Bump the npm_and_yarn group across 1 directory with 20 updates

[dependabot]

Bumps the npm_and_yarn group with 20 updates in the / directory:

Package	From	To
esbuild	0.12.15	0.25.0
lodash	4.17.21	4.17.23
@trpc/server	10.43.0	10.45.3
nanoid	3.3.1	3.3.8
next	14.0.1	16.1.6
next-auth	4.23.2	4.24.12
rollup	4.9.2	4.59.0
vite	4.3.9	5.4.21
playwright	1.36.1	1.55.1
@babel/helpers	7.13.10	7.28.6
bn.js	4.12.0	4.12.3
cipher-base	1.0.4	1.0.7
cross-spawn	6.0.5	6.0.6
express	4.18.1	4.18.2
jws	3.2.2	3.2.3
pbkdf2	3.1.1	3.1.5
qs	6.5.3	6.5.5
serve-static	1.14.1	1.15.0
sha.js	2.4.11	2.4.12
tar	6.1.0	6.2.1

Updates esbuild from 0.12.15 to 0.25.0

Release notes

Sourced from esbuild's releases.

v0.25.0

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.24.0 or ~0.24.0. See npm's documentation about semver for more information.

• Restrict access to esbuild's development server (GHSA-67mh-4wv8-2f99)

  This change addresses esbuild's first security vulnerability report. Previously esbuild set the Access-Control-Allow-Origin header to * to allow esbuild's development server to be flexible in how it's used for development. However, this allows the websites you visit to make HTTP requests to esbuild's local development server, which gives read-only access to your source code if the website were to fetch your source code's specific URL. You can read more information in the report.

  Starting with this release, CORS will now be disabled, and requests will now be denied if the host does not match the one provided to --serve=. The default host is 0.0.0.0, which refers to all of the IP addresses that represent the local machine (e.g. both 127.0.0.1 and 192.168.0.1). If you want to customize anything about esbuild's development server, you can put a proxy in front of esbuild and modify the incoming and/or outgoing requests.

  In addition, the serve() API call has been changed to return an array of hosts instead of a single host string. This makes it possible to determine all of the hosts that esbuild's development server will accept.

  Thanks to @​sapphi-red for reporting this issue.

• Delete output files when a build fails in watch mode (#3643)

  It has been requested for esbuild to delete files when a build fails in watch mode. Previously esbuild left the old files in place, which could cause people to not immediately realize that the most recent build failed. With this release, esbuild will now delete all output files if a rebuild fails. Fixing the build error and triggering another rebuild will restore all output files again.

• Fix correctness issues with the CSS nesting transform (#3620, #3877, #3933, #3997, #4005, #4037, #4038)

  This release fixes the following problems:

  • Naive expansion of CSS nesting can result in an exponential blow-up of generated CSS if each nesting level has multiple selectors. Previously esbuild sometimes collapsed individual nesting levels using :is() to limit expansion. However, this collapsing wasn't correct in some cases, so it has been removed to fix correctness issues.

    /* Original code */
    .parent {
      > .a,
      > .b1 > .b2 {
        color: red;
      }
    }
    /* Old output (with --supported:nesting=false) */
    .parent > :is(.a, .b1 > .b2) {
    color: red;
    }
    /* New output (with --supported:nesting=false) */
    .parent > .a,
    .parent > .b1 > .b2 {
    color: red;
    }

    Thanks to @​tim-we for working on a fix.

  • The & CSS nesting selector can be repeated multiple times to increase CSS specificity. Previously esbuild ignored this possibility and incorrectly considered && to have the same specificity as &. With this release, this should now work correctly:

    /* Original code (color should be red) */

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2021

This changelog documents all esbuild versions published in the year 2021 (versions 0.8.29 through 0.14.10).

0.14.10

• Enable tree shaking of classes with lowered static fields (#175)

  If the configured target environment doesn't support static class fields, they are converted into a call to esbuild's __publicField function instead. However, esbuild's tree-shaking pass treated this call as a side effect, which meant that all classes with static fields were ineligible for tree shaking. This release fixes the problem by explicitly ignoring calls to the __publicField function during tree shaking side-effect determination. Tree shaking is now enabled for these classes:

  // Original code
  class Foo { static foo = 'foo' }
  class Bar { static bar = 'bar' }
  new Bar()
  // Old output (with --tree-shaking=true --target=es6)
  class Foo {
  }
  __publicField(Foo, "foo", "foo");
  class Bar {
  }
  __publicField(Bar, "bar", "bar");
  new Bar();
  // New output (with --tree-shaking=true --target=es6)
  class Bar {
  }
  __publicField(Bar, "bar", "bar");
  new Bar();

• Treat --define:foo=undefined as an undefined literal instead of an identifier (#1407)

  References to the global variable undefined are automatically replaced with the literal value for undefined, which appears as void 0 when printed. This allows for additional optimizations such as collapsing undefined ?? bar into just bar. However, this substitution was not done for values specified via --define:. As a result, esbuild could potentially miss out on certain optimizations in these cases. With this release, it's now possible to use --define: to substitute something with an undefined literal:

  // Original code
  let win = typeof window !== 'undefined' ? window : {}
  // Old output (with --define:window=undefined --minify)
  let win=typeof undefined!="undefined"?undefined:{};
  // New output (with --define:window=undefined --minify)
  let win={};

• Add the --drop:debugger flag (#1809)

  Passing this flag causes all debugger; statements to be removed from the output. This is similar to the drop_debugger: true flag available in the popular UglifyJS and Terser JavaScript minifiers.

... (truncated)

Commits

• e9174d6 publish 0.25.0 to npm
• c27dbeb fix hosts in plugin-tests.js
• 6794f60 fix hosts in node-unref-tests.js
• de85afd Merge commit from fork
• da1de1b fix #4065: bitwise operators can return bigints
• f4e9d19 switch case liveness: default is always last
• 7aa47c3 fix #4028: minify live/dead switch cases better
• 22ecd30 minify: more constant folding for strict equality
• 4cdf03c fix #4053: reordering of .tsx in node_modules
• dc71977 fix #3692: 0 now picks a random ephemeral port
• Additional commits viewable in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

• dec55b7 Bump main to v4.17.23 (#6088)
• 19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
• b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
• edadd45 Prevent prototype pollution on baseUnset function
• 4879a7a doc: fix autoLink function, conversion of source links (#6056)
• 9648f69 chore: remove yarn.lock file (#6053)
• dfa407d ci: remove legacy configuration files (#6052)
• 156e196 feat: add renovate setup (#6039)
• 933e106 ci: add pipeline for Bun (#6023)
• 072a807 docs: update links related to Open JS Foundation (#5968)
• Additional commits viewable in compare view

Updates @trpc/server from 10.43.0 to 10.45.3

Release notes

Sourced from @​trpc/server's releases.

v10.45.3

• fixes GHSA-43p4-m455-4f4j

Full Changelog: trpc/trpc@v10.45.2...v10.45.3

v10.45.2

What's Changed

• patch(server): upgrade to typescript 5.4 and do fixes due to breaking changes in typescript by @​KATT in trpc/trpc#5560

Full Changelog: trpc/trpc@v10.45.1...v10.45.2

v10.45.1

What's Changed

• fix(server): parse url safer in fetch adapter by @​KATT in trpc/trpc#5410
• fix(react-query): no ref in useHookResult() by @​KATT in trpc/trpc#5433

New Contributors

• @​cah4a made their first contribution in trpc/trpc#5250
• @​zacanger made their first contribution in trpc/trpc#5276

Full Changelog: trpc/trpc@v10.45.0...v10.45.1

v10.45.0

What's Changed

• chore(next/app-dir): make a union of nextHttpLink options by @​KATT in trpc/trpc#5173
• chore: bump typescript and fix TS errors by @​KATT in trpc/trpc#5178
• fix(server + client): add noImplicitOverride & add explicit overrides in TRPCError / TRPCClientError by @​me-imfhd in trpc/trpc#5195
• fix(next): rm react-ssr-prepass dependency by @​KATT in trpc/trpc#5201
• feat(next): exclude non-ssr queries from the hydrated state by @​jonluca in trpc/trpc#5135
• fix(server+client): Incorrect serialization of IndexSignature and Record by @​microdev1 in trpc/trpc#5211
• feat(server): deprecate .createCaller() in favor of t.createCallerFactory() by @​KATT in trpc/trpc#5213

New Contributors

• @​kwaimind made their first contribution in trpc/trpc#5143
• @​me-imfhd made their first contribution in trpc/trpc#5195
• @​microdev1 made their first contribution in trpc/trpc#5211

Full Changelog: trpc/trpc@v10.44.1...v10.45.0

v10.44.1

What's Changed

• fix(server): fix fetch adapter with trailing slash by @​KATT in trpc/trpc#5090

New Contributors

... (truncated)

Commits

• 1117bb3 v10.45.3
• 936db6d v10.45.2
• e9e0821 patch(server): upgrade to typescript 5.4 and do fixes (#5560)
• 8db7f76 v10.45.1
• 0d93bc9 fix(server): parse url safer in fetch adapter (#5410)
• 82f7310 fix: enforce consistent type import/export (#5298)
• 444b08a docs: update error.cause comment (#5276)
• 4e101e3 fix: cache artifcats in entrypoints generation script (#5241)
• 353f6c2 chore(deps): update dependency valibot to ^0.25.0 (#5231)
• 06fd40d v10.45.0
• Additional commits viewable in compare view

Updates nanoid from 3.3.1 to 3.3.8

Changelog

Sourced from nanoid's changelog.

3.3.11

• Fixed React Native support.

3.3.10

• Fixed React Native support (by @​steida).

3.3.9

• Reduced npm package size.

3.3.8

• Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).

3.3.7

• Fixed node16 TypeScript support (by Saadi Myftija).

3.3.6

• Fixed package.

3.3.5

• Backport funding information.

3.3.4

• Fixed --help in CLI (by @​Lete114).

3.3.3

• Reduced size (by Anton Khlynovskiy).

3.3.2

• Fixed enhanced-resolve support.

3.3.1

• Reduced package size.

3.3

• Added size argument to function from customAlphabet (by Stefan Sundin).

3.2

• Added --size and --alphabet arguments to binary (by Vitaly Baev).

3.1.32

• Reduced async exports size (by Artyom Arutyunyan).
• Moved from Jest to uvu (by Vitaly Baev).

3.1.31

• Fixed collision vulnerability on object in size (by Artyom Arutyunyan).

3.1.30

• Reduced size for project with brotli compression (by Anton Khlynovskiy).

3.1.29

... (truncated)

Commits

• 3044cd5 Release 3.3.8 version
• 4fe3495 Update size limit
• d643045 Fix pool pollution, infinite loop (#510)
• 89d82d2 Release 3.3.7 version
• 5022c35 Update dual-publish
• 3e7a8e5 Remove benchmark from CI for v3
• d356144 Fix CI for v3
• 37b25df Move to pnpm 8
• d96f392 Release 3.3.6 version
• 8210dfb Release 3.3.5 version
• Additional commits viewable in compare view

Updates next from 14.0.1 to 16.1.6

Release notes

Sourced from next's releases.

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.1.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Only filter next config if experimental flag is enabled (#88733)

Credits

Huge thanks to @​mischnic for helping!

v16.1.3

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Fix linked list bug in LRU deleteFromLru (#88652)
• Fix relative same host redirects in node middleware (#88253)

Credits

Huge thanks to @​acdlite and @​ijjk for helping!

v16.1.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

... (truncated)

Commits

• adf8c61 v16.1.6
• 098c0c0 [backport][ci] Make gh auth status optional when triggering a release (#89100)
• a43df32 Backport/docs fixes jan 25 16.1.x (#89124)
• d6d5734 tweak LRU sentinel cache key (#89123)
• 4324698 backport: implement LRU cache with invocation ID scoping for minimal mode res...
• 23c4649 [backport] Upgrade to swc 54 (#88207) (#89103)
• acba4a6 v16.1.5
• e1d1fc6 Add maximum size limit for postponed body parsing (#88175)
• 500ec83 fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
• 1caaca3 feat(next/image)!: add images.maximumResponseBody config (#88183)
• Additional commits viewable in compare view

Updates next-auth from 4.23.2 to 4.24.12

Commits

• 1f48cf7 chore(release): bump version [skip ci]
• 4758a2f ci: add workflow_dispatch for release.yml
• d3aecfe feat: add next 16 support (#13303)
• 82efcf8 fix: security issue from nodemailer (#13304)
• 798c3d5 docs: update banner
• 02d3480 chore: remove clerk ads
• 7f88fa0 chore: remove sponsors
• 46e01af chore(docs): update credentials.md app router route.js filename (#13025)
• 11939f2 feat(core): add default cache control headers for GET endpoints (#12627)
• 918a6ac docs: Update FAQ with allowDangerousEmailAccountLinking (#12586)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by himself_65, a new releaser for next-auth since your current version.

