[Snyk] Upgrade core-js from 3.12.0 to 3.45.1

[nejidevelops]

Snyk has created this PR to upgrade core-js from 3.12.0 to 3.45.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 90 versions ahead of your current version.

• The recommended version was released 2 months ago.

Release notes

Package name: core-js

• 3.45.1 - 2025-08-20
  
  • Changes v3.45.0...v3.45.1 (30 commits)
  • Fixed a conflict of native methods from Map upsert proposal with polyfilled methods in the pure version
  • Added bugs fields to package.json of all packages
  • Compat data improvements:
    • Map upsert proposal features marked as shipped from Bun 1.2.20
    • Added Samsung Internet 29 compat data mapping
    • Added Electron 39 compat data mapping
• 3.45.0 - 2025-08-04
  
  • Changes v3.44.0...v3.45.0 (70 commits)
  • Uint8Array to / from base64 and hex proposal:
    • Built-ins:
      • Uint8Array.fromBase64
      • Uint8Array.fromHex
      • Uint8Array.prototype.setFromBase64
      • Uint8Array.prototype.setFromHex
      • Uint8Array.prototype.toBase64
      • Uint8Array.prototype.toHex
    • Moved to stable ES, July 2025 TC39 meeting
    • Added es. namespace modules, /es/ and /stable/ namespaces entries
    • Added detection of a Webkit bug: Uint8Array fromBase64 / setFromBase64 does not throw an error on incorrect length of base64 string
  • Math.sumPrecise proposal:
    • Built-ins:
      • Math.sumPrecise
    • Moved to stable ES, July 2025 TC39 meeting
    • Added es. namespace module, /es/ and /stable/ namespaces entries
  • Iterator sequencing proposal:
    • Built-ins:
      • Iterator.concat
    • Moved to stage 3, July 2025 TC39 meeting
    • Added /actual/ namespace entries, unconditional forced replacement changed to feature detection
  • Map upsert proposal:
    • Built-ins:
      • Map.prototype.getOrInsert
      • Map.prototype.getOrInsertComputed
      • WeakMap.prototype.getOrInsert
      • WeakMap.prototype.getOrInsertComputed
    • Moved to stage 3, July 2025 TC39 meeting
    • Added /actual/ namespace entries, unconditional forced replacement changed to feature detection
  • Added missing dependencies to some entries of static Iterator methods
  • Fixed Joint Iteration proposal in /stage/ entries
  • Compat data improvements:
    • Uint8Array to / from base64 and hex proposal features marked as supported from V8 ~ Chromium 140
    • Uint8Array.{ fromBase64, prototype.setFromBase64 } marked as unsupported in Safari and supported only from Bun 1.2.20 because of a bug: it does not throw an error on incorrect length of base64 string
    • %TypedArray%.prototype.with marked as fixed in Safari 26.0
    • Updated Electron 38 compat data mapping
    • Added Opera Android 91 compat data mapping
• 3.44.0 - 2025-07-07
  
  • Changes v3.43.0...v3.44.0 (87 commits)
  • Uint8Array to / from base64 and hex stage 3 proposal:
    • Fixed several V8 bugs in Uint8Array.fromHex and Uint8Array.prototype.{ setFromBase64, toBase64, toHex }, thanks @ brc-dd
  • Joint iteration stage 2.7 proposal:
    • Uses Get in Iterator.zipKeyed, following tc39/proposal-joint-iteration#43
  • Iterator sequencing stage 2.7 proposal:
    • Iterator.concat no longer reuses IteratorResult object of concatenated iterators, following tc39/proposal-iterator-sequencing#26
  • Iterator chunking stage 2 proposal:
    • Added built-ins:
      • Iterator.prototype.sliding
  • Number.prototype.clamp stage 2 proposal:
    • clamp no longer throws an error on NaN as min or max, following tc39/proposal-math-clamp#d2387791c265edf66fbe2455eab919016717ce6f
  • Fixed some cases of Set.prototype.{ symmetricDifference, union } detection
  • Added missing dependencies to some entries of static Iterator methods
  • Added missing /full/{ instance, number/virtual }/clamp entries
  • Some minor stylistic changes
  • Compat data improvements:
    • Added Electron 38 and 39 compat data mapping
    • Added Oculus Quest Browser 38 and 39 compat data mapping
    • Iterator helpers marked as fixed and updated following the latest spec changes in Safari 26.0
    • Set.prototype.{ difference, symmetricDifference, union } marked as fixed in Safari 26.0
    • SuppressedError marked as fixed in FF141
    • Error.isError marked as fixed in Node 24.3
    • setImmediate and clearImmediate marked as available from Deno 2.4
    • Math.sumPrecise marked as shipped in Bun 1.2.18
    • %TypedArray%.prototype.with marked as fixed in Bun 1.2.18
• 3.43.0 - 2025-06-09
  
