search

cassproject / cass-editor

View, create, edit, modify frameworks using an easy to use, embeddable iframe.
https://cassproject.github.io/cass-editor/
Apache License 2.0
3 stars 12 forks source link

[Snyk] Upgrade core-js from 3.23.3 to 3.27.2 #1276

Open Lomilar opened 1 year ago

Lomilar commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade core-js from 3.23.3 to 3.27.2.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **15 versions** ahead of your current version. - The recommended version was released **a month ago**, on 2023-01-18.
Release notes
Package name: core-js
  • 3.27.2 - 2023-01-18
    • Set methods proposal updates:
      • Closing of iterators of Set-like objects on early exit, proposal-set-methods/85
      • Some other minor internal changes
    • Added one more workaround of a webpack dev server bug on IE global methods, #1161
    • Fixed possible String.{ raw, cooked } error with empty template array
    • Used non-standard V8 Error.captureStackTrace instead of stack parsing in new error classes / wrappers where it's possible
    • Added detection correctness of iteration to Promise.{ allSettled, any } feature detection, Hermes issue
    • Compat data improvements:
      • Change Array by copy proposal marked as supported from V8 ~ Chrome 110
      • Added Samsung Internet 20 compat data mapping
      • Added Quest Browser 25 compat data mapping
      • Added React Native 0.71 Hermes compat data
      • Added Electron 23 and 24 compat data mapping
      • self marked as fixed in Deno 1.29.3, deno/17362
    • Minor tweaks of minification settings for core-js-bundle
    • Refactoring, some minor fixes, improvements, optimizations
  • 3.27.1 - 2022-12-29
    • Fixed a Chakra-based MS Edge (18-) bug that unfreeze (O_o) frozen arrays used as WeakMap keys
    • Fixing of the previous bug also fixes some cases of String.dedent in MS Edge
    • Fixed dependencies of some entries
  • 3.27.0 - 2022-12-25
    • Iterator Helpers proposal:
      • Built-ins:
        • Iterator
          • Iterator.from
          • Iterator.prototype.drop
          • Iterator.prototype.every
          • Iterator.prototype.filter
          • Iterator.prototype.find
          • Iterator.prototype.flatMap
          • Iterator.prototype.forEach
          • Iterator.prototype.map
          • Iterator.prototype.reduce
          • Iterator.prototype.some
          • Iterator.prototype.take
          • Iterator.prototype.toArray
          • Iterator.prototype.toAsync
          • Iterator.prototype[@@ toStringTag]
        • AsyncIterator
          • AsyncIterator.from
          • AsyncIterator.prototype.drop
          • AsyncIterator.prototype.every
          • AsyncIterator.prototype.filter
          • AsyncIterator.prototype.find
          • AsyncIterator.prototype.flatMap
          • AsyncIterator.prototype.forEach
          • AsyncIterator.prototype.map
          • AsyncIterator.prototype.reduce
          • AsyncIterator.prototype.some
          • AsyncIterator.prototype.take
          • AsyncIterator.prototype.toArray
          • AsyncIterator.prototype[@@ toStringTag]
      • Moved to Stage 3, November 2022 TC39 meeting
      • Added /actual/ entries, unconditional forced replacement disabled for features that survived to Stage 3
      • .from accept strings, .flatMap throws on strings returned from the callback, proposal-iterator-helpers/244, proposal-iterator-helpers/250
      • .from and .flatMap throws on non-object iterators, proposal-iterator-helpers/253
    • Set methods proposal:
      • Built-ins:
        • Set.prototype.intersection
        • Set.prototype.union
        • Set.prototype.difference
        • Set.prototype.symmetricDifference
        • Set.prototype.isSubsetOf
        • Set.prototype.isSupersetOf
        • Set.prototype.isDisjointFrom
      • Moved to Stage 3, November 2022 TC39 meeting
      • Reimplemented with new semantics:
        • Optimized performance (iteration over lowest set)
        • Accepted only Set-like objects as an argument, not all iterables
        • Accepted only Sets as this, no @@ species support, and other minor changes
      • Added /actual/ entries, unconditional forced replacement changed to feature detection
      • For avoiding breaking changes:
        • New versions of methods are implemented as new modules and available in new entries or entries where old versions of methods were not available before (like /actual/ namespace)
        • In entries where they were available before (like /full/ namespace), those methods are available with fallbacks to old semantics (in addition to Set-like, they accept iterable objects). This behavior will be removed from the next major release
    • Well-Formed Unicode Strings proposal:
      • Methods:
        • String.prototype.isWellFormed
        • String.prototype.toWellFormed
      • Moved to Stage 3, November 2022 TC39 meeting
      • Added /actual/ entries, disabled unconditional forced replacement
    • Explicit resource management Stage 3 and Async explicit resource management Stage 2 proposals:
      • Renamed from "using statement" and splitted into 2 (sync and async) proposals
      • In addition to already present well-known symbols, added new built-ins:
        • Symbol.dispose
        • Symbol.asyncDispose
        • SuppressedError
        • DisposableStack
          • DisposableStack.prototype.dispose
          • DisposableStack.prototype.use
          • DisposableStack.prototype.adopt
          • DisposableStack.prototype.defer
          • DisposableStack.prototype.move
          • DisposableStack.prototype[@@ dispose]
        • AsyncDisposableStack
          • AsyncDisposableStack.prototype.disposeAsync
          • AsyncDisposableStack.prototype.use
          • AsyncDisposableStack.prototype.adopt
          • AsyncDisposableStack.prototype.defer
          • AsyncDisposableStack.prototype.move
          • AsyncDisposableStack.prototype[@@ asyncDispose]
        • Iterator.prototype[@@ dispose]
        • AsyncIterator.prototype[@@ asyncDispose]
      • Sync version of this proposal moved to Stage 3, November 2022 TC39 meeting
      • Added /actual/ namespace entries for Stage 3 proposal
    • Added String.dedent stage 2 proposal
      • Method String.dedent
      • Throws an error on non-frozen raw templates for avoiding possible breaking changes in the future, proposal-string-dedent/75
    • Compat data targets improvements:
      • React Native from 0.70 shipped with Hermes as the default engine. However, bundled Hermes versions differ from standalone Hermes releases. So added react-native target for React Native with bundled Hermes.
      • According to the documentation, Oculus Browser was renamed to Meta Quest Browser, so oculus target was renamed to quest.
      • opera_mobile target name is confusing since it contains data for the Chromium-based Android version, but iOS Opera is Safari-based. So opera_mobile target was renamed to opera-android.
      • android target name is also confusing for someone - that means Android WebView, some think thinks that it's Chrome for Android, but they have some differences. For avoiding confusion, added chrome-android target.
      • For consistency with two previous cases, added firefox-android target.
      • For avoiding breaking changes, the oculus and opera_mobile fields are available in the compat data till the next major release.
    • Compat data improvements:
    • { Map, WeakMap }.prototype.emplace became stricter by the spec draft
    • Smoothed behavior of some conflicting proposals
    • Removed some generic behavior (like @@ species pattern) of some .prototype methods from the new collections methods proposal and the Array deduplication proposal that most likely will not be implemented since it contradicts the current TC39 policy
    • Added pure version of the Number constructor, #1154, #1155, thanks @ trosos
    • Added set(Timeout|Interval|Immediate) extra arguments fix for Bun 0.3.0- (similarly to IE9-), bun/1633
    • Fixed handling of sparse arrays in structuredClone, #1156
    • Fixed a theoretically possible future conflict of polyfills definitions in the pure version
    • Some refactoring and optimization
  • 3.26.1 - 2022-11-13
    • Disabled forced replacing of Array.fromAsync since it's on Stage 3
    • Avoiding a check of the target in the internal function-uncurry-this helper where it's not required - minor optimization and preventing problems in some broken environments, a workaround of #1141