Updates rollup from 4.9.2 to 4.59.0

Release notes

Sourced from rollup's releases.

v4.59.0

4.59.0

2026-02-22

Features

• Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

• #6275: Validate bundle stays within output dir (@​lukastaegert)

v4.58.0

4.58.0

2026-02-20

Features

• Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

• #6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (@​njg7194, @​lukastaegert)
• #6259: docs: Correct typo and improve sentence structure in docs for output.experimentalMinChunkSize (@​millerick, @​lukastaegert)
• #6260: fix(deps): update rust crate swc_compiler_base to v47 (@​renovate[bot], @​lukastaegert)
• #6261: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6262: Avoid unnecessary cloning of the code string (@​lukastaegert)
• #6263: fix(deps): update minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6265: chore(deps): lock file maintenance (@​renovate[bot])
• #6267: fix(deps): update minor/patch updates (@​renovate[bot])
• #6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (@​renovate[bot], @​lukastaegert)
• #6269: chore(deps): update dependency lru-cache to v11 (@​renovate[bot])
• #6270: chore(deps): lock file maintenance (@​renovate[bot])
• #6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (@​lukastaegert)

v4.57.1

4.57.1

2026-01-30

Bug Fixes

• Fix heap corruption issue in Windows (#6251)
• Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

• #6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@​alan-agius4, @​lukastaegert)

... (truncated)

Changelog

Sourced from rollup's changelog.

4.59.0

2026-02-22

Features

• Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

• #6275: Validate bundle stays within output dir (@​lukastaegert)

4.58.0

2026-02-20

Features

• Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

• #6256: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (@​njg7194, @​lukastaegert)
• #6259: docs: Correct typo and improve sentence structure in docs for output.experimentalMinChunkSize (@​millerick, @​lukastaegert)
• #6260: fix(deps): update rust crate swc_compiler_base to v47 (@​renovate[bot], @​lukastaegert)
• #6261: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6262: Avoid unnecessary cloning of the code string (@​lukastaegert)
• #6263: fix(deps): update minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6265: chore(deps): lock file maintenance (@​renovate[bot])
• #6267: fix(deps): update minor/patch updates (@​renovate[bot])
• #6268: chore(deps): update dependency eslint-plugin-unicorn to v63 (@​renovate[bot], @​lukastaegert)
• #6269: chore(deps): update dependency lru-cache to v11 (@​renovate[bot])
• #6270: chore(deps): lock file maintenance (@​renovate[bot])
• #6272: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (@​lukastaegert)

4.57.1

2026-01-30

Bug Fixes

• Fix heap corruption issue in Windows (#6251)
• Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

• #6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@​alan-agius4, @​lukastaegert)
• #6252: chore(deps): update dependency lru-cache to v11 (@​renovate[bot])
• #6253: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6254: Fully include dynamic imports in a try-catch (@​lukastaegert)

... (truncated)

Commits

• ae84695 4.59.0
• b39616e Update audit-resolve
• c60770d Validate bundle stays within output dir (#6275)
• 33f39c1 4.58.0
• b61c408 forward NO_SIDE_EFFECTS annotations to function expressions in variable decla...
• 7f00689 Extend agent instructions
• e7b2b85 chore(deps): lock file maintenance (#6270)
• 2aa5da9 fix(deps): update minor/patch updates (#6267)
• 4319837 chore(deps): update dependency lru-cache to v11 (#6269)
• c3b6b4b chore(deps): update dependency eslint-plugin-unicorn to v63 (#6268)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for rollup since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates vite from 4.3.9 to 5.4.21

Release notes

Sourced from vite's releases.

v5.4.21

Please refer to CHANGELOG.md for details.

v5.4.20

Please refer to CHANGELOG.md for details.

v5.4.19

Please refer to CHANGELOG.md for details.

v4.5.14

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.4.21 (2025-10-20)

• fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20970) (cad1d31), closes #20968 #20970
• chore: update CHANGELOG (ca88ed7)

5.4.20 (2025-09-08)

• fix: apply fs.strict check to HTML files (#20736) (482000f), closes #20736
• fix: port sirv@3.0.2 changes to sirv@2.0.4 (#20737) (4f1c35b), closes #20737

5.4.19 (2025-04-30)

• fix: backport #19965, check static serve file inside sirv (#19966) (766947e), closes #19965 #19966

5.4.18 (2025-04-10)

• fix: backport #19830, reject requests with # in request-target (#19831) (823675b), closes #19830 #19831

5.4.17 (2025-04-03)

• fix: backport #19782, fs check with svg and relative paths (#19784) (84b2b46), closes #19782 #19784

5.4.16 (2025-03-31)

• fix: backport #19761, fs check in transform middleware (#19762) (b627c50), closes #19761 #19762

5.4.15 (2025-03-24)

• fix: backport #19702, fs raw query with query separators (#19703) (807d7f0), closes #19702 #19703

5.4.14 (2025-01-21)

• fix: preview.allowedHosts with specific values was not respected (#19246) (9df6e6b), closes #19246
• fix: allow CORS from loopback addresses by default (#19249) (7d1699c), closes #19249

... (truncated)

