of NodeJS bug in structuredClone that can not clone DOMException (just in case for future versions that will fix other issues)
  • Compat data:
    • Added NodeJS 18.3 compat data mapping
    • Added and fixed Deno 1.22 and 1.21 compat data mapping
    • Added Opera Android 69 compat data mapping
    • Updated Electron 20.0 compat data mapping
• 3.22.8 - 2022-06-01
  
  • Fixed possible multiple call of ToBigInt / ToNumber conversion of the argument passed to %TypedArray%.prototype.fill in V8 ~ Chrome < 59, Safari < 14.1, FF < 55, Edge <=18
  • Fixed some cases of DeletePropertyOrThrow in IE9-
  • Fixed the kind of error (TypeError instead of Error) on incorrect exec result in RegExp.prototype.test polyfill
  • Fixed dependencies of { actual, full, features }/typed-array/at entries
  • Added Electron 20.0 compat data mapping
  • Added iOS Safari 15.5 compat data mapping
  • Refactoring
• 3.22.7 - 2022-05-24
  
  • Added a workaround for V8 ~ Chrome 53 bug with non-writable prototype of some methods, #1083
• 3.22.6 - 2022-05-22
• 3.22.5 - 2022-05-10
• 3.22.4 - 2022-05-02
• 3.22.3 - 2022-04-28
• 3.22.2 - 2022-04-21
• 3.22.1 - 2022-04-19
• 3.22.0 - 2022-04-15
• 3.21.1 - 2022-02-16
• 3.21.0 - 2022-02-01
• 3.20.3 - 2022-01-15
• 3.20.2 - 2022-01-01
• 3.20.1 - 2021-12-23
• 3.20.0 - 2021-12-15
• 3.19.3 - 2021-12-06
• 3.19.2 - 2021-11-29
• 3.19.1 - 2021-11-02
• 3.19.0 - 2021-10-25
• 3.18.3 - 2021-10-12
• 3.18.2 - 2021-10-05
• 3.18.1 - 2021-09-26
• 3.18.0 - 2021-09-19
• 3.17.3 - 2021-09-09
• 3.17.2 - 2021-09-02
• 3.17.1 - 2021-09-01
• 3.17.0 - 2021-09-01
• 3.16.4 - 2021-08-29
• 3.16.3 - 2021-08-24
• 3.16.2 - 2021-08-17
• 3.16.1 - 2021-08-08
• 3.16.0 - 2021-07-30

from core-js GitHub release notes

Commit messages

Package name: core-js

• e4b27bd 3.24.1
• dc43aac little relax `IS_BROWSER` detection
• 602e567 fix Opera 15 compat data mapping
• a52a60a ignore NodeJS in `IS_BROWSER` detection to avoid a false positive with `jsdom`, On books page, for borrowed book, show time remaining on loan internetarchive/openlibrary#1110
• 43a054a update dependencies
• 619c9a5 update dependencies
• d96cf26 mark `{ Array, %TypedArray% }.prototype.{ findLast, findLastIndex }` as shipped in FF104
• 85b8998 add iOS Safari 15.6 compat data mapping
• ae23b5a fix detection of `@@ species` support in `Promise` in some old engines
• cc756d0 3.24.0
• 234121f add Samsung Internet 18.0 compat data mapping
• 6b4055c update compat table screenshots
• c8ae80f update the changelog
• 485d383 remove `%TypedArray%.prototype.toSpliced` method from the change array by copy proposal and mark as obsolete in `core-js`
• c2620d2 Merge pull request Stylelint: Add "length-zero-no-unit" and fix offenders. internetarchive/openlibrary#1101 from zloirock/iterator-helpers
• 5a2d421 improve a changelog note
• ae6018e simplify
• 4d107e1 fix promise chain
• 3b1f77f rework async generators core
• 5b51af9 avoid an extra promise
• c9ee9fb avoid extra tick in `%AsyncIteratorHelper%`
• f03ec27 mark async generators-wrappers as done on error in `.next`
• a4d11b2 mark generators-wrappers as done on error in `.next`
• 59682b9 do not validate value in `%WrapForValidIteratorPrototype%.next`

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs