Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix tdz analysis for reassigned captured for bindings #15278

Merged

Conversation

nicolo-ribaudo
Copy link
Member

@nicolo-ribaudo nicolo-ribaudo commented Dec 15, 2022

Q                       A
Fixed Issues? A bug introduced in #15200
Patch: Bug Fix?
Major: Breaking Change?
Minor: New Feature?
Tests Added + Pass? Yes
Documentation PR Link
Any Dependency Changes?
License MIT

When extracting the loop body in the test case to its own function, the scope info is temporarily not correct and the index/_index bindings are partially mixed, causing problems for TDZ analysis.

Specifically, we have _index usages in index's reference paths, but then scope.getBinding(_index) returns undefined. Since the closure param is never in TDZ, it's safe to just return early when it happens.

@nicolo-ribaudo nicolo-ribaudo added PR: Bug Fix 🐛 A type of pull request used for our changelog categories i: regression labels Dec 15, 2022
@babel-bot
Copy link
Collaborator

Build successful! You can test your changes in the REPL here: https://babeljs.io/repl/build/53661/

@nicolo-ribaudo
Copy link
Member Author

I marked this as a regression for a bug introduced recently, but I don't think it should block a release because it's very unlikely that people will stumble upon this bug.

@nicolo-ribaudo nicolo-ribaudo merged commit 2dd8254 into babel:main Dec 16, 2022
@nicolo-ribaudo nicolo-ribaudo deleted the fix-tdz-check-reassigned-for-binding branch December 16, 2022 05:57
@ndelangen
Copy link

Could it be this PR causes a regression: #15300 @nicolo-ribaudo @JLHwung @liuxingbaoyu ?

FYI, That bug is currently happening in Storybook's ecosystem CI

🙏

@liuxingbaoyu

This comment was marked as outdated.

cbush pushed a commit to mongodb/docs-realm that referenced this pull request Jan 13, 2023
<h3>Snyk has created this PR to upgrade @babel/core from 7.20.5 to
7.20.7.</h3>

:information_source: Keep your dependencies up-to-date. This makes it
easier to fix existing vulnerabilities and to more quickly identify and
fix newly disclosed vulnerabilities when they affect your project.
<hr/>

- The recommended version is **1 version** ahead of your current
version.
- The recommended version was released **22 days ago**, on 2022-12-22.


<details>
<summary><b>Release notes</b></summary>
<br/>
  <details>
    <summary>Package name: <b>@babel/core</b></summary>
    <ul>
      <li>
<b>7.20.7</b> - <a
href="https://snyk.io/redirect/github/babel/babel/releases/tag/v7.20.7">2022-12-22</a></br><h2>v7.20.7
(2022-12-22)</h2>
<p>Thanks <a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/wsypower/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://snyk.io/redirect/github/wsypower">@ wsypower</a> for your
first PR!</p>
<h4><g-emoji class="g-emoji" alias="eyeglasses"
fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f453.png">👓</g-emoji>
Spec Compliance</h4>
<ul>
<li><code>babel-helper-member-expression-to-functions</code>,
<code>babel-helper-replace-supers</code>,
<code>babel-plugin-proposal-class-properties</code>,
<code>babel-plugin-transform-classes</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15223"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15223/hovercard">#15223</a> fix:
Deleting super property should throw (<a
href="https://snyk.io/redirect/github/SuperSodaSea">@
SuperSodaSea</a>)</li>
</ul>
</li>
<li><code>babel-helpers</code>,
<code>babel-plugin-proposal-class-properties</code>,
<code>babel-plugin-transform-classes</code>,
<code>babel-plugin-transform-object-super</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15241"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15241/hovercard">#15241</a> fix:
Throw correct error types from sed ant class TDZ helpers (<a
href="https://snyk.io/redirect/github/SuperSodaSea">@
SuperSodaSea</a>)</li>
</ul>
</li>
</ul>
<h4><g-emoji class="g-emoji" alias="bug"
fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f41b.png">🐛</g-emoji>
Bug Fix</h4>
<ul>
<li><code>babel-parser</code>,
<code>babel-plugin-transform-typescript</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15209"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15209/hovercard">#15209</a> fix:
Support auto accessors with TypeScript annotations (<a
href="https://snyk.io/redirect/github/liuxingbaoyu">@
liuxingbaoyu</a>)</li>
</ul>
</li>
<li><code>babel-traverse</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15287"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15287/hovercard">#15287</a> Fix
<code>.parentPath</code> after rename in <code>SwitchCase</code> (<a
href="https://snyk.io/redirect/github/nicolo-ribaudo">@
nicolo-ribaudo</a>)</li>
</ul>
</li>
<li><code>babel-plugin-transform-typescript</code>,
<code>babel-traverse</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15284"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15284/hovercard">#15284</a> fix:
Ts import type and func with duplicate name (<a
href="https://snyk.io/redirect/github/liuxingbaoyu">@
liuxingbaoyu</a>)</li>
</ul>
</li>
<li><code>babel-plugin-transform-block-scoping</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15278"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15278/hovercard">#15278</a> Fix
tdz analysis for reassigned captured for bindings (<a
href="https://snyk.io/redirect/github/nicolo-ribaudo">@
nicolo-ribaudo</a>)</li>
</ul>
</li>
<li><code>babel-plugin-proposal-async-generator-functions</code>,
<code>babel-preset-env</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15235"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15235/hovercard">#15235</a> fix:
Transform <code>for await</code> with shadowed variables (<a
href="https://snyk.io/redirect/github/liuxingbaoyu">@
liuxingbaoyu</a>)</li>
</ul>
</li>
<li><code>babel-generator</code>,
<code>babel-plugin-proposal-optional-chaining</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15258"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15258/hovercard">#15258</a> fix:
Correctly generate <code>(a ?? b) as T</code> (<a
href="https://snyk.io/redirect/github/liuxingbaoyu">@
liuxingbaoyu</a>)</li>
</ul>
</li>
<li><code>babel-plugin-transform-react-jsx</code>,
<code>babel-types</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15233"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15233/hovercard">#15233</a> fix:
Emit correct sourcemap ranges for <code>JSXText</code> (<a
href="https://snyk.io/redirect/github/liuxingbaoyu">@
liuxingbaoyu</a>)</li>
</ul>
</li>
<li><code>babel-core</code>, <code>babel-helpers</code>,
<code>babel-plugin-transform-computed-properties</code>,
<code>babel-runtime-corejs2</code>, <code>babel-runtime-corejs3</code>,
<code>babel-runtime</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15232"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15232/hovercard">#15232</a> fix:
Computed properties should keep original definition order (<a
href="https://snyk.io/redirect/github/SuperSodaSea">@
SuperSodaSea</a>)</li>
</ul>
</li>
<li><code>babel-helper-member-expression-to-functions</code>,
<code>babel-helper-replace-supers</code>,
<code>babel-plugin-proposal-class-properties</code>,
<code>babel-plugin-transform-classes</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15223"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15223/hovercard">#15223</a> fix:
Deleting super property should throw (<a
href="https://snyk.io/redirect/github/SuperSodaSea">@
SuperSodaSea</a>)</li>
</ul>
</li>
<li><code>babel-generator</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15216"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15216/hovercard">#15216</a> fix:
Print newlines for leading Comments of <code>TSEnumMember</code> (<a
href="https://snyk.io/redirect/github/liuxingbaoyu">@
liuxingbaoyu</a>)</li>
</ul>
</li>
</ul>
<h4><g-emoji class="g-emoji" alias="nail_care"
fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f485.png">💅</g-emoji>
Polish</h4>
<ul>
<li><code>babel-plugin-transform-block-scoping</code>,
<code>babel-traverse</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15275"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15275/hovercard">#15275</a>
Improve relative execution tracking in fn exprs (<a
href="https://snyk.io/redirect/github/nicolo-ribaudo">@
nicolo-ribaudo</a>)</li>
</ul>
</li>
</ul>
<h4><g-emoji class="g-emoji" alias="house"
fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f3e0.png">🏠</g-emoji>
Internal</h4>
<ul>
<li><code>babel-helper-define-map</code>,
<code>babel-plugin-transform-property-mutators</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15274"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15274/hovercard">#15274</a> Inline
&amp; simplify <code>@ babel/helper-define-map</code> (<a
href="https://snyk.io/redirect/github/nicolo-ribaudo">@
nicolo-ribaudo</a>)</li>
</ul>
</li>
<li><code>babel-core</code>,
<code>babel-plugin-proposal-class-properties</code>,
<code>babel-plugin-transform-block-scoping</code>,
<code>babel-plugin-transform-classes</code>,
<code>babel-plugin-transform-destructuring</code>,
<code>babel-plugin-transform-parameters</code>,
<code>babel-plugin-transform-regenerator</code>,
<code>babel-plugin-transform-runtime</code>,
<code>babel-preset-env</code>, <code>babel-traverse</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15200"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15200/hovercard">#15200</a>
Rewrite <code>transform-block-scoping</code> plugin (<a
href="https://snyk.io/redirect/github/nicolo-ribaudo">@
nicolo-ribaudo</a>)</li>
</ul>
</li>
</ul>
<h4><g-emoji class="g-emoji" alias="running_woman"
fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f3c3-2640.png">🏃‍♀️</g-emoji>
Performance</h4>
<ul>
<li><code>babel-helper-compilation-targets</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15228"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15228/hovercard">#15228</a> perf:
Speed up <code>getTargets</code> (<a
href="https://snyk.io/redirect/github/liuxingbaoyu">@
liuxingbaoyu</a>)</li>
</ul>
</li>
</ul>
<h4>Committers: 6</h4>
<ul>
<li>Babel Bot (<a href="https://snyk.io/redirect/github/babel-bot">@
babel-bot</a>)</li>
<li>Huáng Jùnliàng (<a href="https://snyk.io/redirect/github/JLHwung">@
JLHwung</a>)</li>
<li>Nicolò Ribaudo (<a
href="https://snyk.io/redirect/github/nicolo-ribaudo">@
nicolo-ribaudo</a>)</li>
<li>Tianlan Zhou (<a
href="https://snyk.io/redirect/github/SuperSodaSea">@
SuperSodaSea</a>)</li>
<li><a href="https://snyk.io/redirect/github/liuxingbaoyu">@
liuxingbaoyu</a></li>
<li>魏 (<a href="https://snyk.io/redirect/github/wsypower">@
wsypower</a>)</li>
</ul>
      </li>
      <li>
<b>7.20.5</b> - <a
href="https://snyk.io/redirect/github/babel/babel/releases/tag/v7.20.5">2022-11-28</a></br><h2>v7.20.5
(2022-11-28)</h2>
<p>Thanks <a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/davydof/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://snyk.io/redirect/github/davydof">@ davydof</a> and <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/SuperSodaSea/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://snyk.io/redirect/github/SuperSodaSea">@ SuperSodaSea</a>
for your first PRs!</p>
<h4><g-emoji class="g-emoji" alias="eyeglasses"
fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f453.png">👓</g-emoji>
Spec Compliance</h4>
<ul>
<li><code>babel-helpers</code>,
<code>babel-plugin-transform-destructuring</code>,
<code>babel-plugin-transform-modules-commonjs</code>,
<code>babel-preset-env</code>, <code>babel-runtime-corejs2</code>,
<code>babel-runtime-corejs3</code>, <code>babel-runtime</code>,
<code>babel-traverse</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15183"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15183/hovercard">#15183</a>
Improve array destructuring spec compliance (<a
href="https://snyk.io/redirect/github/SuperSodaSea">@
SuperSodaSea</a>)</li>
</ul>
</li>
<li><code>babel-cli</code>, <code>babel-helpers</code>,
<code>babel-plugin-proposal-class-properties</code>,
<code>babel-plugin-proposal-class-static-block</code>,
<code>babel-plugin-transform-classes</code>,
<code>babel-plugin-transform-runtime</code>,
<code>babel-preset-env</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15182"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15182/hovercard">#15182</a> fix:
apply toPropertyKey when defining class members (<a
href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li>
</ul>
</li>
<li><code>babel-helper-create-class-features-plugin</code>,
<code>babel-helpers</code>,
<code>babel-plugin-proposal-decorators</code>,
<code>babel-plugin-proposal-private-property-in-object</code>,
<code>babel-preset-env</code>, <code>babel-runtime-corejs2</code>,
<code>babel-runtime-corejs3</code>, <code>babel-runtime</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15133"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15133/hovercard">#15133</a> fix:
validate rhs of <code>in</code> when transpiling <code>#p in C</code>
(<a href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li>
</ul>
</li>
</ul>
<h4><g-emoji class="g-emoji" alias="bug"
fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f41b.png">🐛</g-emoji>
Bug Fix</h4>
<ul>
<li><code>babel-parser</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15225"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15225/hovercard">#15225</a> Parse
<code>using[foo]</code> as computed member expression (<a
href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15207"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15207/hovercard">#15207</a> Export
<code>ParseResult</code> type (<a
href="https://snyk.io/redirect/github/davydof">@ davydof</a>)</li>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15198"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15198/hovercard">#15198</a> fix:
parse <code>import module, ...</code> (<a
href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li>
</ul>
</li>
<li><code>babel-helper-wrap-function</code>,
<code>babel-preset-env</code>, <code>babel-traverse</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15181"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15181/hovercard">#15181</a> fix:
Edge cases for async functions and <code>noNewArrow</code> assumption
(<a href="https://snyk.io/redirect/github/liuxingbaoyu">@
liuxingbaoyu</a>)</li>
</ul>
</li>
<li><code>babel-plugin-transform-arrow-functions</code>,
<code>babel-plugin-transform-parameters</code>,
<code>babel-traverse</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15163"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15163/hovercard">#15163</a> fix:
Throw error when compiling <code>super()</code> in arrow functions with
default / rest parameters (<a
href="https://snyk.io/redirect/github/SuperSodaSea">@
SuperSodaSea</a>)</li>
</ul>
</li>
<li><code>babel-helpers</code>, <code>babel-node</code>,
<code>babel-plugin-proposal-async-generator-functions</code>,
<code>babel-plugin-transform-regenerator</code>,
<code>babel-preset-env</code>, <code>babel-runtime-corejs2</code>,
<code>babel-runtime-corejs3</code>, <code>babel-runtime</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15194"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15194/hovercard">#15194</a> fix:
Bump <code>regenerator</code> and add tests (<a
href="https://snyk.io/redirect/github/SuperSodaSea">@
SuperSodaSea</a>)</li>
</ul>
</li>
<li><code>babel-helper-create-regexp-features-plugin</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15192"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15192/hovercard">#15192</a> fix:
Update <code>regjsparser</code> for <code>@ babel/standalone</code> (<a
href="https://snyk.io/redirect/github/liuxingbaoyu">@
liuxingbaoyu</a>)</li>
</ul>
</li>
<li><code>babel-parser</code>, <code>babel-types</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15109"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15109/hovercard">#15109</a> fix:
Babel 8 types (<a href="https://snyk.io/redirect/github/liuxingbaoyu">@
liuxingbaoyu</a>)</li>
</ul>
</li>
<li><code>babel-generator</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15143"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15143/hovercard">#15143</a> Don't
print inner comments as leading when wrapping in <code>(``)</code> (<a
href="https://snyk.io/redirect/github/nicolo-ribaudo">@
nicolo-ribaudo</a>)</li>
</ul>
</li>
<li><code>babel-plugin-transform-block-scoping</code>,
<code>babel-traverse</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15167"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15167/hovercard">#15167</a>
Register <code>switch</code>'s <code>discriminant</code> in the outer
scope (<a href="https://snyk.io/redirect/github/nicolo-ribaudo">@
nicolo-ribaudo</a>)</li>
</ul>
</li>
</ul>
<h4><g-emoji class="g-emoji" alias="nail_care"
fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f485.png">💅</g-emoji>
Polish</h4>
<ul>
<li><code>babel-generator</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15173"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15173/hovercard">#15173</a>
Improve generator behavior when <code>comments:false</code> (<a
href="https://snyk.io/redirect/github/liuxingbaoyu">@
liuxingbaoyu</a>)</li>
</ul>
</li>
<li><code>babel-plugin-transform-block-scoping</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15164"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15164/hovercard">#15164</a> Only
extract IDs for TDZ checks in assign when necessary (<a
href="https://snyk.io/redirect/github/nicolo-ribaudo">@
nicolo-ribaudo</a>)</li>
</ul>
</li>
</ul>
<h4><g-emoji class="g-emoji" alias="house"
fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f3e0.png">🏠</g-emoji>
Internal</h4>
<ul>
<li><code>babel-core</code>, <code>babel-parser</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15202"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15202/hovercard">#15202</a> Bump
typescript to 4.9.3 (<a href="https://snyk.io/redirect/github/JLHwung">@
JLHwung</a>)</li>
</ul>
</li>
</ul>
<h4>Committers: 6</h4>
<ul>
<li>Alexander Davydov (<a
href="https://snyk.io/redirect/github/davydof">@ davydof</a>)</li>
<li>Babel Bot (<a href="https://snyk.io/redirect/github/babel-bot">@
babel-bot</a>)</li>
<li>Huáng Jùnliàng (<a href="https://snyk.io/redirect/github/JLHwung">@
JLHwung</a>)</li>
<li>Nicolò Ribaudo (<a
href="https://snyk.io/redirect/github/nicolo-ribaudo">@
nicolo-ribaudo</a>)</li>
<li>Tianlan Zhou (<a
href="https://snyk.io/redirect/github/SuperSodaSea">@
SuperSodaSea</a>)</li>
<li><a href="https://snyk.io/redirect/github/liuxingbaoyu">@
liuxingbaoyu</a></li>
</ul>
      </li>
    </ul>
from <a
href="https://snyk.io/redirect/github/babel/babel/releases">@babel/core
GitHub release notes</a>
  </details>
</details>
<hr/>

**Note:** *You are seeing this because you or someone else with access
to this repository has authorized Snyk to open upgrade PRs.*

For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJiMmQyZGFlZi1hOTc4LTRkMTMtOWVlNS05ZjQ4MjA3ZDRlNDkiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImIyZDJkYWVmLWE5NzgtNGQxMy05ZWU1LTlmNDgyMDdkNGU0OSJ9fQ=="
width="0" height="0"/>

🧐 [View latest project
report](https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)

🛠 [Adjust upgrade PR
settings](https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55/settings/integration?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)

🔕 [Ignore this dependency or unsubscribe from future upgrade
PRs](https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55/settings/integration?pkg&#x3D;@babel/core&amp;utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr#auto-dep-upgrades)

<!---
(snyk:metadata:{"prId":"b2d2daef-a978-4d13-9ee5-9f48207d4e49","prPublicId":"b2d2daef-a978-4d13-9ee5-9f48207d4e49","dependencies":[{"name":"@babel/core","from":"7.20.5","to":"7.20.7"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"852e6e4f-be96-45c8-b370-1060f5ebee55","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2022-12-22T09:45:37.638Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]})
--->

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
cbush pushed a commit to mongodb/docs-realm that referenced this pull request Jan 30, 2023
<h3>Snyk has created this PR to upgrade @babel/core from 7.20.7 to
7.20.12.</h3>

:information_source: Keep your dependencies up-to-date. This makes it
easier to fix existing vulnerabilities and to more quickly identify and
fix newly disclosed vulnerabilities when they affect your project.
<hr/>

- The recommended version is **1 version** ahead of your current
version.
- The recommended version was released **21 days ago**, on 2023-01-04.

The recommended version fixes:

Severity | Issue | PriorityScore (*) | Exploit Maturity |

:-------------------------:|:-------------------------|-------------------------|:-------------------------
<img
src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png"
width="20" height="20" title="medium severity"/> | Prototype
Pollution<br/>
[SNYK-JS-JSON5-3182856](https://snyk.io/vuln/SNYK-JS-JSON5-3182856) |
**427/1000** <br/> **Why?** Proof of Concept exploit, CVSS 6.4 | Proof
of Concept

(*) Note that the real score may have changed since the PR was raised.


<details>
<summary><b>Release notes</b></summary>
<br/>
  <details>
    <summary>Package name: <b>@babel/core</b></summary>
    <ul>
      <li>
<b>7.20.12</b> - <a
href="https://snyk.io/redirect/github/babel/babel/releases/tag/v7.20.12">2023-01-04</a></br><h2>v7.20.12
(2023-01-04)</h2>
<p>Thanks <a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/cross19xx/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://snyk.io/redirect/github/cross19xx">@ cross19xx</a>, <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/JBYoshi/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://snyk.io/redirect/github/JBYoshi">@ JBYoshi</a> and <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/nmn/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://snyk.io/redirect/github/nmn">@ nmn</a> for your first
PRs!</p>
<h4><g-emoji class="g-emoji" alias="bug"
fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f41b.png">🐛</g-emoji>
Bug Fix</h4>
<ul>
<li><code>babel-traverse</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15224"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15224/hovercard">#15224</a> Fix
<code>TaggedTemplateLiteral</code> evaluation (<a
href="https://snyk.io/redirect/github/nmn">@ nmn</a>)</li>
</ul>
</li>
<li><code>babel-helper-create-class-features-plugin</code>,
<code>babel-plugin-proposal-class-properties</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15312"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15312/hovercard">#15312</a> fix:
<code>delete this</code> in static class properties initialization (<a
href="https://snyk.io/redirect/github/SuperSodaSea">@
SuperSodaSea</a>)</li>
</ul>
</li>
</ul>
<h4><g-emoji class="g-emoji" alias="nail_care"
fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f485.png">💅</g-emoji>
Polish</h4>
<ul>
<li><code>babel-traverse</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15313"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15313/hovercard">#15313</a>
Implement support for evaluating computed properties. (<a
href="https://snyk.io/redirect/github/JBYoshi">@ JBYoshi</a>)</li>
</ul>
</li>
</ul>
<h4>Committers: 5</h4>
<ul>
<li>Jonathan Browne (<a href="https://snyk.io/redirect/github/JBYoshi">@
JBYoshi</a>)</li>
<li>Kenneth Kwakye-Gyamfi (<a
href="https://snyk.io/redirect/github/cross19xx">@ cross19xx</a>)</li>
<li>Naman Goel (<a href="https://snyk.io/redirect/github/nmn">@
nmn</a>)</li>
<li>Nicolò Ribaudo (<a
href="https://snyk.io/redirect/github/nicolo-ribaudo">@
nicolo-ribaudo</a>)</li>
<li>Tianlan Zhou (<a
href="https://snyk.io/redirect/github/SuperSodaSea">@
SuperSodaSea</a>)</li>
</ul>
      </li>
      <li>
<b>7.20.7</b> - <a
href="https://snyk.io/redirect/github/babel/babel/releases/tag/v7.20.7">2022-12-22</a></br><h2>v7.20.7
(2022-12-22)</h2>
<p>Thanks <a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/wsypower/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://snyk.io/redirect/github/wsypower">@ wsypower</a> for your
first PR!</p>
<h4><g-emoji class="g-emoji" alias="eyeglasses"
fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f453.png">👓</g-emoji>
Spec Compliance</h4>
<ul>
<li><code>babel-helper-member-expression-to-functions</code>,
<code>babel-helper-replace-supers</code>,
<code>babel-plugin-proposal-class-properties</code>,
<code>babel-plugin-transform-classes</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15223"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15223/hovercard">#15223</a> fix:
Deleting super property should throw (<a
href="https://snyk.io/redirect/github/SuperSodaSea">@
SuperSodaSea</a>)</li>
</ul>
</li>
<li><code>babel-helpers</code>,
<code>babel-plugin-proposal-class-properties</code>,
<code>babel-plugin-transform-classes</code>,
<code>babel-plugin-transform-object-super</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15241"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15241/hovercard">#15241</a> fix:
Throw correct error types from sed ant class TDZ helpers (<a
href="https://snyk.io/redirect/github/SuperSodaSea">@
SuperSodaSea</a>)</li>
</ul>
</li>
</ul>
<h4><g-emoji class="g-emoji" alias="bug"
fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f41b.png">🐛</g-emoji>
Bug Fix</h4>
<ul>
<li><code>babel-parser</code>,
<code>babel-plugin-transform-typescript</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15209"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15209/hovercard">#15209</a> fix:
Support auto accessors with TypeScript annotations (<a
href="https://snyk.io/redirect/github/liuxingbaoyu">@
liuxingbaoyu</a>)</li>
</ul>
</li>
<li><code>babel-traverse</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15287"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15287/hovercard">#15287</a> Fix
<code>.parentPath</code> after rename in <code>SwitchCase</code> (<a
href="https://snyk.io/redirect/github/nicolo-ribaudo">@
nicolo-ribaudo</a>)</li>
</ul>
</li>
<li><code>babel-plugin-transform-typescript</code>,
<code>babel-traverse</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15284"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15284/hovercard">#15284</a> fix:
Ts import type and func with duplicate name (<a
href="https://snyk.io/redirect/github/liuxingbaoyu">@
liuxingbaoyu</a>)</li>
</ul>
</li>
<li><code>babel-plugin-transform-block-scoping</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15278"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15278/hovercard">#15278</a> Fix
tdz analysis for reassigned captured for bindings (<a
