Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯 The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
@babel/core
from 7.4.5 to 7.24.9 | 128 versions ahead of your current version | 24 days ago
on 2024-07-15
@babel/preset-env
from 7.4.5 to 7.24.8 | 110 versions ahead of your current version | a month ago
on 2024-07-11
Issues fixed by the recommended upgrade:
SNYK-JS-LODASH-567746
SNYK-JS-LODASH-608086
SNYK-JS-SEMVER-3247795
SNYK-JS-SEMVER-3247795
SNYK-JS-LODASH-1040724
SNYK-JS-LODASH-450202
SNYK-JS-PATHPARSE-1077067
SNYK-JS-BABELTRAVERSE-5962462
SNYK-JS-LODASH-6139239
SNYK-JS-BROWSERSLIST-1090194
SNYK-JS-JSON5-3182856
SNYK-JS-LODASH-1018905
Release notes
Package name: @babel/core
v7.24.9 (2024-07-15)
🐛 Bug Fix
babel-core
,babel-standalone
require()
call in@ babel/standalone
bundle (@ nicolo-ribaudo)babel-types
💅 Polish
babel-generator
,babel-plugin-transform-optional-chaining
as
/satisfies
(@ nicolo-ribaudo)🏠 Internal
babel-helper-module-transforms
Committers: 5
v7.24.8 (2024-07-11)
Thanks @ H0onnn, @ jkup and @ SreeXD for your first pull requests!
👓 Spec Compliance
babel-parser
declare
(@ liuxingbaoyu)🐛 Bug Fix
babel-generator
in
infor
heads (@ nicolo-ribaudo)await using
(@ nicolo-ribaudo)babel-parser
using
declarations (@ H0onnn).value: undefined
to regexp literals (@ liuxingbaoyu)babel-types
ObjectTypeInternalSlot
visitor keys (@ nicolo-ribaudo)babel-plugin-transform-typescript
export import x =
(@ liuxingbaoyu)💅 Polish
babel-generator
async
infor await
(@ nicolo-ribaudo)babel-traverse
Scope.globals
multiple times (@ liuxingbaoyu)Committers: 9
v7.24.7 (2024-06-05)
🐛 Bug Fix
babel-node
babel-traverse
constantViolations
with destructuring (@ liuxingbaoyu)babel-helper-transform-fixture-test-runner
,babel-plugin-proposal-explicit-resource-management
using
inswitch
correctly (@ liuxingbaoyu)🏠 Internal
babel-helpers
,babel-runtime-corejs2
,babel-runtime-corejs3
,babel-runtime
Committers: 7
v7.24.6 (2024-05-24)
Thanks @ amjed-98, @ blakewilson, @ coelhucas, and @ SukkaW for your first PRs!
🐛 Bug Fix
babel-helper-create-class-features-plugin
,babel-plugin-transform-class-properties
babel-core
,babel-generator
,babel-plugin-transform-modules-commonjs
babel-helper-create-class-features-plugin
,babel-plugin-proposal-decorators
babel-helpers
,babel-plugin-proposal-decorators
,babel-runtime-corejs3
babel-parser
,babel-plugin-transform-typescript
cls.fn<C> = x
(@ liuxingbaoyu)🏠 Internal
babel-core
,babel-helpers
,babel-plugin-transform-runtime
,babel-preset-env
,babel-runtime-corejs2
,babel-runtime-corejs3
,babel-runtime
babel-helpers
tsconfig.json
for@ babel/helpers/src/helpers
(@ nicolo-ribaudo)babel-cli
,babel-helpers
,babel-plugin-external-helpers
,babel-plugin-proposal-decorators
,babel-plugin-transform-class-properties
,babel-plugin-transform-modules-commonjs
,babel-plugin-transform-modules-systemjs
,babel-plugin-transform-runtime
,babel-preset-env
,babel-runtime-corejs2
,babel-runtime-corejs3
,babel-runtime
babel-parser
,babel-traverse
Committers: 9
v7.24.5 (2024-04-29)
Thanks @ romgrk and @ sossost for your first PRs!
🐛 Bug Fix
babel-plugin-transform-classes
,babel-traverse
babel-helpers
,babel-plugin-proposal-explicit-resource-management
,babel-runtime-corejs3
💅 Polish
babel-parser
using
declaration (@ JLHwung)🏠 Internal
babel-parser
@ babel/parser
AST types (@ nicolo-ribaudo).startNode
(@ nicolo-ribaudo)babel-helper-create-class-features-plugin
,babel-helper-member-expression-to-functions
,babel-helper-module-transforms
,babel-helper-split-export-declaration
,babel-helper-wrap-function
,babel-helpers
,babel-plugin-bugfix-firefox-class-in-computed-class-key
,babel-plugin-proposal-explicit-resource-management
,babel-plugin-transform-block-scoping
,babel-plugin-transform-destructuring
,babel-plugin-transform-object-rest-spread
,babel-plugin-transform-optional-chaining
,babel-plugin-transform-parameters
,babel-plugin-transform-private-property-in-object
,babel-plugin-transform-react-jsx-self
,babel-plugin-transform-typeof-symbol
,babel-plugin-transform-typescript
,babel-traverse
NodePath<T | U>
distributive (@ nicolo-ribaudo)babel-plugin-proposal-partial-application
,babel-types
JSXNamespacedName
from validCallExpression
args (@ nicolo-ribaudo)babel-plugin-transform-class-properties
,babel-preset-env
🏃♀️ Performance
babel-helpers
,babel-preset-env
,babel-runtime-corejs3
objectWithoutPropertiesLoose
on V8 (@ romgrk)Committers: 6
Package name: @babel/preset-env
v7.24.8 (2024-07-11)
Thanks @ H0onnn, @ jkup and @ SreeXD for your first pull requests!
👓 Spec Compliance
babel-parser
declare
(@ liuxingbaoyu)🐛 Bug Fix
babel-generator
in
infor
heads (@ nicolo-ribaudo)await using
(@ nicolo-ribaudo)babel-parser
using
declarations (@ H0onnn).value: undefined
to regexp literals (@ liuxingbaoyu)babel-types
ObjectTypeInternalSlot
visitor keys (@ nicolo-ribaudo)babel-plugin-transform-typescript
export import x =
(@ liuxingbaoyu)💅 Polish
babel-generator
async
infor await
(@ nicolo-ribaudo)babel-traverse
Scope.globals
multiple times (@ liuxingbaoyu)Committers: 9
v7.24.7 (2024-06-05)
🐛 Bug Fix
babel-node
babel-traverse
constantViolations
with destructuring (@ liuxingbaoyu)babel-helper-transform-fixture-test-runner
,babel-plugin-proposal-explicit-resource-management
using
inswitch
correctly (@ liuxingbaoyu)🏠 Internal
babel-helpers
,babel-runtime-corejs2
,babel-runtime-corejs3
,babel-runtime
Committers: 7
v7.24.6 (2024-05-24)
Thanks @ amjed-98, @ blakewilson, @ coelhucas, and @ SukkaW for your first PRs!
🐛 Bug Fix
babel-helper-create-class-features-plugin
,babel-plugin-transform-class-properties
babel-core
,babel-generator
,babel-plugin-transform-modules-commonjs
babel-helper-create-class-features-plugin
,babel-plugin-proposal-decorators
babel-helpers
,babel-plugin-proposal-decorators
,babel-runtime-corejs3
babel-parser
,babel-plugin-transform-typescript
cls.fn<C> = x
(@ liuxingbaoyu)🏠 Internal
babel-core
,babel-helpers
,babel-plugin-transform-runtime
,babel-preset-env
,babel-runtime-corejs2
,babel-runtime-corejs3
,babel-runtime
babel-helpers
tsconfig.json
for@ babel/helpers/src/helpers
(@ nicolo-ribaudo)babel-cli
,babel-helpers
,babel-plugin-external-helpers
,babel-plugin-proposal-decorators
,babel-plugin-transform-class-properties
,babel-plugin-transform-modules-commonjs
,babel-plugin-transform-modules-systemjs
,babel-plugin-transform-runtime
,babel-preset-env
,babel-runtime-corejs2
,babel-runtime-corejs3
,babel-runtime
babel-parser
,babel-traverse
Committers: 9
v7.24.5 (2024-04-29)
Thanks @ romgrk and @ sossost for your first PRs!
🐛 Bug Fix
babel-plugin-transform-classes
,babel-traverse
babel-helpers
,babel-plugin-proposal-explicit-resource-management
,babel-runtime-corejs3
💅 Polish
babel-parser
using
declaration (@ JLHwung)🏠 Internal
babel-parser
@ babel/parser
AST types (@ nicolo-ribaudo).startNode
(@ nicolo-ribaudo)babel-helper-create-class-features-plugin
,babel-helper-member-expression-to-functions
,babel-helper-module-transforms
,babel-helper-split-export-declaration
,babel-helper-wrap-function
,babel-helpers
,babel-plugin-bugfix-firefox-class-in-computed-class-key
,babel-plugin-proposal-explicit-resource-management
,babel-plugin-transform-block-scoping
,babel-plugin-transform-destructuring
,babel-plugin-transform-object-rest-spread
,babel-plugin-transform-optional-chaining
,babel-plugin-transform-parameters
,babel-plugin-transform-private-property-in-object
,babel-plugin-transform-react-jsx-self
,babel-plugin-transform-typeof-symbol
,babel-plugin-transform-typescript
,babel-traverse
NodePath<T | U>
distributive (@ nicolo-ribaudo)babel-plugin-proposal-partial-application
,babel-types
JSXNamespacedName
from validCallExpression
args (@ nicolo-ribaudo)babel-plugin-transform-class-properties
,babel-preset-env
🏃♀️ Performance
babel-helpers
,babel-preset-env
,babel-runtime-corejs3
objectWithoutPropertiesLoose
on V8 (@ romgrk)Committers: 6
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"","from":"babel/core","to":"babel/core"},{"name":"","from":"babel/preset-env","to":"babel/preset-env"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-567746","issue_id":"SNYK-JS-LODASH-567746","priority_score":731,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-608086","issue_id":"SNYK-JS-LODASH-608086","priority_score":472,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SEMVER-3247795","issue_id":"SNYK-JS-SEMVER-3247795","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SEMVER-3247795","issue_id":"SNYK-JS-SEMVER-3247795","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-1040724","issue_id":"SNYK-JS-LODASH-1040724","priority_score":467,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.2","score":360},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Code Injection"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-450202","issue_id":"SNYK-JS-LODASH-450202","priority_score":686,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-PATHPARSE-1077067","issue_id":"SNYK-JS-PATHPARSE-1077067","priority_score":372,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-BABELTRAVERSE-5962462","issue_id":"SNYK-JS-BABELTRAVERSE-5962462","priority_score":572,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"9.3","score":465},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Incomplete List of Disallowed Inputs"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-6139239","issue_id":"SNYK-JS-LODASH-6139239","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-BROWSERSLIST-1090194","issue_id":"SNYK-JS-BROWSERSLIST-1090194","priority_score":372,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-JSON5-3182856","issue_id":"SNYK-JS-JSON5-3182856","priority_score":427,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"6.4","score":320},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-1018905","issue_id":"SNYK-JS-LODASH-1018905","priority_score":372,"priority_score_factors":[{"type":"exploit","label":"Proof of C...