[Snyk] Upgrade core-js from 3.12.0 to 3.41.0

[nejidevelops]

Snyk has created this PR to upgrade core-js from 3.12.0 to 3.41.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 85 versions ahead of your current version.

• The recommended version was released 2 months ago.

Release notes

Package name: core-js

• 3.41.0 - 2025-03-01
  
  • Changes v3.40.0...v3.41.0 (85 commits)
  • RegExp.escape proposal:
    • Built-ins:
      • RegExp.escape
    • Moved to stable ES, February 2025 TC39 meeting
    • Added es. namespace module, /es/ and /stable/ namespaces entries
  • Float16 proposal:
    • Built-ins:
      • Math.f16round
      • DataView.prototype.getFloat16
      • DataView.prototype.setFloat16
    • Moved to stable ES, February 2025 TC39 meeting
    • Added es. namespace modules, /es/ and /stable/ namespaces entries
  • Math.clamp stage 1 proposal:
    • Built-ins:
      • Math.clamp
    • Extracted from old Math extensions proposal, February 2025 TC39 meeting
    • Added arguments validation
    • Added new entries
  • Added a workaround of a V8 AsyncDisposableStack bug, tc39/proposal-explicit-resource-management/256
  • Compat data improvements:
    • DisposableStack, SuppressedError and Iterator.prototype[@@ dispose] marked as shipped from V8 ~ Chromium 134
    • Error.isError added and marked as shipped from V8 ~ Chromium 134
    • Math.f16round and DataView.prototype.{ getFloat16, setFloat16 } marked as shipped from V8 ~ Chromium 135
    • Iterator helpers proposal features marked as shipped from Safari 18.4
    • JSON.parse source text access proposal features marked as shipped from Safari 18.4
    • Math.sumPrecise marked as shipped from FF137
    • Added Deno 2.2 compat data and compat data mapping
      • Explicit Resource Management features are available in V8 ~ Chromium 134, but not in Deno 2.2 based on it
    • Updated Electron 35 and added Electron 36 compat data mapping
    • Updated Opera Android 87 compat data mapping
    • Added Samsung Internet 28 compat data mapping
    • Added Oculus Quest Browser 36 compat data mapping
• 3.40.0 - 2025-01-07
  
  • Changes v3.39.0...v3.40.0 (130 commits)
  • Added Error.isError stage 3 proposal:
    • Added built-ins:
      • Error.isError
    • We have no bulletproof way to polyfill this method / check if the object is an error, so it's an enough naive implementation that is marked as .sham
  • Explicit Resource Management stage 3 proposal:
    • Updated the way async disposing of only sync disposable resources, tc39/proposal-explicit-resource-management/218
  • Iterator sequencing stage 2.7 proposal:
    • Reuse IteratorResult objects when possible, tc39/proposal-iterator-sequencing/17, tc39/proposal-iterator-sequencing/18, December 2024 TC39 meeting
  • Added a fix of V8 < 12.8 / NodeJS < 22.10 bug with handling infinite length of set-like objects in Set methods
  • Optimized DataView.prototype.{ getFloat16, setFloat16 } performance, #1379, thanks @ LeviPesin
  • Dropped unneeded feature detection of non-standard %TypedArray%.prototype.toSpliced
  • Dropped possible re-usage of some non-standard / early stage features (like Math.scale) available on global
  • Some other minor improvements
  • Compat data improvements:
    • RegExp.escape marked as shipped from Safari 18.2
    • Promise.try marked as shipped from Safari 18.2
    • Math.f16round and DataView.prototype.{ getFloat16, setFloat16 } marked as shipped from Safari 18.2
    • Uint8Array to / from base64 and hex proposal methods marked as shipped from Safari 18.2
    • JSON.parse source text access proposal features marked as shipped from FF135
    • RegExp.escape marked as shipped from FF134
    • Promise.try marked as shipped from FF134
    • Symbol.dispose, Symbol.asyncDispose and Iterator.prototype[@@ dispose] marked as shipped from FF135
    • JSON.parse source text access proposal features marked as shipped from Bun 1.1.43
    • Fixed NodeJS version where URL.parse was added - 22.1 instead of 22.0
    • Added Deno 2.1 compat data mapping
    • Added Rhino 1.8.0 compat data with significant number of modern features
    • Added Electron 35 compat data mapping
    • Updated Opera 115+ compat data mapping
    • Added Opera Android 86 and 87 compat data mapping
• 3.39.0 - 2024-10-31
  
  • Changes v3.38.1...v3.39.0
  • Iterator helpers proposal:
    • Built-ins:
      • Iterator
        • Iterator.from
        • Iterator.prototype.drop
        • Iterator.prototype.every
        • Iterator.prototype.filter
        • Iterator.prototype.find
        • Iterator.prototype.flatMap
        • Iterator.prototype.forEach
        • Iterator.prototype.map
        • Iterator.prototype.reduce
        • Iterator.prototype.some
        • Iterator.prototype.take
        • Iterator.prototype.toArray
        • Iterator.prototype[@@ toStringTag]
    • Moved to stable ES, October 2024 TC39 meeting
    • Added es. namespace modules, /es/ and /stable/ namespaces entries
  • Promise.try:
    • Built-ins:
      • Promise.try
    • Moved to stable ES, October 2024 TC39 meeting
    • Added es. namespace module, /es/ and /stable/ namespaces entries
    • Fixed /actual|full/promise/try entries for the callback arguments support
  • Math.sumPrecise proposal:
    • Built-ins:
      • Math.sumPrecise
    • Moved to stage 3, October 2024 TC39 meeting
    • Added /actual/ namespace entries, unconditional forced replacement changed to feature detection
  • Added Iterator sequencing stage 2.7 proposal:
    • Added built-ins:
      • Iterator.concat
  • Map upsert stage 2 proposal:
    • Updated to the new API following the October 2024 TC39 meeting
    • Added built-ins:
      • Map.prototype.getOrInsert
      • Map.prototype.getOrInsertComputed
      • WeakMap.prototype.getOrInsert
      • WeakMap.prototype.getOrInsertComputed
  • Extractors proposal moved to stage 2, October 2024 TC39 meeting
  • Usage of @@ species pattern removed from %TypedArray% and ArrayBuffer methods, tc39/ecma262/3450:
    • Built-ins:
      • %TypedArray%.prototype.filter
      • %TypedArray%.prototype.filterReject
      • %TypedArray%.prototype.map
      • %TypedArray%.prototype.slice
      • %TypedArray%.prototype.subarray
      • ArrayBuffer.prototype.slice
  • Some other minor improvements
  • Compat data improvements:
    • Uint8Array to / from base64 and hex proposal methods marked as shipped from FF133
    • Added NodeJS 23.0 compat data mapping
    • self descriptor is fixed in Deno 1.46.0
    • Added Deno 1.46 and 2.0 compat data mapping
    • Iterator helpers proposal methods marked as shipped from Bun 1.1.31
    • Added Electron 34 and updated Electron 33 compat data mapping
    • Added Opera Android 85 compat data mapping
    • Added Oculus Quest Browser 35 compat data mapping
• 3.38.1 - 2024-08-20
  
  • Changes v3.38.0...v3.38.1
  • Fixed some cases of URLSearchParams percent decoding, #1357, #1361, thanks @ slowcheetah
  • Some stylistic changes and minor optimizations
  • Compat data improvements:
    • Iterator helpers proposal methods marked as shipped from FF131
    • Math.f16round and DataView.prototype.{ getFloat16, setFloat16 } marked as shipped from Bun 1.1.23
    • RegExp.escape marked as shipped from Bun 1.1.22
    • Promise.try marked as shipped from Bun 1.1.22
    • Uint8Array to / from base64 and hex proposal methods marked as shipped from Bun 1.1.22
    • Added Hermes 0.13 compat data, similar to React Native 0.75 Hermes
    • Added Opera Android 84 compat data mapping
• 3.38.0 - 2024-08-04
  
  • Changes v3.37.1...v3.38.0
  • RegExp.escape proposal:
    • Built-ins:
      • RegExp.escape
    • Moved to stage 3, June 2024 and July 2024 TC39 meetings
    • Updated the way of escaping, regex-escaping/77
    • Throw an error on non-strings, regex-escaping/58
    • Added /actual/ namespace entries, unconditional forced replacement changed to feature detection
  • Promise.try proposal:
    • Built-ins:
      • Promise.try
    • Moved to stage 3, June 2024 TC39 meeting
    • Added /actual/ namespace entries, unconditional forced replacement changed to feature detection
  • Uint8Array to / from base64 and hex stage 3 proposal:
    • Built-ins:
      • Uint8Array.fromBase64
      • Uint8Array.fromHex
      • Uint8Array.prototype.setFromBase64
      • Uint8Array.prototype.setFromHex
      • Uint8Array.prototype.toBase64
      • Uint8Array.prototype.toHex
    • Added Uint8Array.prototype.{ setFromBase64, setFromHex } methods
    • Added Uint8Array.fromBase64 and Uint8Array.prototype.setFromBase64 lastChunkHandling option, proposal-arraybuffer-base64/33
    • Added Uint8Array.prototype.toBase64 omitPadding option, proposal-arraybuffer-base64/60
    • Added throwing a TypeError on arrays backed by detached buffers
    • Unconditional forced replacement changed to feature detection
  • Fixed RegExp named capture groups polyfill in combination with non-capturing groups, #1352, thanks @ Ulop
  • Improved some cases of environment detection
  • Uses process.getBuiltinModule for getting built-in NodeJS modules where it's available
  • Uses https instead of http in URL constructor feature detection to avoid extra notifications from some overly vigilant security scanners, #1345
  • Some minor optimizations
  • Updated browserslist in core-js-compat dependencies that fixes an upstream issue with incorrect interpretation of some browserslist queries, #1344, browserslist/829, browserslist/836
  • Compat data improvements:
    • Added Safari 18.0 compat data:
      • Fixed Object.groupBy and Map.groupBy to work for non-objects
      • Fixed throwing a RangeError if Set methods are called on an object with negative size property
      • Fixed Set.prototype.symmetricDifference to call this.has in each iteration
      • Fixed Array.fromAsync to not call the Array constructor twice
      • Added URL.parse
    • Math.f16round and DataView.prototype.{ getFloat16, setFloat16 } marked as shipped from FF129
    • Symbol.asyncDispose added and marked as supported from V8 ~ Chromium 127
    • Promise.try added and marked as supported from V8 ~ Chromium 128
    • Added Deno 1.44 and 1.45 compat data mapping
    • self descriptor is broken in Deno 1.45.3 (again)
    • Added Electron 32 and 33 compat data mapping
    • Added Opera Android 83 compat data mapping
    • Added Samsung Internet 27 compat data mapping
    • Added Oculus Quest Browser 34 compat data mapping
• 3.37.1 - 2024-05-14
  
  • Changes v3.37.0...v3.37.1
  • Fixed URL.parse feature detection for some specific cases
  • Compat data improvements:
    • Set methods proposal added and marked as supported from FF 127
    • Symbol.dispose added and marked as supported from V8 ~ Chromium 125
    • Math.f16round and DataView.prototype.{ getFloat16, setFloat16 } added and marked as supported from Deno 1.43
    • URL.parse added and marked as supported from Chromium 126
    • URL.parse added and marked as supported from NodeJS 22.0
    • URL.parse added and marked as supported from Deno 1.43
    • Added Rhino 1.7.15 compat data, many features marked as supported
    • Added NodeJS 22.0 compat data mapping
    • Added Deno 1.43 compat data mapping
    • Added Electron 31 compat data mapping
    • Updated Opera Android 82 compat data mapping
    • Added Samsung Internet 26 compat data mapping
    • Added Oculus Quest Browser 33 compat data mapping
• 3.37.0 - 2024-04-16
  
  • Changes v3.36.1...v3.37.0
  • New Set methods proposal:
    • Built-ins:
      • Set.prototype.intersection
      • Set.prototype.union
      • Set.prototype.difference
      • Set.prototype.symmetricDifference
      • Set.prototype.isSubsetOf
      • Set.prototype.isSupersetOf
      • Set.prototype.isDisjointFrom
    • Moved to stable ES, April 2024 TC39 meeting
    • Added es. namespace modules, /es/ and /stable/ namespaces entries
  • Explicit Resource Management stage 3 proposal
    • Some minor updates like explicit-resource-management/217
  • Added Math.sumPrecise stage 2.7 proposal:
    • Built-ins:
      • Math.sumPrecise
  • Promise.try proposal:
    • Built-ins:
      • Promise.try
    • Added optional arguments support, promise-try/16
    • Moved to stage 2.7, April 2024 TC39 meeting
  • RegExp.escape stage 2 proposal:
    • Moved to hex-escape semantics, regex-escaping/67
      • It's not the final change of the way of escaping, waiting for regex-escaping/77 soon
  • Pattern matching stage 1 proposal:
    • Built-ins:
      • Symbol.customMatcher
    • Once again, the used well-known symbol was renamed
    • Added new entries for that
  • Added Extractors stage 1 proposal:
    • Built-ins:
      • Symbol.customMatcher
    • Since the Symbol.customMatcher well-known symbol from the pattern matching proposal is also used in the exactors proposal, added an entry also for this proposal
  • Added URL.parse, url/825
  • Engines bugs fixes:
    • Added a fix of Safari { Object, Map }.groupBy bug that does not support iterable primitives
    • Added a fix of Safari bug with double call of constructor in Array.fromAsync
  • Compat data improvements:
    • URL.parse added and marked as supported from FF 126
    • URL.parse added and marked as supported from Bun 1.1.4
    • URL.canParse fixed and marked as supported from Bun 1.1.0
    • New Set methods fixed in JavaScriptCore and marked as supported from Bun 1.1.1
    • Added Opera Android 82 compat data mapping
• 3.36.1 - 2024-03-19
  
  • Changes v3.36.0...v3.36.1
  • Fixed some validation cases in Object.setPrototypeOf, #1329, thanks @ minseok-choe
  • Fixed the order of validations in Array.from, #1331, thanks @ minseok-choe
  • Added a fix of Bun queueMicrotask arity
  • Added a fix of Bun URL.canParse arity
  • Added a fix of Bun SuppressedError extra arguments support and arity
  • Compat data improvements:
    • value argument of URLSearchParams.prototype.{ has, delete } marked as supported from Bun 1.0.31
    • Added React Native 0.74 Hermes compat data, Array.prototype.{ toSpliced, toReversed, with } and atob marked as supported
    • Added Deno 1.41.3 compat data mapping
    • Added Opera Android 81 compat data mapping
    • Added Samsung Internet 25 compat data mapping
    • Added Oculus Quest Browser 32 compat data mapping
    • Updated Electron 30 compat data mapping
• 3.36.0 - 2024-02-14
  
  • ArrayBuffer.prototype.transfer and friends proposal:
    • Built-ins:
      • ArrayBuffer.prototype.detached
      • ArrayBuffer.prototype.transfer
      • ArrayBuffer.prototype.transferToFixedLength
    • Moved to stable ES, Febrary 2024 TC39 meeting
    • Added es. namespace modules, /es/ and /stable/ namespaces entries
  • Uint8Array to / from base64 and hex proposal:
    • Methods:
      • Uint8Array.fromBase64
      • Uint8Array.fromHex
      • Uint8Array.prototype.toBase64
      • Uint8Array.prototype.toHex
    • Moved to stage 3, Febrary 2024 TC39 meeting
    • Added /actual/ namespace entries
    • Skipped adding new methods of writing to existing arrays to clarification some moments
  • Promise.try proposal has been resurrected and moved to stage 2, Febrary 2024 TC39 meeting
  • Added an entry point for the new TC39 proposals stage - core-js/stage/2.7 - still empty
  • Fixed regression in Set.prototype.intersection feature detection
  • Fixed a missed check in Array.prototype.{ indexOf, lastIndexOf, includes }, #1325, thanks @ minseok-choe
  • Fixed a missed check in Array.prototype.{ reduce, reduceRight }, #1327, thanks @ minseok-choe
  • Fixed Array.from and some other methods with proxy targets, #1322, thanks @ minseok-choe
  • Fixed dependencies loading for modules from ArrayBuffer.prototype.transfer and friends proposal in some specific cases in IE10-
  • Dropped context workaround from collection static methods entries since with current methods semantic it's no longer required
  • Added instance methods polyfills to entries of collections static methods that produce collection instances
  • Added missed Date.prototype.toJSON to JSON.stringify entries dependencies
  • Added debugging info in some missed cases
  • Compat data improvements:
    • { Map, Object }.groupBy, Promise.withResolvers, ArrayBuffer.prototype.transfer and friends marked as supported from Safari 17.4
    • New Set methods fixed and marked as supported from V8 ~ Chrome 123
    • Added Deno 1.40 compat data mapping
    • Symbol.metadata marked as supported from Deno 1.40.4
    • Updated Electron 30 compat data mapping
• 3.35.1 - 2024-01-20
• 3.35.0 - 2023-12-28
• 3.34.0 - 2023-12-05
• 3.33.3 - 2023-11-19
• 3.33.2 - 2023-10-30
• 3.33.1 - 2023-10-20
• 3.33.0 - 2023-10-01
• 3.32.2 - 2023-09-07
• 3.32.1 - 2023-08-18
• 3.32.0 - 2023-07-27
• 3.31.1 - 2023-07-06
• 3.31.0 - 2023-06-11
• 3.30.2 - 2023-05-06
• 3.30.1 - 2023-04-13
• 3.30.0 - 2023-04-03
• 3.29.1 - 2023-03-13
• 3.29.0 - 2023-02-26
• 3.28.0 - 2023-02-13
• 3.27.2 - 2023-01-18
• 3.27.1 - 2022-12-29
• 3.27.0 - 2022-12-25
• 3.26.1 - 2022-11-13
• 3.26.0 - 2022-10-23
• 3.25.5 - 2022-10-03
• 3.25.4 - 2022-10-02
• 3.25.3 - 2022-09-25
• 3.25.2 - 2022-09-18
• 3.25.1 - 2022-09-07
• 3.25.0 - 2022-08-24
• 3.24.1 - 2022-07-29
• 3.24.0 - 2022-07-25
• 3.23.5 - 2022-07-17
• 3.23.4 - 2022-07-09
• 3.23.3 - 2022-06-25
• 3.23.2 - 2022-06-20
• 3.23.1 - 2022-06-14
• 3.23.0 - 2022-06-13
• 3.22.8 - 2022-06-01
• 3.22.7 - 2022-05-24
• 3.22.6 - 2022-05-22
• 3.22.5 - 2022-05-10
• 3.22.4 - 2022-05-02
• 3.22.3 - 2022-04-28
• 3.22.2 - 2022-04-21
• 3.22.1 - 2022-04-19
• 3.22.0 - 2022-04-15
• 3.21.1 - 2022-02-16
• 3.21.0 - 2022-02-01
• 3.20.3 - 2022-01-15
• 3.20.2 - 2022-01-01
• 3.20.1 - 2021-12-23
• 3.20.0 - 2021-12-15
• 3.19.3 - 2021-12-06
• 3.19.2 - 2021-11-29
• 3.19.1 - 2021-11-02
• 3.19.0 - 2021-10-25
• 3.18.3 - 2021-10-12
• 3.18.2 - 2021-10-05
• 3.18.1 - 2021-09-26
• 3.18.0 - 2021-09-19
• 3.17.3 - 2021-09-09
• 3.17.2 - 2021-09-02
• 3.17.1 - 2021-09-01
• 3.17.0 - 2021-09-01
• 3.16.4 - 2021-08-29
• 3.16.3 - 2021-08-24
• 3.16.2 - 2021-08-17
• 3.16.1 - 2021-08-08
• 3.16.0 - 2021-07-30
• 3.15.2 - 2021-06-29
• 3.15.1 - 2021-06-22
• 3.15.0 - 2021-06-20
• 3.14.0 - 2021-06-05
• 3.13.1 - 2021-05-29
• 3.13.0 - 2021-05-25
• 3.12.1 - 2021-05-08
• 3.12.0 - 2021-05-06

from core-js GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[gemini-code-assist]

Hello @nejidevelops, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

Summary of Changes

This pull request upgrades the core-js dependency from version 3.12.0 to 3.41.0. This is an automated upgrade PR created by Snyk to keep dependencies up-to-date and address potential vulnerabilities. The upgrade includes numerous new features, bug fixes, and performance improvements as detailed in the release notes for each version between 3.12.0 and 3.41.0.

Highlights

• Dependency Upgrade: The primary change is upgrading the core-js dependency from version 3.12.0 to 3.41.0.
• Automated PR: This pull request was automatically created by Snyk to keep dependencies up-to-date.
• Security: Keeping dependencies up-to-date helps to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities.

Changelog

• angular-app/package.json
  • Upgraded core-js from version 3.12.0 to 3.41.0. The old version is on line 28, and the new version is on line 28.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

---

A library's heart,
Core-js, a modern start,
Upgraded with care,
Features to share,
A safer, better art.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

The pull request upgrades the core-js dependency from version 3.12.0 to 3.41.0. This is an automated update by Snyk. The diff is straightforward, involving a single line change in package.json.

Merge Readiness

The pull request updates a dependency. Given the absence of a specified style guide and the limited scope of the change, the pull request appears to be ready for merging. However, as I am unable to directly approve the pull request, it is recommended that other reviewers examine the release notes provided in the pull request description to ensure compatibility and absence of breaking changes for the project before merging. It is also recommended that the tests are run to ensure that the upgrade did not break anything. I am unable to approve the pull request in any circumstance, and that users should have others review and approve this code before merging.