href="https://snyk.io/redirect/github/nicolo-ribaudo">@
nicolo-ribaudo</a>)</li>
</ul>
</li>
<li><code>babel-plugin-proposal-async-generator-functions</code>,
<code>babel-preset-env</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15235"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15235/hovercard">#15235</a> fix:
Transform <code>for await</code> with shadowed variables (<a
href="https://snyk.io/redirect/github/liuxingbaoyu">@
liuxingbaoyu</a>)</li>
</ul>
</li>
<li><code>babel-generator</code>,
<code>babel-plugin-proposal-optional-chaining</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15258"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15258/hovercard">#15258</a> fix:
Correctly generate <code>(a ?? b) as T</code> (<a
href="https://snyk.io/redirect/github/liuxingbaoyu">@
liuxingbaoyu</a>)</li>
</ul>
</li>
<li><code>babel-plugin-transform-react-jsx</code>,
<code>babel-types</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15233"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15233/hovercard">#15233</a> fix:
Emit correct sourcemap ranges for <code>JSXText</code> (<a
href="https://snyk.io/redirect/github/liuxingbaoyu">@
liuxingbaoyu</a>)</li>
</ul>
</li>
<li><code>babel-core</code>, <code>babel-helpers</code>,
<code>babel-plugin-transform-computed-properties</code>,
<code>babel-runtime-corejs2</code>, <code>babel-runtime-corejs3</code>,
<code>babel-runtime</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15232"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15232/hovercard">#15232</a> fix:
Computed properties should keep original definition order (<a
href="https://snyk.io/redirect/github/SuperSodaSea">@
SuperSodaSea</a>)</li>
</ul>
</li>
<li><code>babel-helper-member-expression-to-functions</code>,
<code>babel-helper-replace-supers</code>,
<code>babel-plugin-proposal-class-properties</code>,
<code>babel-plugin-transform-classes</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15223"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15223/hovercard">#15223</a> fix:
Deleting super property should throw (<a
href="https://snyk.io/redirect/github/SuperSodaSea">@
SuperSodaSea</a>)</li>
</ul>
</li>
<li><code>babel-generator</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15216"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15216/hovercard">#15216</a> fix:
Print newlines for leading Comments of <code>TSEnumMember</code> (<a
href="https://snyk.io/redirect/github/liuxingbaoyu">@
liuxingbaoyu</a>)</li>
</ul>
</li>
</ul>
<h4><g-emoji class="g-emoji" alias="nail_care"
fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f485.png">💅</g-emoji>
Polish</h4>
<ul>
<li><code>babel-plugin-transform-block-scoping</code>,
<code>babel-traverse</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15275"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15275/hovercard">#15275</a>
Improve relative execution tracking in fn exprs (<a
href="https://snyk.io/redirect/github/nicolo-ribaudo">@
nicolo-ribaudo</a>)</li>
</ul>
</li>
</ul>
<h4><g-emoji class="g-emoji" alias="house"
fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f3e0.png">🏠</g-emoji>
Internal</h4>
<ul>
<li><code>babel-helper-define-map</code>,
<code>babel-plugin-transform-property-mutators</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15274"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15274/hovercard">#15274</a> Inline
&amp; simplify <code>@ babel/helper-define-map</code> (<a
href="https://snyk.io/redirect/github/nicolo-ribaudo">@
nicolo-ribaudo</a>)</li>
</ul>
</li>
<li><code>babel-core</code>,
<code>babel-plugin-proposal-class-properties</code>,
<code>babel-plugin-transform-block-scoping</code>,
<code>babel-plugin-transform-classes</code>,
<code>babel-plugin-transform-destructuring</code>,
<code>babel-plugin-transform-parameters</code>,
<code>babel-plugin-transform-regenerator</code>,
<code>babel-plugin-transform-runtime</code>,
<code>babel-preset-env</code>, <code>babel-traverse</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15200"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15200/hovercard">#15200</a>
Rewrite <code>transform-block-scoping</code> plugin (<a
href="https://snyk.io/redirect/github/nicolo-ribaudo">@
nicolo-ribaudo</a>)</li>
</ul>
</li>
</ul>
<h4><g-emoji class="g-emoji" alias="running_woman"
fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f3c3-2640.png">🏃‍♀️</g-emoji>
Performance</h4>
<ul>
<li><code>babel-helper-compilation-targets</code>
<ul>
<li><a href="https://snyk.io/redirect/github/babel/babel/pull/15228"
data-hovercard-type="pull_request"
data-hovercard-url="/babel/babel/pull/15228/hovercard">#15228</a> perf:
Speed up <code>getTargets</code> (<a
href="https://snyk.io/redirect/github/liuxingbaoyu">@
liuxingbaoyu</a>)</li>
</ul>
</li>
</ul>
<h4>Committers: 6</h4>
<ul>
<li>Babel Bot (<a href="https://snyk.io/redirect/github/babel-bot">@
babel-bot</a>)</li>
<li>Huáng Jùnliàng (<a href="https://snyk.io/redirect/github/JLHwung">@
JLHwung</a>)</li>
<li>Nicolò Ribaudo (<a
href="https://snyk.io/redirect/github/nicolo-ribaudo">@
nicolo-ribaudo</a>)</li>
<li>Tianlan Zhou (<a
href="https://snyk.io/redirect/github/SuperSodaSea">@
SuperSodaSea</a>)</li>
<li><a href="https://snyk.io/redirect/github/liuxingbaoyu">@
liuxingbaoyu</a></li>
<li>魏 (<a href="https://snyk.io/redirect/github/wsypower">@
wsypower</a>)</li>
</ul>
      </li>
    </ul>
from <a
href="https://snyk.io/redirect/github/babel/babel/releases">@babel/core
GitHub release notes</a>
  </details>
</details>
<hr/>

**Note:** *You are seeing this because you or someone else with access
to this repository has authorized Snyk to open upgrade PRs.*

For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIxYjVhZTY0Yi1lYjQxLTRmOTgtYmRkMC1hOTE2ZTM5NDFkMDQiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjFiNWFlNjRiLWViNDEtNGY5OC1iZGQwLWE5MTZlMzk0MWQwNCJ9fQ=="
width="0" height="0"/>

🧐 [View latest project
report](https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)

🛠 [Adjust upgrade PR
settings](https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55/settings/integration?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)

🔕 [Ignore this dependency or unsubscribe from future upgrade
PRs](https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55/settings/integration?pkg&#x3D;@babel/core&amp;utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr#auto-dep-upgrades)

<!---
(snyk:metadata:{"prId":"1b5ae64b-eb41-4f98-bdd0-a916e3941d04","prPublicId":"1b5ae64b-eb41-4f98-bdd0-a916e3941d04","dependencies":[{"name":"@babel/core","from":"7.20.7","to":"7.20.12"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"852e6e4f-be96-45c8-b370-1060f5ebee55","env":"prod","prType":"upgrade","vulns":["SNYK-JS-JSON5-3182856"],"issuesToFix":[{"issueId":"SNYK-JS-JSON5-3182856","severity":"medium","title":"Prototype
Pollution","exploitMaturity":"proof-of-concept","priorityScore":427,"priorityScoreFactors":[{"type":"exploit","label":"Proof
of
Concept","score":107},{"type":"cvssScore","label":"6.4","score":320}]}],"upgrade":["SNYK-JS-JSON5-3182856"],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2023-01-04T16:02:21.147Z"},"templateVariants":["priorityScore"],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[427]})
--->

---------

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
@github-actions github-actions bot added the outdated A closed issue/PR that is archived due to age. Recommended to make a new issue label Mar 24, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 24, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
i: regression outdated A closed issue/PR that is archived due to age. Recommended to make a new issue PR: Bug Fix 🐛 A type of pull request used for our changelog categories
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

5 participants