Commits

• adce3c2 release: v5.4.21
• cad1d31 fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20970)
• ca88ed7 chore: update CHANGELOG
• 997700f release: v5.4.20
• 482000f fix: apply fs.strict check to HTML files (#20736)
• 80a333a release: v5.4.19
• 766947e fix: backport #19965, check static serve file inside sirv (#19966)
• 731b77d release: v5.4.18
• 823675b fix: backport #19830, reject requests with # in request-target (#19831)
• 0a2518a release: v5.4.17
• Additional commits viewable in compare view

Updates playwright from 1.36.1 to 1.55.1

Release notes

Sourced from playwright's releases.

v1.55.1

Highlights

microsoft/playwright#37479 - [Bug]: Upgrade Chromium to 140.0.7339.186. microsoft/playwright#37147 - [Regression]: Internal error: step id not found. microsoft/playwright#37146 - [Regression]: HTML reporter displays a broken chip link when there are no projects. microsoft/playwright#37137 - Revert "fix(a11y): track inert elements as hidden". microsoft/playwright#37532 - chore: do not use -k option

Browser Versions

• Chromium 140.0.7339.186
• Mozilla Firefox 141.0
• WebKit 26.0

This version was also tested against the following stable channels:

• Google Chrome 139
• Microsoft Edge 139

v1.55.0

New APIs

• New Property testStepInfo.titlePath Returns the full title path starting from the test file, including test and step titles.

Codegen

• Automatic toBeVisible() assertions: Codegen can now generate automatic toBeVisible() assertions for common UI interactions. This feature can be enabled in the Codegen settings UI.

Breaking Changes

• ⚠️ Dropped support for Chromium extension manifest v2.

Miscellaneous

• Added support for Debian 13 "Trixie".

Browser Versions

• Chromium 140.0.7339.16
• Mozilla Firefox 141.0
• WebKit 26.0

This version was also tested against the following stable channels:

• Google Chrome 139
• Microsoft Edge 139

v1.54.2

Highlights

microsoft/playwright#36714 - [Regression]: Codegen is not able to launch in Administrator Terminal on Windows (ProtocolError: Protocol error) microsoft/playwright#36828 - [Regression]: Playwright Codegen keeps spamming with selected option microsoft/playwright#36810 - [Regression]: Starting Codegen with target language doesn't work anymore

Browser Versions

... (truncated)

Commits

• ae51df7 chore: mark v1.55.1 (#37530)
• 86dde29 feat(chromium): roll to r1193 (#37529)
• 86328bc chore: do not use -k option (#37532)
• 63799ba cherry-pick(#37214): docs: fix method names in release notes
• 21e29a4 cherry-pick(#37153): fix(html): don't display a chip with empty content with ...
• ba62e6a cherry-pick(#37149): fix(test): attaching in boxed fixture
• 25bb073 cherry-pick(#37137): Revert "fix(a11y): track inert elements as hidden (#36947)"
• f992162 chore: mark v1.55.0 (#37121)
• 4a92ea0 cherry-pick(#37113): docs: add release-notes for v1.55
• aa05507 cherry-pick(#37114): test: move browser._launchServer in child process
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by playwright-bot, a new releaser for playwright since your current version.

Updates @babel/helpers from 7.13.10 to 7.28.6

Release notes

Sourced from @​babel/helpers's releases.

v7.28.6 (2026-01-12)

Thanks @​kadhirash and @​kolvian for your first PRs!

🐛 Bug Fix

• babel-cli, babel-code-frame, babel-core, babel-helper-check-duplicate-nodes, babel-helper-fixtures, babel-helper-plugin-utils, babel-node, babel-plugin-transform-flow-comments, babel-plugin-transform-modules-commonjs, babel-plugin-transform-property-mutators, babel-preset-env, babel-traverse, babel-types
  • #17589 Improve Unicode handling in code-frame tokenizer (@​JLHwung)
• babel-plugin-transform-regenerator
  • #17556 fix: transform-regenerator correctly handles scope (@​liuxingbaoyu)
• babel-plugin-transform-react-jsx
  • #17538 fix: Keep jsx comments (@​liuxingbaoyu)

💅 Polish

• babel-core, babel-standalone
  • #17606 Polish(standalone): improve message on invalid preset/plugin (@​JLHwung)

🏠 Internal

• babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-proposal-decorators, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, babel-plugin-syntax-optional-chaining-assign, babel-plugin-syntax-partial-application, babel-plugin-syntax-pipeline-operator, babel-plugin-syntax-throw-expressions, babel-plugin-syntax-typescript, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-dotall-regex, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plu...

  Description has been truncated