    • V8 will not ship Array.prototype.{ group, groupToMap } in V8 ~ Chromium 108, proposal-array-grouping/44
  • 3.26.0 - 2022-10-23
  • 3.25.5 - 2022-10-03
    • Fixed regression with an error on reuse of some built-in methods from another realm, #1133
  • 3.25.4 - 2022-10-02
    • Added a workaround of a Nashorn bug with Function.prototype.{ call, apply, bind } on string methods, #1128
    • Updated lists of [Serializable] and [Transferable] objects in the structuredClone polyfill. Mainly, for better error messages if polyfilling of cloning such types is impossible
    • Array.prototype.{ group, groupToMap } marked as supported from V8 ~ Chromium 108
    • Added Electron 22 compat data mapping
  • 3.25.3 - 2022-09-25
    • Forced polyfilling of Array.prototype.groupToMap in the pure version for returning wrapped Map instances
    • Fixed existence of Array.prototype.{ findLast, findLastIndex } in /stage/4 entry
    • Added Opera Android 71 compat data mapping
    • Some stylistic changes
  • 3.25.2 - 2022-09-18
    • Considering document.all as a callable in some missed cases
    • Added Safari 16.0 compat data
    • Added iOS Safari 16.0 compat data mapping
    • Fixed some ancient iOS Safari versions compat data mapping
  • 3.25.1 - 2022-09-07
    • Added some fixes and workarounds of FF30- typed arrays bug that does not properly convert objects to numbers
    • Added sideEffects field to core-js-pure package.json for better tree shaking, #1117
    • Dropped semver dependency from core-js-compat
      • semver package (ironically) added a breaking change and dropped NodeJS 8 support in the minor 7.1 version, after that semver in core-js-compat was pinned to 7.0 since for avoiding breaking changes it should support NodeJS 8. However, since core-js-compat is usually used with other packages that use semver dependency, it causes multiple duplications of semver in dependencies. So I decided to remove semver dependency and replace it with a couple of simple helpers.
    • Added Bun 0.1.6-0.1.11 compat data
    • Added Deno 1.25 compat data mapping
    • Updated Electron 21 compat data mapping
    • Some stylistic changes, minor fixes, and improvements
  • 3.25.0 - 2022-08-24
  • 3.24.1 - 2022-07-29
  • 3.24.0 - 2022-07-25
  • 3.23.5 - 2022-07-17
  • 3.23.4 - 2022-07-09
  • 3.23.3 - 2022-06-25
from core-js GitHub release notes
Commit messages
Package name: core-js
  • c56b97f 3.27.2
  • 52651a1 update dependencies
  • 20ab9c5 coerce negative set size in `get-set-record` to 0
  • 9f9bc14 update dependencies
  • 9edb781 update `test262` dependencies
  • 318fa4f mark `self` as fixed in Deno 1.29.3
  • 64b52bf since now `make-built-in` used in runtime, make some operations unobservable
  • 0d2f278 simplify iteration in `Set#{ isDisjointFrom, isSupersetOf }`
  • b4d713b some stylistic fixes
  • 32cbd8f closing of iterators of `Set`-like objects on early exit
  • 9e56d89 use minor only version for `react-native` for consistency
  • 4cf87e5 add React Native 0.71 Hermes compat data
  • 7f8fce9 add detection correctness of iteration to `Promise.{ allSettled, any }` feature detection, Hermes issue
  • fcd5af4 change `Array` by copy proposal marked as supported from V8 ~ Chrome 110
  • 9d8381d minor tweaks of minification settings for `core-js-bundle`
  • 4eeb86b update `eslint-plugin-import`
  • f3464a7 add Electron 23 and 24 compat data mapping
  • 87a1148 update dependencies
  • 2323e2e update the changelog
  • 0b9292a update dependencies
  • 003405e add Samsung Internet 20 compat data mapping
  • 8a02298 try to use `jsdelivr` cdn in tests since `unpkg` fails too often
  • b47e593 add some links
  • cb84fb2 add Quest Browser 25.0 compat data mapping
Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/cassproject/project/815451ef-7602-430b-ba24-44fab824f623?utm_source=github&utm_medium=referral&page=upgrade-pr) πŸ›  [Adjust upgrade PR settings](https://app.snyk.io/org/cassproject/project/815451ef-7602-430b-ba24-44fab824f623/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) πŸ”• [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/cassproject/project/815451ef-7602-430b-ba24-44fab824f623/settings/integration?pkg=core-js&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
sonarcloud[bot] commented 1 year ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication