[Snyk] Upgrade core-js from 3.23.4 to 3.27.0

[snyk-bot]

Snyk has created this PR to upgrade core-js from 3.23.4 to 3.27.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 12 versions ahead of your current version.
• The recommended version was released 21 days ago, on 2022-12-25.

Release notes

Package name: core-js

• 3.27.0 - 2022-12-25
  
  • Iterator Helpers proposal:
    • Built-ins:
      • Iterator
        • Iterator.from
        • Iterator.prototype.drop
        • Iterator.prototype.every
        • Iterator.prototype.filter
        • Iterator.prototype.find
        • Iterator.prototype.flatMap
        • Iterator.prototype.forEach
        • Iterator.prototype.map
        • Iterator.prototype.reduce
        • Iterator.prototype.some
        • Iterator.prototype.take
        • Iterator.prototype.toArray
        • Iterator.prototype.toAsync
        • Iterator.prototype[@@ toStringTag]
      • AsyncIterator
        • AsyncIterator.from
        • AsyncIterator.prototype.drop
        • AsyncIterator.prototype.every
        • AsyncIterator.prototype.filter
        • AsyncIterator.prototype.find
        • AsyncIterator.prototype.flatMap
        • AsyncIterator.prototype.forEach
        • AsyncIterator.prototype.map
        • AsyncIterator.prototype.reduce
        • AsyncIterator.prototype.some
        • AsyncIterator.prototype.take
        • AsyncIterator.prototype.toArray
        • AsyncIterator.prototype[@@ toStringTag]
    • Moved to Stage 3, November 2022 TC39 meeting
    • Added /actual/ entries, unconditional forced replacement disabled for features that survived to Stage 3
    • .from accept strings, .flatMap throws on strings returned from the callback, proposal-iterator-helpers/244, proposal-iterator-helpers/250
    • .from and .flatMap throws on non-object iterators, proposal-iterator-helpers/253
  • Set methods proposal:
    • Built-ins:
      • Set.prototype.intersection
      • Set.prototype.union
      • Set.prototype.difference
      • Set.prototype.symmetricDifference
      • Set.prototype.isSubsetOf
      • Set.prototype.isSupersetOf
      • Set.prototype.isDisjointFrom
    • Moved to Stage 3, November 2022 TC39 meeting
    • Reimplemented with new semantics:
      • Optimized performance (iteration over lowest set)
      • Accepted only Set-like objects as an argument, not all iterables
      • Accepted only Sets as this, no @@ species support, and other minor changes
    • Added /actual/ entries, unconditional forced replacement changed to feature detection
    • For avoiding breaking changes:
      • New versions of methods are implemented as new modules and available in new entries or entries where old versions of methods were not available before (like /actual/ namespace)
      • In entries where they were available before (like /full/ namespace), those methods are available with fallbacks to old semantics (in addition to Set-like, they accept iterable objects). This behavior will be removed from the next major release
  • Well-Formed Unicode Strings proposal:
    • Methods:
      • String.prototype.isWellFormed
      • String.prototype.toWellFormed
    • Moved to Stage 3, November 2022 TC39 meeting
    • Added /actual/ entries, disabled unconditional forced replacement
  • Explicit resource management Stage 3 and Async explicit resource management Stage 2 proposals:
    • Renamed from "using statement" and splitted into 2 (sync and async) proposals
    • In addition to already present well-known symbols, added new built-ins:
      • Symbol.dispose
      • Symbol.asyncDispose
      • SuppressedError
      • DisposableStack
        • DisposableStack.prototype.dispose
        • DisposableStack.prototype.use
        • DisposableStack.prototype.adopt
        • DisposableStack.prototype.defer
        • DisposableStack.prototype.move
        • DisposableStack.prototype[@@ dispose]
      • AsyncDisposableStack
        • AsyncDisposableStack.prototype.disposeAsync
        • AsyncDisposableStack.prototype.use
        • AsyncDisposableStack.prototype.adopt
        • AsyncDisposableStack.prototype.defer
        • AsyncDisposableStack.prototype.move
        • AsyncDisposableStack.prototype[@@ asyncDispose]
      • Iterator.prototype[@@ dispose]
      • AsyncIterator.prototype[@@ asyncDispose]
    • Sync version of this proposal moved to Stage 3, November 2022 TC39 meeting
    • Added /actual/ namespace entries for Stage 3 proposal
  • Added String.dedent stage 2 proposal
    • Method String.dedent
    • Throws an error on non-frozen raw templates for avoiding possible breaking changes in the future, proposal-string-dedent/75
  • Compat data targets improvements:
    • React Native from 0.70 shipped with Hermes as the default engine. However, bundled Hermes versions differ from standalone Hermes releases. So added react-native target for React Native with bundled Hermes.
    • According to the documentation, Oculus Browser was renamed to Meta Quest Browser, so oculus target was renamed to quest.
    • opera_mobile target name is confusing since it contains data for the Chromium-based Android version, but iOS Opera is Safari-based. So opera_mobile target was renamed to opera-android.
    • android target name is also confusing for someone - that means Android WebView, some think thinks that it's Chrome for Android, but they have some differences. For avoiding confusion, added chrome-android target.
    • For consistency with two previous cases, added firefox-android target.
    • For avoiding breaking changes, the oculus and opera_mobile fields are available in the compat data till the next major release.
  • Compat data improvements:
    • Array.fromAsync marked as supported from Bun 0.3.0
    • String.prototype.{ isWellFormed, toWellFormed } marked as supported from Bun 0.4.0
    • Change Array by copy proposal marked as supported from Deno 1.27, deno/16429
    • Added Deno 1.28 / 1.29 compat data mapping
    • Added NodeJS 19.2 compat data mapping
    • Added Samsung Internet 19.0 compat data mapping
    • Added Quest Browser 24.0 compat data mapping
    • Fixed the first version in the Chromium-based Edge compat data mapping
  • { Map, WeakMap }.prototype.emplace became stricter by the spec draft
  • Smoothed behavior of some conflicting proposals
  • Removed some generic behavior (like @@ species pattern) of some .prototype methods from the new collections methods proposal and the Array deduplication proposal that most likely will not be implemented since it contradicts the current TC39 policy
  • Added pure version of the Number constructor, #1154, #1155, thanks @ trosos
  • Added set(Timeout|Interval|Immediate) extra arguments fix for Bun 0.3.0- (similarly to IE9-), bun/1633
  • Fixed handling of sparse arrays in structuredClone, #1156
  • Fixed a theoretically possible future conflict of polyfills definitions in the pure version
  • Some refactoring and optimization
• 3.26.1 - 2022-11-13
  
  • Disabled forced replacing of Array.fromAsync since it's on Stage 3
  • Avoiding a check of the target in the internal function-uncurry-this helper where it's not required - minor optimization and preventing problems in some broken environments, a workaround of #1141
  • V8 will not ship Array.prototype.{ group, groupToMap } in V8 ~ Chromium 108, proposal-array-grouping/44
• 3.26.0 - 2022-10-23
  
  • Array.fromAsync proposal:
    • Moved to Stage 3, September TC39 meeting
    • Avoid observable side effects of %Array.prototype.values% usage in array-like branch, proposal-array-from-async/30
  • Added well-formed unicode strings stage 2 proposal:
    • String.prototype.isWellFormed
    • String.prototype.toWellFormed
  • Recent updates of the iterator helpers proposal:
    • Added a counter parameter to helpers, proposal-iterator-helpers/211
    • Don't await non-objects returned from functions passed to AsyncIterator helpers, proposal-iterator-helpers/239
    • { Iterator, AsyncIterator }.prototype.flatMap supports returning both - iterables and iterators, proposal-iterator-helpers/233
    • Early exit on broken .next in missed cases of { Iterator, AsyncIterator }.from, proposal-iterator-helpers/232
  • Added self polyfill as a part of The Minimum Common Web Platform API, specification, #1118
  • Added inverse option to core-js-compat, #1119
  • Added format option to core-js-builder, #1120
  • Added NodeJS 19.0 compat data
  • Added Deno 1.26 and 1.27 compat data
  • Added Opera Android 72 compat data mapping
  • Updated Electron 22 compat data mapping
• 3.25.5 - 2022-10-03
  
  • Fixed regression with an error on reuse of some built-in methods from another realm, #1133
• 3.25.4 - 2022-10-02
  
  • Added a workaround of a Nashorn bug with Function.prototype.{ call, apply, bind } on string methods, #1128
  • Updated lists of [Serializable] and [Transferable] objects in the structuredClone polyfill. Mainly, for better error messages if polyfilling of cloning such types is impossible
  • Array.prototype.{ group, groupToMap } marked as supported from V8 ~ Chromium 108
  • Added Electron 22 compat data mapping
• 3.25.3 - 2022-09-25
  
  • Forced polyfilling of Array.prototype.groupToMap in the pure version for returning wrapped Map instances
  • Fixed existence of Array.prototype.{ findLast, findLastIndex } in /stage/4 entry
  • Added Opera Android 71 compat data mapping
  • Some stylistic changes
• 3.25.2 - 2022-09-18
  
  • Considering document.all as a callable in some missed cases
  • Added Safari 16.0 compat data
  • Added iOS Safari 16.0 compat data mapping
  • Fixed some ancient iOS Safari versions compat data mapping
• 3.25.1 - 2022-09-07
  
  • Added some fixes and workarounds of FF30- typed arrays bug that does not properly convert objects to numbers
  • Added sideEffects field to core-js-pure package.json for better tree shaking, #1117
  • Dropped semver dependency from core-js-compat
    • semver package (ironically) added a breaking change and dropped NodeJS 8 support in the minor 7.1 version, after that semver in core-js-compat was pinned to 7.0 since for avoiding breaking changes it should support NodeJS 8. However, since core-js-compat is usually used with other packages that use semver dependency, it causes multiple duplications of semver in dependencies. So I decided to remove semver dependency and replace it with a couple of simple helpers.
  • Added Bun 0.1.6-0.1.11 compat data
  • Added Deno 1.25 compat data mapping
  • Updated Electron 21 compat data mapping
  • Some stylistic changes, minor fixes, and improvements
• 3.25.0 - 2022-08-24
  
  • Added Object.prototype.__proto__ polyfill
    • It's optional, legacy, and in some cases (mainly because of developers' mistakes) can cause problems, but some libraries depend on it, and most code can't work without the proper libraries' ecosystem
    • Only for modern engines where this feature is missed (like Deno), it's not installed in IE10- since here we have no proper way setting of the prototype
    • Without fixes of early implementations where it's not an accessor since those fixes are impossible
    • Only for the global version
  • Considering document.all as an object in some missed cases, see ECMAScript Annex B 3.6
  • Avoiding unnecessary promise creation and validation result in %WrapForValid(Async)IteratorPrototype%.return, proposal-iterator-helpers/215
  • Fixed omitting the result of proxing .return in %IteratorHelperPrototype%.return, #1116
  • Fixed the order creation of properties of iteration result object of some iterators (value should be created before done)
  • Fixed some cases of Safari < 13 bug - silent on non-writable array .length setting
  • Fixed ArrayBuffer.length in V8 ~ Chrome 27-
  • Relaxed condition of re-usage native WeakMap for internal states with multiple core-js copies
  • Availability cloning of FileList in the structuredClone polyfill extended to some more old engines versions
  • Some stylistic changes and minor fixes
  • Throwing a TypeError in core-js-compat / core-js-builder in case of passing invalid module names / filters for avoiding unexpected result, related to #1115
  • Added missed NodeJS 13.2 to esmodules core-js-compat / core-js-builder target
  • Added Electron 21 compat data mapping
  • Added Oculus Browser 23.0 compat data mapping
• 3.24.1 - 2022-07-29
  
  • NodeJS is ignored in IS_BROWSER detection to avoid a false positive with jsdom, #1110
  • Fixed detection of @@ species support in Promise in some old engines
  • { Array, %TypedArray% }.prototype.{ findLast, findLastIndex } marked as shipped in FF104
  • Added iOS Safari 15.6 compat data mapping
  • Fixed Opera 15 compat data mapping
• 3.24.0 - 2022-07-25
• 3.23.5 - 2022-07-17
• 3.23.4 - 2022-07-09

from core-js GitHub release notes

Commit messages

Package name: core-js

• d73e06e refresh
• 66c427f 3.27.0
• 3a427d9 update docs
• c8322b0 allow gc disposed resources before disposing all resources of stack
• b136b1f update dependencies
• 56cf6e1 update dependencies
• 7afdd8e fix a link
• 71c2b15 add Bun 0.4.0 compat data
• e6d3388 update dependencies
• 0d9478e add some comments
• 1326903 update a comment
• 68c9bf6 smoothed behavior of some conflicting proposals
• ebe0286 update dependencies
• bacda9a update compat table
• 742e3cd update dependencies
• 908bb3a update the changelog
• 3654621 update dependencies
• 4cc298a fix a couple of tests
• c5e2d95 add `set(Timeout|Interval|Immediate)` extra arguments fix for Bun (similarly to IE9-)
• 22cfd5d rebuilt compat table
• 0c1b493 fix some helpers
• e968159 Merge pull request #1149 from zloirock/dedent
• 078397e remove unreachable condition
• 5c6b8fa throw an error on non-frozen raw templates for avoiding possible breaking changes in the future

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs