Skip to content

Bump @babel/plugin-transform-modules-systemjs from 7.29.0 to 7.29.4#5319

Closed
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/babel/plugin-transform-modules-systemjs-7.29.4
Closed

Bump @babel/plugin-transform-modules-systemjs from 7.29.0 to 7.29.4#5319
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/babel/plugin-transform-modules-systemjs-7.29.4

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 9, 2026
edited
Loading

Bumps @babel/plugin-transform-modules-systemjs from 7.29.0 to 7.29.4.

Release notes

Sourced from @​babel/plugin-transform-modules-systemjs's releases.

v7.29.4 (2026-05-05)

🐛 Bug Fix

  • babel-plugin-transform-modules-systemjs
    • #17974 [7.x backport]fix(systemjs): improve module string name support (@​JLHwung)

Committers: 1

v7.29.3 (2026-04-30)

👓 Spec Compliance

🐛 Bug Fix

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
    • #17931 fix(decorators): replace super within all removed static elements (@​JLHwung)
  • babel-register
  • babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env

💅 Polish

📝 Documentation

🏃‍♀️ Performance

  • babel-helper-import-to-platform-api, babel-plugin-proposal-import-wasm-source, babel-plugin-transform-json-modules

Committers: 4

v7.29.2 (2026-03-16)

👓 Spec Compliance

  • babel-parser

🐛 Bug Fix

  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-preset-env, babel-runtime-corejs3
  • babel-preset-env

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 9, 2026
norman-abramovitz pushed a commit that referenced this pull request May 10, 2026
@nabramovitz @norman-abramovitz
Pin @babel/plugin-transform-modules-systemjs ^7.29.4 via override
3b09213 
Patches GHSA-fv7c-fp4j-7gwp (high) — generates arbitrary code when
compiling malicious input. Vulnerable range <=7.29.3; bun.lock pinned
7.29.0 transitively via @babel/preset-env's ^7.29.0 constraint.

Open dependabot PRs #5319 + #5320 only touch package-lock.json (not
the source of truth in this repo); use the existing overrides block
to nudge bun's resolution to ^7.29.4 instead.
@dependabot
Bump @babel/plugin-transform-modules-systemjs from 7.29.0 to 7.29.4
c190335 
Bumps [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) from 7.29.0 to 7.29.4.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs)

---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-modules-systemjs"
  dependency-version: 7.29.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/babel/plugin-transform-modules-systemjs-7.29.4 branch from dc711e5 to c190335 Compare May 10, 2026 19:06
@nabramovitz
Copy link
Copy Markdown
Contributor

nabramovitz commented May 10, 2026

Superseded by lockfile / override applied directly on develop. Closing as no longer needed; dependabot will reopen if a new advisory bumps the floor.

1 similar comment
@norman-abramovitz
Copy link
Copy Markdown
Contributor

norman-abramovitz commented May 10, 2026

Superseded by lockfile / override applied directly on develop. Closing as no longer needed; dependabot will reopen if a new advisory bumps the floor.

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 10, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/babel/plugin-transform-modules-systemjs-7.29.4 branch May 10, 2026 19:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nabramovitz @norman-abramovitz