auth0.js icon indicating copy to clipboard operation
auth0.js copied to clipboard
verified publisher icon auth0

fix: replace deprecated @babel/polyfill with modern core-js approach

Open harekrishnarai opened this issue 6 months ago • 0 comments

Here's the filled PR template:

Changes

Please describe both what is changing and why this is important. Include:

  • Dependencies removed: @babel/[email protected] (deprecated package)
  • Dependencies added: core-js@^3.23.3 and regenerator-runtime@^0.13.4 as dev dependencies
  • Code changed: Updated redirect_authorize.test.js to replace require('@babel/polyfill') with modern ES6 imports: import 'core-js/stable' and import 'regenerator-runtime/runtime'
  • Security fix: Eliminates vulnerable [email protected] dependency that was flagged in SEC-2155
  • Performance improvement: Avoids potential 100x slowdown associated with deprecated core-js versions
  • Maintenance: Follows official Babel migration path from deprecated @babel/polyfill to modern core-js approach
  • No breaking changes: Maintains identical polyfill functionality while using secure, maintained dependencies

References

Please include relevant links supporting this change such as a:

  • Support ticket: SEC-2155 - Deprecated core-js vulnerability report
  • Babel migration guide: https://babeljs.io/docs/en/babel-polyfill (official deprecation notice)
  • Core-js documentation: https://github.com/zloirock/core-js/blob/master/docs/2019-03-19-core-js-3-babel-and-a-look-into-the-future.md

Testing

Please describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.

  • All existing unit tests continue to pass (645 tests passing)
  • Integration tests execute successfully with new polyfill imports
  • Build process completes without errors (npm run build)
  • Dependency tree verified to contain only secure core-js version (npm ls core-js shows [email protected])
  • No new functionality added, only security/maintenance update - existing test coverage remains comprehensive
image
  • [ ] This change adds unit test coverage
  • [x] This change adds integration test coverage

Checklist

harekrishnarai avatar Jun 20 '25 13:06 harekrishnarai