Skip to content

Bump the parsing-minor-updates group across 1 directory with 2 updates#1107

Merged
calebbrown merged 1 commit into
mainfrom
dependabot/npm_and_yarn/internal/staticanalysis/parsing/parsing-minor-updates-e039da91e4
May 15, 2026
Merged

Bump the parsing-minor-updates group across 1 directory with 2 updates#1107
calebbrown merged 1 commit into
mainfrom
dependabot/npm_and_yarn/internal/staticanalysis/parsing/parsing-minor-updates-e039da91e4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 1, 2025

Copy link
Copy Markdown
Contributor

Bumps the parsing-minor-updates group with 2 updates in the /internal/staticanalysis/parsing directory: @babel/parser and @babel/traverse.

Updates @babel/parser from 7.26.5 to 7.29.3

Release notes

Sourced from @​babel/parser's releases.

v7.29.3 (2026-04-30)

👓 Spec Compliance

🐛 Bug Fix

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
    • #17931 fix(decorators): replace super within all removed static elements (@​JLHwung)
  • babel-register
  • babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env

💅 Polish

📝 Documentation

🏃‍♀️ Performance

  • babel-helper-import-to-platform-api, babel-plugin-proposal-import-wasm-source, babel-plugin-transform-json-modules

Committers: 4

v7.29.2 (2026-03-16)

👓 Spec Compliance

  • babel-parser

🐛 Bug Fix

  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-preset-env, babel-runtime-corejs3
  • babel-preset-env
    • #17789 [7.x backport] preset-env include/exclude should accept bugfix plugins (@​JLHwung)

🏠 Internal

Committers: 2

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​babel/parser since your current version.


Updates @babel/traverse from 7.26.5 to 7.29.0

Release notes

Sourced from @​babel/traverse's releases.

v7.29.0 (2026-01-31)

Thanks @​simbahax for your first PR!

🚀 New Feature

  • babel-types
  • babel-standalone

🐛 Bug Fix

  • babel-parser
  • babel-traverse
    • #17708 fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (@​simbahax)
  • babel-plugin-transform-block-scoping, babel-traverse
    • #17737 [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (@​magic-akari)

🏃‍♀️ Performance

Committers: 6

v7.28.6 (2026-01-12)

Thanks @​kadhirash and @​kolvian for your first PRs!

🐛 Bug Fix

  • babel-cli, babel-code-frame, babel-core, babel-helper-check-duplicate-nodes, babel-helper-fixtures, babel-helper-plugin-utils, babel-node, babel-plugin-transform-flow-comments, babel-plugin-transform-modules-commonjs, babel-plugin-transform-property-mutators, babel-preset-env, babel-traverse, babel-types
  • babel-plugin-transform-regenerator
  • babel-plugin-transform-react-jsx

💅 Polish

  • babel-core, babel-standalone

🏠 Internal

  • babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-proposal-decorators, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, babel-plugin-syntax-optional-chaining-assign, babel-plugin-syntax-partial-application, babel-plugin-syntax-pipeline-operator, babel-plugin-syntax-throw-expressions, babel-plugin-syntax-typescript, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-dotall-regex, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-regexp-modifiers, babel-plugin-transform-unicode-property-regex, babel-plugin-transform-unicode-sets-regex

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​babel/traverse since your current version.


@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 1, 2025
@calebbrown

Copy link
Copy Markdown
Contributor

@dependabot rebase

Bumps the parsing-minor-updates group with 2 updates in the /internal/staticanalysis/parsing directory: [@babel/parser](https://github.com/babel/babel/tree/HEAD/packages/babel-parser) and [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse).


Updates `@babel/parser` from 7.26.5 to 7.29.3
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.3/packages/babel-parser)

Updates `@babel/traverse` from 7.26.5 to 7.29.0
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.0/packages/babel-traverse)

---
updated-dependencies:
- dependency-name: "@babel/parser"
  dependency-version: 7.26.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: parsing-minor-updates
- dependency-name: "@babel/traverse"
  dependency-version: 7.26.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: parsing-minor-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/internal/staticanalysis/parsing/parsing-minor-updates-e039da91e4 branch from 71fbaeb to c7ec0c8 Compare May 15, 2026 01:07
@kusari-inspector

kusari-inspector Bot commented May 15, 2026

Copy link
Copy Markdown

Kusari Inspector

Kusari Analysis Results:

Proceed with these changes

✅ No Flagged Issues Detected
All values appear to be within acceptable risk parameters.

Both the dependency and code security analyses independently recommend proceeding with this PR. The dependency analysis confirms that all updated @babel/* and @jridgewell/* transitive packages are on their latest versions, carry permissive MIT licenses, have no known vulnerabilities or advisories, and are not deprecated or end-of-life. The newly added @babel/helper-globals 7.28.0 is a clean addition from the well-maintained Babel ecosystem, and the removal of globals 11.12.0 and @jridgewell/set-array 1.2.1 reduces the overall dependency surface. The only governance-level concern noted is that the three @jridgewell packages have a low OpenSSF Scorecard score for code review practices in their upstream repositories; this is an upstream project governance issue and does not represent an active or exploitable risk for this PR. The code analysis found zero code issues, zero secrets, and zero workflow issues across all severity levels in the two modified files (package.json and package-lock.json). Combined, the risk profile of this PR is low, and there are no blocking security findings.

Note

View full detailed analysis result for more information on the output and the checks that were run.


@kusari-inspector rerun - Trigger a re-analysis of this PR
@kusari-inspector feedback [your message] - Send feedback to our AI and team
See Kusari's documentation for setup and configuration.
Commit: c7ec0c8, performed at: 2026-05-15T01:22:57Z

Found this helpful? Give it a 👍 or 👎 reaction!

@calebbrown calebbrown enabled auto-merge (squash) May 15, 2026 01:11
@calebbrown calebbrown merged commit 57bc772 into main May 15, 2026
10 of 12 checks passed
@calebbrown calebbrown deleted the dependabot/npm_and_yarn/internal/staticanalysis/parsing/parsing-minor-updates-e039da91e4 branch May 15, 2026 01:12
@kusari-inspector

Copy link
Copy Markdown

Kusari PR Analysis rerun based on - c7ec0c8 performed at: 2026-05-15T01:23:23Z - link to updated analysis

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant