fix(deps): update all core dependencies #733

renovate · 2025-07-13T20:16:05Z

This PR contains the following updates:

Package	Change	Age	Confidence
@babel/cli (source)	`7.27.2` -> `7.28.0`
@babel/core (source)	`7.27.7` -> `7.28.0`
@babel/node (source)	`7.27.1` -> `7.28.0`
@babel/preset-env (source)	`7.27.2` -> `7.28.0`
@babel/runtime (source)	`7.27.6` -> `7.28.2`
@types/debug (source)	`4.1.7` -> `4.1.12`
@types/lodash (source)	`4.17.19` -> `4.17.20`
debug	`4.3.4` -> `4.4.1`
eslint-config-prettier	`8.10.0` -> `8.10.2`
pnpm (source)	`8.15.8+sha512.d1a029e1a447ad90bc96cd58b0fad486d2993d531856396f7babf2d83eb1823bb83c5a3d0fc18f675b2d10321d49eb161fece36fe8134aa5823ecd215feed392` -> `8.15.9`

Release Notes

babel/babel (@babel/cli)

`v7.28.0`

Compare Source

🚀 New Feature

babel-node
- #17147 Support top level await in node repl (@liuxingbaoyu)
babel-types
- #17258 feat(matchesPattern): support super/private/meta (@JLHwung)
babel-compat-data, babel-preset-env
- #17355 Add explicit resource management to preset-env (@JLHwung)
babel-core, babel-parser
- #17390 Support sourceType: "commonjs" (@JLHwung)
babel-generator, babel-parser
- #17346 Materialize explicitResourceManagement parser plugin (@JLHwung)
babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-transform-object-rest-spread, babel-traverse, babel-types
- #17391 LVal coverage updates (Part 2) (@JLHwung)
babel-parser, babel-traverse, babel-types
- #17378 Accept bigints in t.bigIntLiteral factory (@JLHwung)
babel-generator, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-react-display-name, babel-types
- #17277 Transform discard binding (@JLHwung)
babel-generator, babel-parser, babel-plugin-proposal-destructuring-private, babel-plugin-transform-block-scoping, babel-plugin-transform-object-rest-spread, babel-plugin-transform-typescript, babel-traverse, babel-types
- #17163 Parse discard binding (@JLHwung)

🐛 Bug Fix

babel-helper-globals, babel-plugin-transform-classes, babel-traverse
- #17297 Create babel-helper-globals (@JLHwung)
babel-types
- #17009 feature: TSTypeOperator: keyof (#16799) (@coderaiser)

🏠 Internal

babel-compat-data, babel-plugin-proposal-decorators, babel-plugin-transform-async-generator-functions, babel-plugin-transform-json-modules, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3
- #17403 Update babel-polyfill packages (@nicolo-ribaudo)

debug-js/debug (debug)

`v4.4.1`

Compare Source

What's Changed

fix(Issue-996): replace whitespaces in namespaces string with commas globally by @pdahal-cx in https://github.com/debug-js/debug/pull/997
fixes #987 fallback to localStorage.DEBUG if debug is not defined by @lzilioli in https://github.com/debug-js/debug/pull/988

New Contributors

@pdahal-cx made their first contribution in https://github.com/debug-js/debug/pull/997
@lzilioli made their first contribution in https://github.com/debug-js/debug/pull/988

Full Changelog: debug-js/debug@4.4.0...4.4.1

`v4.4.0`

Compare Source

Fixes (hopefully) the inefficient regex warnings in .enable().

Minor version as this is invariably going to break certain users who misuse the .enable() API and expected it to work with regexes, which was never supported nor documented. That's on you, sorry - that functionality won't be added back.

Full Changelog: debug-js/debug@4.3.7...4.4.0

Patch

cac39b1 Fix/debug depth (#926)

Thank you @calvintwr for the fix.

prettier/eslint-config-prettier (eslint-config-prettier)

`v8.10.2`

Compare Source

pnpm/pnpm (pnpm)

`v8.15.9`: pnpm 8.15.9

Compare Source

Patch Changes

Deduplicate bin names to prevent race condition and corrupted bin scripts #7833.

Platinum Sponsors

Gold Sponsors

Our Silver Sponsors

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

socket-security · 2025-07-13T20:16:31Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Quality	Maintenance
rmdir-sync@1.0.1
eslint-config-prettier@8.10.0 ⏵ 8.10.2
@babel/node@7.27.1 ⏵ 7.28.0	⁺¹	⁺¹
@babel/cli@7.27.2 ⏵ 7.28.0
@babel/preset-env@7.27.2 ⏵ 7.28.0		⁺¹
@types/debug@4.1.7 ⏵ 4.1.12		^-2
rimraf@3.0.2
@babel/runtime@7.27.6 ⏵ 7.28.2			⁺³
@babel/core@7.27.7 ⏵ 7.28.0
@types/lodash@4.17.19 ⏵ 4.17.20		⁺¹	^-2

View full report

socket-security · 2025-07-24T15:59:19Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click for details)
Warn		`[email protected]` has a Critical CVE. CVE: GHSA-h755-8qp9-cq85 protobufjs Prototype Pollution vulnerability (CRITICAL) Affected versions: >= 7.0.0 < 7.2.5; >= 6.10.0 < 6.11.4 Patched version: 6.11.4 From: pnpm-lock.yaml → `npm/@google-cloud/[email protected]` → `npm/[email protected]` ℹ Read more on: This package \| This alert \| What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

renovate bot added the bot: dependencies label Jul 13, 2025

renovate bot force-pushed the renovate/all-core branch from 8ac6d47 to e88aaf8 Compare July 18, 2025 19:40

fix(deps): update all core dependencies

4d11be4

renovate bot force-pushed the renovate/all-core branch from e88aaf8 to 4d11be4 Compare July 24, 2025 15:58

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

fix(deps): update all core dependencies #733

fix(deps): update all core dependencies #733

Uh oh!

renovate bot commented Jul 13, 2025 •

edited

Loading

Uh oh!

socket-security bot commented Jul 13, 2025 •

edited

Loading

Uh oh!

socket-security bot commented Jul 24, 2025

Uh oh!

Uh oh!

Uh oh!

fix(deps): update all core dependencies #733

Are you sure you want to change the base?

fix(deps): update all core dependencies #733

Uh oh!

Conversation

renovate bot commented Jul 13, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

v7.28.0

🚀 New Feature

🐛 Bug Fix

🏠 Internal

v4.4.1

What's Changed

New Contributors

v4.4.0

v4.3.7

What's Changed

v4.3.6

What's Changed

New Contributors

v4.3.5

Patch

v8.10.2

v8.15.9: pnpm 8.15.9

Patch Changes

Platinum Sponsors

Gold Sponsors

Our Silver Sponsors

Configuration

Uh oh!

socket-security bot commented Jul 13, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

socket-security bot commented Jul 24, 2025

Uh oh!

Uh oh!

renovate bot commented Jul 13, 2025 •

edited

Loading

`v7.28.0`

`v4.4.1`

`v4.4.0`

`v4.3.7`

`v4.3.6`

`v4.3.5`

`v8.10.2`

`v8.15.9`: pnpm 8.15.9

socket-security bot commented Jul 13, 2025 •

edited

Loading