Bump the npm_and_yarn group across 2 directories with 9 updates

[dependabot]

Bumps the npm_and_yarn group with 9 updates in the /ui-app directory:

Package	From	To
@babel/helpers	7.21.0	7.28.4
js-yaml	3.14.1	3.14.2
brace-expansion	1.1.11	1.1.12
brace-expansion	2.0.1	2.0.2
form-data	3.0.1	3.0.4
http-proxy-middleware	2.0.7	2.0.9
node-forge	1.3.1	1.3.3
on-headers	1.0.2	1.1.0
qs	6.13.0	6.14.1
ws	8.13.0	8.18.3
ws	7.5.9	7.5.10

Bumps the npm_and_yarn group with 8 updates in the /my-app directory:

Package	From	To
@babel/helpers	7.21.0	7.28.4
js-yaml	3.14.1	3.14.2
brace-expansion	1.1.11	1.1.12
brace-expansion	2.0.1	2.0.2
http-proxy-middleware	2.0.7	2.0.9
node-forge	1.3.1	1.3.3
on-headers	1.0.2	1.1.0
qs	6.13.0	6.14.1
ws	8.13.0	8.18.3
ws	7.5.9	7.5.10

Updates @babel/helpers from 7.21.0 to 7.28.4

Release notes

Sourced from @​babel/helpers's releases.

v7.28.4 (2025-09-05)

Thanks @​gwillen and @​mrginglymus for your first PRs!

🏠 Internal

• babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types
  • #17493 Update Jest to v30.1.1 (@​JLHwung)
• babel-plugin-transform-regenerator
  • #17455 chore: Clean up transform-regenerator (@​liuxingbaoyu)
• babel-core
  • #17474 Switch to @​jridgewell/remapping (@​mrginglymus)

Committers: 5

• Babel Bot (@​babel-bot)
• Bill Collins (@​mrginglymus)
• Glenn Willen (@​gwillen)
• Huáng Jùnliàng (@​JLHwung)
• @​liuxingbaoyu

v7.28.3 (2025-08-14)

👓 Spec Compliance

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env
  • #17443 [static blocks] Do not inject new static fields after static code (@​nicolo-ribaudo)

🐛 Bug Fix

• babel-parser
  • #17465 fix(parser/typescript): parse import("./a", {with:{},}) (@​easrng)
  • #17478 fix(parser): stop subscript parsing on async arrow (@​JLHwung)

💅 Polish

• babel-plugin-transform-regenerator, babel-plugin-transform-runtime
  • #17363 Do not save last yield in call in temp var (@​nicolo-ribaudo)

📝 Documentation

• #17448 move eslint-{parser,plugin} docs to the website (@​JLHwung)

🏠 Internal

• #17454 Enable type checking for scripts and babel-worker.cjs (@​JLHwung)

🔬 Output optimization

• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions
  • #17444 Optimize do expression output (@​JLHwung)

Committers: 5

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Jam Balaya (@​JamBalaya56562)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• easrng (@​easrng)

... (truncated)

Changelog

Sourced from @​babel/helpers's changelog.

v7.28.4 (2025-09-05)

🏠 Internal

• babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types
  • #17493 Update Jest to v30.1.1 (@​JLHwung)
• babel-plugin-transform-regenerator
  • #17455 chore: Clean up transform-regenerator (@​liuxingbaoyu)
• babel-core
  • #17474 Switch to @​jridgewell/remapping (@​mrginglymus)

v7.28.3 (2025-08-14)

👓 Spec Compliance

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env
  • #17443 [static blocks] Do not inject new static fields after static code (@​nicolo-ribaudo)

🐛 Bug Fix

• babel-parser
  • #17465 fix(parser/typescript): parse import("./a", {with:{},}) (@​easrng)
  • #17478 fix(parser): stop subscript parsing on async arrow (@​JLHwung)

💅 Polish

• babel-plugin-transform-regenerator, babel-plugin-transform-runtime
  • #17363 Do not save last yield in call in temp var (@​nicolo-ribaudo)

📝 Documentation

• #17448 move eslint-{parser,plugin} docs to the website (@​JLHwung)

🏠 Internal

• #17454 Enable type checking for scripts and babel-worker.cjs (@​JLHwung)

🔬 Output optimization

• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions
  • #17444 Optimize do expression output (@​JLHwung)

v7.28.2 (2025-07-24)

🐛 Bug Fix

• babel-types
  • #17445 [babel 7] Make operator param in t.tsTypeOperator optional (@​nicolo-ribaudo)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • #17441 fix: regeneratorDefine compatibility with es5 strict mode (@​liuxingbaoyu)

v7.28.1 (2025-07-12)

🐛 Bug Fix

• babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator
  • #17426 fix: regenerator correctly handles throw outside of try (@​liuxingbaoyu)

📝 Documentation

• babel-types
  • #17422 Add missing FunctionParameter docs (@​JLHwung)

... (truncated)

Commits

• 35055e3 v7.28.4
• 18d88b8 Improve @​babel/core typings (#17471)
• ef155f5 v7.28.3
• 741cbd2 chore: fix various typos across codebase (#17476)
• cac0ff4 v7.28.2
• f743094 fix: regeneratorDefine compatibility with es5 strict mode (#17441)
• baa4cb8 v7.27.6
• fdbf1b3 fix: finally causes unexpected return value (#17366)
• 7d06930 v7.27.4
• 5b9468d Reduce regenerator size more (#17287)
• Additional commits viewable in compare view

Updates js-yaml from 3.14.1 to 3.14.2

Changelog

Sourced from js-yaml's changelog.

[3.14.2] - 2025-11-15

Security

• Backported v4.1.1 fix to v3

[4.1.1] - 2025-11-12

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

• Types are now exported as yaml.types.XXX.
• Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

• Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021-01-03

Changed

• Check migration guide to see details for all breaking changes.
• Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.
• Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.
• yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.
• yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.
• !!binary now always mapped to Uint8Array on load.
• Reduced nesting of /lib folder.
• Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).
• dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.
• Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.
• Code snippet created in exceptions now contains multiple lines with line numbers.
• dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.
• dump() with skipInvalid=true now serializes invalid items in collections as null.
• Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.
• Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

• Added .mjs (es modules) support.
• Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.
• Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.

... (truncated)

Commits

• 9963d36 3.14.2 released
• 10d3c8e dist rebuild
• 5278870 fix prototype pollution in merge (<<) (#731)
• See full diff in compare view

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

• pkg: publish on tag 1.x c460dbd
• fmt ccb8ac6
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

---

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

• 44f33b4 1.1.12
• c460dbd pkg: publish on tag 1.x
• ccb8ac6 fmt
• c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
• See full diff in compare view

Updates brace-expansion from 2.0.1 to 2.0.2

Release notes

Sourced from brace-expansion's releases.

v1.1.12

• pkg: publish on tag 1.x c460dbd
• fmt ccb8ac6
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

---

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

• 44f33b4 1.1.12
• c460dbd pkg: publish on tag 1.x
• ccb8ac6 fmt
• c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
• See full diff in compare view

Updates form-data from 3.0.1 to 3.0.4

Release notes

Sourced from form-data's releases.

v3.0.2

Fixes

• npmignore temporary build files (#532)
• move util.isArray to Array.isArray (#564)

Tests

• migrate from travis to GHA

Changelog

Sourced from form-data's changelog.

v3.0.4 - 2025-07-16

Fixed

• [Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

• [eslint] update linting config f5e7eb0
• [meta] add auto-changelog d2eb290
• [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 e8c574c
• [Fix] Switch to using crypto random for boundary values c6ced61
• [Refactor] use hasown 1a78b5d
• [Fix] validate boundary type in setBoundary() method 70bbaa0
• [Tests] add tests to check the behavior of getBoundary with non-strings b22a64e
• [meta] actually ensure the readme backup isn’t published 0150851
• [meta] remove local commit hooks fc42bb9
• [Dev Deps] remove unused deps a14d09e
• [meta] fix scripts to use prepublishOnly 11d9f73
• [meta] fix readme capitalization fc38b48

v3.0.3 - 2025-02-14

Merged

• [Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)

Fixed

• [Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)

Commits

• [Refactor] use Object.prototype.hasOwnProperty.call 7fecefe
• [Dev Deps] update @types/node, browserify, coveralls, cross-spawn, eslint, formidable, in-publish, pkgfiles, pre-commit, puppeteer, request, tape, typescript 8261fcb
• Only apps should have lockfiles b82f590
• [Dev Deps] pin request which via tough-cookie ^2.4 depends on psl e5df7f2
• [Deps] update mime-types 5a5bafe

v3.0.2 - 2024-10-10

Merged

• fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

Commits

• [Tests] migrate from travis to GHA 8fdb3bc
• [eslint] clean up ignores 3217b3d
• fix: move util.isArray to Array.isArray (#564) edb555a

Commits

• 9c82fcd v3.0.4
• e8c574c [Tests] handle predict-v8-randomness failures in node < 17 and node > 23
• c6ced61 [Fix] Switch to using crypto random for boundary values
• 0150851 [meta] actually ensure the readme backup isn’t published
• fc38b48 [meta] fix readme capitalization
• d2eb290 [meta] add auto-changelog
• fc42bb9 [meta] remove local commit hooks
• a14d09e [Dev Deps] remove unused deps
• 002b9b0 [Fix] append: avoid a crash on nullish values
• 70bbaa0 [Fix] validate boundary type in setBoundary() method
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for form-data since your current version.

Updates http-proxy-middleware from 2.0.7 to 2.0.9

Release notes

Sourced from http-proxy-middleware's releases.

v2.0.9

What's Changed

• fix(fixRequestBody): check readableLength by @​chimurai in chimurai/http-proxy-middleware#1097
• chore(package): v2.0.9 by @​chimurai in chimurai/http-proxy-middleware#1099

Full Changelog: chimurai/http-proxy-middleware@v2.0.8...v2.0.9

v2.0.8

What's Changed

• fix(fixRequestBody): prevent multiple .write() calls by @​chimurai in chimurai/http-proxy-middleware#1090
• fix(fixRequestBody): handle invalid request by @​chimurai in chimurai/http-proxy-middleware#1091
• chore(package): v2.0.8 by @​chimurai in chimurai/http-proxy-middleware#1094

Full Changelog: chimurai/http-proxy-middleware@v2.0.7...v2.0.8

Changelog

Sourced from http-proxy-middleware's changelog.

v2.0.9

• fix(fixRequestBody): check readableLength

v2.0.8

• fix(fixRequestBody): prevent multiple .write() calls
• fix(fixRequestBody): handle invalid request

Commits

• 617a7c9 chore(package): v2.0.9 (#1099)
• d22d587 fix(fixRequestBody): check readableLength (#1097)
• d03d51b chore(package): v2.0.8 (#1094)
• c50dd06 fix(fixRequestBody): handle invalid request (#1091)
• 76a9d8d fix(fixRequestBody): prevent multiple .write() calls (#1090)
• See full diff in compare view

Updates node-forge from 1.3.1 to 1.3.3

Changelog

Sourced from node-forge's changelog.

1.3.3 - 2025-12-02

Fixed

• [pkcs12] Make digestAlgorithm parameters optional to fix PKCS#12/PFX issues introduced in 1.3.2.

1.3.2 - 2025-11-25

Security

• HIGH: ASN.1 Validator Desynchronization
  • An Interpretation Conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.
  • Reported by Hunter Wodzenski.
  • CVE ID: CVE-2025-12816
  • GHSA ID: GHSA-5gfm-wpxj-wjgq
• HIGH: ASN.1 Unbounded Recursion
  • An Uncontrolled Recursion (CWE-674) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs.
  • Reported by Hunter Wodzenski.
  • CVE ID: CVE-2025-66031
  • GHSA ID: GHSA-554w-wpv2-vw27
• MODERATE: ASN.1 OID Integer Truncation
  • An Integer Overflow (CWE-190) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions.
  • Reported by Hunter Wodzenski.
  • CVE ID: CVE-2025-66030
  • GHSA ID: GHSA-65ch-62r8-g69g

Fixed

• [asn1] Fix for vulnerability identified by CVE-2025-12816 PKCS#12 MAC verification bypass due to missing macData enforcement and improper asn1.validate routine.
• [asn1] Add fromDer() max recursion depth check.
  • Add a asn1.maxDepth global configurable maximum depth of 256.
  • Add a asn1.fromDer() per-call maxDepth option.
  • NOTE: The default maximum is assumed to be higher than needed for valid data. If this assumption is false then this could be a breaking change. Please file an issue if there are use cases that need a higher maximum.
  • NOTE: The per-call maxDepth parameter has not been exposed up through all of the API stack due to the complexities involved. Please file an issue if there are use cases that require this instead of changing the default

... (truncated)

Commits

• 1cea0af Release 1.3.3.
• 5265989 Update changelog.
• e4f3961 Fix changelog for release.
• 503979b Update changelog.
• c3b3b32 Make digestAlgorithm parameters optional
• 6f70043 Update CVE details.
• f547b0d Start 1.3.3-0.
• 235ad3e Release 1.3.2.
• 2598244 Update changelog.
• 0032dd0 Fix typos.
• Additional commits viewable in compare view

Updates on-headers from 1.0.2 to 1.1.0

Release notes

Sourced from on-headers's releases.

1.1.0

Important

• Fix CVE-2025-7339 (GHSA-76c9-3jph-rj3q)

What's Changed

• Migrate CI pipeline to GitHub actions by @​carpasse in jshttp/on-headers#12
• fix README.md badges by @​carpasse in jshttp/on-headers#13
• add OSSF scorecard action by @​carpasse in jshttp/on-headers#14
• fix: use ubuntu-latest as ci runner by @​UlisesGascon in jshttp/on-headers#19
• ci: apply OSSF Scorecard security best practices by @​UlisesGascon in jshttp/on-headers#20
• 👷 add upstream change detection by @​ctcpip in jshttp/on-headers#31
• ✨ add script to update known hashes by @​ctcpip in jshttp/on-headers#32
• 💚 update CI - add newer node versions by @​ctcpip in jshttp/on-headers#33

New Contributors

• @​carpasse made their first contribution in jshttp/on-headers#12
• @​UlisesGascon made their first contribution in jshttp/on-headers#19
• @​ctcpip made their first contribution in jshttp/on-headers#31

Full Changelog: jshttp/on-headers@v1.0.2...v1.1.0

Changelog

Sourced from on-headers's changelog.

1.1.0 / 2025-07-17

• Fix CVE-2025-7339 (GHSA-76c9-3jph-rj3q)

Commits

• 4b017af 1.1.0
• b636f2d ♻️ refactor header array code
• 3e2c2d4 ✨ ignore falsy header keys, matching node behavior
• 172eb41 ✨ support duplicate headers
• c6e3849 🔒️ fix array handling
• 6893518 💚 update CI - add newer node versions
• 56a345d ✨ add script to update known hashes
• 175ab21 👷 add upstream change detection (#31)
• ce0b2c8 ci: apply OSSF Scorecard security best practices (#20)
• 1a38c54 fix: use ubuntu-latest as ci runner (#19)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for on-headers since your current version.

Updates qs from 6.13.0 to 6.14.1

Changelog

Sourced from qs's changelog.

6.14.1

• [Fix] ensure arrayLength applies to [] notation as well
• [Fix] parse: when a custom decoder returns null for a key, ignore that key
• [Refactor] parse: extract key segment splitting helper
• [meta] add threat model
• [actions] add workflow permissions
• [Tests] stringify: increase coverage
• [Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

• [New] parse: add throwOnParameterLimitExceeded option (#517)
• [Refactor] parse: use utils.combine more
• [patch] parse: add explicit throwOnLimitExceeded default
• [actions] use shared action; re-add finishers
• [meta] Fix changelog formatting bug
• [Deps] update side-channel
• [Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols
• [Tests] increase coverage

6.13.1

• [Fix] stringify: avoid a crash when a filter key is null
• [Fix] utils.merge: functions should not be stringified into keys
• [Fix] parse: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset
• [Fix] stringify: ensure a non-string filter does not crash
• [Refactor] use __proto__ syntax instead of Object.create for null objects
• [Refactor] misc cleanup
• [Tests] utils.merge: add some coverage
• [Tests] fix a test case
• [actions] split out node 10-20, and 20+
• [Dev Deps] update es-value-fixtures, mock-property, object-inspect, tape

Commits

• 3fa11a5 v6.14.1
• a626704 [Dev Deps] update npmignore
• 3086902 [Fix] ensure arrayLength applies to [] notation as well
• fc7930e [Dev Deps] update eslint, @ljharb/eslint-config
• 0b06aac [Dev Deps] update @ljharb/eslint-config
• 64951f6 [Refactor] parse: extract key segment splitting helper
• e1bd259 [Dev Deps] update @ljharb/eslint-config
• f4b3d39 [eslint] add eslint 9 optional peer dep
• 6e94d95 [Dev Deps] update eslint, @ljharb/eslint-config, npmignore
• 973dc3c [actions] add workflow permissions
• Additional commits viewable in compare view

Updates ws from 8.13.0 to 8.18.3

Release notes

Sourced from ws's releases.

8.18.3

Bug fixes

• Fixed a spec violation where the Sec-WebSocket-Version header was not added to the HTTP response if the client requested version was either invalid or unacceptable (#2291).

8.18.2

Bug fixes

• Fixed an issue that, during message decompression when the maximum size was exceeded, led to the emission of an inaccurate error and closure of the connection with an improper close code (#2285).

8.18.1

Bug fixes

• The length of the UNIX domain socket paths in the tests has been shortened to make them work when run via CITGM (021f7b8b).

8.18.0

Features

• Added support for Blob (#2229).

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';

</tr></table>

... (truncated)

Commits

• dabbdec [dist] 8.18.3
• 33f5dba [fix] Respond with the supported protocol versions (#2291)
• 22a5a17 [ci] Test on node 24
• e67eb7a [ci] Do not test on node 23
• fa670f2 [ci] Run the lint step on node 22
• 0eb8535 [dist] 8.18.2
• 4f20aed [fix] Handle oversized messages with designated error (#2285)
• aa998e3 [pkg] Update globals to version 16.0.0
• cf25954 [minor] Fix nit in error message
• b92745a [dist] 8.18.1
• Additional commits viewable in compare view

Updates ws from 7.5.9 to 7.5.10

Release notes

Sourced from ws's releases.

8.18.3

Bug fixes

• Fixed a spec violation where the Sec-WebSocket-Version header was not added to the HTTP response if the client requested version was either invalid or unacceptable (#2291).

8.18.2

Bug fixes

• Fixed an issue that, during message decompression when the maximum size was exceeded, led to the emission of an inaccurate error and closure of the connection with an improper close code (#2285).

8.18.1

Bug fixes

• The length of the UNIX domain socket paths in the tests has been shortened to make them work when run via CITGM (021f7b8b).

8.18.0

Features

• Added support for Blob (#2229).

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';

</tr></table>

... (truncated)

Commits

• dabbdec [dist] 8.18.3
• 33f5dba [fix] Respond with the supported protocol versions (#2291)
• 22a5a17 [ci] Test on node 24
• e67eb7a [ci] Do not test on node 23
• fa670f2 [ci] Run the lint step on node 22
• 0eb8535 [dist] 8.18.2
• 4f20aed [fix] Handle oversized messages with designated error (#2285)
• aa998e3 [pkg] Update globals to version 16.0.0
• cf25954 [minor] Fix nit in error message
• b92745a [dist] 8.18.1
• Additional commits viewable in compare view

Updates @babel/helpers from 7.21.0 to 7.28.4

Release notes

Sourced from @​babel/helpers's releases.

v7.28.4 (2025-09-05)

Thanks @​gwillen and @​mrginglymus for your first PRs!

🏠 Internal

• babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types
  • #17493 Update Jest to v30.1.1 (@​JLHwung)
• babel-plugin-transform-regenerator
  • #17455 chore: Clean up transform-regenerator (@​liuxingbaoyu)
• babel-core
  • #17474 Switch to @​jridgewell/remapping (@​mrginglymus)

Committers: 5

• Babel Bot (@​babel-bot)
• Bill Collins (@​mrginglymus)
• Glenn Willen (@​gwillen)
• Huáng Jùnliàng (@​JLHwung)
• @​liuxingbaoyu

v7.28.3 (2025-08-14)

👓 Spec Compliance

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env
  • #17443 [static blocks] Do not inject new static fields after static code (@​nicolo-ribaudo)

🐛 Bug Fix

• babel-parser
  • #17465 fix(parser/typescript): parse import("./a", {with:{},}) (@​easrng)
  • #17478 fix(parser): stop subscript parsing on async arrow (@​JLHwung)

💅 Polish

• babel-plugin-transform-regenerator, babel-plugin-transform-runtime
  • #17363 Do not save last yield in call in temp var (@​nicolo-ribaudo)

📝 Documentation

• #17448 move eslint-{parser,plugin} docs to the website (@​JLHwung)

🏠 Internal

• #17454 Enable type checking for scripts and babel-worker.cjs (@​JLHwung)

🔬 Output optimization

• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions
  • #17444 Optimize do expression output (@​JLHwung)

Committers: 5

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Jam Balaya (@​JamBalaya56562)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• easrng (@​easrng)

... (truncated)

Changelog

Sourced from @​babel/helpers's changelog.

v7.28.4 (2025-09-05)

🏠 Internal

• babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types
  • #17493 Update Jest to v30.1.1 (@​JLHwung)
• babel-plugin-transform-regenerator
  • #17455 chore: Clean up transform-regenerator (@​liuxingbaoyu)
• babel-core
  • #17474 Switch to @​jridgewell/remapping (@​mrginglymus)

v7.28.3 (2025-08-14)

👓 Spec Compliance

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env
  • #17443 [static blocks] Do not inject new static fields after static code (@​nicolo-ribaudo)

🐛 Bug Fix

• babel-parser
  • #17465 fix(parser/typescript): parse import("./a", {with:{},}) (@​easrng)
  • #17478 fix(parser): stop subscript parsing on async arrow (@​JLHwung)

💅 Polish

• babel-plugin-transform-regenerator, babel-plugin-transform-runtime
  • #17363 Do not save last yield in call in temp var (@​nicolo-ribaudo)

📝 Documentation

• #17448 move eslint-{parser,plugin} docs to the website (@​JLHwung)

🏠 Internal

• #17454 Enable type checking for scripts and babel-worker.cjs (@​JLHwung)

🔬 Output optimization

• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions
  • #17444 Optimize do expression output (@​JLHwung)

v7.28.2 (2025-07-24)

🐛 Bug Fix

• babel-types