Snyk has created this PR to upgrade core-js from 3.37.1 to 3.38.0.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 1 version ahead of your current version.
The recommended version was released on 21 days ago.
Uses https instead of http in URL constructor feature detection to avoid extra notifications from some overly vigilant security scanners, #1345
Some minor optimizations
Updated browserslist in core-js-compat dependencies that fixes an upstream issue with incorrect interpretation of some browserslist queries, #1344, browserslist/829, browserslist/836
Snyk has created this PR to upgrade core-js from 3.37.1 to 3.38.0.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 1 version ahead of your current version.
The recommended version was released on 21 days ago.
Release notes
Package name: core-js
RegExp.escape
proposal:RegExp.escape
/actual/
namespace entries, unconditional forced replacement changed to feature detectionPromise.try
proposal:Promise.try
/actual/
namespace entries, unconditional forced replacement changed to feature detectionUint8Array
to / from base64 and hex stage 3 proposal:Uint8Array.fromBase64
Uint8Array.fromHex
Uint8Array.prototype.setFromBase64
Uint8Array.prototype.setFromHex
Uint8Array.prototype.toBase64
Uint8Array.prototype.toHex
Uint8Array.prototype.{ setFromBase64, setFromHex }
methodsUint8Array.fromBase64
andUint8Array.prototype.setFromBase64
lastChunkHandling
option, proposal-arraybuffer-base64/33Uint8Array.prototype.toBase64
omitPadding
option, proposal-arraybuffer-base64/60TypeError
on arrays backed by detached buffersRegExp
named capture groups polyfill in combination with non-capturing groups, #1352, thanks @ Ulopprocess.getBuiltinModule
for getting built-in NodeJS modules where it's availablehttps
instead ofhttp
inURL
constructor feature detection to avoid extra notifications from some overly vigilant security scanners, #1345browserslist
incore-js-compat
dependencies that fixes an upstream issue with incorrect interpretation of somebrowserslist
queries, #1344, browserslist/829, browserslist/836Object.groupBy
andMap.groupBy
to work for non-objectsRangeError
ifSet
methods are called on an object with negative size propertySet.prototype.symmetricDifference
to callthis.has
in each iterationArray.fromAsync
to not call theArray
constructor twiceURL.parse
Math.f16round
andDataView.prototype.{ getFloat16, setFloat16 }
marked as shipped from FF129Symbol.asyncDispose
added and marked as supported from V8 ~ Chromium 127Promise.try
added and marked as supported from V8 ~ Chromium 128self
descriptor is broken in Deno 1.45.3 (again)URL.parse
feature detection for some specific casesSet
methods proposal added and marked as supported from FF 127Symbol.dispose
added and marked as supported from V8 ~ Chromium 125Math.f16round
andDataView.prototype.{ getFloat16, setFloat16 }
added and marked as supported from Deno 1.43URL.parse
added and marked as supported from Chromium 126URL.parse
added and marked as supported from NodeJS 22.0URL.parse
added and marked as supported from Deno 1.43Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: