search

blacklight / platypush

A versatile and extensible platform for automation with hundreds of supported integrations
https://platypush.tech
MIT License
284 stars 21 forks source link

[Snyk] Upgrade core-js from 3.23.4 to 3.28.0 #364

Closed blacklight closed 1 year ago

blacklight commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade core-js from 3.23.4 to 3.28.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **15 versions** ahead of your current version. - The recommended version was released **21 days ago**, on 2023-02-13.
Release notes
Package name: core-js
  • 3.28.0 - 2023-02-13

    I highly recommend reading this: So, what's next?

    • Change Array by copy proposal:
      • Methods:
        • Array.prototype.toReversed
        • Array.prototype.toSorted
        • Array.prototype.toSpliced
        • Array.prototype.with
        • %TypedArray%.prototype.toReversed
        • %TypedArray%.prototype.toSorted
        • %TypedArray%.prototype.with
      • Moved to stable ES, January 2023 TC39 meeting
      • Added es. namespace modules, /es/ and /stable/ namespaces entries
    • Added JSON.parse source text access Stage 3 proposal
      • Methods:
        • JSON.parse patched for support source in reviver function arguments
        • JSON.rawJSON
        • JSON.isRawJSON
        • JSON.stringify patched for support JSON.rawJSON
    • Added ArrayBuffer.prototype.transfer and friends Stage 3 proposal:
      • Built-ins:
        • ArrayBuffer.prototype.detached
        • ArrayBuffer.prototype.transfer (only in runtimes with native structuredClone with ArrayBuffer transfer support)
        • ArrayBuffer.prototype.transferToFixedLength (only in runtimes with native structuredClone with ArrayBuffer transfer support)
      • In backwards, in runtimes with native ArrayBuffer.prototype.transfer, but without proper structuredClone, added ArrayBuffer transfer support to structuredClone polyfill
    • Iterator Helpers proposal:
    • Explicit Resource Management Stage 3 and Async Explicit Resource Management Stage 2 proposals:
    • Added Symbol predicates Stage 2 proposal
      • Methods:
        • Symbol.isRegistered
        • Symbol.isWellKnown
    • Number.range Stage 1 proposal and method renamed to Iterator.range
    • Function.prototype.unThis Stage 0 proposal and method renamed to Function.prototype.demethodize
    • Fixed Safari String.prototype.toWellFormed ToString conversion bug
    • Improved some cases handling of array-replacer in JSON.stringify symbols handling fix
    • Fixed many other old JSON.{ parse, stringify } bugs (numbers instead of strings as keys in replacer, handling negative zeroes, spaces, some more handling symbols cases, etc.)
    • Fixed configurability and ToString conversion of some accessors
    • Added throwing proper errors on an incorrect context in some ArrayBuffer and DataView methods
    • Some minor DataView and %TypedArray% polyfills optimizations
    • Added proper error on the excess number of trailing = in the atob polyfill
    • Fixed theoretically possible ReDoS vulnerabilities in String.prototype.{ trim, trimEnd, trimRight }, parse(Int|Float), Number, atob, and URL polyfills in some ancient engines
    • Compat data improvements:
      • RegExp.prototype.flags marked as fixed from V8 ~ Chrome 111
      • Added Opera Android 73 compat data mapping
    • Added TypeScript definitions to core-js-builder
  • 3.27.2 - 2023-01-18
    • Set methods proposal updates:
      • Closing of iterators of Set-like objects on early exit, proposal-set-methods/85
      • Some other minor internal changes
    • Added one more workaround of a webpack dev server bug on IE global methods, #1161
    • Fixed possible String.{ raw, cooked } error with empty template array
    • Used non-standard V8 Error.captureStackTrace instead of stack parsing in new error classes / wrappers where it's possible
    • Added detection correctness of iteration to Promise.{ allSettled, any } feature detection, Hermes issue
    • Compat data improvements:
      • Change Array by copy proposal marked as supported from V8 ~ Chrome 110
      • Added Samsung Internet 20 compat data mapping
      • Added Quest Browser 25 compat data mapping
      • Added React Native 0.71 Hermes compat data
      • Added Electron 23 and 24 compat data mapping
      • self marked as fixed in Deno 1.29.3, deno/17362
    • Minor tweaks of minification settings for core-js-bundle
    • Refactoring, some minor fixes, improvements, optimizations
  • 3.27.1 - 2022-12-29
    • Fixed a Chakra-based MS Edge (18-) bug that unfreeze (O_o) frozen arrays used as WeakMap keys
    • Fixing of the previous bug also fixes some cases of String.dedent in MS Edge
    • Fixed dependencies of some entries
  • 3.27.0 - 2022-12-25
    • Iterator Helpers proposal:
      • Built-ins:
        • Iterator
          • Iterator.from
          • Iterator.prototype.drop
          • Iterator.prototype.every
          • Iterator.prototype.filter
          • Iterator.prototype.find
          • Iterator.prototype.flatMap
          • Iterator.prototype.forEach
          • Iterator.prototype.map
          • Iterator.prototype.reduce
          • Iterator.prototype.some
          • Iterator.prototype.take
          • Iterator.prototype.toArray
          • Iterator.prototype.toAsync
          • Iterator.prototype[@@ toStringTag]
        • AsyncIterator
          • AsyncIterator.from
          • AsyncIterator.prototype.drop
          • AsyncIterator.prototype.every
          • AsyncIterator.prototype.filter
          • AsyncIterator.prototype.find
          • AsyncIterator.prototype.flatMap
          • AsyncIterator.prototype.forEach
          • AsyncIterator.prototype.map
          • AsyncIterator.prototype.reduce
          • AsyncIterator.prototype.some
          • AsyncIterator.prototype.take
          • AsyncIterator.prototype.toArray
          • AsyncIterator.prototype[@@ toStringTag]
      • Moved to Stage 3, November 2022 TC39 meeting
      • Added /actual/ entries, unconditional forced replacement disabled for features that survived to Stage 3
      • .from accept strings, .flatMap throws on strings returned from the callback, proposal-iterator-helpers/244, proposal-iterator-helpers/250
      • .from and .flatMap throws on non-object iterators, proposal-iterator-helpers/253
    • Set methods proposal:
      • Built-ins:
        • Set.prototype.intersection
        • Set.prototype.union
        • Set.prototype.difference
        • Set.prototype.symmetricDifference
        • Set.prototype.isSubsetOf
        • Set.prototype.isSupersetOf
        • Set.prototype.isDisjointFrom
      • Moved to Stage 3, November 2022 TC39 meeting
      • Reimplemented with new semantics:
        • Optimized performance (iteration over lowest set)
        • Accepted only Set-like objects as an argument, not all iterables
        • Accepted only Sets as this, no @@ species support, and other minor changes
      • Added /actual/ entries, unconditional forced replacement changed to feature detection
      • For avoiding breaking changes:
        • New versions of methods are implemented as new modules and available in new entries or entries where old versions of methods were not available before (like /actual/ namespace)
        • In entries where they were available before (like /full/ namespace), those methods are available with fallbacks to old semantics (in addition to Set-like, they accept iterable objects). This behavior will be removed from the next major release
    • Well-Formed Unicode Strings proposal:
      • Methods:
        • String.prototype.isWellFormed
        • String.prototype.toWellFormed
      • Moved to Stage 3, November 2022 TC39 meeting
      • Added /actual/ entries, disabled unconditional forced replacement
    • Explicit resource management Stage 3 and Async explicit resource management Stage 2 proposals:
      • Renamed from "using statement" and splitted into 2 (sync and async) proposals
      • In addition to already present well-known symbols, added new built-ins:
        • Symbol.dispose
        • Symbol.asyncDispose
        • SuppressedError
        • DisposableStack
          • DisposableStack.prototype.dispose
          • DisposableStack.prototype.use
          • DisposableStack.prototype.adopt
          • DisposableStack.prototype.defer
          • DisposableStack.prototype.move
          • DisposableStack.prototype[@@ dispose]
        • AsyncDisposableStack
          • AsyncDisposableStack.prototype.disposeAsync
          • AsyncDisposableStack.prototype.use
          • AsyncDisposableStack.prototype.adopt
          • AsyncDisposableStack.prototype.defer
          • AsyncDisposableStack.prototype.move
          • AsyncDisposableStack.prototype[@@ asyncDispose]
        • Iterator.prototype[@@ dispose]
        • AsyncIterator.prototype[@@ asyncDispose]
      • Sync version of this proposal moved to Stage 3, November 2022 TC39 meeting
      • Added /actual/ namespace entries for Stage 3 proposal
    • Added String.dedent stage 2 proposal
      • Method String.dedent
      • Throws an error on non-frozen raw templates for avoiding possible breaking changes in the future, proposal-string-dedent/75
    • Compat data targets improvements:
      • React Native from 0.70 shipped with Hermes as the default engine. However, bundled Hermes versions differ from standalone Hermes releases. So added react-native target for React Native with bundled Hermes.
      • According to the documentation, Oculus Browser was renamed to Meta Quest Browser, so oculus target was renamed to quest.
      • opera_mobile target name is confusing since it contains data for the Chromium-based Android version, but iOS Opera is Safari-based. So opera_mobile target was renamed to opera-android.
      • android target name is also confusing for someone - that means Android WebView, some think thinks that it's Chrome for Android, but they have some differences. For avoiding confusion, added chrome-android target.
      • For consistency with two previous cases, added firefox-android target.
      • For avoiding breaking changes, the oculus and opera_mobile fields are available in the compat data till the next major release.
    • Compat data improvements:
    • { Map, WeakMap }.prototype.emplace became stricter by the spec draft
    • Smoothed behavior of some conflicting proposals
    • Removed some generic behavior (like @@ species pattern) of some .prototype methods from the new collections methods proposal and the Array deduplication proposal that most likely will not be implemented since it contradicts the current TC39 policy
    • Added pure version of the Number constructor, #1154, #1155, thanks @ trosos
    • Added set(Timeout|Interval|Immediate) extra arguments fix for Bun 0.3.0- (similarly to IE9-), bun/1633
    • Fixed handling of sparse arrays in structuredClone, #1156
    • Fixed a theoretically possible future conflict of polyfills definitions in the pure version
    • Some refactoring and optimization
  • 3.26.1 - 2022-11-13
    • Disabled forced replacing of Array.fromAsync since it's on Stage 3
    • Avoiding a check of the target in the internal function-uncurry-this helper where it's not required - minor optimization and preventing problems in some broken environments, a workaround of #1141
    • V8 will not ship Array.prototype.{ group, groupToMap } in V8 ~ Chromium 108, proposal-array-grouping/44
  • 3.26.0 - 2022-10-23
  • 3.25.5 - 2022-10-03
    • Fixed regression with an error on reuse of some built-in methods from another realm, #1133
  • 3.25.4 - 2022-10-02
    Read more
  • 3.25.3 - 2022-09-25
    • Forced polyfilling of Array.prototype.groupToMap in the pure version for returning wrapped Map instances
    • Fixed existence of Array.prototype.{ findLast, findLastIndex } in /stage/4 entry
    • Added Opera Android 71 compat data mapping
    • Some stylistic changes
  • 3.25.2 - 2022-09-18
    Read more
  • 3.25.1 - 2022-09-07
  • 3.25.0 - 2022-08-24
  • 3.24.1 - 2022-07-29
  • 3.24.0 - 2022-07-25
  • 3.23.5 - 2022-07-17
  • 3.23.4 - 2022-07-09
from core-js GitHub release notes
Commit messages
Package name: core-js
  • 6f721fa refresh
  • 93ad467 3.28.0
  • 91e0347 so, what's next?
  • 879b7aa update the changelog
  • 59920a1 Merge pull request #1174 from zloirock/array-buffer-transfer
  • 39c079b throw proper errors on an incorrect context in some `ArrayBuffer` and `DataView` methods
  • 7e0399d some fixes
  • 139abbf add `ArrayBuffer.prototype.transfer` and friends Stage 3 proposal
  • 081d6f8 mark `RegExp.prototype.flags` as fixed from V8 ~ Chrome 111
  • 6fe17a9 update dependencies
  • 44cf9e8 fix theoretically possible ReDoS vulnerabilities
  • 17081e2 workaround FF20- enumeration order issue in tests
  • 70aab09 some stylistic changes
  • 4f000a1 disable duplicate proto test for Chrome 27- with non-redefinable proto
  • 2e44954 fix Safari 9 `JSON.parse` bug with handling negative zero + some whitespaces
  • 2af87cc disable `JSON.stringify` property order test
  • f3b4e9b Merge pull request #1168 from zloirock/json
  • e8f2981 fix a signature
  • be7ea2c improve handling of strings wrapped to `rawJSON`
  • eb0327f update docs
  • 8373774 add some tests
  • bd069bc add some tests
  • 6c57b04 add some tests
  • e21fe93 add some tests
Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/blacklight/project/96bfd125-5816-4d9e-83c6-94d1569ab0f1?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/blacklight/project/96bfd125-5816-4d9e-83c6-94d1569ab0f1/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/blacklight/project/96bfd125-5816-4d9e-83c6-94d1569ab0f1/settings/integration?pkg=core-js&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)