[PR #353] [CLOSED] fix(deps): bump core-js from 3.23.3 to 3.28.0 #375

New Issue

Closed

opened 2025-12-01 17:07:03 +01:00 by arthur · 0 comments

arthur commented 2025-12-01 17:07:03 +01:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/ArthurDanjou/website-old/pull/353
Author: @dependabot[bot]
Created: 2/14/2023
Status: ❌ Closed

Base: master ← Head: dependabot/npm_and_yarn/core-js-3.28.0

---

📝 Commits (1)

• d4727dd fix(deps): bump core-js from 3.23.3 to 3.28.0

📊 Changes

2 files changed (+5 additions, -5 deletions)

View changed files

📝 package.json (+1 -1)
📝 yarn.lock (+4 -4)

📄 Description

Bumps core-js from 3.23.3 to 3.28.0.

Changelog

Sourced from core-js's changelog.

3.28.0 - 2023.02.14

I highly recommend reading this: So, what's next?

• Change Array by copy proposal:
  • Methods:
    • Array.prototype.toReversed
    • Array.prototype.toSorted
    • Array.prototype.toSpliced
    • Array.prototype.with
    • %TypedArray%.prototype.toReversed
    • %TypedArray%.prototype.toSorted
    • %TypedArray%.prototype.with
  • Moved to stable ES, January 2023 TC39 meeting
  • Added es. namespace modules, /es/ and /stable/ namespaces entries
• Added JSON.parse source text access Stage 3 proposal
  • Methods:
    • JSON.parse patched for support source in reviver function arguments
    • JSON.rawJSON
    • JSON.isRawJSON
    • JSON.stringify patched for support JSON.rawJSON
• Added ArrayBuffer.prototype.transfer and friends Stage 3 proposal:
  • Built-ins:
    • ArrayBuffer.prototype.detached
    • ArrayBuffer.prototype.transfer (only in runtimes with native structuredClone with ArrayBuffer transfer support)
    • ArrayBuffer.prototype.transferToFixedLength (only in runtimes with native structuredClone with ArrayBuffer transfer support)
  • In backwards, in runtimes with native ArrayBuffer.prototype.transfer, but without proper structuredClone, added ArrayBuffer transfer support to structuredClone polyfill
• Iterator Helpers proposal:
  • Splitted into 2 (sync and async) proposals, async version moved back to Stage 2, January 2023 TC39 meeting
  • Allowed interleaved mapping in AsyncIterator helpers, proposal-iterator-helpers/262
• Explicit Resource Management Stage 3 and Async Explicit Resource Management Stage 2 proposals:
  • InstallErrorCause removed from SuppressedError, January 2023 TC39 meeting, proposal-explicit-resource-management/145
  • Simplified internal behaviour of { AsyncDisposableStack, DisposableStack }.prototype.use, proposal-explicit-resource-management/143
• Added Symbol predicates Stage 2 proposal
  • Methods:
    • Symbol.isRegistered
    • Symbol.isWellKnown
• Number.range Stage 1 proposal and method renamed to Iterator.range
• Function.prototype.unThis Stage 0 proposal and method renamed to Function.prototype.demethodize
• Fixed Safari String.prototype.toWellFormed ToString conversion bug
• Improved some cases handling of array-replacer in JSON.stringify symbols handling fix
• Fixed many other old JSON.{ parse, stringify } bugs (numbers instead of strings as keys in replacer, handling negative zeroes, spaces, some more handling symbols cases, etc.)
• Fixed configurability and ToString conversion of some accessors
• Added throwing proper errors on an incorrect context in some ArrayBuffer and DataView methods
• Some minor DataView and %TypedArray% polyfills optimizations
• Added proper error on the excess number of trailing = in the atob polyfill
• Fixed theoretically possible ReDoS vulnerabilities in String.prototype.{ trim, trimEnd, trimRight }, parse(Int|Float), Number, atob, and URL polyfills in some ancient engines
• Compat data improvements:
  • RegExp.prototype.flags marked as fixed from V8 ~ Chrome 111
  • Added Opera Android 73 compat data mapping
• Added TypeScript definitions to core-js-builder

... (truncated)

Commits

• 6f721fa refresh
• 93ad467 3.28.0
• 91e0347 so, what's next?
• 39c079b throw proper errors on an incorrect context in some ArrayBuffer and `DataVi...
• 7e0399d some fixes
• 139abbf add ArrayBuffer.prototype.transfer and friends Stage 3 proposal
• 44cf9e8 fix theoretically possible ReDoS vulnerabilities
• 2e44954 fix Safari 9 JSON.parse bug with handling negative zero + some whitespaces
• be7ea2c improve handling of strings wrapped to rawJSON
• e21fe93 add some tests
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/ArthurDanjou/website-old/pull/353 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 2/14/2023 **Status:** ❌ Closed **Base:** `master` ← **Head:** `dependabot/npm_and_yarn/core-js-3.28.0` --- ### 📝 Commits (1) - [`d4727dd`](https://github.com/ArthurDanjou/website-old/commit/d4727dd5f26f51882efbf2ff7b8de9505a32c95b) fix(deps): bump core-js from 3.23.3 to 3.28.0 ### 📊 Changes **2 files changed** (+5 additions, -5 deletions) <details> <summary>View changed files</summary> 📝 `package.json` (+1 -1) 📝 `yarn.lock` (+4 -4) </details> ### 📄 Description Bumps [core-js](https://github.com/zloirock/core-js/tree/HEAD/packages/core-js) from 3.23.3 to 3.28.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/zloirock/core-js/blob/master/CHANGELOG.md">core-js's changelog</a>.</em></p> <blockquote> <h5><a href="https://github.com/zloirock/core-js/releases/tag/v3.28.0">3.28.0 - 2023.02.14</a></h5> <h2><strong>I highly recommend reading this: <a href="https://github.com/zloirock/core-js/blob/master/docs/2023-02-14-so-whats-next.md">So, what's next?</a></strong></h2> <ul> <li><a href="https://github.com/tc39/proposal-change-array-by-copy">Change <code>Array</code> by copy proposal</a>: <ul> <li>Methods: <ul> <li><code>Array.prototype.toReversed</code></li> <li><code>Array.prototype.toSorted</code></li> <li><code>Array.prototype.toSpliced</code></li> <li><code>Array.prototype.with</code></li> <li><code>%TypedArray%.prototype.toReversed</code></li> <li><code>%TypedArray%.prototype.toSorted</code></li> <li><code>%TypedArray%.prototype.with</code></li> </ul> </li> <li>Moved to stable ES, <a href="https://github-redirect.dependabot.com/babel/proposals/issues/86#issuecomment-1409261397">January 2023 TC39 meeting</a></li> <li>Added <code>es.</code> namespace modules, <code>/es/</code> and <code>/stable/</code> namespaces entries</li> </ul> </li> <li>Added <a href="https://github.com/tc39/proposal-json-parse-with-source"><code>JSON.parse</code> source text access Stage 3 proposal</a> <ul> <li>Methods: <ul> <li><code>JSON.parse</code> patched for support <code>source</code> in <code>reviver</code> function arguments</li> <li><code>JSON.rawJSON</code></li> <li><code>JSON.isRawJSON</code></li> <li><code>JSON.stringify</code> patched for support <code>JSON.rawJSON</code></li> </ul> </li> </ul> </li> <li>Added <a href="https://github.com/tc39/proposal-arraybuffer-transfer"><code>ArrayBuffer.prototype.transfer</code> and friends Stage 3 proposal</a>: <ul> <li>Built-ins: <ul> <li><code>ArrayBuffer.prototype.detached</code></li> <li><code>ArrayBuffer.prototype.transfer</code> (only in runtimes with native <code>structuredClone</code> with <code>ArrayBuffer</code> transfer support)</li> <li><code>ArrayBuffer.prototype.transferToFixedLength</code> (only in runtimes with native <code>structuredClone</code> with <code>ArrayBuffer</code> transfer support)</li> </ul> </li> <li>In backwards, in runtimes with native <code>ArrayBuffer.prototype.transfer</code>, but without proper <code>structuredClone</code>, added <code>ArrayBuffer</code> transfer support to <code>structuredClone</code> polyfill</li> </ul> </li> <li><a href="https://github.com/tc39/proposal-iterator-helpers">Iterator Helpers</a> proposal: <ul> <li>Splitted into 2 (<a href="https://github.com/tc39/proposal-iterator-helpers">sync</a> and <a href="https://github.com/tc39/proposal-async-iterator-helpers">async</a>) proposals, async version moved back to Stage 2, <a href="https://github-redirect.dependabot.com/babel/proposals/issues/86#issuecomment-1410926068">January 2023 TC39 meeting</a></li> <li>Allowed interleaved mapping in <code>AsyncIterator</code> helpers, <a href="https://github-redirect.dependabot.com/tc39/proposal-iterator-helpers/pull/262">proposal-iterator-helpers/262</a></li> </ul> </li> <li><a href="https://github.com/tc39/proposal-explicit-resource-management">Explicit Resource Management</a> Stage 3 and <a href="https://github.com/tc39/proposal-async-explicit-resource-management/">Async Explicit Resource Management</a> Stage 2 proposals: <ul> <li><code>InstallErrorCause</code> removed from <code>SuppressedError</code>, <a href="https://github-redirect.dependabot.com/babel/proposals/issues/86#issuecomment-1410889704">January 2023 TC39 meeting</a>, <a href="https://github-redirect.dependabot.com/tc39/proposal-explicit-resource-management/pull/146">proposal-explicit-resource-management/145</a></li> <li>Simplified internal behaviour of <code>{ AsyncDisposableStack, DisposableStack }.prototype.use</code>, <a href="https://github-redirect.dependabot.com/tc39/proposal-explicit-resource-management/pull/143">proposal-explicit-resource-management/143</a></li> </ul> </li> <li>Added <a href="https://github.com/tc39/proposal-symbol-predicates"><code>Symbol</code> predicates Stage 2 proposal</a> <ul> <li>Methods: <ul> <li><code>Symbol.isRegistered</code></li> <li><code>Symbol.isWellKnown</code></li> </ul> </li> </ul> </li> <li><code>Number.range</code> Stage 1 proposal and method <a href="https://github.com/tc39/proposal-Number.range">renamed to <code>Iterator.range</code></a></li> <li><code>Function.prototype.unThis</code> Stage 0 proposal and method <a href="https://github.com/js-choi/proposal-function-demethodize">renamed to <code>Function.prototype.demethodize</code></a></li> <li>Fixed <a href="https://bugs.webkit.org/show_bug.cgi?id=251757">Safari <code>String.prototype.toWellFormed</code> <code>ToString</code> conversion bug</a></li> <li>Improved some cases handling of array-replacer in <code>JSON.stringify</code> symbols handling fix</li> <li>Fixed many other old <code>JSON.{ parse, stringify }</code> bugs (numbers instead of strings as keys in replacer, handling negative zeroes, spaces, some more handling symbols cases, etc.)</li> <li>Fixed configurability and <code>ToString</code> conversion of some accessors</li> <li>Added throwing proper errors on an incorrect context in some <code>ArrayBuffer</code> and <code>DataView</code> methods</li> <li>Some minor <code>DataView</code> and <code>%TypedArray%</code> polyfills optimizations</li> <li>Added proper error on the excess number of trailing <code>=</code> in the <code>atob</code> polyfill</li> <li>Fixed theoretically possible ReDoS vulnerabilities in <code>String.prototype.{ trim, trimEnd, trimRight }</code>, <code>parse(Int|Float)</code>, <code>Number</code>, <code>atob</code>, and <code>URL</code> polyfills in some ancient engines</li> <li>Compat data improvements: <ul> <li><code>RegExp.prototype.flags</code> marked as fixed from V8 ~ Chrome 111</li> <li>Added Opera Android 73 compat data mapping</li> </ul> </li> <li>Added TypeScript definitions to <code>core-js-builder</code></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/zloirock/core-js/commit/6f721fa6f173e019ba3f236ee59a6ff06f4e1b84"><code>6f721fa</code></a> refresh</li> <li><a href="https://github.com/zloirock/core-js/commit/93ad467493200d7a30a225281b1cdb3e400a8b25"><code>93ad467</code></a> 3.28.0</li> <li><a href="https://github.com/zloirock/core-js/commit/91e0347e632a8e467c06ccf95e47adffa1a6971b"><code>91e0347</code></a> so, what's next?</li> <li><a href="https://github.com/zloirock/core-js/commit/39c079b11d165d599e52659d2a134cfefbae2757"><code>39c079b</code></a> throw proper errors on an incorrect context in some <code>ArrayBuffer</code> and `DataVi...</li> <li><a href="https://github.com/zloirock/core-js/commit/7e0399d23546055c0f19c5e2b430ec2903ef6dec"><code>7e0399d</code></a> some fixes</li> <li><a href="https://github.com/zloirock/core-js/commit/139abbfc9fdd3483d5e5e6a506322e880f3a3ad4"><code>139abbf</code></a> add <code>ArrayBuffer.prototype.transfer</code> and friends Stage 3 proposal</li> <li><a href="https://github.com/zloirock/core-js/commit/44cf9e8de9bc8f67182e6a2ce05a2aec2c8d2735"><code>44cf9e8</code></a> fix theoretically possible ReDoS vulnerabilities</li> <li><a href="https://github.com/zloirock/core-js/commit/2e44954d24995c434dd157cf8a71b92ff9577502"><code>2e44954</code></a> fix Safari 9 <code>JSON.parse</code> bug with handling negative zero + some whitespaces</li> <li><a href="https://github.com/zloirock/core-js/commit/be7ea2c2d6e01b01c6d76803245f0bdb37b49c52"><code>be7ea2c</code></a> improve handling of strings wrapped to <code>rawJSON</code></li> <li><a href="https://github.com/zloirock/core-js/commit/e21fe939193e179d8ebe70b63d714361759b3e53"><code>e21fe93</code></a> add some tests</li> <li>Additional commits viewable in <a href="https://github.com/zloirock/core-js/commits/v3.28.0/packages/core-js">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

arthur added the pull-request label 2025-12-01 17:07:03 +01:00

arthur closed this issue 2025-12-01 17:07:03 +01:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

dependabot/npm_and_yarn/nuxtjs/sentry-7.1.4

dependabot/npm_and_yarn/core-js-3.29.0

dependabot/npm_and_yarn/sass-1.58.3

dependabot/npm_and_yarn/nuxt/content-2.4.3

dependabot/npm_and_yarn/nuxtjs/i18n-7.3.1

dependabot/npm_and_yarn/nuxt-windicss-2.6.0

dependabot/npm_and_yarn/nuxtjs/color-mode-3.2.0

dependabot/npm_and_yarn/sass-loader-13.2.0

dependabot/npm_and_yarn/markdown-it-prism-2.3.0

dependabot/npm_and_yarn/nuxtjs/composition-api-0.33.1

v3

dev

No results found.

Labels

Clear labels

pull-request

Mirrored from GitHub Pull Request

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

arthur

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: arthur/website-old#375