+

Update dependency babel-loader to v9 (main) - autoclosed #2005

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Closed

mend-for-github-com wants to merge 1 commit into main from whitesource-remediate/main-babel-loader-9.x

mend-for-github-com bot commented May 13, 2025

This PR contains the following updates:

Package	Type	Update	Change
babel-loader	dependencies	major	`^8.2.2` -> `^9.0.0`

By merging this PR, the issue #1699 will be automatically resolved and closed:

Severity	CVSS Score	Vulnerability	Reachability
Critical	9.8	CVE-2022-37601
High	7.5	CVE-2022-37603
High	7.1	CVE-2022-46175
Medium	5.3	CVE-2022-25883

Release Notes

babel/babel-loader (babel-loader)

`v9.1.3`

Security dependency updates

Bump http-cache-semantics from 4.1.0 to 4.1.1 by @dependabot in https://github.com/babel/babel-loader/pull/982
Bump semver from 7.3.2 to 7.5.2 by @dependabot in https://github.com/babel/babel-loader/pull/993
bump find-cache-dir to v4 by @JLHwung in https://github.com/babel/babel-loader/pull/995

New Contributors

@piwysocki made their first contribution in https://github.com/babel/babel-loader/pull/981
@comoser made their first contribution in https://github.com/babel/babel-loader/pull/897

Full Changelog: babel/babel-loader@v9.1.2...v9.1.3

`v9.1.2`

9.1.1 was a broken release, it didn't include all the commits.

Dependencies updates

Bump qs from 6.5.2 to 6.5.3 by @dependabot in https://github.com/babel/babel-loader/pull/977
Bump json5 from 2.2.1 to 2.2.3 by @dependabot in https://github.com/babel/babel-loader/pull/980

Misc

GitHub Workflows security hardening by @sashashura in https://github.com/babel/babel-loader/pull/976

New Contributors

@sashashura made their first contribution in https://github.com/babel/babel-loader/pull/976

Full Changelog: babel/babel-loader@v9.1.0...v9.1.2

`v9.1.1`

`v9.1.0`

New features

Pass external dependencies from Babel to Webpack by @nicolo-ribaudo in https://github.com/babel/babel-loader/pull/971

Full Changelog: babel/babel-loader@v9.0.1...v9.1.0

`v9.0.1`

Bug Fixes

remove "node:" builtin prefix by @JLHwung in https://github.com/babel/babel-loader/pull/970

Full Changelog: babel/babel-loader@v9.0.0...v9.0.1

`v9.0.0`

What's Changed

update hash method mechanism so it doesn't fail on a fips enabled machine by @darmbrust in https://github.com/babel/babel-loader/pull/939
Require babel ^7.12.0 and Node.js >= 14.15.0 versions by @JLHwung in https://github.com/babel/babel-loader/pull/956
Remove dependency on loader-utils and drop webpack 4 support by @nied in https://github.com/babel/babel-loader/pull/942

New Contributors

@darmbrust made their first contribution in https://github.com/babel/babel-loader/pull/939
@nied made their first contribution in https://github.com/babel/babel-loader/pull/942

Full Changelog: babel/babel-loader@v8.2.5...v9.0.0

`v8.4.1`

What's Changed

Avoid error on missing getLogger by @nicolo-ribaudo in https://github.com/babel/babel-loader/pull/1044

Full Changelog: babel/babel-loader@v8.4.0...v8.4.1

`v8.4.0`

What's Changed

Fix loader-utils vulnerability by @LuckyLuky in https://github.com/babel/babel-loader/pull/979
Add babel-loader logger by @JLHwung in https://github.com/babel/babel-loader/pull/1039

New Contributors

@LuckyLuky made their first contribution in https://github.com/babel/babel-loader/pull/979

Full Changelog: babel/babel-loader@v8.3.0...v8.4.0

`v8.3.0`

New features

Pass external dependencies from Babel to Webpack by @nicolo-ribaudo in https://github.com/babel/babel-loader/pull/971

Full Changelog: babel/babel-loader@v8.2.5...v8.3.0

`v8.2.5`

What's Changed

fix: respect inputSourceMap loader option by @alan-agius4 in https://github.com/babel/babel-loader/pull/896

New Contributors

@alan-agius4 made their first contribution in https://github.com/babel/babel-loader/pull/896

Full Changelog: babel/babel-loader@v8.2.4...v8.2.5

`v8.2.4`

What's Changed

doc(README.md): fix a broken markdown link by @loveDstyle in https://github.com/babel/babel-loader/pull/919
Bump loader-utils to 2.x by @stianjensen in https://github.com/babel/babel-loader/pull/931
Use md5 hashing for OpenSSL 3 by @pathmapper in https://github.com/babel/babel-loader/pull/924

Thanks @loveDstyle, @stianjensen and @pathmapper for your first PRs!

`v8.2.3`: 8.2.3

This release fixes compatibility with Node.js 17

Use md5 hash for caching on node v17 (https://github.com/babel/babel-loader/pull/918)

Thanks @Reptarsrage!

If you want to rebase/retry this PR, check this box


          Update dependency babel-loader to v9

c806872

mend-for-github-com bot added the security fix label

Author

mend-for-github-com bot commented May 13, 2025

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: yarn.lock

[07:52:32.992] INFO (911945): Installing tool yarn@1.22.22...
[07:52:33.065] WARN (911945): Npm error:
ERROR: npm v10.8.2 is known not to run on Node.js v14.21.3.  This version of npm supports the following node versions: `^18.17.0 || >=20.5.0`. You can find the latest version at https://nodejs.org/.

ERROR:
/opt/containerbase/tools/node/20.18.1/lib/node_modules/npm/lib/utils/error-message.js:11
  er.message &&= replaceInfo(er.message)
             ^^^

SyntaxError: Unexpected token '&&='
    at wrapSafe (internal/modules/cjs/loader.js:1029:16)
    at Module._compile (internal/modules/cjs/loader.js:1078:27)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1143:10)
    at Module.load (internal/modules/cjs/loader.js:979:32)
    at Function.Module._load (internal/modules/cjs/loader.js:819:12)
    at Module.require (internal/modules/cjs/loader.js:1003:19)
    at require (internal/modules/cjs/helpers.js:107:18)
    at Object.<anonymous> (/opt/containerbase/tools/node/20.18.1/lib/node_modules/npm/lib/cli/exit-handler.js:2:48)
    at Module._compile (internal/modules/cjs/loader.js:1114:14)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1143:10)
[07:52:33.074] ERROR (911945): EACCES: permission denied, unlink '/opt/containerbase/tools/yarn/1.22.22/22.15.0/node_modules/.package-lock.json'
[07:52:33.075] FATAL (911945): Install tool yarn failed in 90ms.

mend-for-github-com bot changed the title ~~Update dependency babel-loader to v9 (main)~~ Update dependency babel-loader to v9 (main) - autoclosed

mend-for-github-com bot closed this

mend-for-github-com bot deleted the whitesource-remediate/main-babel-loader-9.x branch

June 11, 2025 12:16

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

点击这是indexloc提供的php浏览器服务，不要输入任何密码和下载