  • Changes v3.42.0...v3.43.0 (139 commits)
  • Explicit Resource Management proposals:
    • Built-ins:
      • Symbol.dispose
      • Symbol.asyncDispose
      • SuppressedError
      • DisposableStack
        • DisposableStack.prototype.dispose
        • DisposableStack.prototype.use
        • DisposableStack.prototype.adopt
        • DisposableStack.prototype.defer
        • DisposableStack.prototype.move
        • DisposableStack.prototype[@@ dispose]
      • AsyncDisposableStack
        • AsyncDisposableStack.prototype.disposeAsync
        • AsyncDisposableStack.prototype.use
        • AsyncDisposableStack.prototype.adopt
        • AsyncDisposableStack.prototype.defer
        • AsyncDisposableStack.prototype.move
        • AsyncDisposableStack.prototype[@@ asyncDispose]
      • Iterator.prototype[@@ dispose]
      • AsyncIterator.prototype[@@ asyncDispose]
    • Moved to stable ES, May 2025 TC39 meeting
    • Added es. namespace module, /es/ and /stable/ namespaces entries
  • Array.fromAsync proposal:
    • Built-ins:
      • Array.fromAsync
    • Moved to stable ES, May 2025 TC39 meeting
    • Added es. namespace module, /es/ and /stable/ namespaces entries
  • Error.isError proposal:
    • Built-ins:
      • Error.isError
    • Moved to stable ES, May 2025 TC39 meeting
    • Added es. namespace module, /es/ and /stable/ namespaces entries
  • Added Joint iteration stage 2.7 proposal:
    • Added built-ins:
      • Iterator.zip
      • Iterator.zipKeyed
  • Added Iterator chunking stage 2 proposal:
    • Added built-ins:
      • Iterator.prototype.chunks
      • Iterator.prototype.windows
  • Number.prototype.clamp proposal:
    • Built-ins:
      • Number.prototype.clamp
    • Moved to stage 2, May 2025 TC39 meeting
    • Math.clamp was replaced with Number.prototype.clamp
    • Removed a RangeError if min <= max or +0 min and -0 max, tc39/proposal-math-clamp/#22
  • Always check regular expression flags by flags getter PR. Native methods are not fixed, only own implementation updated for:
    • RegExp.prototype[@@ match]
    • RegExp.prototype[@@ replace]
  • Improved handling of RegExp flags in polyfills of some methods in engines without proper support of RegExp.prototype.flags and without polyfill of this getter
  • Added feature detection for a WebKit bug that occurs when this is updated while Set.prototype.difference is being executed
  • Added feature detection for a WebKit bug that occurs when iterator record of a set-like object isn't called before cloning this in the following methods:
    • Set.prototype.symmetricDifference
    • Set.prototype.union
  • Added feature detection for a bug in V8 ~ Chromium < 126. Following methods should throw an error on invalid iterator:
    • Iterator.prototype.drop
    • Iterator.prototype.filter
    • Iterator.prototype.flatMap
    • Iterator.prototype.map
  • Added feature detection for a WebKit bug: incorrect exception thrown by Iterator.from when underlying iterator's return method is null
  • Added feature detection for a FF bug: incorrect exception thrown by Array.prototype.with when index coercion fails
  • Added feature detection for a WebKit bug: TypedArray.prototype.with should truncate negative fractional index to zero, but instead throws an error
  • Worked around a bug of many different tools (example) with incorrect transforming and breaking JS syntax on getting a method from a number literal
  • Fixed deoptimization of the Promise polyfill in the pure version
  • Added some missed dependencies to /iterator/flat-map entries
  • Some other minor fixes and improvements
  • Compat data improvements:
    • Added Deno 2.3 and Deno 2.3.2 compat data mapping
    • Updated Electron 37 compat data mapping
    • Added Opera Android 90 compat data mapping
    • Error.isError marked not supported in Node because of a bug
    • Set.prototype.difference marked as not supported in Safari and supported only from Bun 1.2.5 because of a bug
    • Set.prototype.{ symmetricDifference, union } marked as not supported in Safari and supported only from Bun 1.2.5 because of a bug
    • Iterator.from marked as not supported in Safari and supported only from Bun 1.2.5 because of a bug
    • Iterators closing on early errors in Iterator helpers marked as implemented from FF141
    • Array.prototype.with marked as supported only from FF140 because it throws an incorrect exception when index coercion fails
    • TypedArray.prototype.with marked as unsupported in Bun and Safari because it should truncate negative fractional index to zero, but instead throws an error
    • DisposableStack and AsyncDisposableStack marked as shipped in FF141 (SuppressedError has a bug)
    • AsyncDisposableStack bugs marked as fixed in Deno 2.3.2
    • SuppressedError bugs (extra arguments support and arity) marked as fixed in Bun 1.2.15
• 3.42.0 - 2025-04-29
  
  • Changes v3.41.0...v3.42.0 (142 commits)
  • Map upsert proposal:
    • Moved to stage 2.7, April 2025 TC39 meeting
    • Validation order of WeakMap.prototype.getOrInsertComputed updated following tc39/proposal-upsert#79
    • Built-ins:
      • Map.prototype.getOrInsert
      • Map.prototype.getOrInsertComputed
      • WeakMap.prototype.getOrInsert
      • WeakMap.prototype.getOrInsertComputed
  • Don't call well-known Symbol methods for RegExp on primitive values following tc39/ecma262#3009:
    • For avoid performance regression, temporarily, only in own core-js implementations
    • Built-ins:
      • String.prototype.matchAll
      • String.prototype.match
      • String.prototype.replaceAll
      • String.prototype.replace
      • String.prototype.search
      • String.prototype.split
  • Added workaround for the Uint8Array.prototype.setFromBase64 bug in some of Linux builds of WebKit
  • Implemented early-error iterator closing following tc39/ecma262#3467, including fix of a WebKit bug, in the following methods:
    • Iterator.prototype.drop
    • Iterator.prototype.every
    • Iterator.prototype.filter
    • Iterator.prototype.find
    • Iterator.prototype.flatMap
    • Iterator.prototype.forEach
    • Iterator.prototype.map
    • Iterator.prototype.reduce
    • Iterator.prototype.some
    • Iterator.prototype.take
  • Fixed missing forced replacement of AsyncIterator helpers
  • Added closing of sync iterator when async wrapper yields a rejection following tc39/ecma262#2600. Affected methods:
    • Array.fromAsync (due to the lack of async feature detection capability - temporarily, only in own core-js implementation)
    • AsyncIterator.from
    • Iterator.prototype.toAsync
  • Added detection for throwing on undefined initial parameter in Iterator.prototype.reduce (see WebKit bug)
  • core-js-compat and core-js-builder API:
    • Added 'intersect' support for targets.esmodules (Babel 7 behavior)
    • Fixed handling of targets.esmodules: true (Babel 7 behavior)
  • Compat data improvements:
    • Explicit Resource Management features disabled (again) in V8 ~ Chromium 135 and re-added in 136
    • RegExp.escape marked as shipped from V8 ~ Chromium 136
    • Error.isError marked as shipped from FF138
    • Explicit Resource Management features re-enabled in Deno 2.2.10
    • Iterator helpers proposal features marked as supported from Deno 1.38.1 since it seems they were disabled in 1.38.0
    • Iterator.prototype.{ drop, reduce, take } methods marked as fixed in Bun 1.2.11
    • Added NodeJS 24.0 compat data mapping
    • Updated Electron 36 and added Electron 37 compat data mapping
    • Added Opera Android 88 and 89 compat data mapping
    • Added Oculus Quest Browser 37 compat data mapping
• 3.41.0 - 2025-03-01
  
  • Changes v3.40.0...v3.41.0 (85 commits)
  • RegExp.escape proposal:
    • Built-ins:
      • RegExp.escape
    • Moved to stable ES, February 2025 TC39 meeting
    • Added es. namespace module, /es/ and /stable/ namespaces entries
  • Float16 proposal:
    • Built-ins:
      • Math.f16round
      • DataView.prototype.getFloat16
      • DataView.prototype.setFloat16
    • Moved to stable ES, February 2025 TC39 meeting
    • Added es. namespace modules, /es/ and /stable/ namespaces entries
  • Math.clamp stage 1 proposal:
    • Built-ins:
      • Math.clamp
    • Extracted from old Math extensions proposal, February 2025 TC39 meeting
    • Added arguments validation
    • Added new entries
  • Added a workaround of a V8 AsyncDisposableStack bug, tc39/proposal-explicit-resource-management/256
  • Compat data improvements:
    • DisposableStack, SuppressedError and Iterator.prototype[@@ dispose] marked as shipped from V8 ~ Chromium 134
    • Error.isError added and marked as shipped from V8 ~ Chromium 134
    • Math.f16round and DataView.prototype.{ getFloat16, setFloat16 } marked as shipped from V8 ~ Chromium 135
    • Iterator helpers proposal features marked as shipped from Safari 18.4
    • JSON.parse source text access proposal features marked as shipped from Safari 18.4
    • Math.sumPrecise marked as shipped from FF137
    • Added Deno 2.2 compat data and compat data mapping
      • Explicit Resource Management features are available in V8 ~ Chromium 134, but not in Deno 2.2 based on it
    • Updated Electron 35 and added Electron 36 compat data mapping
    • Updated Opera Android 87 compat data mapping
    • Added Samsung Internet 28 compat data mapping
    • Added Oculus Quest Browser 36 compat data mapping
• 3.40.0 - 2025-01-07
  
  • Changes v3.39.0...v3.40.0 (130 commits)
  • Added Error.isError stage 3 proposal:
    • Added built-ins:
      • Error.isError
    • We have no bulletproof way to polyfill this method / check if the object is an error, so it's an enough naive implementation that is marked as .sham
  • Explicit Resource Management stage 3 proposal:
    • Updated the way async disposing of only sync disposable resources, tc39/proposal-explicit-resource-management/218
  • Iterator sequencing stage 2.7 proposal:
    • Reuse IteratorResult objects when possible, tc39/proposal-iterator-sequencing/17, tc39/proposal-iterator-sequencing/18, December 2024 TC39 meeting
  • Added a fix of V8 < 12.8 / NodeJS < 22.10 bug with handling infinite length of set-like objects in Set methods
  • Optimized DataView.prototype.{ getFloat16, setFloat16 } performance, #1379, thanks @ LeviPesin
  • Dropped unneeded feature detection of non-standard %TypedArray%.prototype.toSpliced
  • Dropped possible re-usage of some non-standard / early stage features (like Math.scale) available on global
  • Some other minor improvements
  • Compat data improvements:
    • RegExp.escape marked as shipped from Safari 18.2
    • Promise.try marked as shipped from Safari 18.2
    • Math.f16round and DataView.prototype.{ getFloat16, setFloat16 } marked as shipped from Safari 18.2
    • Uint8Array to / from base64 and hex proposal methods marked as shipped from Safari 18.2
    • JSON.parse source text access proposal features marked as shipped from FF135
    • RegExp.escape marked as shipped from FF134
    • Promise.try marked as shipped from FF134
    • Symbol.dispose, Symbol.asyncDispose and Iterator.prototype[@@ dispose] marked as shipped from FF135
    • JSON.parse source text access proposal features marked as shipped from Bun 1.1.43
    • Fixed NodeJS version where URL.parse was added - 22.1 instead of 22.0
    • Added Deno 2.1 compat data mapping
    • Added Rhino 1.8.0 compat data with significant number of modern features
    • Added Electron 35 compat data mapping
    • Updated Opera 115+ compat data mapping
    • Added Opera Android 86 and 87 compat data mapping
• 3.39.0 - 2024-10-31
  
  • Changes v3.38.1...v3.39.0
  • Iterator helpers proposal:
    • Built-ins:
      • Iterator
        • Iterator.from
        • Iterator.prototype.drop
        • Iterator.prototype.every
        • Iterator.prototype.filter
        • Iterator.prototype.find
        • Iterator.prototype.flatMap
        • Iterator.prototype.forEach
        • Iterator.prototype.map
        • Iterator.prototype.reduce
        • Iterator.prototype.some
        • Iterator.prototype.take
        • Iterator.prototype.toArray
        • Iterator.prototype[@@ toStringTag]
    • Moved to stable ES, October 2024 TC39 meeting
    • Added es. namespace modules, /es/ and /stable/ namespaces entries
  • Promise.try:
    • Built-ins:
      • Promise.try
    • Moved to stable ES, October 2024 TC39 meeting
    • Added es. namespace module, /es/ and /stable/ namespaces entries
    • Fixed /actual|full/promise/try entries for the callback arguments support
  • Math.sumPrecise proposal:
    • Built-ins:
      • Math.sumPrecise
    • Moved to stage 3, October 2024 TC39 meeting
    • Added /actual/ namespace entries, unconditional forced replacement changed to feature detection
  • Added Iterator sequencing stage 2.7 proposal:
    • Added built-ins:
      • Iterator.concat
  • Map upsert stage 2 proposal:
    • Updated to the new API following the October 2024 TC39 meeting
    • Added built-ins:
      • Map.prototype.getOrInsert
      • Map.prototype.getOrInsertComputed
      • WeakMap.prototype.getOrInsert
      • WeakMap.prototype.getOrInsertComputed
  • Extractors proposal moved to stage 2, October 2024 TC39 meeting
  • Usage of @@ species pattern removed from %TypedArray% and ArrayBuffer methods, tc39/ecma262/3450:
    • Built-ins:
      • %TypedArray%.prototype.filter
      • %TypedArray%.prototype.filterReject
      • %TypedArray%.prototype.map
      • %TypedArray%.prototype.slice
      • %TypedArray%.prototype.subarray
      • ArrayBuffer.prototype.slice
  • Some other minor improvements
  • Compat data improvements:
    • Uint8Array to / from base64 and hex proposal methods marked as shipped from FF133
    • Added NodeJS 23.0 compat data mapping
    • self descriptor is fixed in Deno 1.46.0
    • Added Deno 1.46 and 2.0 compat data mapping
    • Iterator helpers proposal methods marked as shipped from Bun 1.1.31
    • Added Electron 34 and updated Electron 33 compat data mapping
    • Added Opera Android 85 compat data mapping
    • Added Oculus Quest Browser 35 compat data mapping
• 3.38.1 - 2024-08-20
  
  • Changes v3.38.0...v3.38.1
  • Fixed some cases of URLSearchParams percent decoding, #1357, #1361, thanks @ slowcheetah
  • Some stylistic changes and minor optimizations
  • Compat data improvements:
    • Iterator helpers proposal methods marked as shipped from FF131
    • Math.f16round and DataView.prototype.{ getFloat16, setFloat16 } marked as shipped from Bun 1.1.23
    • RegExp.escape marked as shipped from Bun 1.1.22
    • Promise.try marked as shipped from Bun 1.1.22
    • Uint8Array to / from base64 and hex proposal methods marked as shipped from Bun 1.1.22
    • Added Hermes 0.13 compat data, similar to React Native 0.75 Hermes
    • Added Opera Android 84 compat data mapping
• 3.38.0 - 2024-08-04
  
  • Changes v3.37.1...v3.38.0
  • RegExp.escape proposal:
    • Built-ins:
      • RegExp.escape
    • Moved to stage 3, June 2024 and July 2024 TC39 meetings
    • Updated the way of escaping, regex-escaping/77
    • Throw an error on non-strings, regex-escaping/58
    • Added /actual/ namespace entries, unconditional forced replacement changed to feature detection
  • Promise.try proposal:
    • Built-ins:
      • Promise.try
    • Moved to stage 3, June 2024 TC39 meeting
    • Added /actual/ namespace entries, unconditional forced replacement changed to feature detection
  • Uint8Array to / from base64 and hex stage 3 proposal:
    • Built-ins:
      • Uint8Array.fromBase64
      • Uint8Array.fromHex
      • Uint8Array.prototype.setFromBase64
      • Uint8Array.prototype.setFromHex
      • Uint8Array.prototype.toBase64
      • Uint8Array.prototype.toHex
    • Added Uint8Array.prototype.{ setFromBase64, setFromHex } methods
    • Added Uint8Array.fromBase64 and Uint8Array.prototype.setFromBase64 lastChunkHandling option, proposal-arraybuffer-base64/33
    • Added Uint8Array.prototype.toBase64 omitPadding option, proposal-arraybuffer-base64/60
    • Added throwing a TypeError on arrays backed by detached buffers
    • Unconditional forced replacement changed to feature detection
  • Fixed RegExp named capture groups polyfill in combination with non-capturing groups, #1352, thanks @ Ulop
  • Improved some cases of environment detection
  • Uses process.getBuiltinModule for getting built-in NodeJS modules where it's available
  • Uses https instead of http in URL constructor feature detection to avoid extra notifications from some overly vigilant security scanners, #1345
  • Some minor optimizations
  • Updated browserslist in core-js-compat dependencies that fixes an upstream issue with incorrect interpretation of some browserslist queries, #1344, browserslist/829, browserslist/836
  • Compat data improvements:
    • Added Safari 18.0 compat data:
      • Fixed Object.groupBy and Map.groupBy to work for non-objects
      • Fixed throwing a RangeError if Set methods are called on an object with negative size property
      • Fixed Set.prototype.symmetricDifference to call this.has in each iteration
      • Fixed Array.fromAsync to not call the Array constructor twice
      • Added URL.parse
    • Math.f16round and DataView.prototype.{ getFloat16, setFloat16 } marked as shipped from FF129
    • Symbol.asyncDispose added and marked as supported from V8 ~ Chromium 127
    • Promise.try added and marked as supported from V8 ~ Chromium 128
    • Added Deno 1.44 and 1.45 compat data mapping
    • self descriptor is broken in Deno 1.45.3 (again)
    • Added Electron 32 and 33 compat data mapping
    • Added Opera Android 83 compat data mapping
    • Added Samsung Internet 27 compat data mapping
    • Added Oculus Quest Browser 34 compat data mapping
• 3.37.1 - 2024-05-14
• 3.37.0 - 2024-04-16
• 3.36.1 - 2024-03-19
• 3.36.0 - 2024-02-14
• 3.35.1 - 2024-01-20
• 3.35.0 - 2023-12-28
• 3.34.0 - 2023-12-05
• 3.33.3 - 2023-11-19
• 3.33.2 - 2023-10-30
• 3.33.1 - 2023-10-20
• 3.33.0 - 2023-10-01
• 3.32.2 - 2023-09-07
• 3.32.1 - 2023-08-18
• 3.32.0 - 2023-07-27
• 3.31.1 - 2023-07-06
• 3.31.0 - 2023-06-11
• 3.30.2 - 2023-05-06
• 3.30.1 - 2023-04-13
• 3.30.0 - 2023-04-03
• 3.29.1 - 2023-03-13
• 3.29.0 - 2023-02-26
• 3.28.0 - 2023-02-13
• 3.27.2 - 2023-01-18
• 3.27.1 - 2022-12-29
• 3.27.0 - 2022-12-25
• 3.26.1 - 2022-11-13
• 3.26.0 - 2022-10-23
• 3.25.5 - 2022-10-03
• 3.25.4 - 2022-10-02
• 3.25.3 - 2022-09-25
• 3.25.2 - 2022-09-18
• 3.25.1 - 2022-09-07
• 3.25.0 - 2022-08-24
• 3.24.1 - 2022-07-29
• 3.24.0 - 2022-07-25
• 3.23.5 - 2022-07-17
• 3.23.4 - 2022-07-09
• 3.23.3 - 2022-06-25
• 3.23.2 - 2022-06-20
• 3.23.1 - 2022-06-14
• 3.23.0 - 2022-06-13
• 3.22.8 - 2022-06-01
• 3.22.7 - 2022-05-24
• 3.22.6 - 2022-05-22
• 3.22.5 - 2022-05-10
• 3.22.4 - 2022-05-02
• 3.22.3 - 2022-04-28
• 3.22.2 - 2022-04-21
• 3.22.1 - 2022-04-19
• 3.22.0 - 2022-04-15
• 3.21.1 - 2022-02-16
• 3.21.0 - 2022-02-01
• 3.20.3 - 2022-01-15
• 3.20.2 - 2022-01-01
• 3.20.1 - 2021-12-23
• 3.20.0 - 2021-12-15
• 3.19.3 - 2021-12-06
• 3.19.2 - 2021-11-29
• 3.19.1 - 2021-11-02
• 3.19.0 - 2021-10-25
• 3.18.3 - 2021-10-12
• 3.18.2 - 2021-10-05
• 3.18.1 - 2021-09-26
• 3.18.0 - 2021-09-19
• 3.17.3 - 2021-09-09
• 3.17.2 - 2021-09-02
• 3.17.1 - 2021-09-01
• 3.17.0 - 2021-09-01
• 3.16.4 - 2021-08-29
• 3.16.3 - 2021-08-24
• 3.16.2 - 2021-08-17
• 3.16.1 - 2021-08-08
• 3.16.0 - 2021-07-30
• 3.15.2 - 2021-06-29
• 3.15.1 - 2021-06-22
• 3.15.0 - 2021-06-20
• 3.14.0 - 2021-06-05
• 3.13.1 - 2021-05-29
• 3.13.0 - 2021-05-25
• 3.12.1 - 2021-05-08
• 3.12.0 - 2021-05-06

from core-js GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[gemini-code-assist]

Summary of Changes

Hello @nejidevelops, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request primarily focuses on updating the core-js dependency to its latest stable version, 3.45.1. This significant upgrade, automatically generated by Snyk, aims to enhance the project's security posture by addressing potential vulnerabilities and ensuring compatibility with the most recent ECMAScript features and browser environments. The update brings a wealth of new polyfills and bug fixes, aligning the project with modern JavaScript standards.

Highlights

• Dependency Upgrade: The core-js library has been upgraded from version 3.6.4 to 3.45.1. This significant update, spanning 90 versions, is recommended by Snyk to enhance security and ensure compatibility with modern JavaScript features.
• Modern ECMAScript Features: This update incorporates numerous new ECMAScript proposals, including Explicit Resource Management, Array.fromAsync, Error.isError, Uint8Array to/from base64/hex, Iterator helpers, Promise.try, RegExp.escape, Float16, and various Map and Iterator sequencing/chunking proposals. Many of these features have moved to stable ES, stage 3, or stage 2.
• Bug Fixes and Compatibility: The new core-js versions include a wide array of bug fixes, performance optimizations, and extensive compatibility data improvements for various JavaScript engines and browsers such as V8, WebKit, Firefox, Node.js, Deno, Bun, and Safari.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request upgrades core-js by 90 minor versions, from 3.12.0 to 3.45.1. While this is an automated Snyk PR, likely for security fixes, such a large jump for a critical polyfill library carries a high risk of introducing breaking changes. My review comment on package.json details this risk, highlighting that the new core-js version is significantly newer than what the project's build tools are designed for, and recommends thorough testing.

Separately, I've noticed several other key dependencies like @ngrx/* and @angular/language-service are outdated and incompatible with your Angular 15 setup. I recommend addressing these in separate PRs to improve project stability.

[gemini-code-assist]

This is a very large version jump for core-js, spanning 90 minor versions. This carries a significant risk of introducing breaking changes or subtle regressions, as core-js minor versions can contain breaking changes.

Your project's @angular-devkit/[email protected] uses @babel/[email protected], which is built against core-js versions up to ~3.25.1. Upgrading to 3.45.1 is a significant leap beyond what your build tooling was tested with.

Due to the high risk, I strongly recommend thorough testing before merging:

• Full regression testing of the application.
• Cross-browser testing, especially on older browsers.
• Verifying the build process for new warnings or errors.
• Analyzing the final bundle size for unexpected increases.