refactor: Upgrade @babel/runtime-corejs3 from 7.28.0 to 7.28.2

[parseplatformorg]

Snyk has created this PR to upgrade @babel/runtime-corejs3 from 7.28.0 to 7.28.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 1 version ahead of your current version.

• The recommended version was released a month ago.

Release notes

Package name: @babel/runtime-corejs3

• 7.28.2 - 2025-07-24
  

  v7.28.2 (2025-07-24)

  Thanks @ souhailaS for your first PR!

  🐛 Bug Fix

  • babel-types
    • #17445 [babel 7] Make operator param in t.tsTypeOperator optional (@ nicolo-ribaudo)
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
    • #17441 fix: regeneratorDefine compatibility with es5 strict mode (@ liuxingbaoyu)

  Committers: 4

  • Babel Bot (@ babel-bot)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
  • SOUHAILA SERBOUT (@ souhailaS)
  • @ liuxingbaoyu
• 7.28.0 - 2025-07-02
  

  v7.28.0 (2025-07-02)

  🚀 New Feature

  • babel-node
    • #17147 Support top level await in node repl (@ liuxingbaoyu)
  • babel-types
    • #17258 feat(matchesPattern): support super/private/meta (@ JLHwung)
  • babel-compat-data, babel-preset-env
    • #17355 Add explicit resource management to preset-env (@ JLHwung)
  • babel-core, babel-parser
    • #17390 Support sourceType: "commonjs" (@ JLHwung)
  • babel-generator, babel-parser
    • #17346 Materialize explicitResourceManagement parser plugin (@ JLHwung)
  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-transform-object-rest-spread, babel-traverse, babel-types
    • #17391 LVal coverage updates (Part 2) (@ JLHwung)
  • babel-parser, babel-traverse, babel-types
    • #17378 Accept bigints in t.bigIntLiteral factory (@ JLHwung)
  • babel-generator, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-react-display-name, babel-types
    • #17277 Transform discard binding (@ JLHwung)
  • babel-generator, babel-parser, babel-plugin-proposal-destructuring-private, babel-plugin-transform-block-scoping, babel-plugin-transform-object-rest-spread, babel-plugin-transform-typescript, babel-traverse, babel-types
    • #17163 Parse discard binding (@ JLHwung)

  🐛 Bug Fix

  • babel-helper-globals, babel-plugin-transform-classes, babel-traverse
    • #17297 Create babel-helper-globals (@ JLHwung)
  • babel-types
    • #17009 feature: TSTypeOperator: keyof (#16799) (@ coderaiser)

  🏠 Internal

  • babel-compat-data, babel-plugin-proposal-decorators, babel-plugin-transform-async-generator-functions, babel-plugin-transform-json-modules, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3
    • #17403 Update babel-polyfill packages (@ nicolo-ribaudo)

  Committers: 5

  • Babel Bot (@ babel-bot)
  • Huáng Jùnliàng (@ JLHwung)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
  • @ liuxingbaoyu
  • coderaiser (@ coderaiser)

from @babel/runtime-corejs3 GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Summary by CodeRabbit

• Chores
  • Updated an underlying runtime dependency to a newer patch release to enhance stability and maintain compatibility with modern tooling.
  • No user-facing changes; existing features and workflows remain unchanged.
  • No action required from users or administrators.
  • Minor internal reliability improvements only; performance and build output remain unaffected.
  • Routine maintenance to keep the platform current and dependable.

[parse-github-assistant]

I will reformat the title to use the proper commit message syntax.

[parse-github-assistant]

🚀 Thanks for opening this pull request!

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

📝 Walkthrough

Walkthrough

Bumped the dependency version of @babel/runtime-corejs3 in package.json from 7.28.0 to 7.28.2. No other files or declarations were modified.

Changes

Cohort / File(s)	Summary
Dependency Update package.json	Updated dependency @babel/runtime-corejs3 from 7.28.0 to 7.28.2.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[parseplatformorg]

🎉 Snyk checks have passed. No issues have been found so far.

✅ security/snyk check is complete. No issues have been found. (View Details)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (6941012) to head (19950e0).

Additional details and impacted files

@@            Coverage Diff            @@
##             alpha     #2714   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           63        63           
  Lines         6185      6185           
  Branches      1472      1472           
=========================================
  Hits          6185      6185           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

package.json (1)

34-44: Optional: Align Babel plugin patch version for consistency

You can bump @babel/plugin-transform-runtime from 7.28.0 → 7.28.2 to keep Babel runtime/plugin on the same patch line. Not required, but it reduces version skew when debugging build artifacts.

   "devDependencies": {
     "@babel/core": "7.28.0",
     "@babel/plugin-proposal-class-properties": "7.18.6",
-    "@babel/plugin-transform-runtime": "7.28.0",
+    "@babel/plugin-transform-runtime": "7.28.2",

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between eab04fe and 70f141c.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: build (Node 22, 22.4.1)
• GitHub Check: build (Node 18, 18.20.4)
• GitHub Check: build (Node 20, 20.15.1)

🔇 Additional comments (1)

package.json (1)

34-34: LGTM: Safe patch bump to @babel/runtime-corejs3 7.28.2

Patch update looks low-risk and should bring minor bug fixes (incl. stricter regenerator compatibility). No breaking config changes expected for consumers.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Verify lockfile deduplication and CI cache invalidation

Ensure the lockfile(s) and caches reflect 7.28.2 only (no mixed 7.28.0/7.28.2 installs). This avoids duplicate helper/polyfill code paths in bundles.

Run from repo root:

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Searching lockfiles for @babel/runtime-corejs3 versions..."
found_any=false
for f in package-lock.json pnpm-lock.yaml yarn.lock; do
  if [[ -f "$f" ]]; then
    found_any=true
    echo "==> $f"
    rg -n "(@babel/runtime-corejs3|core-js-pure)" "$f" -C1 || true
  fi
done

if ! $found_any; then
  echo "No lockfile found. If CI generates one, ensure it resolves to 7.28.2."
fi

echo
echo "Checking for mixed versions in node_modules (if installed)..."
if [[ -d node_modules ]]; then
  fd -a '@babel/runtime-corejs3' node_modules | xargs -I{} node -e "try{console.log(require('./{}'/package.json).version, '->', './{}')}catch(e){}" || true
else
  echo "node_modules not present; skip."
fi

echo
echo "Tip: clear CI caches for node_modules and lockfile-based caches after merging."

Length of output: 4861

---

Action Required: Deduplicate @babel/runtime-corejs3 to 7.28.2 Across Lockfiles

We’ve detected mixed versions of @babel/runtime-corejs3 in package-lock.json, which will pull in multiple helper/polyfill code paths:

• node_modules/@parse/push-adapter/node_modules/@babel/runtime-corejs3 at 7.26.9
• node_modules/parse/node_modules/@babel/runtime-corejs3 at 7.27.0
• Top-level dependency at 7.28.2

To resolve this and ensure only 7.28.2 is installed:

• Add an override (npm v8+) or resolutions (Yarn) in your package.json:

  "dependencies": {
    "@babel/runtime-corejs3": "7.28.2",
    …
  },
+ "overrides": {
+   "@babel/runtime-corejs3": "7.28.2"
+ },

• Reinstall and regenerate your lockfile:

npm install
git add package-lock.json
git commit -m "chore: enforce @babel/[email protected] via override"

• In your CI, clear caches for node_modules and any lockfile-derived caches so builds pick up the deduplicated version.

After merging, re-run the verification script to confirm no 7.26.x or 7.27.x entries remain.

🤖 Prompt for AI Agents

package.json around line 34: there are mixed versions of @babel/runtime-corejs3
in lockfiles (7.26.9, 7.27.0, and top-level 7.28.2); add an npm override (or
Yarn resolution) in package.json to force @babel/[email protected] at
install, then run npm install to regenerate package-lock.json, commit the
updated lockfile with a clear message, and clear CI node_modules/cache so
subsequent builds pick up the deduplicated version; finally re-run the
verification script to ensure no 7.26.x or 7.27.x entries remain.