Bump the npm group with 28 updates

[dependabot]

Bumps the npm group with 28 updates:

Package	From	To
@vitest/coverage-v8	3.2.4	4.0.2
vite	7.1.11	7.1.12
vitest	3.2.4	4.0.2
@babel/compat-data	7.28.4	7.28.5
@babel/core	7.28.4	7.28.5
@babel/generator	7.28.3	7.28.5
@babel/helper-validator-identifier	7.27.1	7.28.5
@babel/parser	7.28.4	7.28.5
@babel/traverse	7.28.4	7.28.5
@babel/types	7.28.4	7.28.5
@emnapi/core	1.5.0	1.6.0
@emnapi/runtime	1.5.0	1.6.0
@eslint-community/regexpp	4.12.1	4.12.2
@types/yargs	17.0.33	17.0.34
@vitest/expect	3.2.4	4.0.2
@vitest/mocker	3.2.4	4.0.2
@vitest/pretty-format	3.2.4	4.0.2
@vitest/runner	3.2.4	4.0.2
@vitest/snapshot	3.2.4	4.0.2
@vitest/spy	3.2.4	4.0.2
@vitest/utils	3.2.4	4.0.2
ast-v8-to-istanbul	0.3.7	0.3.8
baseline-browser-mapping	2.8.19	2.8.20
chai	5.3.3	6.2.0
electron-to-chromium	1.5.239	1.5.240
get-tsconfig	4.12.0	4.13.0
magic-string	0.30.19	0.30.21
tinyrainbow	2.0.0	3.0.3

Updates @vitest/coverage-v8 from 3.2.4 to 4.0.2

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.0.2

   🐞 Bug Fixes

• browser:
  • Don't print the deprecation notice in node_modules  -  by @​sheremet-va in vitest-dev/vitest#8779 (588f7)
• pool:
  • Assign envs before running tests to keep in sync with process.env  -  by @​sheremet-va in vitest-dev/vitest#8769 (26ce8)
• spy:
  • Properly inherit implementation's length  -  by @​sheremet-va in vitest-dev/vitest#8778 (d4c2b)
  • Reset spies if both restoreMocks and mockReset are set in the config  -  by @​sheremet-va in vitest-dev/vitest#8781 (2eedb)

    View changes on GitHub

v4.0.1

   🐞 Bug Fixes

• Move the getBuiltins check  -  by @​sheremet-va in vitest-dev/vitest#8765 (81000)
• pool: Don't teardown the communication channel too soon if something is running after the test  -  by @​sheremet-va in vitest-dev/vitest#8767 (3fae7)

    View changes on GitHub

v4.0.0

Vitest 4.0 is out!

To stay updated, read our blog post and check the migration guide.

   🚨 Breaking Changes

• Remove 'basic' reporter  -  by @​AriPerkkio in vitest-dev/vitest#7884 (82fcf)
• Simplify default exclude pattern  -  by @​sheremet-va in vitest-dev/vitest#6287 (14c50)
• Remove deprecated getSourceMap  -  by @​sheremet-va in vitest-dev/vitest#8194 (ff934)
• Replace deprecated ErrorWithDiff with TestError  -  by @​sheremet-va in vitest-dev/vitest#8195 (da59e)
• Remove UserConfig type in favor of ViteUserConfig  -  by @​sheremet-va in vitest-dev/vitest#8196 (22f7f)
• Remove deprecated coverage options in favor of vitest/node exports  -  by @​sheremet-va in vitest-dev/vitest#8197 (dc848)
• Remove deprecated internal helpers and environment exports  -  by @​sheremet-va in vitest-dev/vitest#8198 (4703c)
• Remove deprecated typecheck and runner types  -  by @​sheremet-va in vitest-dev/vitest#8199 (89a1c)
• Remove Node types from the main entry point, use vitest/node instead  -  by @​sheremet-va in vitest-dev/vitest#8200 (1e60c)
• Remove support for Vite 5  -  by @​sheremet-va in vitest-dev/vitest#8202 (cb8b0)
• Remove deprecated types  -  by @​sheremet-va in vitest-dev/vitest#8203 (66bee)
• Remove deprecated environmentMatchGlobs and poolMatchGlobs  -  by @​sheremet-va in vitest-dev/vitest#8205 (be11d)
• Remove deprecated workspace option in favor of projects  -  by @​sheremet-va in vitest-dev/vitest#8218 (76fb7)
• Ignore --standalone when CLI filename filter is used  -  by @​AriPerkkio in vitest-dev/vitest#8262 (013bf)
• Use module-runner instead of vite-node  -  by @​sheremet-va and @​AriPerkkio in vitest-dev/vitest#8208 (9be01)
• Rewrite spying implementation to make module mocking more intuitive  -  by @​sheremet-va in vitest-dev/vitest#8363 (9e412)
• Remove deprecated APIs  -  by @​sheremet-va in vitest-dev/vitest#8428 (a1cb9)
• Remove minWorkers and set it automatically to 0 in non watch mode  -  by @​sheremet-va in vitest-dev/vitest#8454 (2c2d1)
• Verbose reporter prints tests in a list, introduce tree reporter  -  by @​sheremet-va and @​AriPerkkio in vitest-dev/vitest#8500 (25fd3)
• Include shadow root contents in pretty-format output  -  by @​wkillerud in vitest-dev/vitest#8545 (9e722)
• Remove deprecated order from test() API  -  by @​sheremet-va in vitest-dev/vitest#8594 (4d419)
• Rewrite pools without tinypool  -  by @​AriPerkkio and @​sheremet-va in vitest-dev/vitest#8705 (4822d)

... (truncated)

Commits

• 07bc56a chore: release v4.0.2
• 4a28faa chore: release v4.0.1
• da7ce17 chore: release v4.0.0
• 3e4b6b7 chore: release v4.0.0-beta.19
• 35816fe fix(coverage): v8 to ignore Vite's generated cjs import helpers (#8718)
• bc7c20d chore: release v4.0.0-beta.18
• 4783137 chore: release v4.0.0-beta.17
• 6fc7890 chore: release v4.0.0-beta.16
• d677c0b chore: release v4.0.0-beta.15
• e24e56b chore: release v4.0.0-beta.14
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​vitest/coverage-v8 since your current version.

Updates vite from 7.1.11 to 7.1.12

Release notes

Sourced from vite's releases.

v7.1.12

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

7.1.12 (2025-10-23)

Bug Fixes

• deps: downgrade commonjs plugin to 28.0.6 to avoid rollup/plugins#1909 (#20990) (56fd722)

Commits

• 2436afe release: v7.1.12
• 56fd722 fix(deps): downgrade commonjs plugin to 28.0.6 to avoid rollup/plugins#1909 (...
• See full diff in compare view

Updates vitest from 3.2.4 to 4.0.2

Release notes

Sourced from vitest's releases.

v4.0.2

   🐞 Bug Fixes

• browser:
  • Don't print the deprecation notice in node_modules  -  by @​sheremet-va in vitest-dev/vitest#8779 (588f7)
• pool:
  • Assign envs before running tests to keep in sync with process.env  -  by @​sheremet-va in vitest-dev/vitest#8769 (26ce8)
• spy:
  • Properly inherit implementation's length  -  by @​sheremet-va in vitest-dev/vitest#8778 (d4c2b)
  • Reset spies if both restoreMocks and mockReset are set in the config  -  by @​sheremet-va in vitest-dev/vitest#8781 (2eedb)

    View changes on GitHub

v4.0.1

   🐞 Bug Fixes

• Move the getBuiltins check  -  by @​sheremet-va in vitest-dev/vitest#8765 (81000)
• pool: Don't teardown the communication channel too soon if something is running after the test  -  by @​sheremet-va in vitest-dev/vitest#8767 (3fae7)

    View changes on GitHub

v4.0.0

Vitest 4.0 is out!

To stay updated, read our blog post and check the migration guide.

   🚨 Breaking Changes

• Remove 'basic' reporter  -  by @​AriPerkkio in vitest-dev/vitest#7884 (82fcf)
• Simplify default exclude pattern  -  by @​sheremet-va in vitest-dev/vitest#6287 (14c50)
• Remove deprecated getSourceMap  -  by @​sheremet-va in vitest-dev/vitest#8194 (ff934)
• Replace deprecated ErrorWithDiff with TestError  -  by @​sheremet-va in vitest-dev/vitest#8195 (da59e)
• Remove UserConfig type in favor of ViteUserConfig  -  by @​sheremet-va in vitest-dev/vitest#8196 (22f7f)
• Remove deprecated coverage options in favor of vitest/node exports  -  by @​sheremet-va in vitest-dev/vitest#8197 (dc848)
• Remove deprecated internal helpers and environment exports  -  by @​sheremet-va in vitest-dev/vitest#8198 (4703c)
• Remove deprecated typecheck and runner types  -  by @​sheremet-va in vitest-dev/vitest#8199 (89a1c)
• Remove Node types from the main entry point, use vitest/node instead  -  by @​sheremet-va in vitest-dev/vitest#8200 (1e60c)
• Remove support for Vite 5  -  by @​sheremet-va in vitest-dev/vitest#8202 (cb8b0)
• Remove deprecated types  -  by @​sheremet-va in vitest-dev/vitest#8203 (66bee)
• Remove deprecated environmentMatchGlobs and poolMatchGlobs  -  by @​sheremet-va in vitest-dev/vitest#8205 (be11d)
• Remove deprecated workspace option in favor of projects  -  by @​sheremet-va in vitest-dev/vitest#8218 (76fb7)
• Ignore --standalone when CLI filename filter is used  -  by @​AriPerkkio in vitest-dev/vitest#8262 (013bf)
• Use module-runner instead of vite-node  -  by @​sheremet-va and @​AriPerkkio in vitest-dev/vitest#8208 (9be01)
• Rewrite spying implementation to make module mocking more intuitive  -  by @​sheremet-va in vitest-dev/vitest#8363 (9e412)
• Remove deprecated APIs  -  by @​sheremet-va in vitest-dev/vitest#8428 (a1cb9)
• Remove minWorkers and set it automatically to 0 in non watch mode  -  by @​sheremet-va in vitest-dev/vitest#8454 (2c2d1)
• Verbose reporter prints tests in a list, introduce tree reporter  -  by @​sheremet-va and @​AriPerkkio in vitest-dev/vitest#8500 (25fd3)
• Include shadow root contents in pretty-format output  -  by @​wkillerud in vitest-dev/vitest#8545 (9e722)
• Remove deprecated order from test() API  -  by @​sheremet-va in vitest-dev/vitest#8594 (4d419)
• Rewrite pools without tinypool  -  by @​AriPerkkio and @​sheremet-va in vitest-dev/vitest#8705 (4822d)

... (truncated)

Commits

• 07bc56a chore: release v4.0.2
• 2eedbce fix(spy): reset spies if both restoreMocks and mockReset is set in the co...
• 26ce88d fix(pool): assign envs before running tests to keep in sync with process.env ...
• 4a28faa chore: release v4.0.1
• 3fae73e fix(pool): don't teardown the communication channel too soon if something is ...
• 8100063 fix: move the getBuiltins check (#8765)
• da7ce17 chore: release v4.0.0
• 8e15bc8 perf: create only one fetcher per project (#8762)
• 9f0eccc fix: base option doesn't crash vitest (#8760)
• d3ef4f2 perf(pool): resolve all environments first (#8759)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for vitest since your current version.

Updates @babel/compat-data from 7.28.4 to 7.28.5

Release notes

Sourced from @​babel/compat-data's releases.

v7.28.5 (2025-10-23)

Thank you @​CO0Ki3, @​Olexandr88, and @​youthfulhps for your first PRs!

👓 Spec Compliance

• babel-parser
  • #17446 Allow Runtime Errors for Function Call Assignment Targets (@​liuxingbaoyu)
• babel-helper-validator-identifier
  • #17501 fix: update identifier to unicode 17 (@​fisker)

🐛 Bug Fix

• babel-plugin-proposal-destructuring-private
  • #17534 Allow mixing private destructuring and rest (@​CO0Ki3)
• babel-parser
  • #17521 Improve @babel/parser error typing (@​JLHwung)
  • #17491 fix: improve ts-only declaration parsing (@​JLHwung)
• babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring
  • #17519 fix: rest correctly returns plain array (@​liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-plugin-transform-block-scoping, babel-plugin-transform-optional-chaining, babel-traverse, babel-types
  • #17503 Fix JSXIdentifier handling in isReferencedIdentifier (@​JLHwung)
• babel-traverse
  • #17504 fix: ensure scope.push register in anonymous fn (@​JLHwung)

🏠 Internal

• babel-types
  • #17494 Type checking babel-types scripts (@​JLHwung)

🏃‍♀️ Performance

• babel-core
  • #17490 Faster finding of locations in buildCodeFrameError (@​liuxingbaoyu)

Committers: 8

• Babel Bot (@​babel-bot)
• Byeongho Yoo (@​youthfulhps)
• Huáng Jùnliàng (@​JLHwung)
• Hyeon Dokko (@​CO0Ki3)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​Olexandr88
• @​liuxingbaoyu
• fisker Cheung (@​fisker)

Changelog

Sourced from @​babel/compat-data's changelog.

v7.28.5 (2025-10-23)

👓 Spec Compliance

• babel-parser
  • #17446 Allow Runtime Errors for Function Call Assignment Targets (@​liuxingbaoyu)
• babel-helper-validator-identifier
  • #17501 fix: update identifier to unicode 17 (@​fisker)

🐛 Bug Fix

• babel-plugin-proposal-destructuring-private
  • #17534 Allow mixing private destructuring and rest (@​CO0Ki3)
• babel-parser
  • #17521 Improve @babel/parser error typing (@​JLHwung)
  • #17491 fix: improve ts-only declaration parsing (@​JLHwung)
• babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring
  • #17519 fix: rest correctly returns plain array (@​liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-plugin-transform-block-scoping, babel-plugin-transform-optional-chaining, babel-traverse, babel-types
  • #17503 Fix JSXIdentifier handling in isReferencedIdentifier (@​JLHwung)
• babel-traverse
  • #17504 fix: ensure scope.push register in anonymous fn (@​JLHwung)

🏠 Internal

• babel-types
  • #17494 Type checking babel-types scripts (@​JLHwung)

🏃‍♀️ Performance

• babel-core
  • #17490 Faster finding of locations in buildCodeFrameError (@​liuxingbaoyu)

Commits

• 61647ae v7.28.5
• 7710552 Update compat data (#17549)
• fc6a324 Update compat data (#17515)
• ed487a7 Update compat data (#17508)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​babel/compat-data since your current version.

Updates @babel/core from 7.28.4 to 7.28.5

Release notes

Sourced from @​babel/core's releases.

v7.28.5 (2025-10-23)

Thank you @​CO0Ki3, @​Olexandr88, and @​youthfulhps for your first PRs!

👓 Spec Compliance

• babel-parser
  • #17446 Allow Runtime Errors for Function Call Assignment Targets (@​liuxingbaoyu)
• babel-helper-validator-identifier
  • #17501 fix: update identifier to unicode 17 (@​fisker)

🐛 Bug Fix

• babel-plugin-proposal-destructuring-private
  • #17534 Allow mixing private destructuring and rest (@​CO0Ki3)
• babel-parser
  • #17521 Improve @babel/parser error typing (@​JLHwung)
  • #17491 fix: improve ts-only declaration parsing (@​JLHwung)
• babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring
  • #17519 fix: rest correctly returns plain array (@​liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-plugin-transform-block-scoping, babel-plugin-transform-optional-chaining, babel-traverse, babel-types
  • #17503 Fix JSXIdentifier handling in isReferencedIdentifier (@​JLHwung)
• babel-traverse
  • #17504 fix: ensure scope.push register in anonymous fn (@​JLHwung)

🏠 Internal

• babel-types
  • #17494 Type checking babel-types scripts (@​JLHwung)

🏃‍♀️ Performance

• babel-core
  • #17490 Faster finding of locations in buildCodeFrameError (@​liuxingbaoyu)

Committers: 8

• Babel Bot (@​babel-bot)
• Byeongho Yoo (@​youthfulhps)
• Huáng Jùnliàng (@​JLHwung)
• Hyeon Dokko (@​CO0Ki3)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​Olexandr88
• @​liuxingbaoyu
• fisker Cheung (@​fisker)

Changelog

Sourced from @​babel/core's changelog.

v7.28.5 (2025-10-23)

👓 Spec Compliance

• babel-parser
  • #17446 Allow Runtime Errors for Function Call Assignment Targets (@​liuxingbaoyu)
• babel-helper-validator-identifier
  • #17501 fix: update identifier to unicode 17 (@​fisker)

🐛 Bug Fix

• babel-plugin-proposal-destructuring-private
  • #17534 Allow mixing private destructuring and rest (@​CO0Ki3)
• babel-parser
  • #17521 Improve @babel/parser error typing (@​JLHwung)
  • #17491 fix: improve ts-only declaration parsing (@​JLHwung)
• babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring
  • #17519 fix: rest correctly returns plain array (@​liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-plugin-transform-block-scoping, babel-plugin-transform-optional-chaining, babel-traverse, babel-types
  • #17503 Fix JSXIdentifier handling in isReferencedIdentifier (@​JLHwung)
• babel-traverse
  • #17504 fix: ensure scope.push register in anonymous fn (@​JLHwung)

🏠 Internal

• babel-types
  • #17494 Type checking babel-types scripts (@​JLHwung)

🏃‍♀️ Performance

• babel-core
  • #17490 Faster finding of locations in buildCodeFrameError (@​liuxingbaoyu)

Commits

• 61647ae v7.28.5
• 42cb285 Improve @babel/core types (#17404)
• da0d1ad Faster finding of locations in buildCodeFrameError (#17490)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​babel/core since your current version.

Updates @babel/generator from 7.28.3 to 7.28.5

Release notes

Sourced from @​babel/generator's releases.

v7.28.5 (2025-10-23)

Thank you @​CO0Ki3, @​Olexandr88, and @​youthfulhps for your first PRs!

👓 Spec Compliance

• babel-parser
  • #17446 Allow Runtime Errors for Function Call Assignment Targets (@​liuxingbaoyu)
• babel-helper-validator-identifier
  • #17501 fix: update identifier to unicode 17 (@​fisker)

🐛 Bug Fix

• babel-plugin-proposal-destructuring-private
  • #17534 Allow mixing private destructuring and rest (@​CO0Ki3)
• babel-parser
  • #17521 Improve @babel/parser error typing (@​JLHwung)
  • #17491 fix: improve ts-only declaration parsing (@​JLHwung)
• babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring
  • #17519 fix: rest correctly returns plain array (@​liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-plugin-transform-block-scoping, babel-plugin-transform-optional-chaining, babel-traverse, babel-types
  • #17503 Fix JSXIdentifier handling in isReferencedIdentifier (@​JLHwung)
• babel-traverse
  • #17504 fix: ensure scope.push register in anonymous fn (@​JLHwung)

🏠 Internal

• babel-types
  • #17494 Type checking babel-types scripts (@​JLHwung)

🏃‍♀️ Performance

• babel-core
  • #17490 Faster finding of locations in buildCodeFrameError (@​liuxingbaoyu)

Committers: 8

• Babel Bot (@​babel-bot)
• Byeongho Yoo (@​youthfulhps)
• Huáng Jùnliàng (@​JLHwung)
• Hyeon Dokko (@​CO0Ki3)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​Olexandr88
• @​liuxingbaoyu
• fisker Cheung (@​fisker)

v7.28.4 (2025-09-05)

Thanks @​gwillen and @​mrginglymus for your first PRs!

