Bump the parsing-minor-updates group across 1 directory with 2 updates#1107
Conversation
|
@dependabot rebase |
Bumps the parsing-minor-updates group with 2 updates in the /internal/staticanalysis/parsing directory: [@babel/parser](https://github.com/babel/babel/tree/HEAD/packages/babel-parser) and [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse). Updates `@babel/parser` from 7.26.5 to 7.29.3 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.3/packages/babel-parser) Updates `@babel/traverse` from 7.26.5 to 7.29.0 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.0/packages/babel-traverse) --- updated-dependencies: - dependency-name: "@babel/parser" dependency-version: 7.26.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: parsing-minor-updates - dependency-name: "@babel/traverse" dependency-version: 7.26.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: parsing-minor-updates ... Signed-off-by: dependabot[bot] <support@github.com>
71fbaeb to
c7ec0c8
Compare
Kusari Analysis Results:
Both the dependency and code security analyses independently recommend proceeding with this PR. The dependency analysis confirms that all updated @babel/* and @jridgewell/* transitive packages are on their latest versions, carry permissive MIT licenses, have no known vulnerabilities or advisories, and are not deprecated or end-of-life. The newly added @babel/helper-globals 7.28.0 is a clean addition from the well-maintained Babel ecosystem, and the removal of globals 11.12.0 and @jridgewell/set-array 1.2.1 reduces the overall dependency surface. The only governance-level concern noted is that the three @jridgewell packages have a low OpenSSF Scorecard score for code review practices in their upstream repositories; this is an upstream project governance issue and does not represent an active or exploitable risk for this PR. The code analysis found zero code issues, zero secrets, and zero workflow issues across all severity levels in the two modified files (package.json and package-lock.json). Combined, the risk profile of this PR is low, and there are no blocking security findings. Note View full detailed analysis result for more information on the output and the checks that were run.
Found this helpful? Give it a 👍 or 👎 reaction! |
|
Kusari PR Analysis rerun based on - c7ec0c8 performed at: 2026-05-15T01:23:23Z - link to updated analysis |
Bumps the parsing-minor-updates group with 2 updates in the /internal/staticanalysis/parsing directory: @babel/parser and @babel/traverse.
Updates
@babel/parserfrom 7.26.5 to 7.29.3Release notes
Sourced from @babel/parser's releases.
... (truncated)
Commits
183db7bv7.29.39bc522aSupport flow extends bound (#17923)69277a0Improve trailing comma comment handling (#17782)37d5595v7.29.2f030ad3[7.x backport] async x => {} must be in leading pos (#17840)aa8394ev7.29.0a0b4e5afix(parser): correctly parse type assertions inextendsclause (#17765)cb78ab7[7.x backport] fix(parser): improve super type argument parsing (#17723)f3a2226[babel 7] Delete Babel 8 fixtures (#17729)d7f4008v7.28.6Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for
@babel/parsersince your current version.Updates
@babel/traversefrom 7.26.5 to 7.29.0Release notes
Sourced from @babel/traverse's releases.
... (truncated)
Commits
aa8394ev7.29.084366a8fix(traverse): provide a hub when traversing a File or Program and no parentP...229eb45[7.x backport] fix: Rename switch discriminant references when body creates s...d7f4008v7.28.6905bc22fix: lint errors in main branch (#17612)a03e2b6fix:path.evaluatecorrectly returnsconfident(#17584)aac2c37chore: Use Gulpfile.mts (#17579)65c4a6b[Babel 8] fix: Improvetraversetypes (#17574)99dcba5chore: enable some ts-eslint rules (#17592)c92c491Improve Unicode handling in code-frame tokenizer (#17589)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for
@babel/traversesince your current version.