Update babel monorepo to v8

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@babel/eslint-parser (source)	^7.22.15 → ^8.0.0

---

Release Notes

babel/babel (@​babel/eslint-parser)

v8.0.1

Compare Source

💥 Breaking Change

• babel-core, babel-plugin-transform-object-rest-spread, babel-plugin-transform-runtime, babel-preset-env, babel-standalone
  • #​18079 Actually remove preset-env's useBuiltIns (@​nicolo-ribaudo)

v8.0.0

Compare Source

👓 Spec Compliance

• babel-core
  • #​18039 perf: Only extract source map comments at the end of the file (@​liuxingbaoyu)

💥 Breaking Change

• babel-cli, babel-node, babel-plugin-proposal-decorators, babel-plugin-transform-classes, babel-plugin-transform-function-name, babel-plugin-transform-modules-commonjs, babel-plugin-transform-object-rest-spread, babel-plugin-transform-parameters, babel-plugin-transform-react-constant-elements, babel-plugin-transform-regenerator, babel-preset-env, babel-register
  • #​18069 Fallback to assuming ESM support with modules: auto (@​nicolo-ribaudo)
• babel-plugin-transform-runtime, babel-runtime-corejs3, babel-runtime
  • #​18036 Remove corejs exports for @babe/runtime-corejs3 (@​liuxingbaoyu)
• babel-parser
  • #​18034 Remove locations: "packed" (@​liuxingbaoyu)

🐛 Bug Fix

• babel-generator
  • #​18046 fix(generator): improve new callee parens check (@​JLHwung)
• babel-plugin-transform-modules-systemjs
  • #​18032 fix(systemjs): support proto as an export name (@​JLHwung)

📝 Documentation

• #​18070 Add EOL date for Babel 7 (end of June 2027) to SECURITY.md (@​nicolo-ribaudo)

🏠 Internal

• #​18018 ci: enforce yarn integrity (@​JLHwung)

🏃‍♀️ Performance

• babel-core
  • #​18039 perf: Only extract source map comments at the end of the file (@​liuxingbaoyu)

v7.29.7

Compare Source

v7.29.7 (2026-05-25)

Re-release all packages with npm provenance attestations

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​babel/​eslint-parser@​7.28.6 ⏵ 8.0.1	+1

View full report

[github-actions]

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
⚠️ ACTION	actionlint	4		3	0	0.14s
❌ ACTION	zizmor	4		1	0	0.3s
❌ COPYPASTE	jscpd	yes		4	no	1.88s
✅ JSON	jsonlint	7		0	0	0.13s
✅ JSON	npm-package-json-lint	yes		no	no	0.75s
⚠️ JSON	prettier	7		1	0	0.75s
✅ JSON	v8r	7		0	0	14.17s
⚠️ MARKDOWN	markdownlint	6		17	0	0.92s
⚠️ MARKDOWN	markdown-table-formatter	6		1	0	0.35s
✅ REPOSITORY	checkov	yes		no	no	20.97s
✅ REPOSITORY	gitleaks	yes		no	no	0.94s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
✅ REPOSITORY	grype	yes		no	no	55.4s
❌ REPOSITORY	osv-scanner	yes		8	no	1.13s
✅ REPOSITORY	secretlint	yes		no	no	1.09s
✅ REPOSITORY	syft	yes		no	no	2.17s
❌ REPOSITORY	trivy	yes		1	no	12.18s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.5s
✅ REPOSITORY	trufflehog	yes		no	no	5.0s
✅ SPELL	cspell	29		0	0	3.43s
⚠️ SPELL	lychee	23		3	0	0.49s
⚠️ TYPESCRIPT	prettier	1		1	0	0.56s
⚠️ TYPESCRIPT	ts-standard	1		1	0	0.76s
⚠️ YAML	prettier	8		1	3	0.44s
✅ YAML	v8r	8		0	0	7.98s
✅ YAML	yamllint	8		0	0	0.54s

Detailed Issues

❌ COPYPASTE / jscpd - 4 errors

Clone found (javascript):
 - test/java-caller.test.js [104:42 - 113:69] (9 lines, 80 tokens)
   test/java-caller.test.js [21:40 - 30:53]

Clone found (javascript):
 - test/java-caller.test.js [116:40 - 125:79] (9 lines, 80 tokens)
   test/java-caller.test.js [21:40 - 30:53]

Clone found (javascript):
 - test/java-caller.test.js [143:118 - 151:68] (8 lines, 74 tokens)
   test/java-caller.test.js [130:103 - 138:83]

Clone found (javascript):
 - test/java-caller.test.js [153:60 - 162:84] (9 lines, 80 tokens)
   test/java-caller.test.js [21:40 - 30:53]

┌────────────┬────────────────┬─────────────┬──────────────┬──────────────┬──────────────────┬───────────────────┐
│ Format     │ Files analyzed │ Total lines │ Total tokens │ Clones found │ Duplicated lines │ Duplicated tokens │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ java       │ 1              │ 36          │ 350          │ 0            │ 0 (0%)           │ 0 (0%)            │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ javascript │ 11             │ 1088        │ 9981         │ 4            │ 35 (3.22%)       │ 314 (3.15%)       │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ typescript │ 1              │ 222         │ 671          │ 0            │ 0 (0%)           │ 0 (0%)            │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ markdown   │ 1              │ 27          │ 173          │ 0            │ 0 (0%)           │ 0 (0%)            │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ Total:     │ 14             │ 1373        │ 11175        │ 4            │ 35 (2.55%)       │ 314 (2.81%)       │
└────────────┴────────────────┴─────────────┴──────────────┴──────────────┴──────────────────┴───────────────────┘
Found 4 clones.
HTML report saved to megalinter-reports/copy-paste/html/
ERROR: jscpd found too many duplicates (2.55%) over threshold (0%)
Error: ERROR: jscpd found too many duplicates (2.55%) over threshold (0%)
    at ThresholdReporter.report (/node-deps/node_modules/@jscpd/finder/dist/index.js:615:13)
    at /node-deps/node_modules/@jscpd/finder/dist/index.js:109:18
    at Array.forEach (<anonymous>)
    at /node-deps/node_modules/@jscpd/finder/dist/index.js:108:22
    at async /node-deps/node_modules/jscpd/dist/bin/jscpd.js:9:5

❌ REPOSITORY / osv-scanner - 8 errors

Scanning dir .
Starting filesystem walk for root: /
Scanned package-lock.json file and found 295 packages
End status: 47 dirs visited, 135 inodes visited, 1 Extract calls, 14.374079ms elapsed, 14.37429ms wall time

Total 7 packages affected by 8 known vulnerabilities (0 Critical, 2 High, 5 Medium, 1 Low, 0 Unknown) from 1 ecosystem.
8 vulnerabilities can be fixed.

+-------------------------------------+------+-----------+----------------------------+---------+---------------+-------------------+
| OSV URL                             | CVSS | ECOSYSTEM | PACKAGE                    | VERSION | FIXED VERSION | SOURCE            |
+-------------------------------------+------+-----------+----------------------------+---------+---------------+-------------------+
| https://osv.dev/GHSA-jxxr-4gwj-5jf2 | 6.5  | npm       | brace-expansion (dev)      | 5.0.5   | 5.0.6         | package-lock.json |
| https://osv.dev/GHSA-73rr-hh4g-fpgx | 2.7  | npm       | diff (dev)                 | 7.0.0   | 8.0.3         | package-lock.json |
| https://osv.dev/GHSA-h67p-54hq-rp68 | 5.3  | npm       | js-yaml (dev)              | 3.14.2  | 4.2.0         | package-lock.json |
| https://osv.dev/GHSA-h67p-54hq-rp68 | 5.3  | npm       | js-yaml (dev)              | 4.1.1   | 4.2.0         | package-lock.json |
| https://osv.dev/GHSA-5c6j-r48x-rmvq | 8.1  | npm       | serialize-javascript (dev) | 6.0.2   | 7.0.3         | package-lock.json |
| https://osv.dev/GHSA-qj8w-gfj5-8c6v | 5.9  | npm       | serialize-javascript (dev) | 6.0.2   | 7.0.5         | package-lock.json |
| https://osv.dev/GHSA-vmf3-w455-68vh | 6.9  | npm       | tar                        | 7.5.13  | 7.5.16        | package-lock.json |
| https://osv.dev/GHSA-w5hq-g745-h8pq | 7.5  | npm       | uuid (dev)                 | 8.3.2   | 11.1.1        | package-lock.json |
+-------------------------------------+------+-----------+----------------------------+---------+---------------+-------------------+

❌ REPOSITORY / trivy - 1 error

cessfully downloaded	repo="mirror.gcr.io/aquasec/trivy-db:2"
2026-06-17T11:09:33Z	INFO	[vuln] Vulnerability scanning is enabled
2026-06-17T11:09:33Z	INFO	[misconfig] Misconfiguration scanning is enabled
2026-06-17T11:09:33Z	INFO	[checks-client] Need to update the checks bundle
2026-06-17T11:09:33Z	INFO	[checks-client] Downloading the checks bundle...
234.65 KiB / 234.65 KiB [--------------------------------------------------------->] 100.00% ? p/s ?234.65 KiB / 234.65 KiB [-----------------------------------------------] 100.00% 2.61 MiB p/s 300ms2026-06-17T11:09:38Z	INFO	[npm] To collect the license information of packages, "npm install" needs to be performed beforehand	dir="node_modules"
2026-06-17T11:09:38Z	INFO	Suppressing dependencies for development and testing. To display them, try the '--include-dev-deps' flag.
2026-06-17T11:09:38Z	INFO	Number of language-specific files	num=1
2026-06-17T11:09:38Z	INFO	[npm] Detecting vulnerabilities...
2026-06-17T11:09:38Z	INFO	Detected config files	num=0

Report Summary

┌───────────────────┬──────┬─────────────────┬───────────────────┐
│      Target       │ Type │ Vulnerabilities │ Misconfigurations │
├───────────────────┼──────┼─────────────────┼───────────────────┤
│ package-lock.json │ npm  │        1        │         -         │
└───────────────────┴──────┴─────────────────┴───────────────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/docs/v0.70/guide/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


package-lock.json (npm)
=======================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                         Title                          │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────┤
│ tar     │ CVE-2026-53655 │ MEDIUM   │ fixed  │ 7.5.13            │ 7.5.16        │ node-tar applies PAX size override to intermediary GNU │
│         │                │          │        │                   │               │ long-name/long-link headers, causing tar...            │
│         │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2026-53655             │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────┘

📣 Notices:
  - Version 0.71.1 of Trivy is now available, current version is 0.70.0

To suppress version checks, run Trivy scans with the --skip-version-check flag

(Truncated to last 3333 characters out of 6499)

❌ ACTION / zizmor - 1 error

INFO zizmor: 🌈 zizmor v1.25.0
fatal: no audit was performed
'ref-confusion' audit failed on file://.github/workflows/deploy.yml

Caused by:
    0: error in 'ref-confusion' audit
    1: couldn't list branches for actions/checkout
    2: request error while accessing GitHub API
    3: HTTP status client error (401 Unauthorized) for url (https://github.com/actions/checkout.git/git-upload-pack)


[ZizmorLinter] Zizmor failed to reach the GitHub API.
To allow zizmor to use GITHUB_TOKEN, add the following to your .mega-linter.yml:
ACTION_ZIZMOR_UNSECURED_ENV_VARIABLES:
  - GITHUB_TOKEN

⚠️ ACTION / actionlint - 3 errors

.github/workflows/github-dependents-info.yml:54:9: shellcheck reported issue in this script: SC2086:info:1:15: Double quote to prevent globbing and word splitting [shellcheck]
   |
54 |         run: sudo chown -R $USER:$USER .
   |         ^~~~
.github/workflows/github-dependents-info.yml:54:9: shellcheck reported issue in this script: SC2086:info:1:21: Double quote to prevent globbing and word splitting [shellcheck]
   |
54 |         run: sudo chown -R $USER:$USER .
   |         ^~~~
.github/workflows/test.yml:78:11: input "file" is not defined in action "codecov/codecov-action@v6". available inputs are "base_sha", "binary", "codecov_yml_path", "commit_parent", "directory", "disable_file_fixes", "disable_safe_directory", "disable_search", "disable_telem", "dry_run", "env_vars", "exclude", "fail_ci_if_error", "files", "flags", "force", "gcov_args", "gcov_executable", "gcov_ignore", "gcov_include", "git_service", "handle_no_reports_found", "job_code", "name", "network_filter", "network_prefix", "os", "override_branch", "override_build", "override_build_url", "override_commit", "override_pr", "plugins", "recurse_submodules", "report_code", "report_type", "root_dir", "run_command", "skip_validation", "slug", "swift_project", "token", "url", "use_legacy_upload_endpoint", "use_oidc", "use_pypi", "verbose", "version", "working-directory" [action]
   |
78 |           file: coverage.lcov
   |           ^~~~~

⚠️ SPELL / lychee - 3 errors

📝 Summary
---------------------
🔍 Total...........73
🔗 Unique..........61
✅ Successful......23
⏳ Timeouts.........0
🔀 Redirected.......8
👻 Excluded........47
❓ Unknown..........0
🚫 Errors...........3
⛔ Unsupported......3

Errors in README.md
[403] https://npmjs.org/package/java-caller (at 5:1) | Rejected status code: 403 Forbidden | Followed 1 redirect. Redirects: https://npmjs.org/package/java-caller --[301]--> https://www.npmjs.com/package/java-caller
[403] https://npmjs.org/package/java-caller (at 6:1) | Rejected status code: 403 Forbidden | Followed 1 redirect. Redirects: https://npmjs.org/package/java-caller --[301]--> https://www.npmjs.com/package/java-caller
[403] https://www.npmjs.com/package/java-caller (at 4:1) | Rejected status code: 403 Forbidden

Hint: Followed 8 redirects. You might want to consider replacing redirecting URLs with the resolved URLs. Use verbose mode (`-v`/`-vv`) to see redirection details.
Hint: You can configure accepted/rejected response codes with `-a` or `--accept`

⚠️ MARKDOWN / markdown-table-formatter - 1 error

1 files contain markdown tables to format:
- README.md

⚠️ MARKDOWN / markdownlint - 17 errors

CODE_OF_CONDUCT.md:58:44 error MD034/no-bare-urls Bare URL used [Context: "nicolas.vuillamy@gmail.com"]
CODE_OF_CONDUCT.md:71:14 error MD034/no-bare-urls Bare URL used [Context: "https://www.contributor-covena..."]
CODE_OF_CONDUCT.md:76:1 error MD034/no-bare-urls Bare URL used [Context: "https://www.contributor-covena..."]
README.md:67:13 error MD060/table-column-style Table column style [Table pipe is missing space to the left for style "compact"]
README.md:67:27 error MD060/table-column-style Table column style [Table pipe is missing space to the left for style "compact"]
README.md:67:37 error MD060/table-column-style Table column style [Table pipe is missing space to the left for style "compact"]
README.md:67:47 error MD060/table-column-style Table column style [Table pipe is missing space to the left for style "compact"]
README.md:67:1 error MD060/table-column-style Table column style [Table pipe is missing space to the right for style "compact"]
README.md:67:13 error MD060/table-column-style Table column style [Table pipe is missing space to the right for style "compact"]
README.md:67:27 error MD060/table-column-style Table column style [Table pipe is missing space to the right for style "compact"]
README.md:67:37 error MD060/table-column-style Table column style [Table pipe is missing space to the right for style "compact"]
README.md:68:361 error MD055/table-pipe-style Table pipe style [Expected: leading_and_trailing; Actual: leading_only; Missing trailing pipe]
README.md:70:123 error MD060/table-column-style Table column style [Table pipe has extra space to the left for style "compact"]
README.md:74:315 error MD055/table-pipe-style Table pipe style [Expected: leading_and_trailing; Actual: leading_only; Missing trailing pipe]
README.md:75:310 error MD055/table-pipe-style Table pipe style [Expected: leading_and_trailing; Actual: leading_only; Missing trailing pipe]
README.md:76:208 error MD055/table-pipe-style Table pipe style [Expected: leading_and_trailing; Actual: leading_only; Missing trailing pipe]
README.md:77:233 error MD055/table-pipe-style Table pipe style [Expected: leading_and_trailing; Actual: leading_only; Missing trailing pipe]

⚠️ JSON / prettier - 1 error

Checking formatting...
[warn] .cspell.json
[warn] .vscode/launch.json
[warn] examples/cli_app/lib/java-caller-config.json
[warn] examples/cli_app/package.json
[warn] examples/module_app/package.json
[warn] renovate.json
[warn] Code style issues found in 6 files. Run Prettier with --write to fix.

⚠️ TYPESCRIPT / prettier - 1 error

Checking formatting...
[warn] lib/index.d.ts
[warn] Code style issues found in the above file. Run Prettier with --write to fix.

⚠️ YAML / prettier - 1 error

Checking formatting...
[warn] .github/workflows/deploy.yml
[warn] .github/workflows/test.yml
[warn] Code style issues found in 2 files. Run Prettier with --write to fix.

⚠️ TYPESCRIPT / ts-standard - 1 error

Unable to locate the project file. A project file (tsconfig.json or tsconfig.eslint.json) is required in order to use ts-standard.

Notices

⚠️ ESLint v10 flat-config migration required - the following linters are disabled until you migrate: JAVASCRIPT_ES, JSON_ESLINT_PLUGIN_JSONC, JSX_ESLINT, TSX_ESLINT, TYPESCRIPT_ES. Only legacy .eslintrc.js was detected; ESLint v10 dropped support for the .eslintrc.* format. Please migrate to eslint.config.mjs. See the ESLint migration guide.

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.5.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,ACTION_ZIZMOR,COPYPASTE_JSCPD,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,JSON_NPM_PACKAGE_JSON_LINT,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_OSV_SCANNER,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_CSPELL,SPELL_LYCHEE,TYPESCRIPT_STANDARD,TYPESCRIPT_PRETTIER,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

Show us your support by starring ⭐ the repository

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 89.64%. Comparing base (b38d1ad) to head (1c33378).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #164   +/-   ##
=======================================
  Coverage   89.64%   89.64%           
=======================================
  Files           3        3           
  Lines         251      251           
=======================================
  Hits          225      225           
  Misses         26       26           

Flag	Coverage Δ
unittests	89.64% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.