🏠 Internal

• babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types
  • #17493 Update Jest to v30.1.1 (@​JLHwung)
• babel-plugin-transform-regenerator
  • #17455 chore: Clean up transform-regenerator (@​liuxingbaoyu)

... (truncated)

Changelog

Sourced from @​babel/generator's changelog.

v7.28.5 (2025-10-23)

👓 Spec Compliance

• babel-parser
  • #17446 Allow Runtime Errors for Function Call Assignment Targets (@​liuxingbaoyu)
• babel-helper-validator-identifier
  • #17501 fix: update identifier to unicode 17 (@​fisker)

🐛 Bug Fix

• babel-plugin-proposal-destructuring-private
  • #17534 Allow mixing private destructuring and rest (@​CO0Ki3)
• babel-parser
  • #17521 Improve @babel/parser error typing (@​JLHwung)
  • #17491 fix: improve ts-only declaration parsing (@​JLHwung)
• babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring
  • #17519 fix: rest correctly returns plain array (@​liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-plugin-transform-block-scoping, babel-plugin-transform-optional-chaining, babel-traverse, babel-types
  • #17503 Fix JSXIdentifier handling in isReferencedIdentifier (@​JLHwung)
• babel-traverse
  • #17504 fix: ensure scope.push register in anonymous fn (@​JLHwung)

🏠 Internal

• babel-types
  • #17494 Type checking babel-types scripts (@​JLHwung)

🏃‍♀️ Performance

• babel-core
  • #17490 Faster finding of locations in buildCodeFrameError (@​liuxingbaoyu)

v7.28.4 (2025-09-05)

🏠 Internal

• babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types
  • #17493 Update Jest to v30.1.1 (@​JLHwung)
• babel-plugin-transform-regenerator
  • #17455 chore: Clean up transform-regenerator (@​liuxingbaoyu)
• babel-core
  • #17474 Switch to @​jridgewell/remapping (@​mrginglymus)

Commits

• 61647ae v7.28.5
• 512ff4f Enable strictNullChecks for generator (#17497)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​babel/generator since your current version.

Updates @babel/helper-validator-identifier from 7.27.1 to 7.28.5

Release notes

Sourced from @​babel/helper-validator-identifier's releases.

v7.28.5 (2025-10-23)

Thank you @​CO0Ki3, @​Olexandr88, and @​youthfulhps for your first PRs!

👓 Spec Compliance

• babel-parser
  • #17446 Allow Runtime Errors for Function Call Assignment Targets (@​liuxingbaoyu)
• babel-helper-validator-identifier
  • #17501 fix: update identifier to unicode 17 (@​fisker)

🐛 Bug Fix

• babel-plugin-proposal-destructuring-private
  • #17534 Allow mixing private destructuring and rest (@​CO0Ki3)
• babel-parser
  • #17521 Improve @babel/parser error typing (@​JLHwung)
  • #17491 fix: improve ts-only declaration parsing (@​JLHwung)
• babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring
  • #17519 fix: rest correctly returns plain array (@​liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-plugin-transform-block-scoping, babel-plugin-transform-optional-chaining, babel-traverse, babel-types
  • #17503 Fix JSXIdentifier handling in isReferencedIdentifier (@​JLHwung)
• babel-traverse
  • #17504 fix: ensure scope.push register in anonymous fn (@​JLHwung)

🏠 Internal

• babel-types
  • #17494 Type checking babel-types scripts (@​JLHwung)

🏃‍♀️ Performance

• babel-core
  • #17490 Faster finding of locations in buildCodeFrameError (@​liuxingbaoyu)

Committers: 8

• Babel Bot (@​babel-bot)
• Byeongho Yoo (@​youthfulhps)
• Huáng Jùnliàng (@​JLHwung)
• Hyeon Dokko (@​CO0Ki3)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​Olexandr88
• @​liuxingbaoyu
• fisker Cheung (@​fisker)

v7.28.4 (2025-09-05)

Thanks @​gwillen and @​mrginglymus for your first PRs!

🏠 Internal

• babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types
  • #17493 Update Jest to v30.1.1 (@​JLHwung)
• babel-plugin-transform-regenerator
  • #17455 chore: Clean up transform-regenerator (@​liuxingbaoyu)

... (truncated)

Changelog

Sourced from @​babel/helper-validator-identifier's changelog...

Description has been truncated

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

pnpm-lock.yaml

Package	Version	License	Issue Type
ast-v8-to-istanbul	0.3.8	Null	Unknown License
@types/yargs	17.0.34	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@vitest/coverage-v8	^4.0.2	Unknown	Unknown
npm/vite	^7.1.12	🟢 7.3	Details Check Score Reason Code-Review 🟢 8 Found 20/24 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 6 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected SAST 🟢 3 SAST tool is not run on all commits -- score normalized to 3 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/vitest	^4.0.2	Unknown	Unknown
npm/@babel/compat-data	7.28.5	🟢 6.4	Details Check Score Reason Code-Review 🟢 9 Found 29/30 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 32 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed
npm/@babel/core	7.28.5	🟢 6.4	Details Check Score Reason Code-Review 🟢 9 Found 29/30 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 32 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed
npm/@babel/generator	7.28.5	🟢 6.4	Details Check Score Reason Code-Review 🟢 9 Found 29/30 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 32 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed
npm/@babel/helper-validator-identifier	7.28.5	🟢 6.4	Details Check Score Reason Code-Review 🟢 9 Found 29/30 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 32 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed
npm/@babel/parser	7.28.5	🟢 6.4	Details Check Score Reason Code-Review 🟢 9 Found 29/30 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 32 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed
npm/@babel/traverse	7.28.5	🟢 6.4	Details Check Score Reason Code-Review 🟢 9 Found 29/30 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 32 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed
npm/@babel/types	7.28.5	🟢 6.4	Details Check Score Reason Code-Review 🟢 9 Found 29/30 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 32 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed
npm/@emnapi/core	1.6.0	🟢 4.3	Details Check Score Reason Maintained 🟢 10 17 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@emnapi/runtime	1.6.0	🟢 4.3	Details Check Score Reason Maintained 🟢 10 17 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@standard-schema/spec	1.0.0	Unknown	Unknown
npm/@types/yargs	17.0.34	🟢 6.9	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 26/29 approved changesets -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/@vitest/coverage-v8	4.0.2	Unknown	Unknown
npm/@vitest/expect	4.0.2	Unknown	Unknown
npm/@vitest/mocker	4.0.2	Unknown	Unknown
npm/@vitest/pretty-format	4.0.2	Unknown	Unknown
npm/@vitest/runner	4.0.2	Unknown	Unknown
npm/@vitest/snapshot	4.0.2	Unknown	Unknown
npm/@vitest/spy	4.0.2	Unknown	Unknown
npm/@vitest/utils	4.0.2	Unknown	Unknown
npm/ast-v8-to-istanbul	0.3.8	Unknown	Unknown
npm/baseline-browser-mapping	2.8.20	Unknown	Unknown
npm/chai	6.2.0	🟢 5.5	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 22 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 13/18 approved changesets -- score normalized to 7 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Packaging 🟢 10 packaging workflow detected Vulnerabilities 🟢 5 5 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/electron-to-chromium	1.5.240	Unknown	Unknown
npm/get-tsconfig	4.13.0	Unknown	Unknown
npm/magic-string	0.30.21	🟢 3.6	Details Check Score Reason Code-Review 🟢 4 Found 13/30 approved changesets -- score normalized to 4 Maintained 🟢 8 9 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities ⚠️ 0 11 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/tinyrainbow	3.0.3	Unknown	Unknown
npm/vite	7.1.12	🟢 7.3	Details Check Score Reason Code-Review 🟢 8 Found 20/24 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 6 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected SAST 🟢 3 SAST tool is not run on all commits -- score normalized to 3 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/vitest	4.0.2	Unknown	Unknown

Scanned Files

• package.json
• pnpm-lock.yaml