[Snyk] Upgrade core-js from 3.22.5 to 3.33.2

[TheAutisticTechie]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade core-js from 3.22.5 to 3.33.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 36 versions ahead of your current version.
• The recommended version was released a month ago, on 2023-10-30.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	579/1000 Why? Has a fix available, CVSS 7.3	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-BRAINTREESANITIZEURL-2339882	579/1000 Why? Has a fix available, CVSS 7.3	Proof of Concept
	Open Redirect SNYK-JS-NODEFORGE-2330875	579/1000 Why? Has a fix available, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-NODEFORGE-2331908	579/1000 Why? Has a fix available, CVSS 7.3	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	579/1000 Why? Has a fix available, CVSS 7.3	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	579/1000 Why? Has a fix available, CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: core-js

• 3.33.2 - 2023-10-30
  
  • Simplified structuredClone polyfill, avoided second tree pass in cases of transferring
  • Added support of SuppressedError to structuredClone polyfill
  • Removed unspecified unnecessary ArrayBuffer and DataView dependencies of structuredClone lack of which could cause errors in some entries in IE10-
  • Fixed handling of fractional number part in Number.fromString
  • Compat data improvements:
    • URL.canParse marked as supported from Chromium 120
    • Updated Opera Android 78 compat data mapping
    • Added Electron 29 compat data mapping
• 3.33.1 - 2023-10-20
  
  • Added one more workaround of possible error with Symbol polyfill on global object, #1289
  • Directly specified type: commonjs in package.json of all packages to avoid potential breakage in future Node versions, see this issue
  • Prevented potential issue with lack of some dependencies after automatic optimization polyfills of some methods in the pure version
  • Some minor internal fixes and optimizations
  • Compat data improvements:
    • String.prototype.{ isWellFormed, toWellFormed } marked as supported from FF119
    • Added React Native 0.73 Hermes compat data, mainly fixes of some issues
    • Added NodeJS 21.0 compat data mapping
• 3.33.0 - 2023-10-01
  
  • Re-introduced RegExp escaping stage 2 proposal, September 2023 TC39 meeting:
    • Added RegExp.escape method with the new set of symbols for escaping
    • Some years ago, it was presented in core-js, but it was removed after rejecting the old version of this proposal
  • Added ArrayBuffer.prototype.{ transfer, transferToFixedLength } and support transferring of ArrayBuffers via structuredClone to engines with MessageChannel
  • Optimized Math.f16round polyfill
  • Fixed some conversion cases of Math.f16round and DataView.prototype.{ getFloat16, setFloat16 }
  • Fully forced polyfilling of the TC39 Observable proposal because of incompatibility with the new WHATWG Observable proposal
  • Added an extra workaround of errors with exotic environment objects in Symbol polyfill, #1289
  • Some minor fixes and stylistic changes
  • Compat data improvements:
    • V8 unshipped Iterator helpers because of some Web compatibility issues
    • Promise.withResolvers marked as supported from V8 ~ Chrome 119
    • Array grouping proposal features marked as supported from FF119
    • value argument of URLSearchParams.prototype.{ has, delete } marked as properly supported from V8 ~ Chrome 118
    • URL.canParse and URLSearchParams.prototype.size marked as supported from Bun 1.0.2
    • Added Deno 1.37 compat data mapping
    • Added Electron 28 compat data mapping
    • Added Opera Android 78 compat data mapping
• 3.32.2 - 2023-09-07
  
  • Fixed structuredClone feature detection [email protected] bug, #1288
  • Added a workaround of old WebKit + eval bug, #1287
  • Compat data improvements:
    • Added Samsung Internet 23 compat data mapping
    • Added Quest Browser 29 compat data mapping
• 3.32.1 - 2023-08-18
  
  • Fixed some cases of IEEE754 rounding, #1279, thanks @ petamoriken
  • Prevented injection process polyfill to core-js via some bundlers or esm.sh, #1277
  • Some minor fixes and stylistic changes
  • Compat data improvements:
    • Promise.withResolvers marked as supported from Bun 0.7.1
    • Added Opera Android 77 compat data mapping
    • Updated Electron 27 compat data mapping
• 3.32.0 - 2023-07-27
  
  • Array grouping proposal, July 2023 TC39 meeting updates:
    • Moved back to stage 3
    • Added /actual/ namespaces entries, unconditional forced replacement changed to feature detection
  • Promise.withResolvers proposal, July 2023 TC39 meeting updates:
    • Moved to stage 3
    • Added /actual/ namespaces entries, unconditional forced replacement changed to feature detection
  • Set methods stage 3 proposal, July 2023 TC39 meeting updates::
    • Throw on negative Set sizes, proposal-set-methods/88
    • Removed IsCallable check in GetKeysIterator, proposal-set-methods/101
  • Iterator Helpers stage 3 proposal:
    • Avoid creating observable String wrapper objects, July 2023 TC39 meeting update, proposal-iterator-helpers/281
    • Iterator is not constructible from the active function object (works as an abstract class)
  • Async explicit resource management:
    • Moved back into the initial proposal -> moved to stage 3, proposal-explicit-resource-management/154
    • Added /actual/ namespace entries, unconditional forced replacement changed to feature detection
    • Ignore return value of [@@ dispose]() method when hint is async-dispose, proposal-explicit-resource-management/180
    • Added ticks for empty resources, proposal-explicit-resource-management/163
  • Added some methods from Float16Array stage 3 proposal:
    • There are some reason why I don't want to add Float16Array right now, however, make sense to add some methods from this proposal.
    • Methods:
      • Math.f16round
      • DataView.prototype.getFloat16
      • DataView.prototype.setFloat16
  • Added DataView get / set Uint8Clamped methods stage 1 proposal:
    • Methods:
      • DataView.prototype.getUint8Clamped
      • DataView.prototype.setUint8Clamped
  • Used strict mode in some missed cases, #1269
  • Fixed a Chromium 117 bug in value argument of URLSearchParams.prototype.{ has, delete }
  • Fixed early WebKit ~ Safari 17.0 beta Set methods implementation by the actual spec
  • Fixed incorrect Symbol.{ dispose, asyncDispose } descriptors from NodeJS 20.4 / transpilers helpers / userland code
  • Fixed forced polyfilling of some iterator helpers that should return wrapped iterator in the pure version
  • Fixed and exposed AsyncIteratorPrototype core-js/configurator option, #1268
  • Compat data improvements:
    • Sync Iterator helpers proposal features marked as supported from V8 ~ Chrome 117
    • Array grouping proposal features marked as supported from V8 ~ Chrome 117
    • Mark Symbol.{ dispose, asyncDispose } as supported from NodeJS 20.5.0 (as mentioned above, NodeJS 20.4.0 add it, but with incorrect descriptors)
    • Added Electron 27 compat data mapping
• 3.31.1 - 2023-07-06
  
  • Fixed a structuredClone bug with cloning views of transferred buffers, #1265
  • Fixed the order of arguments validation in DataView methods
  • Allowed cloning of Float16Array in structuredClone
  • Compat data improvements:
    • Set methods proposal marked as supported from Safari 17.0
    • New URL features: URL.canParse, URLSearchParams.prototype.size and value argument of URLSearchParams.prototype.{ has, delete } marked as supported from Safari 17.0
    • value argument of URLSearchParams.prototype.{ has, delete } marked as supported from Deno 1.35
    • AggregateError and well-formed JSON.stringify marked as supported React Native 0.72 Hermes
    • Added Deno 1.35 compat data mapping
    • Added Quest Browser 28 compat data mapping
    • Added missing NodeJS 12.16-12.22 compat data mapping
    • Updated Opera Android 76 compat data mapping
• 3.31.0 - 2023-06-11
  
  • Well-formed unicode strings proposal:
    • Methods:
      • String.prototype.isWellFormed method
      • String.prototype.toWellFormed method
    • Moved to stable ES, May 2023 TC39 meeting
    • Added es. namespace modules, /es/ and /stable/ namespaces entries
  • Array grouping proposal, May 2023 TC39 meeting updates:
    • Because of the web compat issue, moved from prototype to static methods. Added:
      • Object.groupBy method
      • Map.groupBy method (with the actual semantic - with a minor difference it was present in the collections methods stage 1 proposal)
    • Demoted to stage 2
  • Decorator Metadata proposal, May 2023 TC39 meeting updates:
    • Moved to stage 3
    • Added Function.prototype[Symbol.metadata] (=== null)
    • Added /actual/ entries
  • Iterator Helpers stage 3 proposal:
    • Changed Symbol.iterator fallback from callable check to undefined / null check, May 2023 TC39 meeting, proposal-iterator-helpers/272
    • Removed IsCallable check on NextMethod, deferring errors to Call site, May 2023 TC39 meeting, proposal-iterator-helpers/274
  • Added Promise.withResolvers stage 2 proposal:
    • Promise.withResolvers method
  • Symbol predicates stage 2 proposal:
    • The methods renamed to end with Symbol, May 2023 TC39 meeting:
      • Symbol.isRegistered -> Symbol.isRegisteredSymbol method
      • Symbol.isWellKnown -> Symbol.isWellKnownSymbol method
  • Added value argument of URLSearchParams.prototype.{ has, delete }, url/735
  • Fixed some cases of increasing buffer size in ArrayBuffer.prototype.{ transfer, transferToFixedLength } polyfills
  • Fixed awaiting async AsyncDisposableStack.prototype.adopt callback, #1258
  • Fixed URLSearchParams#size in ES3 engines (IE8-)
  • Added a workaround in Object.{ entries, values } for some IE versions bug with invisible integer keys on null-prototype objects
  • Added TypeScript definitions to core-js-compat, #1235, thanks @ susnux
  • Compat data improvements:
    • Set.prototype.difference that was missed in Bun because of a bug added in 0.6.0
    • Array.prototype.{ group, groupToMap } marked as no longer supported in WebKit runtimes because of the mentioned above web compat issue. For example, it's disabled from Bun 0.6.2
    • Methods from the change Array by copy proposal marked as supported from FF115
    • Array.fromAsync marked as supported from FF115
    • URL.canParse marked as supported from FF115
    • value argument of URLSearchParams.prototype.{ has, delete } marked as supported from NodeJS 20.2.0 and FF115
    • Added Deno 1.34 compat data mapping
    • Added Electron 26 compat data mapping
    • Added Samsung Internet 22 compat data mapping
    • Added Opera Android 75 and 76 compat data mapping
    • Added Quest Browser 27 compat data mapping
• 3.30.2 - 2023-05-06
  
  • Added a fix for a NodeJS 20.0.0 bug with cloning File via structuredClone
  • Added protection from Terser unsafe String optimization, #1242
  • Added a workaround for getting proper global object in Figma plugins, #1231
  • Compat data improvements:
    • Added NodeJS 20.0 compat data mapping
    • Added Deno 1.33 compat data mapping
    • URL.canParse marked as supported (fixed) from NodeJS 20.1.0 and Deno 1.33.2
• 3.30.1 - 2023-04-13
  Read more
• 3.30.0 - 2023-04-03
• 3.29.1 - 2023-03-13
• 3.29.0 - 2023-02-26
• 3.28.0 - 2023-02-13
• 3.27.2 - 2023-01-18
• 3.27.1 - 2022-12-29
• 3.27.0 - 2022-12-25
• 3.26.1 - 2022-11-13
• 3.26.0 - 2022-10-23
• 3.25.5 - 2022-10-03
• 3.25.4 - 2022-10-02
• 3.25.3 - 2022-09-25
• 3.25.2 - 2022-09-18
• 3.25.1 - 2022-09-07
• 3.25.0 - 2022-08-24
• 3.24.1 - 2022-07-29
• 3.24.0 - 2022-07-25
• 3.23.5 - 2022-07-17
• 3.23.4 - 2022-07-09
• 3.23.3 - 2022-06-25
• 3.23.2 - 2022-06-20
• 3.23.1 - 2022-06-14
• 3.23.0 - 2022-06-13
• 3.22.8 - 2022-06-01
• 3.22.7 - 2022-05-24
• 3.22.6 - 2022-05-22
• 3.22.5 - 2022-05-10

from core-js GitHub release notes

Commit messages

Package name: core-js

• 7cbd6b5 3.33.2
• ddcc8f2 add a link
• aa2e288 update dependencies
• 4f91747 mark `URL.canParse` as supported from Chromium 120
• ccdc164 add Electron 29 compat data mapping
• 96ba2cf update dependencies
• ffc6984 temporarily drop unspecified special cases from `Number.fromString` before clarification from champions
• f7b095e fix handling of fractional number part and some special cases in `Number.fromString`
• 79ea4a7 move stylistic eslint rules to `@ stylistic/eslint-plugin`
• 55cd424 adapt `get-built-in-prototype-method` helper for some future use cases
• effda0c drop an extra method name
• d6f71d1 add support of `SuppressedError` to `structuredClone` polyfill and simplify it
• c6ea9f7 simplify `structuredClone` polyfill, avoid second tree pass in cases of transferring
• 82978a7 pin node 20 on ci to 20.9 as first lts
• 246023e update dependencies
• 65e9213 remove unspecified unnecessary `ArrayBuffer` and `DataView` dependencies of `structuredClone`
• 0dfc8b6 specify `node@^18.12` as a dev env
• 2869757 update `actions/setup-node`
• 8a4a162 update dependencies
• e6cba56 update Opera Android 78 compat data mapping
• 7e9d0c9 update dependencies
• d66ce13 update dependencies
• 441d1c6 update dependencies
• 55bec56 use node 21 on ci

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs