openbudgetoakland
openbudgetoakland copied to clipboard
[Snyk] Upgrade core-js from 3.19.0 to 3.21.1
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade core-js from 3.19.0 to 3.21.1.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is 9 versions ahead of your current version.
- The recommended version was released 2 months ago, on 2022-02-16.
Release notes
Package name: core-js
- 3.21.1 - 2022-02-16
-
3.21.0 - 2022-02-01
- Added Base64 utility methods:
atob
btoa
- Added the proper validation of arguments to some methods from web standards
- Forced replacement of all features from early-stage proposals for avoiding possible web compatibility issues in the future
- Added Rhino 1.7.14 compat data
- Added Deno 1.19 compat data mapping
- Added Opera Android 66 and 67 compat data mapping
- Added iOS Safari 15.3 and 15.4 compat data mapping
- Added Base64 utility methods:
-
3.20.3 - 2022-01-15
- Detects and replaces broken third-party
Function#bind
polyfills, uses only nativeFunction#bind
in the internals structuredClone
should throw an error if no arguments passed- Changed the structure of notes in
__core-js_shared__
- Detects and replaces broken third-party
-
3.20.2 - 2022-01-01
- Added a fix of a V8 ~ Chrome 36-
Object.{ defineProperty, defineProperties }
bug, Babel issue - Added fixes of some different
%TypedArray%.prototype.set
bugs, affects modern engines (like Chrome < 95 or Safari < 14.1)
- Added a fix of a V8 ~ Chrome 36-
-
3.20.1 - 2021-12-23
- Fixed the order of calling reactions of already fulfilled / rejected promises in
Promise.prototype.then
, #1026 - Fixed possible memory leak in specific promise chains
- Fixed some missed dependencies of entries
- Added Deno 1.18 compat data mapping
- Fixed the order of calling reactions of already fulfilled / rejected promises in
-
3.20.0 - 2021-12-15
- Added
structuredClone
method from the HTML spec, see MDN- Includes all cases of cloning and transferring of required ECMAScript and platform types that can be polyfilled, for the details see the caveats
- Uses native structured cloning algorithm implementations where it's possible
- Includes the new semantic of errors cloning from
html/5749
- Added
DOMException
polyfill, the Web IDL spec, see MDN- Includes
DOMException
and its attributes polyfills with fixes of many different engines bugs - Includes
DOMException#stack
property polyfill in engines that should have it - Reuses native
DOMException
implementations where it's possible (for example, in old NodeJS where it's not exposed as global)
- Includes
- Added support of
cause
on all Error types - Added
Error.prototype.toString
method polyfill with fixes of many different bugs of JS engines - Added
Number.prototype.toExponential
method polyfill with fixes of many different bugs of JS engines Array
grouping proposal:- Moved to stage 3
- Added
Array.prototype.groupByToMap
method - Removed
@@ species
support
- Added change
Array
by copy stage 2 proposal:Array.prototype.toReversed
Array.prototype.toSorted
Array.prototype.toSpliced
Array.prototype.with
%TypedArray%.prototype.toReversed
%TypedArray%.prototype.toSorted
%TypedArray%.prototype.toSpliced
%TypedArray%.prototype.with
- Added
Iterator.prototype.toAsync
method from the iterator helpers stage 2 proposal Array.fromAsync
proposal moved to stage 2- Added
String.cooked
stage 1 proposal: - Added
Function.prototype.unThis
stage 0 proposal - Added
Function.{ isCallable, isConstructor }
stage 0 proposal:Function.isCallable
Function.isConstructor
- Added a workaround of most cases breakage modern
String#at
after loading obsoleteString#at
proposal module, #1019 - Fixed
Array.prototype.{ values, @@ iterator }.name
in V8 ~ Chrome 45- - Fixed validation of typed arrays in typed arrays iteration methods in V8 ~ Chrome 50-
- Extension of the API, #1012
- Added a new
core-js/actual/**
namespace - Added entry points for each finished post-ES6 proposal
- Added a new
- Added
-
3.19.3 - 2021-12-06
- Fixed internal slots check in methods of some built-in types, #1017
- Fixed
URLSearchParams
iterator.next
that should be enumerable by the spec - Refactored
Subscription
- Added NodeJS 17.2 compat data mapping
-
3.19.2 - 2021-11-29
- Added a workaround for a UC Browser specific version bug with unobservable
RegExp#sticky
flag, #1008, #1015 - Added handling of comments and specific spaces to
Function#name
polyfill, #1010, thanks @ ildar-shaimordanov - Prevented some theoretical cases of breaking / observing the internal state by patching
Array.prototype[@@ species]
- Refactored
URL
andURLSearchParams
- Added iOS Safari 15.2 compat data mapping
- Added Electron 17.0 compat data mapping
- Updated Deno compat data mapping
- Added a workaround for a UC Browser specific version bug with unobservable
-
3.19.1 - 2021-11-02
- Added a workaround for FF26- bug where
ArrayBuffer
s are non-extensible, butObject.isExtensible
does not report it:- Fixed in
Object.{ isExtensible, isSealed, isFrozen }
andReflect.isExtensible
- Fixed handling of
ArrayBuffer
s as collections keys
- Fixed in
- Fixed
Object#toString
onAggregateError
in IE10- - Fixed possible lack of dependencies of
WeakMap
in IE8- .findLast
methods family marked as supported from Chrome 97- Fixed inheritance of Electron compat data
web.
modules - Fixed Safari 15.1 compat data (some features were not added)
- Added iOS Safari 15.1 compat data mapping
- Added a workaround for FF26- bug where
-
3.19.0 - 2021-10-25
- Most built-ins are encapsulated in
core-js
for preventing possible cases of breaking / observing the internal state by patching / deleting of them- Avoid
.call
/.apply
prototype methods that could be patched - Avoid
instanceof
operator - implicit.prototype
/@@ hasInstance
access that could be patched - Avoid
RegExp#test
,String#match
and some over methods - implicit.exec
andRegExp
well-known symbols access that could be patched
- Avoid
- Clearing of
Error
stack from extra entries experimentally added toAggregateError
, #996, in case lack of problems it will be extended to other cases - In engines with native
Symbol
support, new well-known symbols created with usageSymbol.for
for ensuring the same keys in different realms, #998 - Added a workaround of a BrowserFS NodeJS
process
polyfill bug that incorrectly reports V8 version that's used in some cases ofcore-js
feature detection - Fixed normalization of
message
AggregateError
argument - Fixed order of arguments conversion in
Math.scale
, a spec draft bug - Fixed
core-js-builder
work in NodeJS 17, added a workaround ofwebpack
+ NodeJS 17 issue - Added NodeJS 17.0 compat data mapping
- Added Opera Android 65 compat data mapping
- Updated Electron 16.0 compat data mapping
- Many other minor fixes and improvements
- Most built-ins are encapsulated in
Commit messages
Package name: core-js
- eb9229a 3.21.1
- ea62b2e transform engine names to lower case in `core-js-compat` targets parser
- 2e532d6 update dependencies
- 42eea35 update dependencies
- cf4ba30 add Deno 1.20 compat data mapping
- 55a5195 pin `npm` since a bug on Windows still is not fixed
- 3ebe589 add a bugfix for the WebKit `Array.prototype.{ groupBy, groupByToMap }` implementation
- 94c7055 update dependencies
- d51b8de update dependencies
- e507298 take into account `core-js-bundle` in `downloads-by-versions` script
- 4c4655d move `usage` script to `playwright`
- b746e19 update dependencies
- de54899 use the official Alexa Rank data source
- 77ca4f7 update dependencies
- a3f5916 update dependencies
- 2701cea update dependencies
- ac784d7 update dependencies
- c5d4e23 mark `atob` / `btoa` as fixed in the next minor NodeJS version
- 76ab60d update dependencies
- 6df7c31 add Electron 18.0 compat data mapping
- 32492dc 3.21.0
- 248a3ea forced replacement of all methods from early stage proposals for avoiding possible web compatibility issues in the future
- 985d127 update dependencies
- 4faa860 [WIP] Add `atob` / `btoa` (#1036)
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🔕 Ignore this dependency or unsubscribe from future upgrade PRs