search

verygoodsecurity / vgs-collect-js

VGS Collect.js script loading module
https://www.verygoodsecurity.com/
7 stars 15 forks source link

[Snyk] Upgrade core-js from 3.17.3 to 3.19.3 #36

Closed snyk-bot closed 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to upgrade core-js from 3.17.3 to 3.19.3.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Release notes
Package name: core-js
  • 3.19.3 - 2021-12-06
    • Fixed internal slots check in methods of some built-in types, #1017
    • Fixed URLSearchParams iterator .next that should be enumerable by the spec
    • Refactored Subscription
    • Added NodeJS 17.2 compat data mapping
  • 3.19.2 - 2021-11-29
    • Added a workaround for a UC Browser specific version bug with unobservable RegExp#sticky flag, #1008, #1015
    • Added handling of comments and specific spaces to Function#name polyfill, #1010, thanks @ ildar-shaimordanov
    • Prevented some theoretical cases of breaking / observing the internal state by patching Array.prototype[@@ species]
    • Refactored URL and URLSearchParams
    • Added iOS Safari 15.2 compat data mapping
    • Added Electron 17.0 compat data mapping
    • Updated Deno compat data mapping
  • 3.19.1 - 2021-11-02
    • Added a workaround for FF26- bug where ArrayBuffers are non-extensible, but Object.isExtensible does not report it:
      • Fixed in Object.{ isExtensible, isSealed, isFrozen } and Reflect.isExtensible
      • Fixed handling of ArrayBuffers as collections keys
    • Fixed Object#toString on AggregateError in IE10-
    • Fixed possible lack of dependencies of WeakMap in IE8-
    • .findLast methods family marked as supported from Chrome 97
    • Fixed inheritance of Electron compat data web. modules
    • Fixed Safari 15.1 compat data (some features were not added)
    • Added iOS Safari 15.1 compat data mapping
  • 3.19.0 - 2021-10-25
    • Most built-ins are encapsulated in core-js for preventing possible cases of breaking / observing the internal state by patching / deleting of them
      • Avoid .call / .apply prototype methods that could be patched
      • Avoid instanceof operator - implicit .prototype / @@ hasInstance access that could be patched
      • Avoid RegExp#test, String#match and some over methods - implicit .exec and RegExp well-known symbols access that could be patched
    • Clearing of Error stack from extra entries experimentally added to AggregateError, #996, in case lack of problems it will be extended to other cases
    • In engines with native Symbol support, new well-known symbols created with usage Symbol.for for ensuring the same keys in different realms, #998
    • Added a workaround of a BrowserFS NodeJS process polyfill bug that incorrectly reports V8 version that's used in some cases of core-js feature detection
    • Fixed normalization of message AggregateError argument
    • Fixed order of arguments conversion in Math.scale, a spec draft bug
    • Fixed core-js-builder work in NodeJS 17, added a workaround of webpack + NodeJS 17 issue
    • Added NodeJS 17.0 compat data mapping
    • Added Opera Android 65 compat data mapping
    • Updated Electron 16.0 compat data mapping
    • Many other minor fixes and improvements
  • 3.18.3 - 2021-10-12
    • Fixed the prototype chain of AggregateError constructor that should contain Error constructor
    • Fixed incorrect AggregateError.prototype properties descriptors
    • Fixed InstallErrorCause internal operation
    • Added NodeJS 16.11 compat data mapping
    • Added Deno 1.16 compat data mapping
    • Object.hasOwn marked as supported from Safari 15.1
  • 3.18.2 - 2021-10-05
    • Early { Array, %TypedArray% }.fromAsync errors moved to the promise, per the latest changes of the spec draft
    • Internal ToInteger(OrInfinity) operation returns +0 for -0 argument, ES2020+ update
    • Fixed theoretical problems with handling bigint in Number constructor wrapper
    • Fixed String.raw with extra arguments
    • Fixed some missed dependencies in entry points
    • Some other minor fixes and improvements
    • Refactoring
  • 3.18.1 - 2021-09-26
    • Fixed String.prototype.substr feature detection and compat data
    • Removed mistakenly added .forEach from prototypes of some DOM collections where it shouldn't be, #988, #987, thanks @ moorejs
    • Added cause to AggregateError constructor implementation (still without adding to the feature detection)
    • Families of .at and .findLast methods marked as supported in Safari TP
    • Added Electron 16.0 compat data mapping
  • 3.18.0 - 2021-09-19
    • Added Array.fromAsync stage 1 proposal:
      • Array.fromAsync
      • %TypedArray%.fromAsync
    • .name and .toString() on polyfilled functions improved in many different cases
    • Improved internal IsConstructor and IsCallable checks
    • Fixed some internal cases of GetMethod operation
    • Fixed a bug of MS Edge 18- parseInt / parseFloat with boxed symbols
    • Fixed es.array.{ index-of, last-index-of } compat data
    • Added Deno 1.15 compat data mapping
    • Some other minor fixes and optimizations
  • 3.17.3 - 2021-09-09
    • Fixed some possible problems related to possible extension of %IteratorPrototype% and %AsyncIteratorPrototype% in the future
    • Fixed DOMTokenList.prototype.{ forEach, @@ iterator, keys, values, entries } in old WebKit versions where element.classList is not an instance of global DOMTokenList
    • Added NodeJS 16.9 compat data mapping
    • Added Samsung Internet 16.0 compat data mapping
from core-js GitHub release notes
Commit messages
Package name: core-js
  • 7dae270 3.19.3
  • dde0f68 adapt some tests for IE8-
  • 1c30078 update the changelog
  • 2e73413 slightly rework `Subscription` state
  • bbddc65 update dependencies
  • ef0bd20 update dependencies
  • 325ee1e fix internal slots check in methods of some more built-in types
  • 4a29d1f fix `URLSearchParams` iterator `.next` that should be enumerable by the spec
  • bfa8fe1 fix requirements of internal slots in `Observable` / `Subscription` / `SubscriptionObserver`
  • 66e8263 fix a link
  • 810be7b update dependencies, we can no longer use `legacy-peer-deps`
  • 70c1732 add NodeJS 17.2 compat data mapping
  • e49b7f3 3.19.2
  • 52eea94 move some logic to the prototype of `URL` state
  • c4e8bb3 move some logic to state prototypes
  • 7f6670f prevent some theoretical cases of breaking / observing the internal state by patching `Array.prototype[@@ species]`
  • 48d0b3f update dependencies
  • 28f30d3 add Electron 17.0 compat data mapping
  • 8aaad88 Merge pull request #1015 from zloirock/uc-sticky
  • ab4cc84 update the changelog
  • 1ed2bd1 try to fix broken UC browser `RegExp#sticky`
  • 73804dd update dependencies
  • a4317b7 update dependencies
  • 91938c2 unpin `cli-table` since a bug was fixed
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs