[Snyk] Upgrade @babel/preset-env from 7.9.0 to 7.26.0

[WontonSam]

Snyk has created this PR to upgrade @babel/preset-env from 7.9.0 to 7.26.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 97 versions ahead of your current version.

• The recommended version was released on a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Prototype Pollution SNYK-JS-NUNJUCKS-1079083	214	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WEBSOCKETEXTENSIONS-570623	214	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8172694	214	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8187303	214	Proof of Concept
	Prototype Pollution SNYK-JS-INI-1048974	214	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	214	Proof of Concept
	Improper Handling of Extra Parameters SNYK-JS-FOLLOWREDIRECTS-6141137	214	Proof of Concept
	Prototype Pollution SNYK-JS-AJV-584908	214	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	214	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	214	Proof of Concept
	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	214	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	214	No Known Exploit
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	214	Proof of Concept
	Remote Memory Exposure SNYK-JS-DNSPACKET-1293563	214	No Known Exploit
	Cryptographic Issues SNYK-JS-ELLIPTIC-571484	214	Proof of Concept
	Denial of Service (DoS) SNYK-JS-WS-7266574	214	Proof of Concept
	Prototype Pollution SNYK-JS-Y18N-1021887	214	Proof of Concept
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	214	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	214	No Known Exploit
	Denial of Service (DoS) SNYK-JS-HTTPPROXY-569139	214	Proof of Concept
	Information Exposure SNYK-JS-EVENTSOURCE-2823375	214	Proof of Concept
	Open Redirect SNYK-JS-EXPRESS-6474509	214	No Known Exploit
	Cross-site Scripting SNYK-JS-EXPRESS-7926867	214	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	214	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	214	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	214	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	214	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	214	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060	214	No Known Exploit
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	214	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	214	No Known Exploit
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	214	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	214	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577916	214	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577917	214	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577918	214	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-2407770	214	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	214	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	214	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	214	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	214	Proof of Concept
	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	214	Proof of Concept
	Prototype Pollution SNYK-JS-NODEFORGE-598677	214	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	214	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	214	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	214	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	214	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	214	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	214	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	214	No Known Exploit
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	214	No Known Exploit
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	214	No Known Exploit
	Code Injection SNYK-JS-LODASH-1040724	214	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	214	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	214	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-6139239	214	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	214	Proof of Concept
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	214	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-1078283	214	No Known Exploit
	Open Redirect SNYK-JS-URLPARSE-1533425	214	Proof of Concept
	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	214	Proof of Concept
	Authorization Bypass SNYK-JS-URLPARSE-2407759	214	Proof of Concept
	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	214	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-NUNJUCKS-5431309	214	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	214	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	214	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	214	No Known Exploit
	Denial of Service (DoS) SNYK-JS-SOCKJS-575261	214	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	214	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	214	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	214	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	214	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	214	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	214	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	214	Proof of Concept
	Cross-site Scripting SNYK-JS-SEND-7926862	214	No Known Exploit
	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	214	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	214	No Known Exploit

Release notes

Package name: @babel/preset-env

• 7.26.0 - 2024-10-25
  

  v7.26.0 (2024-10-25)

  Thanks @ timofei-iatsenko for your first PR!

  You can find the release blog post with some highlights at https://babeljs.io/blog/2024/10/25/7.26.0.

  🚀 New Feature

  • babel-core, babel-generator, babel-parser, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-preset-env, babel-standalone, babel-types
    • #16850 Enable import attributes parsing by default (@ nicolo-ribaudo)
  • babel-core
    • #16862 feat: support async plugin's pre/post (@ timofei-iatsenko)
  • babel-compat-data, babel-plugin-proposal-regexp-modifiers, babel-plugin-transform-regexp-modifiers, babel-preset-env, babel-standalone
    • #16692 Add transform-regexp-modifiers to preset-env (@ JLHwung)
  • babel-parser
    • #16849 feat: add startIndex parser option (@ DylanPiercey)
  • babel-generator, babel-parser, babel-plugin-syntax-flow
    • #16841 Always enable parsing of Flow enums (@ nicolo-ribaudo)
  • babel-helpers, babel-preset-typescript, babel-runtime-corejs3
    • #16794 Support import() in rewriteImportExtensions (@ liuxingbaoyu)
  • babel-generator, babel-parser
    • #16708 Add experimental format-preserving mode to @ babel/generator (@ nicolo-ribaudo)

  🐛 Bug Fix

  • babel-core
    • #16928 Workaround Node.js bug for parallel loading of TLA modules (@ nicolo-ribaudo)
    • #16926 Fix loading of modules with TLA in Node.js 23 (@ nicolo-ribaudo)

  💅 Polish

  • babel-plugin-proposal-json-modules, babel-plugin-transform-json-modules, babel-standalone
    • #16924 Rename proposal-json-modules to transform-json-modules (@ nicolo-ribaudo)

  🏠 Internal

  • babel-code-frame, babel-highlight
    • #16896 Inline @ babel/highlight in @ babel/code-frame (@ nicolo-ribaudo)
  • babel-generator, babel-parser, babel-types
    • #16732 Add kind to TSModuleDeclaration (@ liuxingbaoyu)

  🏃‍♀️ Performance

  • babel-helper-module-transforms, babel-plugin-transform-modules-commonjs
    • #16882 perf: Improve module transforms (@ liuxingbaoyu)

  Committers: 5

  • Dylan Piercey (@ DylanPiercey)
  • Huáng Jùnliàng (@ JLHwung)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
  • Timofei Iatsenko (@ timofei-iatsenko)
  • @ liuxingbaoyu
• 7.25.9 - 2024-10-22
  

  v7.25.9 (2024-10-22)

  Thanks @ victorenator for your first PR!

  🐛 Bug Fix

  • babel-parser, babel-template, babel-types
    • #16905 fix: Keep type annotations in syntacticPlaceholders mode (@ liuxingbaoyu)
  • babel-helper-compilation-targets, babel-preset-env
    • #16907 fix: support BROWSERSLIST{,_CONFIG} env (@ JLHwung)
  • Other
    • #16884 Analyze ClassAccessorProperty to prevent the no-undef rule (@ victorenator)

  🏠 Internal

  • babel-helper-transform-fixture-test-runner
    • #16914 remove test options flaky (@ JLHwung)
  • Every package
    • #16917 fix: Accidentally published tsconfig files (@ liuxingbaoyu)

  🏃‍♀️ Performance

  • babel-parser, babel-types
    • #16918 perf: Make VISITOR_KEYS etc. faster to access (@ liuxingbaoyu)

  Committers: 4

  • Babel Bot (@ babel-bot)
  • Huáng Jùnliàng (@ JLHwung)
  • Viktar Vaŭčkievič (@ victorenator)
  • @ liuxingbaoyu
• 7.25.8 - 2024-10-10
  

  v7.25.8 (2024-10-10)

  🐛 Bug Fix

  • babel-core
    • #16888 Restore public API of resolvePlugin/resolvePreset (@ nicolo-ribaudo)

  🏠 Internal

  • babel-parser, babel-plugin-proposal-async-do-expressions, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-proposal-explicit-resource-management, babel-plugin-proposal-export-default-from, babel-plugin-proposal-function-bind, babel-plugin-proposal-function-sent, babel-plugin-proposal-import-defer, babel-plugin-proposal-partial-application, babel-plugin-proposal-throw-expressions, babel-plugin-transform-async-generator-functions, babel-plugin-transform-class-static-block, babel-plugin-transform-dynamic-import, babel-plugin-transform-export-namespace-from, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-property-in-object, babel-preset-env
    • #16824 Inline one-line syntax plugins (@ nicolo-ribaudo)

  Committers: 3

  • Babel Bot (@ babel-bot)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
  • @ liuxingbaoyu
• 7.25.7 - 2024-10-02
  

  v7.25.7 (2024-10-02)

  Thanks @ DylanPiercey and @ YuHyeonWook for your first PRs!

  🐛 Bug Fix

  • babel-helper-validator-identifier
    • #16825 fix: update identifier to unicode 16 (@ JLHwung)
  • babel-traverse
    • #16814 fix: issue with node path keys updated on unrelated paths (@ DylanPiercey)
  • babel-plugin-transform-classes
    • #16797 Use an inclusion rather than exclusion list for super() check (@ nicolo-ribaudo)
  • babel-generator
    • #16788 Fix printing of TS infer in compact mode (@ nicolo-ribaudo)
    • #16785 Print TS type annotations for destructuring in assignment pattern (@ nicolo-ribaudo)
    • #16778 Respect [no LineTerminator here] after nodes (@ nicolo-ribaudo)

  💅 Polish

  • babel-types
    • #16852 Add deprecated JSDOC for fields (@ liuxingbaoyu)

  🏠 Internal

  • babel-core
    • #16820 Allow sync loading of ESM when --experimental-require-module (@ nicolo-ribaudo)
  • babel-helper-compilation-targets, babel-helper-plugin-utils, babel-preset-env
    • #16858 Add browserslist config to external dependency (@ JLHwung)
  • babel-plugin-proposal-destructuring-private, babel-plugin-syntax-decimal, babel-plugin-syntax-import-reflection, babel-standalone
    • #16809 Archive syntax-import-reflection and syntax-decimal (@ nicolo-ribaudo)
  • babel-generator
    • #16779 Simplify logic for [no LineTerminator here] before nodes (@ nicolo-ribaudo)

  🏃‍♀️ Performance

  • babel-plugin-transform-typescript
    • #16875 perf: Avoid extra cloning of namespaces (@ liuxingbaoyu)
  • babel-types
    • #16842 perf: Improve @ babel/types builders (@ liuxingbaoyu)
    • #16828 Only access BABEL_TYPES_8_BREAKING at startup (@ nicolo-ribaudo)

  Committers: 8

  • Babel Bot (@ babel-bot)
  • Dylan Piercey (@ DylanPiercey)
  • Huáng Jùnliàng (@ JLHwung)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
  • @ liuxingbaoyu
  • coderaiser (@ coderaiser)
  • fisker Cheung (@ fisker)
  • hwook (@ YuHyeonWook)
• 7.25.4 - 2024-08-22
  

  v7.25.4 (2024-08-22)

  🐛 Bug Fix

  • babel-traverse
    • #16756 fix: Skip computed key when renaming (@ liuxingbaoyu)
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
    • #16755 fix: Decorator 2018-09 may throw an exception (@ liuxingbaoyu)
  • babel-types
    • #16710 Visit AST fields nodes according to their syntactical order (@ nicolo-ribaudo)
  • babel-generator
    • #16709 Print semicolon after TS export namespace as A (@ nicolo-ribaudo)

  💅 Polish

  • babel-generator, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-typescript, babel-runtime-corejs2, babel-runtime, babel-traverse
    • #16722 Avoid unnecessary parens around sequence expressions (@ nicolo-ribaudo)
  • babel-generator, babel-plugin-transform-class-properties
    • #16714 Avoid unnecessary parens around exported arrow functions (@ nicolo-ribaudo)
  • babel-generator, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-transform-object-rest-spread
    • #16712 Avoid printing unnecessary parens around object destructuring (@ nicolo-ribaudo)

  🔬 Output optimization

  • babel-generator
    • #16740 Avoid extra spaces between comments/regexps in compact mode (@ nicolo-ribaudo)

  Committers: 4

  • Babel Bot (@ babel-bot)
  • Huáng Jùnliàng (@ JLHwung)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
  • @ liuxingbaoyu
• 7.25.3 - 2024-07-31
  

  v7.25.3 (2024-07-31)

  🐛 Bug Fix

  • babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-traverse
    • #16699 Avoid validating visitors produced by traverse.visitors.merge (@ nicolo-ribaudo)

  🏠 Internal

  • babel-parser
    • #16688 Add @ babel/types as a dependency of @ babel/parser (@ nicolo-ribaudo)

  Committers: 2

  • Huáng Jùnliàng (@ JLHwung)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
• 7.25.2 - 2024-07-30
  

  v7.25.2 (2024-07-30)

  🐛 Bug Fix

  • babel-core, babel-traverse
    • #16695 Ensure that requeueComputedKeyAndDecorators is available (@ nicolo-ribaudo)

  Committers: 2

  • Huáng Jùnliàng (@ JLHwung)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
• 7.25.0 - 2024-07-26
• 7.24.8 - 2024-07-11
• 7.24.7 - 2024-06-05
• 7.24.6 - 2024-05-24
• 7.24.5 - 2024-04-29
• 7.24.4 - 2024-04-03
• 7.24.3 - 2024-03-20
• 7.24.1 - 2024-03-19
• 7.24.0 - 2024-02-28
• 7.23.9 - 2024-01-25
• 7.23.8 - 2024-01-08
• 7.23.7 - 2023-12-29
• 7.23.6 - 2023-12-11
• 7.23.5 - 2023-11-29
• 7.23.3 - 2023-11-09
• 7.23.2 - 2023-10-11
• 7.22.20 - 2023-09-16
• 7.22.15 - 2023-09-04
• 7.22.14 - 2023-08-30
• 7.22.10 - 2023-08-07
• 7.22.9 - 2023-07-12
• 7.22.7 - 2023-07-06
• 7.22.6 - 2023-07-04
• 7.22.5 - 2023-06-08
• 7.22.4 - 2023-05-29
• 7.22.2 - 2023-05-26
• 7.22.1 - 2023-05-26
• 7.22.0 - 2023-05-26
• 7.21.5 - 2023-04-28
• 7.21.4 - 2023-03-31
• 7.21.4-esm.4 - 2023-04-04
• 7.21.4-esm.3 - 2023-04-04
• 7.21.4-esm.2 - 2023-04-04
• 7.21.4-esm.1 - 2023-04-04
• 7.21.4-esm - 2023-04-04
• 7.20.2 - 2022-11-04
• 7.19.4 - 2022-10-10
• 7.19.3 - 2022-09-27
• 7.19.1 - 2022-09-14
• 7.19.0 - 2022-09-05
• 7.18.10 - 2022-08-01
• 7.18.9 - 2022-07-18
• 7.18.6 - 2022-06-27
• 7.18.2 - 2022-05-25
• 7.18.0 - 2022-05-19
• 7.17.12 - 2022-05-16
• 7.17.10 - 2022-04-29
• 7.16.11 - 2022-01-20
• 7.16.10 - 2022-01-19
• 7.16.8 - 2022-01-10
• 7.16.7 - 2021-12-31
• 7.16.5 - 2021-12-13
• 7.16.4 - 2021-11-16
• 7.16.0 - 2021-10-29
• 7.15.8 - 2021-10-06
• 7.15.6 - 2021-09-09
• 7.15.4 - 2021-09-02
• 7.15.0 - 2021-08-04
• 7.14.9 - 2021-08-01
• 7.14.8 - 2021-07-20
• 7.14.7 - 2021-06-21
• 7.14.5 - 2021-06-09
• 7.14.4 - 2021-05-28
• 7.14.2 - 2021-05-12
• 7.14.1 - 2021-05-04
• 7.14.0 - 2021-04-29
• 7.13.15 - 2021-04-08
• 7.13.12 - 2021-03-22
• 7.13.10 - 2021-03-08
• 7.13.9 - 2021-03-01
• 7.13.8 - 2021-02-26
• 7.13.5 - 2021-02-23
• 7.13.0 - 2021-02-22
• 7.12.17 - 2021-02-18
• 7.12.16 - 2021-02-11
• 7.12.13 - 2021-02-03
• 7.12.11 - 2020-12-15
• 7.12.10 - 2020-12-09
• 7.12.7 - 2020-11-20
• 7.12.1 - 2020-10-15
• 7.12.0 - 2020-10-14
• 7.11.5 - 2020-08-31
• 7.11.0 - 2020-07-30
• 7.10.4 - 2020-06-30
• 7.10.3 - 2020-06-19
• 7.10.2 - 2020-05-30
• 7.10.1 - 2020-05-27
• 7.10.0 - 2020-05-26
• 7.9.6 - 2020-04-29
• 7.9.5 - 2020-04-07
• 7.9.0 - 2020-03-20

from @babel/preset-env GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.