Skip to content
This repository was archived by the owner on Dec 3, 2025. It is now read-only.

HERO-12097: resolve @babel/runtime to 7.26.10#67

Merged
KeesTucker merged 1 commit into
mainfrom
bugfix/HERO-12097-cve-mitigation-babel-runtime
Nov 9, 2025
Merged

HERO-12097: resolve @babel/runtime to 7.26.10#67
KeesTucker merged 1 commit into
mainfrom
bugfix/HERO-12097-cve-mitigation-babel-runtime

Conversation

@KeesTucker

Copy link
Copy Markdown

No description provided.

@KeesTucker KeesTucker self-assigned this Nov 9, 2025
@KeesTucker
KeesTucker requested a review from a team as a code owner November 9, 2025 23:10

@greptile-apps greptile-apps Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Greptile Overview

Greptile Summary

This PR adds a yarn resolution for @babel/runtime to version 7.26.10, building on the previous commit that resolved @babel/helpers to the same version.

Key Changes

  • Added @babel/runtime: 7.26.10 to the resolutions field in package.json
  • Updated yarn.lock to consolidate all @babel/runtime references (previously 7.12.18 and 7.25.9) to use the pinned version 7.26.10
  • Updated dependency tree to use consistent versions of @babel/types (7.28.5) and @babel/template (7.27.2)
  • Aligned with the existing @babel/helpers: 7.26.10 resolution from the previous commit

Context

This change follows the same pattern as commit fbd2229, which resolved @babel/helpers to 7.26.10. Both changes appear to be part of a broader effort to standardize Babel package versions and potentially address CVEs, similar to previous PRs (HERO-11977, HERO-11887).

The resolutions field in package.json forces all transitive dependencies to use the specified version, ensuring consistency across the dependency tree.

Confidence Score: 5/5

  • This PR is safe to merge with minimal risk
  • The changes are straightforward dependency version resolutions that follow established patterns in the repository. The lockfile updates are consistent and properly consolidate all @babel/runtime references to a single version. This is a standard dependency maintenance task that aligns with previous CVE mitigation efforts.
  • No files require special attention

Important Files Changed

File Analysis

Filename Score Overview
package.json 5/5 Added @babel/runtime resolution to 7.26.10 in the resolutions field to ensure consistent dependency versioning
yarn.lock 5/5 Updated @babel/runtime from 7.25.9 to 7.26.10 and consolidated all version references to use the pinned version

Sequence Diagram

sequenceDiagram
    participant Dev as Developer
    participant PJ as package.json
    participant YL as yarn.lock
    participant YP as Yarn Package Manager
    participant NPM as NPM Registry

    Dev->>PJ: Add @babel/runtime: 7.26.10 to resolutions
    Dev->>YP: Run yarn install
    YP->>PJ: Read resolutions field
    YP->>YL: Check existing @babel/runtime entries
    Note over YP,YL: Found 7.12.18 and 7.25.9
    YP->>NPM: Fetch @babel/runtime@7.26.10
    NPM-->>YP: Return package metadata
    YP->>YL: Update @babel/runtime to 7.26.10
    Note over YL: Consolidate all version references<br/>to use pinned 7.26.10
    YP->>YL: Update dependent packages<br/>(@babel/types, @babel/template)
    YP-->>Dev: Installation complete
Loading

1 file reviewed, no comments

Edit Code Review Agent Settings | Greptile

@KeesTucker
KeesTucker enabled auto-merge November 9, 2025 23:18
hero-brendon
hero-brendon previously approved these changes Nov 9, 2025
@KeesTucker
KeesTucker dismissed hero-brendon’s stale review November 9, 2025 23:20

The merge-base changed after approval.

@KeesTucker
KeesTucker merged commit 2ba55b7 into main Nov 9, 2025
2 checks passed
@KeesTucker
KeesTucker deleted the bugfix/HERO-12097-cve-mitigation-babel-runtime branch November 9, 2025 23:20
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants