Snyk has created this PR to upgrade core-js from 3.21.1 to 3.22.6.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 7 versions ahead of your current version.
The recommended version was released 21 days ago, on 2022-05-22.
Disabled forced replacement and added /actual/ entry points for methods from this proposal
Array.prototype.toSpliced throws a TypeError instead of RangeError if the result length is more than MAX_SAFE_INTEGER, proposal-change-array-by-copy/70
Added some more atob / btoa fixes:
NodeJS <17.9 atob does not ignore spaces, node/42530
Actual NodeJS atob does not validate encoding, node/42646
FF26- implementation does not properly convert argument to string
IE / Edge <16 implementation have wrong arity
Added /full/ namespace as the replacement for /features/ since it's more descriptive in context of the rest namespaces (/es/ ⊆ /stable/ ⊆ /actual/ ⊆ /full/)
Avoided propagation of removed parts of proposals to upper stages. For example, %TypedArray%.prototype.groupBy was removed from the Array grouping proposal a long time ago. We can't completely remove this method since it's a breaking change. But this proposal has been promoted to stage 3 - so the proposal should be promoted without this method, this method should not be available in /actual/ entries - but it should be available in early-stage entries to avoid breakage.
Significant internal refactoring and splitting of modules (but without exposing to public API since it will be a breaking change - it will be exposed in the next major version)
Bug fixes:
Fixed work of non-standard V8 Error features with wrapped Error constructors, #1061
null and undefined allowed as the second argument of structuredClone, #1056
Tooling:
Stabilized proposals are filtered out from the core-js-compat -> core-js-builder -> core-js-bundle output. That mean that if the output contains, for example, es.object.has-own, the legacy reference to it, esnext.object.has-own, no longer added.
Added support of entry points, modules, regexes, and arrays of them to those filters
Missed targets option of core-js-compat means that the targets filter just will not be applied, so the result will contain modules required for all possible engines
Compat data:
.stack property on DOMException marked as supported from Deno 1.15
Added Deno 1.21 compat data mapping
Added Electron 19.0 and updated 18.0 compat data mapping
Snyk has created this PR to upgrade core-js from 3.21.1 to 3.22.6.
Release notes
Package name: core-js
-
3.22.6 - 2022-05-22
- Fixed possible double call of
-
3.22.5 - 2022-05-10
- Ensured that polyfilled constructors
- Ensured that polyfilled methods
- Added detection and fix of a V8 ~ Chrome <103 bug of
-
3.22.4 - 2022-05-02
- Ensured proper
- Ensured proper
- Ensured proper source /
- Actualized Rhino compat data
- Refactoring
-
3.22.3 - 2022-04-28
- Added a fix for FF99+
-
3.22.2 - 2022-04-21
- Fixed
- Fixed
-
3.22.1 - 2022-04-19
- Improved some cases of
- Prevented experimental warning in NodeJS ~ 18.0 on detection
- Added NodeJS 18.0 compat data
-
3.22.0 - 2022-04-15
- Change
- Moved to Stage 3, March TC39 meeting
- Disabled forced replacement and added
- Added some more
- NodeJS <17.9
- Actual NodeJS
- FF26- implementation does not properly convert argument to string
- IE / Edge <16 implementation have wrong arity
- Added
- Avoided propagation of removed parts of proposals to upper stages. For example,
- Significant internal refactoring and splitting of modules (but without exposing to public API since it will be a breaking change - it will be exposed in the next major version)
- Bug fixes:
- Fixed work of non-standard V8
- Tooling:
- Stabilized proposals are filtered out from the
- Aligned modules filters of
- Added support of entry points, modules, regexes, and arrays of them to those filters
- Missed
- Compat data:
- Added Deno 1.21 compat data mapping
- Added Electron 19.0 and updated 18.0 compat data mapping
- Added Samsung Internet 17.0 compat data mapping
- Added Opera Android 68 compat data mapping
-
3.21.1 - 2022-02-16
- Added a bugfix for the WebKit
- Added Electron 18.0 compat data mapping
- Added Deno 1.20 compat data mapping
from core-js GitHub release notesToNumberconversion on arguments ofMath.{ fround, trunc }polyfillsArray.prototype.includesmarked as fixed in FF102.prototypeis non-writable.prototypeis not definedstruturedClonethat returnsnullif cloned object contains multiple references to one error.lengthof polyfilled functions even in compressed code (excepting some ancient engines).nameof polyfilled accessors (excepting some ancient engines)ToStringconversion of polyfilled accessorsArray.prototype.includesbroken on sparse arraysURLSearchParamsin IE8- that was broken in the previous release__lookupGetter__entriesRegExpflags handlingfetchAPIArrayby copy proposal:/actual/entry points for methods from this proposalArray.prototype.toSplicedthrows aTypeErrorinstead ofRangeErrorif the result length is more thanMAX_SAFE_INTEGER, proposal-change-array-by-copy/70atob/btoafixes:atobdoes not ignore spaces, node/42530atobdoes not validate encoding, node/42646/full/namespace as the replacement for/features/since it's more descriptive in context of the rest namespaces (/es/⊆/stable/⊆/actual/⊆/full/)%TypedArray%.prototype.groupBywas removed from theArraygrouping proposal a long time ago. We can't completely remove this method since it's a breaking change. But this proposal has been promoted to stage 3 - so the proposal should be promoted without this method, this method should not be available in/actual/entries - but it should be available in early-stage entries to avoid breakage.Errorfeatures with wrappedErrorconstructors, #1061nullandundefinedallowed as the second argument ofstructuredClone, #1056core-js-compat->core-js-builder->core-js-bundleoutput. That mean that if the output contains, for example,es.object.has-own, the legacy reference to it,esnext.object.has-own, no longer added.core-js-builderandcore-js-compat, now it'smodulesandexcludeoptionstargetsoption ofcore-js-compatmeans that thetargetsfilter just will not be applied, so the result will contain modules required for all possible engines.stackproperty onDOMExceptionmarked as supported from Deno 1.15Array.prototype.{ groupBy, groupByToMap }implementationcore-js-compattargets parser transforms engine names to lower caseatob/btoamarked as fixed in NodeJS 17.5Commit messages
Package name: core-js
- d3d49a2 3.22.6
- 69842a4 mark `Array.prototype.includes` as fixed in FF102
- f6dfcc8 update dependencies
- 9abdd1e update dependencies
- 572201e update dependencies
- 389a10a improve CONTRIBUTING.md
- a856325 update dependencies
- 12be48b fix typos
- 3002ba4 add some conversion tests
- 90a57dd minor stylistic change
- 7be1cf1 rename `setGlobal` -> `defineGlobalProperty`
- 4ec7fe2 refactor and fix conversion arguments of `Math` methods
- 4d45cfa rename `noTargetGet` -> `dontCallGetSet` option
- a9a619a simplify `defineBuiltIn` helper
- dad01b8 extract `Math.trunc` duplicates
- 1e52569 update dependencies
- a9ac47f update dependencies
- 58c0622 update dependencies
- 29b06e6 fix some links
- f1b4f76 3.22.5
- 951124c add links to releases to the changelog
- c53c1b2 update dependencies
- ef26f65 ensure proper `.prototype` of polyfills
- 666631a increase `DEV_NODE_VERSIONS` to `^16.13`
CompareNote: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs