Skip to content

[agent] chore(deps): bump @babel/core from ^7.29.0 to ^7.29.6#797

Draft
github-actions[bot] wants to merge 1 commit into
mainfrom
security/bump-babel-core-7.29.7-fb80990649c7c24d
Draft

[agent] chore(deps): bump @babel/core from ^7.29.0 to ^7.29.6#797
github-actions[bot] wants to merge 1 commit into
mainfrom
security/bump-babel-core-7.29.7-fb80990649c7c24d

Conversation

@github-actions

@github-actions github-actions Bot commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Bumps @babel/core from ^7.29.0 to ^7.29.6 in the root package.json. The lockfile resolves to 7.29.7.

Security Advisory

  • Alert: #278
  • GHSA: GHSA-4x5r-pxfx-6jf8
  • CVE: CVE-2026-49356
  • Severity: Low (CVSS 3.2)
  • Summary: Arbitrary File Read via sourceMappingURL Comment — when compiling attacker-controlled code, Babel could be tricked into reading an arbitrary source map file from the system.
  • Fixed in: @babel/core@7.29.6

Changes

  • package.json: updated @babel/core range from ^7.29.0^7.29.6
  • package-lock.json: resolves @babel/core to 7.29.7

Generated by Dependabot remediation agent · ● 443K ·

@github-actions
chore(deps): bump @babel/core from ^7.29.0 to ^7.29.6
91cd165 
Addresses GHSA-4x5r-pxfx-6jf8 (CVE-2026-49356): Arbitrary File Read via
sourceMappingURL Comment. Fixes the vulnerability by updating the lockfile
to resolve @babel/core to 7.29.7 (first patched: 7.29.6).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants