fix(deps): update all core dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@babel/cli (source)	7.24.5 -> 7.25.6
@babel/core (source)	7.24.5 -> 7.25.2
@babel/node (source)	7.23.9 -> 7.25.0
@babel/plugin-proposal-decorators (source)	7.24.1 -> 7.24.7
@babel/plugin-proposal-function-sent (source)	7.24.1 -> 7.24.7
@babel/plugin-proposal-throw-expressions (source)	7.24.1 -> 7.24.7
@babel/plugin-transform-async-to-generator (source)	7.24.1 -> 7.24.7
@babel/plugin-transform-classes (source)	7.24.5 -> 7.25.4
@babel/plugin-transform-runtime (source)	7.24.3 -> 7.25.4
@babel/preset-env (source)	7.24.5 -> 7.25.4
@babel/preset-typescript (source)	7.24.1 -> 7.24.7
@babel/register (source)	7.23.7 -> 7.24.6
@babel/runtime (source)	7.24.5 -> 7.25.6
@types/lodash (source)	4.17.4 -> 4.17.7
@verdaccio/config (source)	7.0.0-next-7.15 -> 7.0.0-next-7.20
@verdaccio/core (source)	7.0.0-next-7.15 -> 7.0.0-next-7.20
@verdaccio/types (source)	12.0.0-next-7.3 -> 12.0.0-next-7.5
async (source)	3.2.5 -> 3.2.6
debug	4.3.4 -> 4.3.7
eslint-plugin-import	2.29.1 -> 2.30.0
snyk	1.1291.0 -> 1.1293.0
typedoc (source)	^0.25.0 -> ^0.26.0
typedoc-umlclass	^0.9.0 -> ^0.10.0

---

Release Notes

babel/babel (@​babel/cli)

v7.25.6

Compare Source

🐛 Bug Fix

• babel-generator
  • #​16783 Properly print inner comments in TS array types (@​nicolo-ribaudo)
  • #​16775 fix: jsx whitespace is not properly preserved when retainLines (@​liuxingbaoyu)
• babel-traverse
  • #​16727 fix: path.getAssignmentIdentifiers may be undefined (@​liuxingbaoyu)
• babel-parser
  • #​16761 fix: improve static canFollowModifier checks (@​JLHwung)
• babel-helpers, babel-plugin-transform-optional-chaining, babel-runtime-corejs3
  • #​16769 Only wrap functions in superPropertyGet helper (@​nicolo-ribaudo)

💅 Polish

• babel-generator, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-named-capturing-groups-regex, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx, babel-plugin-transform-react-pure-annotations, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env
  • #​16780 Do not enforce printing space between ( and comments (@​nicolo-ribaudo)
• babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes
  • #​16781 Don't throw when enabling both syntax-import-{assertions,attributes} (@​nicolo-ribaudo)
• babel-generator
  • #​16782 TS union/intersection nested in union does not need parens (@​nicolo-ribaudo)

🏠 Internal

• babel-generator
  • #​16777 Remove unused parent params in the generator (@​nicolo-ribaudo)

v7.24.8

Compare Source

👓 Spec Compliance

• babel-parser
  • #​16567 Do not use strict mode in TS declare (@​liuxingbaoyu)

🐛 Bug Fix

• babel-generator
  • #​16630 Correctly print parens around in in for heads (@​nicolo-ribaudo)
  • #​16626 Fix printing of comments in await using (@​nicolo-ribaudo)
  • #​16591 fix typescript code generation for yield expression inside type expre… (@​SreeXD)
• babel-parser
  • #​16613 Disallow destructuring assignment in using declarations (@​H0onnn)
  • #​16490 fix: do not add .value: undefined to regexp literals (@​liuxingbaoyu)
• babel-types
  • #​16615 Remove boolean props from ObjectTypeInternalSlot visitor keys (@​nicolo-ribaudo)
• babel-plugin-transform-typescript
  • #​16566 fix: Correctly handle export import x = (@​liuxingbaoyu)

💅 Polish

• babel-generator
  • #​16625 Avoid unnecessary parens around async in for await (@​nicolo-ribaudo)
• babel-traverse
  • #​16619 Avoid checking Scope.globals multiple times (@​liuxingbaoyu)

v7.24.7

Compare Source

🐛 Bug Fix

• babel-node
  • #​16554 Allow extra flags in babel-node (@​nicolo-ribaudo)
• babel-traverse
  • #​16522 fix: incorrect constantViolations with destructuring (@​liuxingbaoyu)
• babel-helper-transform-fixture-test-runner, babel-plugin-proposal-explicit-resource-management
  • #​16524 fix: Transform using in switch correctly (@​liuxingbaoyu)

🏠 Internal

• babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #​16525 Delete unused array helpers (@​blakewilson)

v7.24.6

Compare Source

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • #​16514 Fix source maps for private member expressions (@​nicolo-ribaudo)
• babel-core, babel-generator, babel-plugin-transform-modules-commonjs
  • #​16515 Fix source maps for template literals (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #​16485 Support undecorated static accessor in anonymous classes (@​JLHwung)
  • #​16484 Fix decorator bare yield await (@​JLHwung)
• babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
  • #​16483 Fix: throw TypeError if addInitializer is called after finished (@​JLHwung)
• babel-parser, babel-plugin-transform-typescript
  • #​16476 fix: Correctly parse cls.fn<C> = x (@​liuxingbaoyu)

🏠 Internal

• babel-core, babel-helpers, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #​16501 Generate helper metadata at build time (@​nicolo-ribaudo)
• babel-helpers
  • #​16499 Add tsconfig.json for @babel/helpers/src/helpers (@​nicolo-ribaudo)
• babel-cli, babel-helpers, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #​16495 Move all runtime helpers to individual files (@​nicolo-ribaudo)
• babel-parser, babel-traverse
  • #​16482 Statically generate boilerplate for bitfield accessors (@​nicolo-ribaudo)
• Other
  • #​16466 Migrate import assertions syntax (@​JLHwung)

verdaccio/verdaccio (@​verdaccio/config)

v7.0.0-next-7.20

Compare Source

v7.0.0-next-7.19

Compare Source

v7.0.0-next-7.18

Compare Source

v7.0.0-next-7.17

Compare Source

v7.0.0-next-7.16

Compare Source

verdaccio/verdaccio (@​verdaccio/core)

v7.0.0-next-7.20

Compare Source

v7.0.0-next-7.19

Compare Source

v7.0.0-next-7.18

Compare Source

v7.0.0-next-7.17

Compare Source

Patch Changes

• 6e764e3: feat: add support for npm owner

v7.0.0-next-7.16

Compare Source

caolan/async (async)

v3.2.6

Compare Source

debug-js/debug (debug)

v4.3.7

Compare Source

What's Changed

• Upgrade ms to version 2.1.3 by @​realityking in https://github.com/debug-js/debug/pull/819

Full Changelog: debug-js/debug@4.3.6...4.3.7

v4.3.6

Compare Source

What's Changed

• Avoid using deprecated RegExp.$1 by @​bluwy in https://github.com/debug-js/debug/pull/969

New Contributors

• @​bluwy made their first contribution in https://github.com/debug-js/debug/pull/969

Full Changelog: debug-js/debug@4.3.5...4.3.6

v4.3.5

Compare Source

Patch

• cac39b1 Fix/debug depth (#​926)

Thank you @​calvintwr for the fix.

import-js/eslint-plugin-import (eslint-plugin-import)

v2.30.0

Compare Source

Added

• [dynamic-import-chunkname]: add allowEmpty option to allow empty leading comments ([#​2942], thanks [@​JiangWeixian])
• [dynamic-import-chunkname]: Allow empty chunk name when webpackMode: 'eager' is set; add suggestions to remove name in eager mode ([#​3004], thanks [@​amsardesai])
• [no-unused-modules]: Add ignoreUnusedTypeExports option ([#​3011], thanks [@​silverwind])
• add support for Flat Config ([#​3018], thanks [@​michaelfaith])

Fixed

• [no-extraneous-dependencies]: allow wrong path ([#​3012], thanks [@​chabb])
• [no-cycle]: use scc algorithm to optimize ([#​2998], thanks [@​soryy708])
• [no-duplicates]: Removing duplicates breaks in TypeScript ([#​3033], thanks [@​yesl-kim])
• [newline-after-import]: fix considerComments option when require ([#​2952], thanks [@​developer-bandi])
• [order]: do not compare first path segment for relative paths ([#​2682]) ([#​2885], thanks [@​mihkeleidast])

Changed

• [Docs] no-extraneous-dependencies: Make glob pattern description more explicit ([#​2944], thanks [@​mulztob])
• [no-unused-modules]: add console message to help debug [#​2866]
• [Refactor] ExportMap: make procedures static instead of monkeypatching exportmap ([#​2982], thanks [@​soryy708])
• [Refactor] ExportMap: separate ExportMap instance from its builder logic ([#​2985], thanks [@​soryy708])
• [Docs] order: Add a quick note on how unbound imports and --fix ([#​2640], thanks [@​minervabot])
• [Tests] appveyor -> GHA (run tests on Windows in both pwsh and WSL + Ubuntu) ([#​2987], thanks [@​joeyguerra])
• [actions] migrate OSX tests to GHA ([ljharb#37], thanks [@​aks-])
• [Refactor] exportMapBuilder: avoid hoisting ([#​2989], thanks [@​soryy708])
• [Refactor] ExportMap: extract "builder" logic to separate files ([#​2991], thanks [@​soryy708])
• [Docs] [order]: update the description of the pathGroupsExcludedImportTypes option ([#​3036], thanks [@​liby])
• [readme] Clarify how to install the plugin ([#​2993], thanks [@​jwbth])

snyk/snyk (snyk)

v1.1293.0

Compare Source

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

News

• Starting with this version, Snyk cli binaries will be distributed via downloads.snyk.io instead of static.snyk.io. This includes intallation from npm, homebrew and scoop as well as many of the CI/CD integrations.

Features

• sbom: add support for license issues in sbom test (6948668)
• auth: Use OAuth2 as default authentication mechanism (35949c4)
• config: Introduce config environment command (0d8dd2b)
• container: When docker is not installed, platform parameter is now supported (64b405d)

Bug Fixes

• auth: align auth failure error messages for oauth (e3bfec3)
• auth: ensure environment variable precedence for auth tokens (24417d6)
• test: fix a bug related to multi-project .NET folder structures (755a38f)
• test: multiple pnpm workspace improvements (da5c14f)
• test: fixes a bug regarding Snyk attempting to get the dependencies from the wrong nuget *.deps.json file.(2e17434)
• test: support for pipenv with python 3.12 (09df3bc)
• test: support multi-part comparison for python pip versions. (b625eb9)
• container: container monitor with --json now outputs valid json(039c9bd)
• container: support hashing large .jar files (6f82231)
• sbom: fix issues in JSON output of sbom test command, include CWE values on CWE property (#​5331) (99773c3)
• sbom: include all detected dep-graphs of a container image (ea43977)
• iac: fixed an issue where the resource path was missing for certain Terraform resources. IAC-3015
• general: map previously unhandled exit codes to exit code 2 (9fde4fe)
• general: use entitlements when signing bundled macos binaries (bebc59c)

v1.1292.4

Compare Source

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Complete changelog

Bug Fixes

• deployment: Rollback of digital signature for the bundled macOS binary (#​5416)

v1.1292.3

Compare Source

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Complete changelog

Bug Fixes

• deployment: Add digital signature for the bundled macOS binary
  (#​5404)

v1.1292.2

Compare Source

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Complete changelog

Bug Fixes

• container test: Improve the accuracy of identifying npm projects within docker images by removing the explicit folder ignore rules
  (#​5384)
• container test: Pass platform parameter when pulling an image from a container registry (#​5360)

v1.1292.1

Compare Source

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Complete changelog

Bug Fixes

• test,monitor: fix improper permission error handling when accessing 'enablePnpmCli' feature flag

v1.1292.0

Compare Source

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

News

This Snyk CLI release delivers an assortment of bug fixes and improvements.

• We've added support for pnpm, giving you more flexibility in your project setup.
• You can now scan npm/yarn projects even without lockfiles, ensuring comprehensive vulnerability detection regardless of your dependency management approach.
• We're committed to strengthening security. This release includes redaction of additional sensitive data in debug logs, minimizing potential risks.

Complete changelog

Features

• test: Added pnpm support under 'enablePnpmCli' feature flag (#​5181) (46769cc)
• test: Support scan of npm/yarn projects without lockfiles (e2d77a9)
• monitor: Set target-reference in the monitor request (51ed8f5)
• code: Centrally check if code test is enabled (#​5239) (e5a00e2)
• sbom: Improve depgraph for Maven projects (fbb33d7)
• sbom: Use RFC 3339 for all timestamps in sbom test result (#​5204) (91bf191)
• language-server: Add --all-projects flag scans by default#​5247k/snyk/issues/5247)) (fdcf30e)
• language-server: Enable incremental scanning#​5291k/snyk/issues/5291)) (d198685)
• language-server: Add support for IDE themes (c1c4d08)
• language-server: Consistent styling across intellij and vscode (#​5282) (9aa6f76)
• logging: Redact additional types of sensitive data from debug logs (#​5254) (056cdab)

Bug Fixes

• auth: Autodetect IDE usage and fallback to API token based authentication (#​5241) (4c795e0)
• iac: Upgrade iac custom rules to address Vulnerabilities#​5191yk/snyk/issues/5191)) (453db24)
• language-server: Caching problem when no vulnerabilities in the IDE (#​5223) (89c9491)
• language-server: Remove incorrect /v1 path (#​5214) (cf16470)
• dependencies: Update dependencies to reduce vulnerabilities (#​5131) (4c7cb3c)
• sbom: sbom test output padding (e3b7cac)
• sbom: Fix container purl generation for apt and rpm (#​5207) (fa9d512)
• sbom: Retain error code during SBOM generation (#​5202) (5e98aaa)
• test: support cyclic dependencies in maven with dverbose (#​5208) (fb24c02)
• test: Add tool version and informationUri to sarif output (#​5203) (b899fd3)
• test: fixing several .NET bugs (#​5217) (c27d767)
• test: fixing a bug causing .NET beta scanning to fail on older versions of .NET (#​5228) (5fdecf7)
• test: .NET runtime resolution testing now supports projects targeting .NET Standard frameworks (#​5169) (44d0861)
• test: fix issues of type 'Cannot find module ...' in snyk-docker-plugin (#​5301) (88efd54)
• monitor: fix project name when using assets-project-name flag (#​5077) (57dc718)

v1.1291.1

Compare Source

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Bug Fixes

• dependencies: Upgrade go-getter to v1.7.4 to fix vulnerabilities (#​5252)

TypeStrong/TypeDoc (typedoc)

v0.26.6

Compare Source

Features

• Use of the @extends block tag no longer produces warnings, #​2659.
  This tag should only be used in JavaScript projects to specify the type parameters used when extending a parent class. It will not be rendered.
• Added new navigation.compactFolders option to prevent TypeDoc from compacting folders, similar to the VSCode option. #​2667.

Bug Fixes

• The suppressCommentWarningsInDeclarationFiles option now correctly ignores warnings in .d.cts and .d.mts files, #​2647.
• Restored re-exports in the page navigation menu, #​2671.
• JSON serialized projects will no longer contain reflection IDs for other projects created in the same run. Gerrit0/typedoc-plugin-zod#6.
• In packages mode the reflection ID counter will no longer be reset when converting projects. This previously could result in links to files not working as expected.

v0.26.5

Compare Source

Features

• TypeDoc now exposes array option defaults under OptionDefaults, #​2640.

Bug Fixes

• Constructor parameters which share a name with a property on a parent class will no longer inherit the comment on the parent class, #​2636.
• Packages mode will now attempt to use the comment declared in the comment class for inherited members, #​2622.
• TypeDoc no longer crashes when @document includes an empty file, #​2638.
• API: Event listeners added later with the same priority will be called later, #​2643.

Thanks!

• @​bladerunner2020

v0.26.4

Compare Source

Bug Fixes

• The page navigation sidebar no longer incorrectly includes re-exports if the same member is exported with multiple names #​2625.
• Page navigation now ensures the current page is visible when the page is first loaded, #​2626.
• If a relative linked image is referenced multiple times, TypeDoc will no longer sometimes produce invalid links to the image #​2627.
• @link tags will now be validated in referenced markdown documents, #​2629.
• @link tags are now resolved in project documents, #​2629.
• HTML/JSON output generated by TypeDoc now contains a trailing newline, #​2632.
• TypeDoc now correctly handles markdown documents with CRLF line endings, #​2628.
• @hidden is now properly applied when placed in a function implementation comment, #​2634.
• Comments on re-exports are now rendered.

Thanks!

• @​bukowa
• @​garrett-hopper

v0.26.3

Compare Source

Features

• "On This Page" navigation now includes the page groups in collapsible sections, #​2616.

Bug Fixes

• mailto: links are no longer incorrectly recognized as relative paths, #​2613.
• Added @since to the default li

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@babel/cli@7.25.6	Transitive: environment, filesystem, shell	+19	803 kB	nicolo-ribaudo
npm/@babel/core@7.25.2	environment, filesystem, unsafe	+41	11.2 MB	nicolo-ribaudo
npm/@babel/node@7.25.0	Transitive: environment, eval, filesystem, shell	+53	5.64 MB	nicolo-ribaudo
npm/@babel/plugin-proposal-decorators@7.24.7	Transitive: environment	+32	7.57 MB	nicolo-ribaudo
npm/@babel/plugin-proposal-function-sent@7.24.7	Transitive: environment	+26	6.65 MB	nicolo-ribaudo
npm/@babel/plugin-proposal-throw-expressions@7.24.7	None	+2	255 kB	nicolo-ribaudo
npm/@babel/plugin-transform-async-to-generator@7.24.7	Transitive: environment	+28	6.76 MB	nicolo-ribaudo
npm/@babel/plugin-transform-classes@7.25.4	Transitive: environment, filesystem	+37	9.49 MB	existentialism, hzoo, jlhwung, ...1 more
npm/@babel/plugin-transform-runtime@7.25.4	Transitive: environment, filesystem, unsafe	+49	13.1 MB	existentialism, hzoo, jlhwung, ...1 more
npm/@babel/preset-env@7.25.4	Transitive: environment, filesystem, unsafe	+154	25.4 MB	existentialism, hzoo, jlhwung, ...1 more
npm/@babel/preset-typescript@7.24.7	Transitive: environment	+39	8.17 MB	nicolo-ribaudo
npm/@babel/register@7.24.6	environment, filesystem, unsafe	+17	275 kB	nicolo-ribaudo
npm/@babel/runtime@7.25.6	None	+1	276 kB	nicolo-ribaudo
npm/@types/lodash@4.17.7	None	0	867 kB	types
npm/@verdaccio/config@7.0.0-next-7.20	environment, filesystem	+8	1.34 MB	verdaccio.npm
npm/@verdaccio/core@7.0.0-next-7.20	filesystem, network Transitive: environment, eval, unsafe	+10	2.72 MB	verdaccio.npm
npm/@verdaccio/types@12.0.0-next-7.5	None	0	70.2 kB	verdaccio.npm
npm/async@3.2.6	None	0	808 kB	aearly
npm/debug@4.3.7	None	+1	48.8 kB	qix, thebigredgeek, tjholowaychuk, ...1 more
npm/eslint-plugin-import@2.30.0	environment, filesystem, unsafe Transitive: eval	+99	9.1 MB	ljharb

🚮 Removed packages: npm/@babel/cli@7.24.5), npm/@babel/core@7.24.5), npm/@babel/node@7.23.9), npm/@babel/plugin-proposal-decorators@7.24.1), npm/@babel/plugin-proposal-function-sent@7.24.1), npm/@babel/plugin-proposal-throw-expressions@7.24.1), npm/@babel/plugin-transform-async-to-generator@7.24.1), npm/@babel/plugin-transform-classes@7.24.5), npm/@babel/plugin-transform-runtime@7.24.3), npm/@babel/preset-env@7.24.5), npm/@babel/preset-typescript@7.24.1), npm/@babel/register@7.23.7), npm/@babel/runtime@7.24.5), npm/@types/lodash@4.17.4), npm/@verdaccio/config@7.0.0-next-7.15), npm/@verdaccio/core@7.0.0-next-7.15), npm/@verdaccio/types@12.0.0-next-7.3), npm/async@3.2.5), npm/eslint-plugin-import@2.29.1), npm/snyk@1.1291.0)

View full report↗︎

[socket-security]

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report↗︎