search

udsm-dhis2-lab / ngx-dhis2-validation-rule-filter

Library for filtering the validation rule and validation rule group in the DHIS2 Platform
GNU Lesser General Public License v3.0
0 stars 1 forks source link

chore(deps): bump core-js from 3.2.1 to 3.15.0 #953

Closed dependabot-preview[bot] closed 3 years ago

dependabot-preview[bot] commented 3 years ago

Bumps core-js from 3.2.1 to 3.15.0.

Changelog

Sourced from core-js's changelog.

3.15.0 - 2021.06.21
  • Added RegExp named capture groups polyfill, #521, #944
  • Added RegExp dotAll flag polyfill, #792, #944
  • Added missed polyfills of Annex B features (required mainly for some non-browser engines), #336, #945:
    • escape
    • unescape
    • String.prototype.substr
    • Date.prototype.getYear
    • Date.prototype.setYear
    • Date.prototype.toGMTString
  • Fixed detection of forbidden host code points in URL polyfill
  • Allowed rhino target in core-js-compat / core-js-builder, added compat data for rhino 1.7.13, #942, thanks @​gausie
  • .at marked as supported from FF90
3.14.0 - 2021.06.05
  • Added polyfill of stable sort in { Array, %TypedArray% }.prototype.sort, #769, #941
  • Fixed Safari 14.0- %TypedArray%.prototype.sort validation of arguments bug
  • .at marked as supported from V8 9.2
3.13.1 - 2021.05.29
  • Overwrites get-own-property-symbols third-party Symbol polyfill if it's used since it causes a stack overflow, #774
  • Added a workaround of possible browser crash on Object.prototype accessors methods in WebKit ~ Android 4.0, #232
3.13.0 - 2021.05.26
3.12.1 - 2021.05.09
  • Fixed some cases of Function#toString with multiple core-js instances
  • Fixed some possible String#split polyfill problems in V8 5.1
3.12.0 - 2021.05.06
3.11.3 - 2021.05.05
  • Native promise-based APIs Promise#{ catch, finally } returns polyfilled Promise instances when it's required
3.11.2 - 2021.05.03
  • Added a workaround of WebKit ~ iOS 10.3 Safari Promise bug, #932
  • Promise#then of incorrect native Promise implementations with correct subclassing no longer wrapped
  • Changed the order of Promise feature detection, removed unhandled rejection tracking check in non-browser non-node platforms
3.11.1 - 2021.04.28
  • Made instanceof Promise and .constructor === Promise work with polyfilled Promise for all native promise-based APIs
  • Added a workaround for some buggy V8 versions ~4.5 related to fixing of %TypedArray% static methods, #564
3.11.0 - 2021.04.22

... (truncated)

Commits
  • 4f7f304 3.15.0
  • 219b688 fix dotAll entry
  • bae33e0 revert test of delegation to .exec().groups in .replace
  • 9a91e18 some stylistic changes
  • bccff54 some protections
  • e485690 some improvements
  • f7b619d simplify fix-regexp-well-known-symbol-logic
  • 3646a74 some improvements
  • 3f5640c untangle fix-regexp-well-known-symbol-logic by moving feature detection to ...
  • 1a510ac add basic NCG support
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by zloirock, a new releaser for core-js since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)
guardrails[bot] commented 3 years ago

:warning: We detected 21 security issues in this pull request:

Vulnerable Libraries (21)
Severity | Details ----- | -------- Medium | [acorn@6.3.0](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/da5d3e099980ca4de9637984cf455d42ac12fca6/package.json) upgrade to `>5.7.3 || >6.4.0 || >7.1.0` Medium | [browserslist@4.6.6](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/da5d3e099980ca4de9637984cf455d42ac12fca6/package.json) upgrade to `>4.16.4` High | [dns-packet@1.3.1](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/da5d3e099980ca4de9637984cf455d42ac12fca6/package.json) upgrade to `>=1.3.2 || >=5.2.2` High | [dot-prop@4.2.0](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/da5d3e099980ca4de9637984cf455d42ac12fca6/package.json) upgrade to `>=4.2.1 || >=5.1.1` High | [elliptic@6.5.0](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/da5d3e099980ca4de9637984cf455d42ac12fca6/package.json) upgrade to `>6.5.3` Critical | [handlebars@4.1.2](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/da5d3e099980ca4de9637984cf455d42ac12fca6/package.json) upgrade to `>4.7.6` Medium | [hosted-git-info@2.8.4](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/da5d3e099980ca4de9637984cf455d42ac12fca6/package.json) upgrade to `>=2.8.9 || >=3.0.8` High | [http-proxy@1.17.0](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/da5d3e099980ca4de9637984cf455d42ac12fca6/package.json) upgrade to `>=1.18.1` High | [https-proxy-agent@2.2.1](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/da5d3e099980ca4de9637984cf455d42ac12fca6/package.json) upgrade to `>=2.2.3` High | [merge@1.2.1](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/da5d3e099980ca4de9637984cf455d42ac12fca6/package.json) upgrade to `>=2.1.1` High | [node-forge@0.7.5](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/da5d3e099980ca4de9637984cf455d42ac12fca6/package.json) upgrade to `>0.9.2` High | [node-sass@4.12.0](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/da5d3e099980ca4de9637984cf455d42ac12fca6/package.json) upgrade to `>=3.3.0` High | [normalize-url@4.3.0](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/da5d3e099980ca4de9637984cf455d42ac12fca6/package.json) upgrade to `>4.5.0 || >5.3.0 || 6.0.0` Medium | [postcss@7.0.17](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/da5d3e099980ca4de9637984cf455d42ac12fca6/package.json) upgrade to `>7.0.35 || >8.2.9` High | [serialize-javascript@1.9.0](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/da5d3e099980ca4de9637984cf455d42ac12fca6/package.json) upgrade to `>3.0.0` Medium | [ssri@5.3.0](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/da5d3e099980ca4de9637984cf455d42ac12fca6/package.json) upgrade to `>6.0.1 || >7.1.0 || 8.0.0` High | [tree-kill@1.2.1](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/da5d3e099980ca4de9637984cf455d42ac12fca6/package.json) upgrade to `>=1.2.2` High | [trim-newlines@1.0.0](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/da5d3e099980ca4de9637984cf455d42ac12fca6/package.json) upgrade to `>=3.0.1 || =4.0.0` High | [url-parse@1.4.7](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/da5d3e099980ca4de9637984cf455d42ac12fca6/package.json) upgrade to `>=1.5.0` Medium | [websocket-extensions@0.1.3](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/da5d3e099980ca4de9637984cf455d42ac12fca6/package.json) upgrade to `>=0.1.4` High | [y18n@4.0.0](https://github.com/hisptz/ngx-dhis2-validation-rule-filter/blob/da5d3e099980ca4de9637984cf455d42ac12fca6/package.json) upgrade to `>=5.0.5` More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

dependabot-preview[bot] commented 3 years ago

Superseded by #956.