Snyk has created this PR to upgrade core-js from 3.13.0 to 3.13.1.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 1 version ahead of your current version.
The recommended version was released a month ago, on 2021-05-29.
Snyk has created this PR to upgrade core-js from 3.13.0 to 3.13.1.
The recommended version fixes:
SNYK-JS-SSRI-1246392
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-SSRI-1085630
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-SSRI-1246392
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-SSRI-1085630
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-DNSPACKET-1293563
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-WS-1296835
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-POSTCSS-1255640
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-POSTCSS-1090595
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-PATHPARSE-1077067
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-ISSVG-1243891
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-ISSVG-1085627
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-HOSTEDGITINFO-1088355
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-COLORSTRING-1082939
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-BROWSERSLIST-1090194
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: core-js
-
3.13.1 - 2021-05-29
- Overwrites
- Added a workaround of possible browser crash on
-
3.13.0 - 2021-05-25
- Accessible
from core-js GitHub release notesget-own-property-symbolsthird-partySymbolpolyfill if it's used since it causes a stack overflow, #774Object.prototypeaccessors methods in WebKit ~ Android 4.0, #232Object#hasOwnProperty(Object.hasOwn) proposal moved to the stage 3, May 2021 TC39 meetingCommit messages
Package name: core-js
- a05c21c 3.13.1
- 2a5a44a change the wording
- c2b4e64 no longer use symbols from `get-own-property-symbols` polyfill, close #774
- 47d11d0 added a workaround of possible browser crash on `Object.prototype` accessors method in WebKit ~ Android 4.0, close #232
- 991d46b update dependencies
- 233ce3a fix some comments
- 4d6ff5b fix some comments
- 4fbaf6e update a link
- c11a843 fix typo
- d55dc9c fix typo
- c5e3935 update dependencies
- 1ac65f0 move `qunit` helpers to main tests bundles
- 2bbbd47 just in case add a test of operations order in `Object.hasOwn`
- 43095ad use native `Object.hasOwn` if it's available in internal `has` helper
- 78fc53e update dependencies
CompareNote: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs