Skip to content

Bump semver and core-js-compat#57

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/multi-3e00c4ae9e
Open

Bump semver and core-js-compat#57
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/multi-3e00c4ae9e

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 8, 2026

Bumps semver and core-js-compat. These dependencies needed to be updated together.
Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

5.7

  • Add minVersion method

5.6

  • Move boolean loose param to an options object, with backwards-compatibility protection.
  • Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

  • Add version coercion capabilities

5.4

  • Add intersection checking

5.3

  • Add minSatisfying method

5.2

  • Add prerelease(v) that returns prerelease components

5.1

  • Add Backus-Naur for ranges
  • Remove excessively cute inspection methods

5.0

  • Remove AMD/Browserified build artifacts
  • Fix ltr and gtr when using the * range
  • Fix for range * with a prerelease identifier
Commits
Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.


Updates semver from 6.3.0 to 6.3.1

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

5.7

  • Add minVersion method

5.6

  • Move boolean loose param to an options object, with backwards-compatibility protection.
  • Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

  • Add version coercion capabilities

5.4

  • Add intersection checking

5.3

  • Add minSatisfying method

5.2

  • Add prerelease(v) that returns prerelease components

5.1

  • Add Backus-Naur for ranges
  • Remove excessively cute inspection methods

5.0

  • Remove AMD/Browserified build artifacts
  • Fix ltr and gtr when using the * range
  • Fix for range * with a prerelease identifier
Commits
Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.


Updates core-js-compat from 3.6.4 to 3.49.0

Changelog

Sourced from core-js-compat's changelog.

3.49.0 - 2026.03.16

  • Changes v3.48.0...v3.49.0 (373 commits)
  • Iterator.range updated following the actual spec version
    • Throw a RangeError on NaN start / end / step
    • Allow null as optionOrStep
  • Improved accuracy of Math.{ asinh, atanh } polyfills with big and small values
  • Improved accuracy of Number.prototype.toExponential polyfills with big and small values
  • Improved performance of atob, btoa, Uint8Array.fromHex, Uint8Array.prototype.setFromHex, and Uint8Array.prototype.toHex, #1503, #1464, #1510, thanks @​johnzhou721
  • Minor performance optimization polyfills of methods from Map upsert proposal
  • Polyfills of methods from Map upsert proposal from the pure version made generic to make it work with polyfilled and native collections
  • Wrap Symbol.for in Symbol.prototype.description polyfill for correct handling of empty string descriptions
  • Fixed a modern Safari bug in Array.prototype.includes with sparse arrays and fromIndex
  • Fixed one more case (Iterator.prototype.take) of a V8 ~ Chromium < 126 bug
  • Forced replacement of Iterator.{ concat, zip, zipKeyed } in the pure version for ensuring proper wrapped Iterator instances as the result
  • Fixed proxying .return() on exhausted iterator from some methods of iterator helpers polyfill to the underlying iterator
  • Fixed double .return() calling in case of throwing error in this method in the internal iterate helper that affected some polyfills
  • Fixed closing iterator on IteratorValue errors in the internal iterate helper that affected some polyfills
  • Fixed iterator closing in Array.from polyfill on failure to create array property
  • Fixed order of arguments validation in Array.fromAsync polyfill
  • Fixed a lack of counter validation on MAX_SAFE_INTEGER in Array.fromAsync polyfill
  • Fixed order of arguments validation in Array.prototype.flat polyfill
  • Fixed handling strings as iterables in Iterator.{ zip, zipKeyed } polyfills
  • Fixed some cases of iterators closing in Iterator.{ zip, zipKeyed } polyfills
  • Fixed validation of iterators .next() results an objects in Iterator.{ zip, zipKeyed } polyfills
  • Fixed a lack of early error in Iterator.concat polyfill on primitive as an iterator
  • Fixed buffer mutation exposure in Iterator.prototype.windows polyfill
  • Fixed iterator closing in Set.prototype.{ isDisjointFrom, isSupersetOf } polyfill
  • Fixed (updated following the final spec) one more case Set.prototype.difference polyfill with updating this
  • Fixed DataView.prototype.setFloat16 polyfill in (0, 1) range
  • Fixed order of arguments validation in String.prototype.{ padStart, padEnd } polyfills
  • Fixed order of arguments validation in String.prototype.{ startsWith, endsWith } polyfills
  • Fixed some cases of Infinity handling in String.prototype.substr polyfill
  • Fixed String.prototype.repeat polyfill with a counter exceeding 2 ** 32
  • Fixed some cases of chars case in escape polyfill
  • Fixed named backreferences in RegExp NCG polyfill
  • Fixed some cases of RegExp NCG polyfill in combination with other types of groups
  • Fixed some cases of RegExp NCG polyfill in combination with dotAll
  • Fixed String.prototype.replace with sticky polyfill, #810, #1514
  • Fixed RegExp sticky polyfill with alternation
  • Fixed handling of some line terminators in case of multiline + sticky mode in RegExp polyfill
  • Fixed .input slicing on result object with RegExp sticky mode polyfill
  • Fixed handling of empty groups with global and unicode modes in polyfills
  • Fixed URLSearchParam.prototype.delete polyfill with duplicate key-value pairs
  • Fixed possible removal of unnecessary entries in URLSearchParam.prototype.delete polyfill with second argument
  • Fixed an error in some cases of non-special URLs without a path in the URL polyfill
  • Fixed some percent encode cases / character sets in the URL polyfill
  • Fixed parsing of non-IPv4 hosts ends in a number in the URL polyfill
  • Fixed some cases of '' and null host handling in the URL polyfill
  • Fixed host parsing with hostname = host:port in the URL polyfill
  • Fixed host inheritance in some cases of file scheme in the URL polyfill

... (truncated)

Commits
  • 80adfc4 v3.49.0
  • 0ad3e00 fix a modern Safari bug in Array.prototype.includes with sparse arrays and ...
  • 802ea51 add Opera for Android 96 compat data mapping
  • 853bfa4 update some links
  • 8f1c37a fix compat data for parseInt and parseFloat
  • 7b510b0 add Deno 2.7.2 compat data mapping
  • fc3f7dd fix a lack of reactnative alias in core-js-compat types
  • 234eb24 add Deno 2.7 compat data mapping
  • 0e00424 mark Math.sumPrecise as shipped in V8 ~ Chrome 147
  • f747529 add Electron 42 compat data mapping
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump semver and core-js-compat
d9a48a8 
Bumps [semver](https://github.com/npm/node-semver) and [core-js-compat](https://github.com/zloirock/core-js/tree/HEAD/packages/core-js-compat). These dependencies needed to be updated together.

Updates `semver` from 5.7.1 to 5.7.2
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md)
- [Commits](npm/node-semver@v5.7.1...v5.7.2)

Updates `semver` from 6.3.0 to 6.3.1
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md)
- [Commits](npm/node-semver@v5.7.1...v5.7.2)

Updates `core-js-compat` from 3.6.4 to 3.49.0
- [Release notes](https://github.com/zloirock/core-js/releases)
- [Changelog](https://github.com/zloirock/core-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zloirock/core-js/commits/v3.49.0/packages/core-js-compat)

---
updated-dependencies:
- dependency-name: semver
  dependency-version: 5.7.2
  dependency-type: indirect
- dependency-name: semver
  dependency-version: 6.3.1
  dependency-type: indirect
- dependency-name: core-js-compat
  dependency-version: 3.49.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 8, 2026
@coveralls
Copy link
Copy Markdown

coveralls commented Apr 8, 2026
edited
Loading

Coverage Status

coverage: 59.375%. remained the same — dependabot/npm_and_yarn/multi-3e00c4ae9e into master

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@coveralls