[Snyk] Upgrade: @babel/core, @babel/runtime

[snyk-bot]

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on
@babel/core from 7.8.4 to 7.16.0	44 versions ahead of your current version	a month ago on 2021-10-29
@babel/runtime from 7.8.4 to 7.16.3	38 versions ahead of your current version	21 days ago on 2021-11-09

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-610226	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1023599	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-610226	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1023599	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-COPYPROPS-1082870	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Improper Input Validation SNYK-JS-XMLDOM-1534562	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Open Redirect SNYK-JS-URLPARSE-1533425	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-1078283	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1072471	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:ua-parser-js:20180227	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1072471	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Command Injection SNYK-JS-NODENOTIFIER-1035794	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-MERMAID-1314738	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKDOWNIT-459438	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: @babel/core

• 7.16.0 - 2021-10-29
  

  v7.16.0 (2021-10-30)

  👓 Spec Compliance

  • babel-helpers, babel-plugin-proposal-async-generator-functions, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
    • #13824 Await promises from sync iterators with for-await (@ nicolo-ribaudo)

  🚀 New Feature

  • babel-generator, babel-parser, babel-plugin-transform-typescript, babel-types
    • #13802 Support TypeScript 4.5 type-only import/export specifiers (@ sosukesuzuki)
  • babel-parser
    • #13887 feat: support startColumn option (@ JLHwung)
  • babel-helper-fixtures, babel-helper-transform-fixture-test-runner, babel-parser, babel-plugin-syntax-typescript, babel-preset-typescript
    • #13838 Handle .mts and .cts files in @ babel/preset-typescript (@ nicolo-ribaudo)
  • Other
    • #13782 Add ESLint 8 support to @ babel/eslint-parser (@ nicolo-ribaudo)
  • babel-generator, babel-parser, babel-plugin-proposal-pipeline-operator, babel-plugin-syntax-pipeline-operator
    • #13749 Caret topic (pipe operator) (@ js-choi)
  • babel-compat-data, babel-generator, babel-parser, babel-preset-env, babel-types
    • #13713 Enable class static blocks by default (@ sosukesuzuki)
  • babel-helper-skip-transparent-expression-wrappers, babel-plugin-proposal-optional-chaining
    • #13687 add skipTransparentExprWrapperNodes helper (@ lightmare)
  • babel-traverse, babel-types
    • #13666 Add aliases for Standardized, TypeScript, and Flow (@ jridgewell)

  🐛 Bug Fix

  • babel-parser, babel-plugin-transform-typescript
    • #13876 [ts] Support private methods overloads (@ nicolo-ribaudo)
  • babel-plugin-transform-typescript
    • #13865 fix: allow enum member without initializer after non-literal member (@ lightmare)
  • babel-core, babel-helper-create-class-features-plugin, babel-plugin-transform-typescript
    • #13854 Don't transform declare class in plugin-proposal-class-properties (@ forivall)
  • babel-compat-data, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-bugfix-v8-spread-parameters-in-optional-chaining, babel-plugin-transform-react-constant-elements, babel-preset-env, babel-traverse
    • #13842 Implement @ babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression (@ JLHwung)
  • babel-plugin-proposal-async-generator-functions, babel-traverse
    • #13813 Restore traversal context after enter / traverse (@ JLHwung)
  • babel-traverse, babel-types
    • #13832 Mark static block as FunctionParent (@ JLHwung)
  • babel-generator
    • #13825 Fix missing inner comments in function expressions (@ overlookmotel)

  🏠 Internal

  • Every package
    • #13772 Use workspace:^ to specify @ babel/ dependencies (@ nicolo-ribaudo)
  • Other
    • #13856 Update to Yarn 3.1 (@ nicolo-ribaudo)
    • #13867 Test on Node.js 17 (@ nicolo-ribaudo)
  • babel-helper-fixtures, babel-plugin-proposal-class-properties, babel-plugin-transform-runtime, babel-preset-react
    • #13858 Force loading plugins/presets from the monorepo in tests (@ nicolo-ribaudo)
  • babel-types
    • #13844 [ts] precise return type on createTypeAnnotationBasedOnTypeof (babel-types) (@ lightmare)
  • babel-helpers
    • #13841 minor: remove ineffectual helper names filter (@ lightmare)
  • babel-core, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx, babel-types
    • #13820 Improve transform-react-jsx typings (@ JLHwung)

  🏃‍♀️ Performance

  • babel-types
    • #13843 Simplify (transpiled) babel-types builder wrappers (@ lightmare)

  Committers: 9

  • Babel Bot (@ babel-bot)
  • Emily Marigold Klassen (@ forivall)
  • Huáng Jùnliàng (@ JLHwung)
  • J. S. Choi (@ js-choi)
  • Justin Ridgewell (@ jridgewell)
  • Mickey Rose (@ lightmare)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
  • Sosuke Suzuki (@ sosukesuzuki)
  • @ overlookmotel
• 7.15.8 - 2021-10-06
  

  v7.15.8 (2021-10-06)

  Thanks @ julienw, @ NotWearingPants and @ shoonia for your first PRs!

  👓 Spec Compliance

  • babel-helper-module-transforms, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-umd
    • #13788 Sort module export names (@ JLHwung)
  • babel-parser
    • #13769 Tokenize keywords-like identifier as new tokens (@ JLHwung)

  🐛 Bug Fix

  • babel-generator
    • #13821 Fix missing inner comments in class expressions (@ overlookmotel)
  • babel-generator, babel-parser, babel-plugin-proposal-pipeline-operator
    • #13803 Collect comments around parentheses in expressions (@ nicolo-ribaudo)
  • babel-plugin-transform-typescript
    • #13800 fix: remove imported types from export (@ JLHwung)

  💅 Polish

  • babel-core
    • #13814 Improve debug logging for IgnoreList (@ paleite)
  • babel-node
    • #13784 [@ babel/node] Forward the signal SIGTERM as well (@ julienw)

  🏠 Internal

  • #13808 Update parser plugins for TypeScript tests (@ sosukesuzuki)
  • #13795 Fix Gulpfile path separator issue on Windows (@ NotWearingPants)

  🏃‍♀️ Performance

  • babel-code-frame
    • #13812 Optimization of string splitting (@ shoonia)

  Committers: 10

  • Alexander Zaytsev (@ shoonia)
  • Babel Bot (@ babel-bot)
  • Hirotaka Tagawa / wafuwafu13 (@ wafuwafu13)
  • Huáng Jùnliàng (@ JLHwung)
  • Julien Wajsberg (@ julienw)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
  • Patrick Eriksson (@ paleite)
  • Sosuke Suzuki (@ sosukesuzuki)
  • @ NotWearingPants
  • @ overlookmotel
• 7.15.5 - 2021-09-04
  

  v7.15.5 (2021-09-04)

  👓 Spec Compliance

  • babel-parser
    • #13727 Disallow #a in #b in c and similar expressions (@ nicolo-ribaudo)

  ↩️ Revert

  • babel-core
    • #13732 Revert "fix: non breaking align options naming" (@ fedeci)

  Committers: 3

  • Babel Bot (@ babel-bot)
  • Federico Ciardi (@ fedeci)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
• 7.15.4 - 2021-09-02
  Read more
• 7.15.0 - 2021-08-04
• 7.14.8 - 2021-07-20
• 7.14.6 - 2021-06-14
• 7.14.5 - 2021-06-09
• 7.14.3 - 2021-05-17
• 7.14.2 - 2021-05-12
• 7.14.0 - 2021-04-29
• 7.13.16 - 2021-04-20
• 7.13.15 - 2021-04-08
• 7.13.14 - 2021-03-29
• 7.13.13 - 2021-03-26
• 7.13.10 - 2021-03-08
• 7.13.8 - 2021-02-26
• 7.13.1 - 2021-02-23
• 7.13.0 - 2021-02-22
• 7.12.17 - 2021-02-18
• 7.12.16 - 2021-02-11
• 7.12.13 - 2021-02-03
• 7.12.10 - 2020-12-09
• 7.12.9 - 2020-11-24
• 7.12.8 - 2020-11-23
• 7.12.7 - 2020-11-20
• 7.12.3 - 2020-10-16
• 7.12.1 - 2020-10-15
• 7.12.0 - 2020-10-14
• 7.11.6 - 2020-09-03
• 7.11.5 - 2020-08-31
• 7.11.4 - 2020-08-20
• 7.11.1 - 2020-08-04
• 7.11.0 - 2020-07-30
• 7.10.5 - 2020-07-14
• 7.10.4 - 2020-06-30
• 7.10.3 - 2020-06-19
• 7.10.2 - 2020-05-30
• 7.10.1 - 2020-05-27
• 7.10.0 - 2020-05-26
• 7.9.6 - 2020-04-29
• 7.9.0 - 2020-03-20
• 7.8.7 - 2020-03-05
• 7.8.6 - 2020-02-27
• 7.8.4 - 2020-01-30

from @babel/core GitHub release notes

Package name: @babel/runtime

• 7.16.3 - 2021-11-09
  

  v7.16.3 (2021-11-09)

  Thanks @ The-x-Theorist for your first PR!

  🐛 Bug Fix

  • babel-helpers
    • #13862 fix(helpers): match Reflect.get behaviour (@ lightmare)
  • babel-plugin-transform-parameters, babel-traverse
    • #13941 Support transforming params of arrow functions in class fields (@ nicolo-ribaudo)
  • babel-parser
    • #13928 fix: incorrect await rejection following arrow function in parameters (Closes #13872) (@ The-x-Theorist)
  • Other
    • #13918 Fix parserOverride support in @ babel/eslint-parser (@ nicolo-ribaudo)

  🏠 Internal

  • babel-parser
    • #13891 Simplifiy tracking of valid JSX positions (@ JLHwung)
    • #13892 extract tt.lt and tt.gt from tt.relation (@ JLHwung)
  • babel-helper-compilation-targets, babel-preset-env
    • #13914 Update browserslist (@ nicolo-ribaudo)

  Committers: 5

  • Babel Bot (@ babel-bot)
  • Huáng Jùnliàng (@ JLHwung)
  • Mickey Rose (@ lightmare)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
  • Sneh Khatri (@ The-x-Theorist)
• 7.16.0 - 2021-10-29
  Read more
• 7.15.4 - 2021-09-02
  Read more
• 7.15.3 - 2021-08-11
• 7.14.8 - 2021-07-20
• 7.14.6 - 2021-06-14
• 7.14.5 - 2021-06-09
• 7.14.0 - 2021-04-29
• 7.13.17 - 2021-04-20
• 7.13.16 - 2021-04-20
• 7.13.10 - 2021-03-08
• 7.13.9 - 2021-03-01
• 7.13.8 - 2021-02-26
• 7.13.7 - 2021-02-24
• 7.13.6 - 2021-02-23
• 7.13.4 - 2021-02-23
• 7.13.2 - 2021-02-23
• 7.13.1 - 2021-02-23
• 7.13.0 - 2021-02-22
• 7.12.18 - 2021-02-18
• 7.12.17 - 2021-02-18
• 7.12.13 - 2021-02-03
• 7.12.5 - 2020-11-03
• 7.12.1 - 2020-10-15
• 7.12.0 - 2020-10-14
• 7.11.2 - 2020-08-05
• 7.11.1 - 2020-08-04
• 7.11.0 - 2020-07-30
• 7.10.5 - 2020-07-14
• 7.10.4 - 2020-06-30
• 7.10.3 - 2020-06-19
• 7.10.2 - 2020-05-30
• 7.10.1 - 2020-05-27
• 7.10.0 - 2020-05-26
• 7.9.6 - 2020-04-29
• 7.9.2 - 2020-03-21
• 7.9.0 - 2020-03-20
• 7.8.7 - 2020-03-05
• 7.8.4 - 2020-01-30

from @babel/runtime GitHub release notes

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs