Chore(deps): Bump the frontend-minor-patch group across 1 directory with 34 updates

[dependabot]

Bumps the frontend-minor-patch group with 33 updates in the /webroot directory:

Package	From	To
@statsig/js-client	3.25.3	3.32.6
@statsig/session-replay	3.25.3	3.32.6
@statsig/web-analytics	3.25.3	3.32.6
@vue/compat	3.4.21	3.5.32
axios	1.15.0	1.15.1
caniuse-lite	1.0.30001709	1.0.30001788
core-js	3.36.1	3.49.0
country-codes-flags-phone-codes	1.0.4	1.1.1
joi-password	4.2.0	4.3.0
libphonenumber-js	1.11.1	1.12.41
object.fromentries	2.0.4	2.0.8
vue	3.4.21	3.5.32
vue3-lazyload	0.3.8	0.4.2
@babel/preset-env	7.13.15	7.29.2
@types/qrcode	1.5.5	1.5.6
@vue/cli-plugin-babel	5.0.8	5.0.9
@vue/cli-plugin-e2e-cypress	5.0.8	5.0.9
@vue/cli-plugin-eslint	5.0.8	5.0.9
@vue/cli-plugin-pwa	5.0.8	5.0.9
@vue/cli-plugin-router	5.0.8	5.0.9
@vue/cli-plugin-typescript	5.0.8	5.0.9
@vue/cli-plugin-unit-mocha	5.0.8	5.0.9
@vue/cli-plugin-vuex	5.0.8	5.0.9
@vue/cli-service	5.0.8	5.0.9
@vue/test-utils	2.4.5	2.4.6
axe-core	4.9.1	4.11.3
chai-match-pattern	1.2.0	1.3.0
cypress-axe	1.6.0	1.7.0
cypress-localstorage-commands	2.2.7	2.3.0
eslint-plugin-import	2.29.1	2.32.0
moment-timezone	0.5.45	0.6.1
sharp	0.33.3	0.34.5
style-resources-loader	1.4.1	1.5.0

Updates @statsig/js-client from 3.25.3 to 3.32.6

Release notes

Sourced from @​statsig/js-client's releases.

3.32.6 - failure diagnostics

New Features

Improvements

• failure diagnostics for focused log event fail bucketing
• increased retry attempts and max pending batches
• new sdk exception url override option

Fixes

Included In This Release

• 89404417445031e01b87b0e7b44a739f28ee4b5d araf-statsig
  • fix: sdk exception url override option (#861)
• 13e0dcb378e627b930d5816b3630f6983006b0e8 araf-statsig
  • fix: bump retry attempts and max batches (#858)
• 312bf6b3f54d7c7a7b10636e3bbf8fd476a1791d araf-statsig
  • fix: bucket network failures (#857)

Full Changelog: statsig-io/js-client-monorepo@3.32.5...3.32.6

3.32.5 - refined retry strategy

New Features

Improvements

• refined retry strategy for specific type of network failures during log event
• Capture error messages for most prevalent failures

Fixes

Included In This Release

• 88510382b57568ea82b23cc151b547ea0ab64d5c araf-statsig
  • fix: reconcile tests (#852)
• 84ec1381f766b08831bbefcd22f4456c786c677e araf-statsig
  • fix: capture error message (#850)
• ca8a4b07d1c5a432927b17099d46feb28d6f1612 araf-statsig
  • fix: retry no response code batches (#849)

Full Changelog: statsig-io/js-client-monorepo@3.32.4...3.32.5

3.32.4 - failure path logging

New Features

... (truncated)

Commits

• 73d335e [release] 3.32.6 - failure diagnostics (#862)
• db3885e [release] 3.32.5 - refined retry strategy (#853)
• 18cec47 [release] 3.32.4 - failure path logging (#845)
• 0d60f47 [release] 3.32.3 - Flush web vital events more often (#837)
• 8379f54 [release] 3.32.2 - Adding debug metadata for Event Logger (#828)
• 5ef702a [release] 3.32.1 - Session replay gcir (#820)
• d3c719d [release] 3.32.0 - EventLogger Redesign (#805)
• cc7715d [release] 3.31.2 - Session related performance improvement (#778)
• 9d17e97 [release] 3.31.1 - generic serverless client, performance upgrades, and bug f...
• 7f82b75 Handle disableStableID in bootstrap comparison (#770)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by araf-statsig, a new releaser for @​statsig/js-client since your current version.

Updates @statsig/session-replay from 3.25.3 to 3.32.6

Release notes

Sourced from @​statsig/session-replay's releases.

3.32.6 - failure diagnostics

New Features

Improvements

• failure diagnostics for focused log event fail bucketing
• increased retry attempts and max pending batches
• new sdk exception url override option

Fixes

Included In This Release

• 89404417445031e01b87b0e7b44a739f28ee4b5d araf-statsig
  • fix: sdk exception url override option (#861)
• 13e0dcb378e627b930d5816b3630f6983006b0e8 araf-statsig
  • fix: bump retry attempts and max batches (#858)
• 312bf6b3f54d7c7a7b10636e3bbf8fd476a1791d araf-statsig
  • fix: bucket network failures (#857)

Full Changelog: statsig-io/js-client-monorepo@3.32.5...3.32.6

3.32.5 - refined retry strategy

New Features

Improvements

• refined retry strategy for specific type of network failures during log event
• Capture error messages for most prevalent failures

Fixes

Included In This Release

• 88510382b57568ea82b23cc151b547ea0ab64d5c araf-statsig
  • fix: reconcile tests (#852)
• 84ec1381f766b08831bbefcd22f4456c786c677e araf-statsig
  • fix: capture error message (#850)
• ca8a4b07d1c5a432927b17099d46feb28d6f1612 araf-statsig
  • fix: retry no response code batches (#849)

Full Changelog: statsig-io/js-client-monorepo@3.32.4...3.32.5

3.32.4 - failure path logging

New Features

... (truncated)

Commits

• 73d335e [release] 3.32.6 - failure diagnostics (#862)
• db3885e [release] 3.32.5 - refined retry strategy (#853)
• 18cec47 [release] 3.32.4 - failure path logging (#845)
• 0d60f47 [release] 3.32.3 - Flush web vital events more often (#837)
• 8379f54 [release] 3.32.2 - Adding debug metadata for Event Logger (#828)
• 5ef702a [release] 3.32.1 - Session replay gcir (#820)
• d3c719d [release] 3.32.0 - EventLogger Redesign (#805)
• cc7715d [release] 3.31.2 - Session related performance improvement (#778)
• 8722411 chore: improve perf on session id (#776)
• 9d17e97 [release] 3.31.1 - generic serverless client, performance upgrades, and bug f...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by araf-statsig, a new releaser for @​statsig/session-replay since your current version.

Updates @statsig/web-analytics from 3.25.3 to 3.32.6

Release notes

Sourced from @​statsig/web-analytics's releases.

3.32.6 - failure diagnostics

New Features

Improvements

• failure diagnostics for focused log event fail bucketing
• increased retry attempts and max pending batches
• new sdk exception url override option

Fixes

Included In This Release

• 89404417445031e01b87b0e7b44a739f28ee4b5d araf-statsig
  • fix: sdk exception url override option (#861)
• 13e0dcb378e627b930d5816b3630f6983006b0e8 araf-statsig
  • fix: bump retry attempts and max batches (#858)
• 312bf6b3f54d7c7a7b10636e3bbf8fd476a1791d araf-statsig
  • fix: bucket network failures (#857)

Full Changelog: statsig-io/js-client-monorepo@3.32.5...3.32.6

3.32.5 - refined retry strategy

New Features

Improvements

• refined retry strategy for specific type of network failures during log event
• Capture error messages for most prevalent failures

Fixes

Included In This Release

• 88510382b57568ea82b23cc151b547ea0ab64d5c araf-statsig
  • fix: reconcile tests (#852)
• 84ec1381f766b08831bbefcd22f4456c786c677e araf-statsig
  • fix: capture error message (#850)
• ca8a4b07d1c5a432927b17099d46feb28d6f1612 araf-statsig
  • fix: retry no response code batches (#849)

Full Changelog: statsig-io/js-client-monorepo@3.32.4...3.32.5

3.32.4 - failure path logging

New Features

... (truncated)

Commits

• 73d335e [release] 3.32.6 - failure diagnostics (#862)
• db3885e [release] 3.32.5 - refined retry strategy (#853)
• 18cec47 [release] 3.32.4 - failure path logging (#845)
• 0d60f47 [release] 3.32.3 - Flush web vital events more often (#837)
• 8d7e2ac fix: flush web vitals more often (#834)
• 8379f54 [release] 3.32.2 - Adding debug metadata for Event Logger (#828)
• 5ef702a [release] 3.32.1 - Session replay gcir (#820)
• d3c719d [release] 3.32.0 - EventLogger Redesign (#805)
• cc7715d [release] 3.31.2 - Session related performance improvement (#778)
• 8722411 chore: improve perf on session id (#776)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by araf-statsig, a new releaser for @​statsig/web-analytics since your current version.

Updates @vue/compat from 3.4.21 to 3.5.32

Release notes

Sourced from @​vue/compat's releases.

v3.5.32

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.31

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.30

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.29

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.28

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.27

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.26

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.25

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.24

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.23

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.22

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.21

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.20

For stable releases, please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from @​vue/compat's changelog.

3.5.32 (2026-04-03)

Bug Fixes

• runtime-core: prevent currentInstance leak into sibling render during async setup re-entry (#14668) (f166353), closes #14667
• teleport: handle updates before deferred mount (#14642) (32b44f1), closes #14640
• types: allow customRef to have different getter/setter types (#14639) (e20ddb0)
• types: use private branding for shallowReactive (#14641) (302c47a), closes #14638 #14493

Reverts

• Revert "fix(server-renderer): cleanup component effect scopes after SSR render" (#14674) (219d83b), closes #14674 #14669

3.5.31 (2026-03-25)

Bug Fixes

• compiler-sfc: allow Node.js subpath imports patterns in asset urls (#13045) (95c3356), closes #9919
• compiler-sfc: support template literal as defineModel name (#14622) (bd7eef0), closes #14621
• reactivity: normalize toRef property keys before dep lookup + improve types (#14625) (1bb28d0), closes #12427 #12431
• runtime-core: invalidate detached v-for memo vnodes after unmount (#14624) (560def4), closes #12708 #12710
• runtime-core: preserve nullish event handlers in mergeProps (#14550) (5725222)
• runtime-core: prevent merging model listener when value is null or undefined (#14629) (b39e032)
• runtime-dom: defer teleport mount/update until suspense resolves (#8619) (88ed045), closes #8603
• runtime-dom: handle activeElement check in Shadow DOM for v-model (#14196) (959ded2)
• server-renderer: cleanup component effect scopes after SSR render (#14548) (862f11e)
• suspense: avoid unmount activeBranch twice if wrapped in transition (#9392) (908c6ad), closes #7966
• suspense: update suspense vnode's el during branch self-update (#12922) (a2c1700), closes #12920
• transition: skip enter guard while hmr updating (#14611) (be0a2f1), closes #14608
• types: prevent shallowReactive marker from leaking into value unions (#14493) (3b561db), closes #14490

3.5.30 (2026-03-09)

Bug Fixes

• compat: add entities to @​vue/compat deps to fix CJS edge cases (#12514) (e725a67), closes #10609
• custom-element: ensure child component styles are injected in correct order before parent styles (#13374) (1398bf8), closes #13029
• custom-element: properly locate parent when slotted in shadow dom (#12480) (f06c81a), closes #12479
• custom-element: should properly patch as props for vue custom elements (#12409) (740983e), closes #12408
• reactivity: avoid duplicate raw/proxy entries in Set.add (#14545) (d943612)
• reactivity: fix reduce on reactive arrays to preserve reactivity (#12737) (16ef165), closes #12735
• reactivity: handle Set with initial reactive values edge case (#12393) (5dc27ca), closes #8647

... (truncated)

Commits

• 9a2eb53 release: v3.5.32
• 32b44f1 fix(teleport): handle updates before deferred mount (#14642)
• f166353 fix(runtime-core): prevent currentInstance leak into sibling render during as...
• 302c47a fix(types): use private branding for shallowReactive (#14641)
• e20ddb0 fix(types): allow customRef to have different getter/setter types (#14639)
• 219d83b Revert "fix(server-renderer): cleanup component effect scopes after SSR rende...
• fa23116 chore: fix typos in changelogs (#14653)
• 81615d3 release: v3.5.31
• 3b561db fix(types): prevent shallowReactive marker from leaking into value unions (#1...
• 1b2aca4 chore: ignore entities updates in renovate (#14630)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​vue/compat since your current version.

Updates axios from 1.15.0 to 1.15.1

Release notes

Sourced from axios's releases.

v1.15.1

This release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.

🔒 Security Fixes

• Header Injection Hardening: Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (#10749)
• CRLF Stripping in Multipart Headers: Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (#10758)
• Prototype Pollution / Auth Bypass: Replaced unsafe in checks with hasOwnProperty to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (#10761, #10760)
• withXSRFToken Truthy Bypass: Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (#10762)
• maxBodyLength With Zero Redirects: Enforces maxBodyLength even when maxRedirects is set to 0, closing a bypass path for oversized request bodies. (#10753)
• Streamed Response maxContentLength Bypass: Applies maxContentLength to streamed responses that previously bypassed the cap. (#10754)
• Follow-up CVE Completion: Completes an earlier incomplete CVE fix to fully close the regression window. (#10755)

🚀 New Features

• AI-Based Docs Translations: Initial scaffold for AI-assisted translations of the documentation site. (#10705)
• Location Request Header Type: Adds Location to CommonRequestHeadersList for accurate typing of redirect-aware requests. (#7528)

🐛 Bug Fixes

• FormData Handling: Removes Content-Type when no boundary is present on FormData fetch requests, supports multi-select fields, cancels request.body instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (#7314, #10676, #10702, #10726)
• HTTP Adapter: Handles socket-only request errors without leaking keep-alive listeners. (#10576)
• Progress Events: Clamps loaded to total for computable upload/download progress events. (#7458)
• Types: Aligns runWhen type with the runtime behaviour in InterceptorManager and makes response header keys case-insensitive. (#7529, #10677)
• buildFullPath: Uses strict equality in the base/relative URL check. (#7252)
• AxiosURLSearchParams Regex: Improves the regex used for param serialisation to avoid edge-case mismatches. (#10736)
• Resilient Value Parsing: Parses out header/config values instead of throwing on malformed input. (#10687)
• Docs Artefact Cleanup: Removes the docs content that was incorrectly committed. (#10727)

🔧 Maintenance & Chores

• Threat Model & Security Docs: Ongoing refinement of THREATMODEL.md, including Hopper security update, TLS and tag-replay wording, mitigation descriptions, decompression-bomb guidance, and further cleanup. (#10672, #10715, #10718, #10722, #10763, #10765)
• Test Coverage & Migration: Expanded shouldBypassProxy coverage for wildcard/IPv6/edge cases, documented and tested AxiosError.status, and migrated progressEventReducer tests to Vitest. (#10723, #10725, #10741)
• Type Refactor: Uses TypeScript utility types to deduplicate literal unions. (#7520)
• Repo & CI: Adds CODEOWNERS, switches v1.x releases to an ephemeral release branch, and removes orphaned Bower support. (#10739, #10738, #10746)
• Changelog Backfill: Added missing version entries to the changelog. (#10704)
• Dependencies: Bumped follow-redirects (1.15.11 → 1.16.0) in root and docs, axios (1.14.0 → 1.15.0) in docs, and a group of 5 development dependencies. (#10717, #10716, #10684, #10709)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​curiouscoder-cmd (#7252)
• @​tryonelove (#7520)
• @​darwin808 (#7314)
• @​zoontek (#10702)
• @​AKIB473 (#10725)

Full Changelog

Changelog

Sourced from axios's changelog.

v1.15.1 - April 19, 2026

This release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.

🔒 Security Fixes

• Header Injection Hardening: Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (#10749)

• CRLF Stripping in Multipart Headers: Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (#10758)

• Prototype Pollution / Auth Bypass: Replaced unsafe in checks with hasOwnProperty to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (#10761, #10760)

• withXSRFToken Truthy Bypass: Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (#10762)

• maxBodyLength With Zero Redirects: Enforces maxBodyLength even when maxRedirects is set to 0, closing a bypass path for oversized request bodies. (#10753)

• Streamed Response maxContentLength Bypass: Applies maxContentLength to streamed responses that previously bypassed the cap. (#10754)

• Follow-up CVE Completion: Completes an earlier incomplete CVE fix to fully close the regression window. (#10755)

🚀 New Features

• AI-Based Docs Translations: Initial scaffold for AI-assisted translations of the documentation site. (#10705)

• Location Request Header Type: Adds Location to CommonRequestHeadersList for accurate typing of redirect-aware requests. (#7528)

🐛 Bug Fixes

• FormData Handling: Removes Content-Type when no boundary is present on FormData fetch requests, supports multi-select fields, cancels request.body instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (#7314, #10676, #10702, #10726)

• HTTP Adapter: Handles socket-only request errors without leaking keep-alive listeners. (#10576)

• Progress Events: Clamps loaded to total for computable upload/download progress events. (#7458)

• Types: Aligns runWhen type with the runtime behaviour in InterceptorManager and makes response header keys case-insensitive. (#7529, #10677)

• buildFullPath: Uses strict equality in the base/relative URL check. (#7252)

• AxiosURLSearchParams Regex: Improves the regex used for param serialisation to avoid edge-case mismatches. (#10736)

• Resilient Value Parsing: Parses out header/config values instead of throwing on malformed input. (#10687)

• Docs Artefact Cleanup: Removes the docs content that was incorrectly committed. (#10727)

🔧 Maintenance & Chores

• Threat Model & Security Docs: Ongoing refinement of THREATMODEL.md, including Hopper security update, TLS and tag-replay wording, mitigation descriptions, decompression-bomb guidance, and further cleanup. (#10672, #10715, #10718, #10722, #10763, #10765)

• Test Coverage & Migration: Expanded shouldBypassProxy coverage for wildcard/IPv6/edge cases, documented and tested AxiosError.status, and migrated progressEventReducer tests to Vitest. (#10723, #10725, #10741)

... (truncated)

Commits

• ac42446 chore(release): prepare release 1.15.1 (#10767)
• 908f220 docs: update threatmodel (#10765)
• f93f815 docs: added docs around potential decompressions bomb (#10763)
• 1728aa1 fix: short-circuits on any truthy non-boolean in withXSRFToken (#10762)
• 42eb721 fix: replace in with has own prop util (#10761)
• 7587327 fix: strip crlf correctly (#10758)
• f0b9867 chore: added additional testing for this issue (#10760)
• e033f24 fix: incomplete fix for cve (#10755)
• e8904af fix: stream response bypassed max content length (#10754)
• 1c7f6d7 fix: enforce max body length when max redirects is 0 (#10753)
• Additional commits viewable in compare view

Updates caniuse-lite from 1.0.30001709 to 1.0.30001788

Commits

• a90bee6 Update caniuse-db 1.0.30001788
• 5771bd6 Update caniuse-db 1.0.30001787
• e2dbdd9 Update caniuse-db 1.0.30001786
• 40a1d4e Update caniuse-db 1.0.30001785
• 14baeb0 Update caniuse-db 1.0.30001784
• f455430 Update caniuse-db 1.0.30001782
• 311d8db Update caniuse-db 1.0.30001781
• da39da8 Update caniuse-db 1.0.30001780
• 984281a Update caniuse-db 1.0.30001779
• 1386a01 Update caniuse-db 1.0.30001778
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for caniuse-lite since your current version.

Updates core-js from 3.36.1 to 3.49.0

Changelog

Sourced from core-js's changelog.

3.49.0 - 2026.03.16

• Changes v3.48.0...v3.49.0 (373 commits)
• Iterator.range updated following the actual spec version
  • Throw a RangeError on NaN start / end / step
  • Allow null as optionOrStep
• Improved accuracy of Math.{ asinh, atanh } polyfills with big and small values
• Improved accuracy of Number.prototype.toExponential polyfills with big and small values
• Improved performance of atob, btoa, Uint8Array.fromHex, Uint8Array.prototype.setFromHex, and Uint8Array.prototype.toHex, #1503, #1464, #1510, thanks @​johnzhou721
• Minor performance optimization polyfills of methods from Map upsert proposal
• Polyfills of methods from Map upsert proposal from the pure version made generic to make it work with polyfilled and native collections
• Wrap Symbol.for in Symbol.prototype.description polyfill for correct handling of empty string descriptions
• Fixed a modern Safari bug in Array.prototype.includes with sparse arrays and fromIndex
• Fixed one more case (Iterator.prototype.take) of a V8 ~ Chromium < 126 bug
• Forced replacement of Iterator.{ concat, zip, zipKeyed } in the pure version for ensuring proper wrapped Iterator instances as the result
• Fixed proxying .return() on exhausted iterator from some methods of iterator helpers polyfill to the underlying iterator
• Fixed double .return() calling in case of throwing error in this method in the internal iterate helper that affected some polyfills
• Fixed closing iterator on IteratorValue errors in the internal iterate helper that affected some polyfills
• Fixed iterator closing in Array.from polyfill on failure to create array property
• Fixed order of arguments validation in Array.fromAsync polyfill
• Fixed a lack of counter validation on MAX_SAFE_INTEGER in Array.fromAsync polyfill
• Fixed order of arguments validation in Array.prototype.flat polyfill
• Fixed handling strings as iterables in Iterator.{ zip, zipKeyed } polyfills
• Fixed some cases of iterators closing in Iterator.{ zip, zipKeyed } polyfills
• Fixed validation of iterators .next() results an objects in Iterator.{ zip, zipKeyed } polyfills
• Fixed a lack of early error in Iterator.concat polyfill on primitive as an iterator
• Fixed buffer mutation exposure in Iterator.prototype.windows polyfill
• Fixed iterator closing in Set.prototype.{ isDisjointFrom, isSupersetOf } polyfill
• Fixed (updated following the final spec) one more case Set.prototype.difference polyfill with updating this
• Fixed DataView.prototype.setFloat16 polyfill in (0, 1) range
• Fixed order of arguments validation in String.prototype.{ padStart, padEnd } polyfills
• Fixed order of arguments validation in String.prototype.{ startsWith, endsWith } polyfills
• Fixed some cases of Infinity handling in String.prototype.substr polyfill
• Fixed String.prototype.repeat polyfill with a counter exceeding 2 ** 32
• Fixed some cases of chars case in escape polyfill
• Fixed named backreferences in RegExp NCG polyfill
• Fixed some cases of RegExp NCG polyfill in combination with other types of groups
• Fixed some cases of RegExp NCG polyfill in combination with dotAll
• Fixed String.prototype.replace with sticky polyfill, #810, #1514
• Fixed RegExp sticky polyfill with alternation
• Fixed handling of some line terminators in case of multiline + sticky mode in RegExp polyfill
• Fixed .input slicing on result object with RegExp sticky mode poly...

  Description has been truncated