build(deps): bump the npm_and_yarn group across 2 directories with 30 updates

[dependabot]

Bumps the npm_and_yarn group with 23 updates in the / directory:

Package	From	To
express	4.17.1	4.19.2
moment	2.29.1	2.29.4
mongodb	3.6.3	3.6.10
mongoose	5.10.15	5.13.20
mysql2	1.7.0	3.9.8
nodemailer	6.4.16	6.9.9
sqlite3	5.0.0	5.1.5
@actions/core	1.2.6	1.10.1
@babel/traverse	7.12.5	7.24.7
browserify-sign	4.2.1	4.2.3
cookiejar	2.1.2	2.1.4
decode-uri-component	0.2.0	0.2.2
lodash-es	4.17.15	4.17.21
moment-timezone	0.5.32	0.5.45
nanoid	3.1.16	3.3.7
protobufjs	6.10.2	6.11.4
pug	3.0.0	3.0.3
qs	6.5.2	6.5.3
socket.io-parser	3.3.1	3.3.3
tmpl	1.0.4	1.0.5
trim-off-newlines	1.0.1	1.0.3
ua-parser-js	0.7.22	0.7.38
word-wrap	1.2.3	1.2.5

Bumps the npm_and_yarn group with 6 updates in the /mailer directory:

Package	From	To
json-schema	0.2.3	0.4.0
jsprim	1.4.1	1.4.2
minimist	1.2.5	1.2.8
qs	6.5.2	6.5.3
yargs-parser	16.1.0	18.1.3
yargs	15.1.0	15.4.1

Updates express from 4.17.1 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates moment from 2.29.1 to 2.29.4

Changelog

Sourced from moment's changelog.

2.29.4

• Release Jul 6, 2022
  • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

• Release Apr 17, 2022
  • #5995 [bugfix] Remove const usage
  • #5990 misc: fix advisory link

2.29.2 See full changelog

• Release Apr 3 2022

Address GHSA-8hfj-j24r-96c4

Commits

• 000ac18 Build 2.24.4
• f2006b6 Bump version to 2.24.4
• 536ad0c Update changelog for 2.29.4
• 9a3b589 [bugfix] Fix redos in preprocessRFC2822 regex (#6015)
• 6374fd8 Merge branch 'master' into develop
• b4e6153 Revert "[bugfix] Fix redos in preprocessRFC2822 regex (#6015)"
• 7aebb16 [bugfix] Fix redos in preprocessRFC2822 regex (#6015)
• 57c9062 Build 2.29.3
• aaf50b6 Fixup release complaints
• 26f4aef Bump version to 2.29.3
• Additional commits viewable in compare view

Updates mongodb from 3.6.3 to 3.6.10

Release notes

Sourced from mongodb's releases.

v3.6.10

The MongoDB Node.js team is pleased to announce version 3.6.10 of the mongodb package!

Release Highlights

This patch addresses a few bugs listed below. Notably the bsonRegExp option is now respected by the underlying BSON library, you can use this to decode regular expressions that contain syntax not permitted in native JS RegExp objects. Take a look at this example:

await collection.insertOne({ a: new BSONRegExp('(?-i)AA_') })
await collection.findOne({ a: new BSONRegExp('(?-i)AA_') }, { bsonRegExp: true })
// { _id: ObjectId,  a: BSONRegExp { pattern: '(?-i)AA_', options: '' } }

Also there was an issue with Cursor.forEach where user defined forEach callbacks that throw errors incorrectly handled catching errors. Take a look at the comments in this example:

collection.find({}).forEach(doc => {
    if(doc.bad) throw new Error('bad document!');
}).catch(error => {
    // now this is called! and error is `bad document!`
})
// before this fix the `bad document!` error would be thrown synchronously
// and have to be caught with try catch out here

Bug Fixes

• NODE-2035: Exceptions thrown from awaited cursor forEach do not propagate (#2852) (a917dfa)
• NODE-3150: added bsonRegExp option for v3.6 (#2843) (e4a9a57)
• NODE-3358: Command monitoring objects hold internal state references (#2858) (750760c)
• NODE-3380: perform retryable write checks against server (#2861) (621677a)
• NODE-3397: report more helpful error with unsupported authMechanism in initial handshake (#2876) (3ce148d)

Documentation

• Reference: https://docs.mongodb.com/drivers/node/current/
• API: http://mongodb.github.io/node-mongodb-native/3.6/api
• Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md

We invite you to try the mongodb package immediately, and report any issues to the NODE project.

v3.6.9

The MongoDB Node.js team is pleased to announce version 3.6.9 of the driver!

Release Highlights

This release fixes a major performance bug in bulk write operations, which was inadvertently introduced by an incomplete code change in the previous release. The bug resulted in redundant array iterations and caused exponential increases in bulk operation completion times. Thank you Jan Schwalbe for bringing this to our attention!

Bug Fixes

... (truncated)

Commits

• 1297cd1 chore(release): 3.6.10
• e9196ab refactor(NODE-3324): bump max wire version to 13 (#2875)
• 3ce148d fix(NODE-3397): report more helpful error with unsupported authMechanism in i...
• 558182f test(NODE-3307): unified runner does not assert identical keys (#2867)
• 621677a fix(NODE-3380): perform retryable write checks against server (#2861)
• e4a9a57 fix(NODE-3150): added bsonRegExp option for v3.6 (#2843)
• 750760c fix(NODE-3358): Command monitoring objects hold internal state references (#2...
• a917dfa fix(NODE-2035): Exceptions thrown from awaited cursor forEach do not propagat...
• b98f206 refactor(NODE-3356): Update command monitoring logging (#2853)
• 68b4665 test(NODE-2856): ensure defaultTransactionOptions get used from session (#2845)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by nbbeeken, a new releaser for mongodb since your current version.

Updates mongoose from 5.10.15 to 5.13.20

Changelog

Sourced from mongoose's changelog.

8.4.1 / 2024-05-31

• fix: pass options to clone instead of get in applyVirtuals #14606 #14543 andrews05
• fix(document): fire pre validate hooks on 5 level deep single nested subdoc when modifying after save() #14604 #14591
• fix: ensure buildBulkWriteOperations target shard if shardKey is set #14622 #14621 matlpriceshape
• types: pass DocType down to subdocuments so HydratedSingleSubdocument and HydratedArraySubdocument toObject() returns correct type #14612 #14601

7.6.12 / 2024-05-21

• fix(array): avoid converting to $set when calling pull() on an element in the middle of the array #14531 #14502
• fix: bump mongodb driver to 5.9.2 #14561 lorand-horvath
• fix(update): cast array of strings underneath doc array with array filters #14605 #14595

8.4.0 / 2024-05-17

• feat: upgrade mongodb -> 6.6.2 #14584
• feat: add transactionAsyncLocalStorage option to opt in to automatically setting session on all transactions #14583 #13889
• feat: handle initially null driver when instantiating Mongoose for Rollup support #14577 #12335
• feat(mongoose): export omitUndefined() helper #14582 #14569
• feat: add Model.listSearchIndexes() #14519 #14450
• feat(connection): add listDatabases() function #14506 #9048
• feat(schema): add schema-level readConcern option to apply default readConcern for all queries #14579 #14511
• fix(error): remove model property from CastError to avoid printing all model properties to console #14568 #14529
• fix(model): make bulkWrite() and insertMany() throw if throwOnValidationError set and all ops invalid #14587 #14572
• fix(document): ensure transform function passed to toObject() options applies to subdocs #14600 #14589
• types: add inferRawDocType helper #13900 #13772
• types(document): make document _id type default to unknown instead of any #14541

8.3.5 / 2024-05-15

• fix(query): shallow clone $or, $and if merging onto empty query filter #14580 #14567
• types(model+query): pass TInstanceMethods to QueryWithHelpers so populated docs have methods #14581 #14574
• docs(typescript): clarify that setting THydratedDocumentType on schemas is necessary for correct method context #14575 #14573

8.3.4 / 2024-05-06

• perf(document): avoid cloning options using spread operator for perf reasons #14565 #14394
• fix(query): apply translateAliases before casting to avoid strictMode error when using aliases #14562 #14521
• fix(model): consistent top-level timestamps option for bulkWrite operations #14546 #14536
• docs(connections): improve description of connection creation patterns #14564 #14528

8.3.3 / 2024-04-29

• perf(document): add fast path for applying non-nested virtuals to JSON #14543
• fix: make hydrate() recursively hydrate virtual populate docs if hydratedPopulatedDocs is set #14533 #14503
• fix: improve timestamps option handling in bulkWrite #14546 #14536 sderrow
• fix(model): make recompileSchema() overwrite existing document array discriminators #14527
• types(schema): correctly infer Array #14534 #14367
• types(query+populate): apply populate overrides to doc toObject() result #14525 #14441

... (truncated)

Commits

• 0f3997a chore: release 5.13.20
• f1efabf fix: avoid prototype pollution on init
• 98e0762 chore: release 5.13.19
• 7e36d21 chore: release 5.13.18
• 6759c60 undo accidental changes and actually pin @​types/json-schema
• 4ed4a89 chore: pin version of @​types/json-schema because of install issues on node v4...
• 9a9536d Merge pull request #13535 from lorand-horvath/patch-12
• 26424d5 5.x - bump mongodb driver to 3.7.4
• 4b8b0a9 add versionNumber to 5.x
• 1bc07ec chore: release 5.13.17
• Additional commits viewable in compare view

Updates mysql2 from 1.7.0 to 3.9.8

Release notes

Sourced from mysql2's releases.

v3.9.8

3.9.8 (2024-05-26)

Bug Fixes

• security: sanitize fields and tables when using nestTables (#2702) (efe3db5)
• support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#2704) (2e03694)
• typings: typo from jonServerPublicKey to onServerPublicKey (#2699) (8b5f691)

v3.9.7

3.9.7 (2024-04-21)

Bug Fixes

• security: sanitize timezone parameter value to prevent code injection - report by zhaoyudi (Nebulalab) (#2608) (7d4b098)

v3.9.6

3.9.6 (2024-04-18)

Bug Fixes

• binary parser sometimes reads out of packet bounds when results contain null and typecast is false (#2601) (705835d)

v3.9.5

3.9.5 (2024-04-17)

Bug Fixes

• revert breaking change in results creation (#2591) (f7c60d0)

v3.9.4

3.9.4 (2024-04-09)

Bug Fixes

• SSL: separate each certificate into an individual item #2542 (63f1055)
• security: improve supportBigNumbers and bigNumberStrings sanitization (#2572) (74abf9e)
  • Fixes a potential RCE attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
• security: improve results object creation (#2574) (4a964a3)
  • Fixes a potential Prototype Pollution attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
• docs: improve the contribution guidelines (#2552) (8a818ce)

v3.9.3

3.9.3 (2024-03-26)

... (truncated)

Changelog

Sourced from mysql2's changelog.

3.9.8 (2024-05-26)

Bug Fixes

• security: sanitize fields and tables when using nestTables (#2702) (efe3db5)
• support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#2704) (2e03694)
• typings: typo from jonServerPublicKey to onServerPublicKey (#2699) (8b5f691)

3.9.7 (2024-04-21)

Bug Fixes

• security: sanitize timezone parameter value to prevent code injection (#2608) (7d4b098)

3.9.6 (2024-04-18)

Bug Fixes

• binary parser sometimes reads out of packet bounds when results contain null and typecast is false (#2601) (705835d)

3.9.5 (2024-04-17)

Bug Fixes

• revert breaking change in results creation (#2591) (f7c60d0)

3.9.4 (2024-04-09)

Bug Fixes

• docs: improve the contribution guidelines (#2552) (8a818ce)
• security: improve results object creation (#2574) (4a964a3)
• security: improve supportBigNumbers and bigNumberStrings sanitization (#2572) (74abf9e)

3.9.3 (2024-03-26)

Bug Fixes

• security: improve cache key formation (#2424) (0d54b0c)
  • Fixes a potential parser cache poisoning attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
• update Amazon RDS SSL CA cert (#2131) (d9dccfd)

3.9.2 (2024-02-26)

... (truncated)

Commits

• See full diff in compare view

Updates nodemailer from 6.4.16 to 6.9.9

Release notes

Sourced from nodemailer's releases.

v6.9.9

6.9.9 (2024-02-01)

Bug Fixes

• security: Fix issues described in GHSA-9h6g-pr28-7cqp. Do not use eternal matching pattern if only a few occurences are expected (dd8f5e8)
• tests: Use native node test runner, added code coverage support, removed grunt (#1604) (be45c1b)

v6.9.8

6.9.8 (2023-12-30)

Bug Fixes

• punycode: do not use native punycode module (b4d0e0c)

v6.9.7

6.9.7 (2023-10-22)

Bug Fixes

• customAuth: Do not require user and pass to be set for custom authentication schemes (fixes #1584) (41d482c)

v6.9.6

6.9.6 (2023-10-09)

Bug Fixes

• inline: Use 'inline' as the default Content Dispostion value for embedded images (db32c93)
• tests: Removed Node v12 from test matrix as it is not compatible with the test framework anymore (7fe0a60)

v6.9.5

6.9.5 (2023-09-06)

Bug Fixes

• license: Updated license year (da4744e)

Changelog

Sourced from nodemailer's changelog.

6.9.9 (2024-02-01)

Bug Fixes

• security: Fix issues described in GHSA-9h6g-pr28-7cqp. Do not use eternal matching pattern if only a few occurences are expected (dd8f5e8)
• tests: Use native node test runner, added code coverage support, removed grunt (#1604) (be45c1b)

6.9.8 (2023-12-30)

Bug Fixes

• punycode: do not use native punycode module (b4d0e0c)

6.9.7 (2023-10-22)

Bug Fixes

• customAuth: Do not require user and pass to be set for custom authentication schemes (fixes #1584) (41d482c)

6.9.6 (2023-10-09)

Bug Fixes

• inline: Use 'inline' as the default Content Dispostion value for embedded images (db32c93)
• tests: Removed Node v12 from test matrix as it is not compatible with the test framework anymore (7fe0a60)

6.9.5 (2023-09-06)

Bug Fixes

• license: Updated license year (da4744e)

6.9.4 2023-07-19

• Renamed SendinBlue to Brevo

6.9.3 2023-05-29

• Specified license identifier (was defined as MIT, actual value MIT-0)
• If SMTP server disconnects with a message, process it and include as part of the response error

6.9.2 2023-05-11

• Fix uncaught exception on invalid attachment content payload

... (truncated)

Commits

• 5a2e10f chore(master): release 6.9.9 [skip-ci] (#1606)
• dd8f5e8 fix(security): Fix issues described in GHSA-9h6g-pr28-7cqp. Do not use eterna...
• 2c2b46a chore: do not use caret in version specifier
• be45c1b fix(tests): Use native node test runner, added code coverage support, removed...
• 4233f6f chore(master): release 6.9.8 [skip-ci] (#1605)
• 09d502f chore: removed double file
• b4d0e0c fix(punycode): do not use native punycode module
• 8376c02 Test new github notice syntax for README
• bc46a3b Updated stale github action
• 78bdaf8 chore: remove redundant AWS SDK for JavaScript v2 (#1593)
• Additional commits viewable in compare view

Updates sqlite3 from 5.0.0 to 5.1.5

Release notes

Sourced from sqlite3's releases.

v5.1.5

What's Changed

• 🔒 Fixed code execution vulnerability due to Object coercion by @​daniellockyer
• Updated bundled SQLite to v3.41.1 by @​daniellockyer
• Fixed rpath linker option when using a custom sqlite by @​jeromew in TryGhost/node-sqlite3#1654

Full Changelog: TryGhost/node-sqlite3@v5.1.4...v5.1.5

v5.1.4

What's Changed

• Fixed glibc compatibility by downgrading CI to Ubuntu 20 by @​daniellockyer in TryGhost/node-sqlite3#1664

Full Changelog: TryGhost/node-sqlite3@v5.1.3...v5.1.4

v5.1.3

What's Changed

• Updated bundled SQLite to v3.40.0 by @​daniellockyer

Full Changelog: TryGhost/node-sqlite3@v5.1.2...v5.1.3

v5.1.2

What's Changed

• Updated bundled SQLite to v3.39.4 by @​daniellockyer

Full Changelog: TryGhost/node-sqlite3@v5.1.1...v5.1.2

v5.1.1

What's Changed

• Added Darwin ARM64 binaries by @​daniellockyer in TryGhost/node-sqlite3#1594

A huge thanks to MacStadium for providing an M1 Mac Mini so we can offer ARM64 binaries.

Full Changelog: TryGhost/node-sqlite3@v5.1.0...v5.1.1

v5.1.0

✨ We're very excited to announce node-sqlite3's first minor release of v5, packed with features and improvements.

If you encounter any problems, please open a detailed issue using the templates.

What's Changed

• Updated bundled SQLite to v3.39.3 by @​daniellockyer
• Added ability to receive updates from sqlite3_update_hook by @​soukand in TryGhost/node-sqlite3#1267
• Added support for setting SQLite limits by @​paulfitz in TryGhost/node-sqlite3#1548
• Added library types file by @​bpasero in TryGhost/node-sqlite3#1527
• Added package-lock.json to .gitignore by @​JoelEinbinder in TryGhost/node-sqlite3#1628
• Fixed remaining method declarations by @​alexanderfloh in TryGhost/node-sqlite3#1633

... (truncated)

Commits

• 6a806f8 v5.1.5
• edb1934 Fixed code execution vulnerability due to Object coercion
• 3a48888 Updated bundled SQLite to v3.41.1
• c1440bd Fixed rpath linker option when using a custom sqlite (#1654)
• 93affa4 Update microsoft/setup-msbuild action to v1.3
• 6f6318e v5.1.4
• aeafe25 Revert "Renamed master references to main"
• 57ce2d4 Fixed glib compatibility by downgrading to Ubuntu 20
• af8e567 Renamed master references to main
• 8fd18a3 Extracted function checking code into macro
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by daniellockyer, a new releaser for sqlite3 since your current version.

Updates @actions/core from 1.2.6 to 1.10.1

Changelog

Sourced from @​actions/core's changelog.

1.10.1

• Fix error message reference in oidc utils #1511

1.10.0

• saveState and setOutput now use environment files if available #1178
• getMultilineInput now correctly trims whitespace by default #1185

1.9.1

• Randomize delimiter when calling core.exportVariable

1.9.0

• Added toPosixPath, toWin32Path and toPlatformPath utilities #1102

1.8.2

• Update to v2.0.1 of @actions/http-client #1087

1.8.1

• Update to v2.0.0 of @actions/http-client

1.8.0

• Deprecate markdownSummary extension export in favor of summary
  • actions/toolkit#1072
  • actions/toolkit#1073

1.7.0

• Added markdownSummary extension

1.6.0

• Added OIDC Client function getIDToken
• Added file parameter to AnnotationProperties

1.5.0

• Added support for notice annotations and more annotation fields

1.4.0

• Added the getMultilineInput function

1.3.0

• Added the trimWhitespace option to getInput
• Added the getBooleanInput function

1.2.7

• Prepend newline for set-output

Commits

• See full diff in compare view

Updates @babel/traverse from 7.12.5 to 7.24.7

Release notes

Sourced from @​babel/traverse's releases.

v7.24.7 (2024-06-05)

🐛 Bug Fix

• babel-node
  • #16554 Allow extra flags in babel-node (@​nicolo-ribaudo)
• babel-traverse
  • #16522 fix: incorrect constantViolations with destructuring (@​liuxingbaoyu)
• babel-helper-transform-fixture-test-runner, babel-plugin-proposal-explicit-resource-management
  • #16524 fix: Transform using in switch correctly (@​liuxingbaoyu)

🏠 Internal

• babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16525 Delete unused array helpers (@​blakewilson)

Committers: 7

• Amjad Yahia Robeen Hassan (@​amjed-98)
• Babel Bot (@​babel-bot)
• Blake Wilson (@​blakewilson)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• Sukka (@​SukkaW)
• @​liuxingbaoyu

v7.24.6 (2024-05-24)

Thanks @​amjed-98, @​blakewilson, @​coelhucas, and @​SukkaW for your first PRs!

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • #16514 Fix source maps for private member expressions (@​nicolo-ribaudo)
• babel-core, babel-generator, babel-plugin-transform-modules-commonjs
  • #16515 Fix source maps for template literals (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16485 Support undecorated static accessor in anonymous classes (@​JLHwung)
  • #16484 Fix decorator bare yield await (@​JLHwung)
• babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
  • #16483 Fix: throw TypeError if addInitializer is called after finished (@​JLHwung)
• babel-parser, babel-plugin-transform-typescript
  • #16476 fix: Correctly parse cls.fn<C> = x (@​liuxingbaoyu)

🏠 Internal

• babel-core, babel-helpers, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16501 Generate helper metadata at build time (@​nicolo-ribaudo)
• babel-helpers
  • #16499 Add tsconfig.json for @babel/helpers/src/helpers (@​nicolo-ribaudo)
• babel-cli, babel-helpers, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16495 Move all runtime helpers to individual files (@​nicolo-ribaudo)
• babel-parser, babel-traverse
  • #16482 Statically generate boilerplate for bitfield...

    Description has been truncated