Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade core-js from 3.23.3 to 3.26.0 #2

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade core-js from 3.23.3 to 3.26.0 #2

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Dec 2, 2022

Snyk has created this PR to upgrade core-js from 3.23.3 to 3.26.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 11 versions ahead of your current version.
  • The recommended version was released a month ago, on 2022-10-23.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-LOADERUTILS-3043105		 375/1000
Why? CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TERSER-2806366		 375/1000
Why? CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		 375/1000
Why? CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LOADERUTILS-3105943		 375/1000
Why? CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LOADERUTILS-3042992		 375/1000
Why? CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LOADERUTILS-3105943		 375/1000
Why? CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LOADERUTILS-3042992		 375/1000
Why? CVSS 7.5		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: core-js
  • 3.26.0 - 2022-10-23
  • 3.25.5 - 2022-10-03
    • Fixed regression with an error on reuse of some built-in methods from another realm, #1133
  • 3.25.4 - 2022-10-02
    • Added a workaround of a Nashorn bug with Function.prototype.{ call, apply, bind } on string methods, #1128
    • Updated lists of [Serializable] and [Transferable] objects in the structuredClone polyfill. Mainly, for better error messages if polyfilling of cloning such types is impossible
    • Array.prototype.{ group, groupToMap } marked as supported from V8 ~ Chromium 108
    • Added Electron 22 compat data mapping
  • 3.25.3 - 2022-09-25
    • Forced polyfilling of Array.prototype.groupToMap in the pure version for returning wrapped Map instances
    • Fixed existence of Array.prototype.{ findLast, findLastIndex } in /stage/4 entry
    • Added Opera Android 71 compat data mapping
    • Some stylistic changes
  • 3.25.2 - 2022-09-18
    • Considering document.all as a callable in some missed cases
    • Added Safari 16.0 compat data
    • Added iOS Safari 16.0 compat data mapping
    • Fixed some ancient iOS Safari versions compat data mapping
  • 3.25.1 - 2022-09-07
    • Added some fixes and workarounds of FF30- typed arrays bug that does not properly convert objects to numbers
    • Added sideEffects field to core-js-pure package.json for better tree shaking, #1117
    • Dropped semver dependency from core-js-compat
      • semver package (ironically) added a breaking change and dropped NodeJS 8 support in the minor 7.1 version, after that semver in core-js-compat was pinned to 7.0 since for avoiding breaking changes it should support NodeJS 8. However, since core-js-compat is usually used with other packages that use semver dependency, it causes multiple duplications of semver in dependencies. So I decided to remove semver dependency and replace it with a couple of simple helpers.
    • Added Bun 0.1.6-0.1.11 compat data
    • Added Deno 1.25 compat data mapping
    • Updated Electron 21 compat data mapping
    • Some stylistic changes, minor fixes, and improvements
  • 3.25.0 - 2022-08-24
    • Added Object.prototype.__proto__ polyfill
      • It's optional, legacy, and in some cases (mainly because of developers' mistakes) can cause problems, but some libraries depend on it, and most code can't work without the proper libraries' ecosystem
      • Only for modern engines where this feature is missed (like Deno), it's not installed in IE10- since here we have no proper way setting of the prototype
      • Without fixes of early implementations where it's not an accessor since those fixes are impossible
      • Only for the global version
    • Considering document.all as an object in some missed cases, see ECMAScript Annex B 3.6
    • Avoiding unnecessary promise creation and validation result in %WrapForValid(Async)IteratorPrototype%.return, proposal-iterator-helpers/215
    • Fixed omitting the result of proxing .return in %IteratorHelperPrototype%.return, #1116
    • Fixed the order creation of properties of iteration result object of some iterators (value should be created before done)
    • Fixed some cases of Safari < 13 bug - silent on non-writable array .length setting
    • Fixed ArrayBuffer.length in V8 ~ Chrome 27-
    • Relaxed condition of re-usage native WeakMap for internal states with multiple core-js copies
    • Availability cloning of FileList in the structuredClone polyfill extended to some more old engines versions
    • Some stylistic changes and minor fixes
    • Throwing a TypeError in core-js-compat / core-js-builder in case of passing invalid module names / filters for avoiding unexpected result, related to #1115
    • Added missed NodeJS 13.2 to esmodules core-js-compat / core-js-builder target
    • Added Electron 21 compat data mapping
    • Added Oculus Browser 23.0 compat data mapping
  • 3.24.1 - 2022-07-29
    • NodeJS is ignored in IS_BROWSER detection to avoid a false positive with jsdom, #1110
    • Fixed detection of @@ species support in Promise in some old engines
    • { Array, %TypedArray% }.prototype.{ findLast, findLastIndex } marked as shipped in FF104
    • Added iOS Safari 15.6 compat data mapping
    • Fixed Opera 15 compat data mapping
  • 3.24.0 - 2022-07-25
  • 3.23.5 - 2022-07-17
    • Fixed a typo in the structuredClone feature detection, #1106
    • Added Opera Android 70 compat data mapping
  • 3.23.4 - 2022-07-09
  • 3.23.3 - 2022-06-25
from core-js GitHub release notes
Commit messages
Package name: core-js

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

gfeldman pushed a commit that referenced this pull request Mar 11, 2023
@juweins
Fix: Tutorial config-based invalid keywords airbytehq#20071 (airbyteh…
dc71194 
…q#20078)

* Update 5-incremental-reads.md in response of Issue airbytehq#20047

Added the suggested solution from issuer.

* Updated 5-incremental-reads.md #2

Appended the suggested +00:00 into another occurence. Datetime format now corresponds to standards defined in ISO-8601.

* Fix: Low Code Connector tutorial yaml airbytehq#20071
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot