Skip to content

Bump @babel/core from 7.21.4 to 7.29.7#1950

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/babel/core-7.29.7
Closed

Bump @babel/core from 7.21.4 to 7.29.7#1950
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/babel/core-7.29.7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor

Bumps @babel/core from 7.21.4 to 7.29.7.

Release notes

Sourced from @​babel/core's releases.

v7.29.7 (2026-05-25)

Re-release all packages with npm provenance attestations

v7.29.6 (2026-05-25)

🐛 Bug Fix

Committers: 3

v7.29.5 (2026-05-05)

🏠 Internal

  • babel-preset-env
    • Update @babel/* dependencies

v7.29.4 (2026-05-05)

🐛 Bug Fix

  • babel-plugin-transform-modules-systemjs
    • #17974 [7.x backport]fix(systemjs): improve module string name support (@​JLHwung)

Committers: 1

v7.29.3 (2026-04-30)

👓 Spec Compliance

🐛 Bug Fix

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
    • #17931 fix(decorators): replace super within all removed static elements (@​JLHwung)
  • babel-register
  • babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env

💅 Polish

  • babel-parser

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​babel/core since your current version.


@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 2, 2026
@dependabot dependabot Bot temporarily deployed to test-trigger-is July 2, 2026 12:51 Inactive
@rugpanov

rugpanov commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Status: cannot merge yet — blocked by the internal package mirror (not a code issue).

CI fails at yarn install --immutable because this bump pulls in newer transitive dependencies that aren't yet available on the Databricks JFrog artifactory mirror:

YN0035: caniuse-lite@npm:1.0.30001800: Response Code: 403 (Forbidden)
  https://databricks.jfrog.io/artifactory/api/npm/db-npm/caniuse-lite/-/caniuse-lite-1.0.30001800.tgz
YN0035: electron-to-chromium@npm:1.5.384: Response Code: 403 (Forbidden)

These come in via @babel/core 7.29's dependency tree. The bump itself is a safe minor upgrade — the blocker is purely mirror availability.

When we can merge: once caniuse-lite@1.0.30001800 and electron-to-chromium@1.5.384 (and any other 403'd transitive deps) are mirrored into db-npm, yarn install --immutable will pass and this can go green + merge. Until then it's blocked. Leaving open so it unblocks automatically once the mirror catches up.

Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.21.4 to 7.29.7.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-core)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-version: 7.29.7
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/babel/core-7.29.7 branch from b221c8c to 99cca5c Compare July 2, 2026 13:49
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

If integration tests don't run automatically, an authorized user can run them manually by following the instructions below:

Trigger:
go/deco-tests-run/vscode

Inputs:

  • PR number: 1950
  • Commit SHA: 99cca5c8a1bc4148c90e4a46d3fb57ae8a364bc9

Checks will be approved automatically on success.

@dependabot dependabot Bot temporarily deployed to test-trigger-is July 2, 2026 13:51 Inactive
@rugpanov

rugpanov commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Closing. Root cause turned out not to be a mirror lag but phantom versions in this PR's lockfile: the transitive deps it pinned don't exist on public npm at all —

  • caniuse-lite@1.0.30001800 → npm latest is 1.0.30001799
  • electron-to-chromium@1.5.384 → npm returns E404 (latest is 1.5.378)

So there's nothing to mirror into JFrog (hence the 403s), and the lockfile can't resolve. @babel/core here is only a transitive dev-dependency (via istanbul-lib-instrument), not a direct or security-flagged one.

Closing so Dependabot re-raises with a freshly resolved lockfile against real versions. No code change needed.

@rugpanov rugpanov closed this Jul 2, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/babel/core-7.29.7 branch July 2, 2026 14:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant