[Snyk] Upgrade: , , eslint, uglify-js

[BitcoinOutput]

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

@babel/core
from 7.18.6 to 7.25.2 | 52 versions ahead of your current version | a month ago
on 2024-07-30
@babel/preset-env
from 7.18.6 to 7.25.3 | 44 versions ahead of your current version | a month ago
on 2024-07-31
eslint
from 8.19.0 to 8.57.0 | 39 versions ahead of your current version | 7 months ago
on 2024-02-23
uglify-js
from 3.16.2 to 3.19.2 | 10 versions ahead of your current version | a month ago
on 2024-08-10

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	696	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577916	696	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577917	696	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577918	696	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	696	Proof of Concept
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	696	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696	Proof of Concept
	Denial of Service (DoS) SNYK-JS-WS-7266574	696	Proof of Concept
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	696	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696	Proof of Concept
	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	696	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	696	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	696	Proof of Concept

Release notes

Package name: @babel/core

• 7.25.2 - 2024-07-30
  

  v7.25.2 (2024-07-30)

  🐛 Bug Fix

  • babel-core, babel-traverse
    • #16695 Ensure that requeueComputedKeyAndDecorators is available (@ nicolo-ribaudo)

  Committers: 2

  • Huáng Jùnliàng (@ JLHwung)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
• 7.24.9 - 2024-07-15
  

  v7.24.9 (2024-07-15)

  🐛 Bug Fix

  • babel-core, babel-standalone
    • #16639 Avoid require() call in @ babel/standalone bundle (@ nicolo-ribaudo)
  • babel-types
    • #16638 fix: provide legacy typings for TS < 4.1 (@ JLHwung)

  💅 Polish

  • babel-generator, babel-plugin-transform-optional-chaining
    • #16617 Avoid extra parens in TS as/satisfies (@ nicolo-ribaudo)

  🏠 Internal

  • babel-helper-module-transforms
    • #16629 Lazy top-level initializations for module transforms (@ guybedford)

  Committers: 5

  • Babel Bot (@ babel-bot)
  • Guy Bedford (@ guybedford)
  • Huáng Jùnliàng (@ JLHwung)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
  • @ liuxingbaoyu
• 7.24.8 - 2024-07-11
• 7.24.7 - 2024-06-05
• 7.24.6 - 2024-05-24
• 7.24.5 - 2024-04-29
• 7.24.4 - 2024-04-03
• 7.24.3 - 2024-03-20
• 7.24.1 - 2024-03-19
• 7.24.0 - 2024-02-28
• 7.23.9 - 2024-01-25
• 7.23.7 - 2023-12-29
• 7.23.6 - 2023-12-11
• 7.23.5 - 2023-11-29
• 7.23.3 - 2023-11-09
• 7.23.2 - 2023-10-12
• 7.23.0 - 2023-09-25
• 7.22.20 - 2023-09-16
• 7.22.19 - 2023-09-14
• 7.22.18 - 2023-09-14
• 7.22.17 - 2023-09-08
• 7.22.15 - 2023-09-04
• 7.22.11 - 2023-08-24
• 7.22.10 - 2023-08-07
• 7.22.9 - 2023-07-12
• 7.22.8 - 2023-07-06
• 7.22.7 - 2023-07-06
• 7.22.6 - 2023-07-04
• 7.22.5 - 2023-06-08
• 7.22.1 - 2023-05-26
• 7.22.0 - 2023-05-26
• 7.21.8 - 2023-05-02
• 7.21.5 - 2023-04-28
• 7.21.4 - 2023-03-31
• 7.21.4-esm.4 - 2023-04-04
• 7.21.4-esm.3 - 2023-04-04
• 7.21.4-esm.2 - 2023-04-04
• 7.21.4-esm.1 - 2023-04-04
• 7.21.4-esm - 2023-04-04
• 7.21.3 - 2023-03-14
• 7.21.0 - 2023-02-20
• 7.20.12 - 2023-01-04
• 7.20.7 - 2022-12-22
• 7.20.5 - 2022-11-28
• 7.20.2 - 2022-11-04
• 7.19.6 - 2022-10-20
• 7.19.3 - 2022-09-27
• 7.19.1 - 2022-09-14
• 7.19.0 - 2022-09-05
• 7.18.13 - 2022-08-22
• 7.18.10 - 2022-08-01
• 7.18.9 - 2022-07-18
• 7.18.6 - 2022-06-27

from @babel/core GitHub release notes

Package name: @babel/preset-env

• 7.25.3 - 2024-07-31
  

  v7.25.3 (2024-07-31)

  🐛 Bug Fix

  • babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-traverse
    • #16699 Avoid validating visitors produced by traverse.visitors.merge (@ nicolo-ribaudo)

  🏠 Internal

  • babel-parser
    • #16688 Add @ babel/types as a dependency of @ babel/parser (@ nicolo-ribaudo)

  Committers: 2

  • Huáng Jùnliàng (@ JLHwung)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
• 7.25.2 - 2024-07-30
  

  v7.25.2 (2024-07-30)

  🐛 Bug Fix

  • babel-core, babel-traverse
    • #16695 Ensure that requeueComputedKeyAndDecorators is available (@ nicolo-ribaudo)

  Committers: 2

  • Huáng Jùnliàng (@ JLHwung)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
• 7.25.0 - 2024-07-26
  

  v7.25.0 (2024-07-26)

  Thanks @ davidtaylorhq and @ slatereax for your first PR!

  You can find the release blog post with some highlights at https://babeljs.io/blog/2024/07/26/7.25.0.

  👓 Spec Compliance

  • babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3
    • #16537 await using normative updates (@ JLHwung)
  • babel-plugin-transform-typescript
    • #16602 Ensure enum members syntactically determinable to be strings do not get reverse mappings (@ liuxingbaoyu)

  🚀 New Feature

  • babel-helper-create-class-features-plugin, babel-helper-function-name, babel-helper-plugin-utils, babel-helper-wrap-function, babel-plugin-bugfix-safari-class-field-initializer-scope, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-transform-classes, babel-plugin-transform-function-name, babel-preset-env, babel-traverse, babel-types
    • #16658 Move ensureFunctionName to NodePath.prototype (@ nicolo-ribaudo)
  • babel-helper-hoist-variables, babel-helper-plugin-utils, babel-plugin-proposal-async-do-expressions, babel-plugin-transform-modules-systemjs, babel-traverse
    • #16644 Move hoistVariables to Scope.prototype (@ nicolo-ribaudo)
  • babel-helper-create-class-features-plugin, babel-helper-module-transforms, babel-helper-plugin-utils, babel-helper-split-export-declaration, babel-plugin-transform-classes, babel-traverse, babel-types
    • #16645 Move splitExportDeclaration to NodePath.prototype (@ nicolo-ribaudo)
  • babel-helper-create-class-features-plugin, babel-helper-environment-visitor, babel-helper-module-transforms, babel-helper-plugin-utils, babel-helper-remap-async-to-generator, babel-helper-replace-supers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-transform-async-generator-functions, babel-plugin-transform-classes, babel-traverse
    • #16649 Move environment-visitor helper into @ babel/traverse (@ nicolo-ribaudo)
  • babel-core, babel-parser
    • #16480 Expose wether a module has TLA or not as .extra.async (@ nicolo-ribaudo)
  • babel-compat-data, babel-plugin-bugfix-safari-class-field-initializer-scope, babel-preset-env
    • #16569 Introduce bugfix-safari-class-field-initializer-scope (@ davidtaylorhq)
  • babel-plugin-transform-block-scoping, babel-traverse, babel-types
    • #16551 Add NodePath#getAssignmentIdentifiers (@ JLHwung)
  • babel-helper-import-to-platform-api, babel-plugin-proposal-json-modules
    • #16579 Add uncheckedRequire option for JSON imports to CJS (@ nicolo-ribaudo)
  • babel-helper-transform-fixture-test-runner, babel-node
    • #16642 Allow using custom config in babel-node --eval (@ slatereax)
  • babel-compat-data, babel-helper-create-regexp-features-plugin, babel-plugin-proposal-duplicate-named-capturing-groups-regex, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-preset-env, babel-standalone
    • #16445 Add duplicate-named-capturing-groups-regex to preset-env (@ JLHwung)

  🐛 Bug Fix

  • babel-generator
    • #16678 Print parens around as expressions on the LHS (@ nicolo-ribaudo)
  • babel-template, babel-types
    • #15286 fix: Props are lost when the template replaces the node (@ liuxingbaoyu)

  🏠 Internal

  • Other
    • #16674 bump gulp to 5 (@ JLHwung)
  • babel-generator
    • #16651 Simplify the printing logic for ( before ambiguous tokens (@ nicolo-ribaudo)
  • babel-helper-function-name, babel-plugin-transform-arrow-functions, babel-plugin-transform-function-name, babel-preset-env, babel-traverse
    • #16652 Simplify helper-function-name logic (@ nicolo-ribaudo)

  🏃‍♀️ Performance

  • babel-parser, babel-plugin-proposal-pipeline-operator
    • #16461 Some minor parser performance improvements for ts (@ liuxingbaoyu)

  🔬 Output optimization

  • babel-plugin-transform-classes
    • #16670 Reduce redundant assertThisInitialized (@ liuxingbaoyu)
  • babel-helper-create-class-features-plugin, babel-helper-replace-supers, babel-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-object-super, babel-plugin-transform-private-methods, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
    • #16374 Improve super.x output (@ liuxingbaoyu)
  • babel-plugin-transform-class-properties, babel-plugin-transform-classes
    • #16656 Simplify output for anonymous classes with no methods (@ nicolo-ribaudo)

  Committers: 6

  • Artem (@ slatereax)
  • Babel Bot (@ babel-bot)
  • David Taylor (@ davidtaylorhq)
  • Huáng Jùnliàng (@ JLHwung)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
  • @ liuxingbaoyu
• 7.24.8 - 2024-07-11
  

  v7.24.8 (2024-07-11)

  Thanks @ H0onnn, @ jkup and @ SreeXD for your first pull requests!

  👓 Spec Compliance

  • babel-parser
    • #16567 Do not use strict mode in TS declare (@ liuxingbaoyu)

  🐛 Bug Fix

  • babel-generator
    • #16630 Correctly print parens around in in for heads (@ nicolo-ribaudo)
    • #16626 Fix printing of comments in await using (@ nicolo-ribaudo)
    • #16591 fix typescript code generation for yield expression inside type expre… (@ SreeXD)
  • babel-parser
    • #16613 Disallow destructuring assignment in using declarations (@ H0onnn)
    • #16490 fix: do not add .value: undefined to regexp literals (@ liuxingbaoyu)
  • babel-types
    • #16615 Remove boolean props from ObjectTypeInternalSlot visitor keys (@ nicolo-ribaudo)
  • babel-plugin-transform-typescript
    • #16566 fix: Correctly handle export import x = (@ liuxingbaoyu)

  💅 Polish

  • babel-generator
    • #16625 Avoid unnecessary parens around async in for await (@ nicolo-ribaudo)
  • babel-traverse
    • #16619 Avoid checking Scope.globals multiple times (@ liuxingbaoyu)

  Committers: 9

  • Amjad Yahia Robeen Hassan (@ amjed-98)
  • Babel Bot (@ babel-bot)
  • Huáng Jùnliàng (@ JLHwung)
  • Jon Kuperman (@ jkup)
  • Nagendran N (@ SreeXD)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
  • Sukka (@ SukkaW)
  • @ H0onnn
  • @ liuxingbaoyu
• 7.24.7 - 2024-06-05
  

  v7.24.7 (2024-06-05)

  🐛 Bug Fix

  • babel-node
    • #16554 Allow extra flags in babel-node (@ nicolo-ribaudo)
  • babel-traverse
    • #16522 fix: incorrect constantViolations with destructuring (@ liuxingbaoyu)
  • babel-helper-transform-fixture-test-runner, babel-plugin-proposal-explicit-resource-management
    • #16524 fix: Transform using in switch correctly (@ liuxingbaoyu)

  🏠 Internal

  • babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
    • #16525 Delete unused array helpers (@ blakewilson)

  Committers: 7

  • Amjad Yahia Robeen Hassan (@ amjed-98)
  • Babel Bot (@ babel-bot)
  • Blake Wilson (@ blakewilson)
  • Huáng Jùnliàng (@ JLHwung)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
  • Sukka (@ SukkaW)
  • @ liuxingbaoyu
• 7.24.6 - 2024-05-24
• 7.24.5 - 2024-04-29
• 7.24.4 - 2024-04-03
• 7.24.3 - 2024-03-20
• 7.24.1 - 2024-03-19
• 7.24.0 - 2024-02-28
• 7.23.9 - 2024-01-25
• 7.23.8 - 2024-01-08
• 7.23.7 - 2023-12-29
• 7.23.6 - 2023-12-11
• 7.23.5 - 2023-11-29
• 7.23.3 - 2023-11-09
• 7.23.2 - 2023-10-11
• 7.22.20 - 2023-09-16
• 7.22.15 - 2023-09-04
• 7.22.14 - 2023-08-30
• 7.22.10 - 2023-08-07
• 7.22.9 - 2023-07-12
• 7.22.7 - 2023-07-06
• 7.22.6 - 2023-07-04
• 7.22.5 - 2023-06-08
• 7.22.4 - 2023-05-29
• 7.22.2 - 2023-05-26
• 7.22.1 - 2023-05-26
• 7.22.0 - 2023-05-26
• 7.21.5 - 2023-04-28
• 7.21.4 - 2023-03-31
• 7.21.4-esm.4 - 2023-04-04
• 7.21.4-esm.3 - 2023-04-04
• 7.21.4-esm.2 - 2023-04-04
• 7.21.4-esm.1 - 2023-04-04
• 7.21.4-esm - 2023-04-04
• 7.20.2 - 2022-11-04
• 7.19.4 - 2022-10-10
• 7.19.3 - 2022-09-27
• 7.19.1 - 2022-09-14
• 7.19.0 - 2022-09-05
• 7.18.10 - 2022-08-01
• 7.18.9 - 2022-07-18
• 7.18.6 - 2022-06-27

from @babel/preset-env GitHub release notes

Package name: eslint

• 8.57.0 - 2024-02-23
  

  Features

  • 1120b9b feat: Add loadESLint() API method for v8 (#18098) (Nicholas C. Zakas)
  • dca7d0f feat: Enable eslint.config.mjs and eslint.config.cjs (#18066) (Nitin Kumar)

  Bug Fixes

  • 2196d97 fix: handle absolute file paths in FlatRuleTester (#18064) (Nitin Kumar)
  • 69dd1d1 fix: Ensure config keys are printed for config errors (#18067) (Nitin Kumar)
  • 9852a31 fix: deep merge behavior in flat config (#18065) (Nitin Kumar)
  • 4c7e9b0 fix: allow circular references in config (#18056) (Milos Djermanovic)

  Documentation

  • 84922d0 docs: Show prerelease version in dropdown (#18139) (Nicholas C. Zakas)
  • 5b8c363 docs: Switch to Ethical Ads (#18117) (Milos Djermanovic)
  • 77dbfd9 docs: show NEXT in version selectors (#18052) (Milos Djermanovic)

  Chores

  • 1813aec chore: upgrade @ eslint/[email protected] (#18143) (Milos Djermanovic)
  • 5c356bb chore: package.json update for @ eslint/js release (Jenkins)
  • f4a1fe2 test: add more tests for ignoring files and directories (#18068) (Nitin Kumar)
  • 42c0aef ci: Enable CI for v8.x branch (#18047) (Milos Djermanovic)
• 8.56.0 - 2023-12-15
  

  Features

  • 0dd9704 feat: Support custom severity when reporting unused disable directives (#17212) (Bryan Mishkin)
  • 31a7e3f feat: fix no-restricted-properties false negatives with unknown objects (#17818) (Arka Pratim Chaudhuri)

  Bug Fixes

  • 7d5e5f6 fix: TypeError: fs.exists is not a function on read-only file system (#17846) (Francesco Trotta)
  • 74739c8 fix: suggestion with invalid syntax in no-promise-executor-return rule (#17812) (Bryan Mishkin)

  Documentation

  • 9007719 docs: update link in ways-to-extend.md (#17839) (Amel SELMANE)
  • 3a22236 docs: Update README (GitHub Actions Bot)
  • 54c3ca6 docs: fix migration-guide example (#17829) (Tanuj Kanti)
  • 4391b71 docs: check config comments in rule examples (#17815) (Francesco Trotta)
  • fd28363 docs: remove mention about ESLint stylistic rules in readme (#17810) (Zwyx)
  • 48ed5a6 docs: Update README (GitHub Actions Bot)

  Chores

  • ba6af85 chore: upgrade @ eslint/[email protected] (#17864) (Milos Djermanovic)
  • 60a531a chore: package.json update for @ eslint/js release (Jenkins)
  • ba87a06 chore: update dependency markdownlint to ^0.32.0 (#17783) (renovate[bot])
  • 9271d10 chore: add GitHub issue template for docs issues (#17845) (Josh Goldberg ✨)
  • 70a686b chore: Convert rule tests to FlatRuleTester (#17819) (Nicholas C. Zakas)
  • f3a599d chore: upgrade eslint-plugin-unicorn to v49.0.0 (#17837) (唯然)
  • 905d4b7 chore: upgrade eslint-plugin-eslint-plugin v5.2.1 (#17838) (唯然)
  • 4d7c3ce chore: update eslint-plugin-n v16.4.0 (#17836) (唯然)
  • fd0c60c ci: unpin Node.js 21.2.0 (#17821) (Francesco Trotta)
• 8.55.0 - 2023-12-01
  

  Features

  • 8c9e6c1 feat: importNamePattern option in no-restricted-imports (#17721) (Tanuj Kanti)

  Documentation

  • 83ece2a docs: fix typo --rules -> --rule (#17806) (OKURA Masafumi)
  • fffca5c docs: remove "Open in Playground" buttons for removed rules (#17791) (Francesco Trotta)
  • a6d9442 docs: fix correct/incorrect examples of rules (#17789) (Tanuj Kanti)
  • 383e999 docs: update and fix examples for no-unused-vars (#17788) (Tanuj Kanti)
  • 5a8efd5 docs: add specific stylistic rule for each deprecated rule (#17778) (Etienne)

  Chores

  • eb8950c chore: upgrade @ eslint/[email protected] (#17811) (Milos Djermanovic)
  • 93df384 chore: package.json update for @ eslint/js release (Jenkins)
  • fe4b954 chore: upgrade @ eslint/[email protected] (#17799) (Milos Djermanovic)
  • bd8911d ci: pin Node.js 21.2.0 (#17809) (Milos Djermanovic)
  • b29a16b chore: fix several cli tests to run in the intended flat config mode (#17797) (Milos Djermanovic)
  • de165c1 chore: remove unused config-extends fixtures (#17781) (Milos Djermanovic)
  • d4304b8 chore: remove formatting/stylistic rules from new rule templates (#17780) (Francesco Trotta)
  • 21024fe chore: check rule examples for syntax errors (#17718) (Francesco Trotta)
• 8.54.0 - 2023-11-17
  

  Features

  • a7a883b feat: for-direction rule add check for condition in reverse order (#17755) (Angelo Annunziata)
  • 1452dc9 feat: Add suggestions to no-console (#17680) (Joel Mathew Koshy)
  • 21ebf8a feat: update no-array-constructor rule (#17711) (Francesco Trotta)

  Bug Fixes

  • 98926e6 fix: Ensure that extra data is not accidentally stored in the cache file (#17760) (Milos Djermanovic)
  • e8cf9f6 fix: Make dark scroll bar in dark theme (#17753) (Pavel)
  • 3cbeaad fix: Use cwd constructor option as config basePath in Linter (#17705) (Milos Djermanovic)

  Documentation

  • becfdd3 docs: Make clear when rules are removed (#17728) (Nicholas C. Zakas)
  • 05d6e99 docs: update "Submit a Pull Request" page (#17712) (Francesco Trotta)
  • eb2279e docs: display info about deprecated rules (#17749) (Percy Ma)
  • d245326 docs: Correct working in migrating plugin docs (#17722) (Filip Tammergård)

  Chores

  • d644de9 chore: upgrade @ eslint/[email protected] (#17773) (Milos Djermanovic)
  • 1e6e314 chore: package.json update for @ eslint/js release (Jenkins)
  • 6fb8805 chore: Fixed grammar in issue_templates/rule_change (#17770) (Joel Mathew Koshy)
  • 85db724 chore: upgrade markdownlint to 0.31.1 (