CVE-2026-49356 @babel/core: Arbitrary File Read via sourceMappingURL Comment by dependabot[bot] · Pull Request #1049 · OpenIdentityPlatform/OpenAM

dependabot · 2026-06-15T18:06:44Z

Bumps @babel/core from 7.28.4 to 7.29.6.

Release notes

v7.29.6 (2026-05-25)

🐛 Bug Fix

babel-generator

#18014 Catchup source map position in preserveFormat (@nicolo-ribaudo)

babel-core

#18001 [7.x packport]Improve input source map handling (@JLHwung)

babel-core, babel-generator

#17998 Preserve original identifier names from input sourcemaps (#17992) (@Andarist)

Committers: 3

Huáng Jùnliàng (@JLHwung)

Mateusz Burzyński (@Andarist)

Nicolò Ribaudo (@nicolo-ribaudo)

v7.29.5 (2026-05-05)

🏠 Internal

babel-preset-env

Update @babel/* dependencies

v7.29.4 (2026-05-05)

🐛 Bug Fix

babel-plugin-transform-modules-systemjs

#17974 [7.x backport]fix(systemjs): improve module string name support (@JLHwung)

Committers: 1

Huáng Jùnliàng (@JLHwung)

v7.29.3 (2026-04-30)

👓 Spec Compliance

babel-parser

#17923 Support flow extends bound (@JLHwung)

🐛 Bug Fix

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

#17931 fix(decorators): replace super within all removed static elements (@JLHwung)

babel-register

#17915 Fix thread synchronization issues in @babel/register (@liuxingbaoyu)

babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env

#17788 Add bugfix plugin for Safari array rest destructuring bug (@JLHwung)

💅 Polish

babel-parser

#17782 Improve trailing comma comment handling (@JLHwung)

📝 Documentation

#17847 Replace npmjs.com links with npmx.dev (@nicolo-ribaudo)

... (truncated)

Commits

04ea6b2 v7.29.6
99f498a [7.x packport]Improve input source map handling (#18001)
feba0a3 Preserve original identifier names from input sourcemaps (#17992) (#17998)
aa8394e v7.29.0
ad0d03f [7.x backport] feat: Allow specifying startLine in code frame (#17739)
d7f4008 v7.28.6
e130225 Polish(standalone): improve message on invalid preset/plugin (#17606)
99dcba5 chore: enable some ts-eslint rules (#17592)
c92c491 Improve Unicode handling in code-frame tokenizer (#17589)
d725e39 Add BABEL_7_TO_8_DANGEROUSLY_DISABLE_VERSION_CHECK (#17569)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @babel/core since your current version.

vharseko · 2026-06-16T18:36:29Z

@dependabot rebase

Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.28.4 to 7.29.6. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.6/packages/babel-core) --- updated-dependencies: - dependency-name: "@babel/core" dependency-version: 7.29.6 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 15, 2026

vharseko changed the title ~~Bump @babel/core from 7.28.4 to 7.29.6 in /openam-ui/openam-ui-ria~~ CVE-2026-49356 @babel/core: Arbitrary File Read via sourceMappingURL Comment Jun 15, 2026

vharseko force-pushed the master branch from 44195d2 to 7d6fc23 Compare June 16, 2026 17:01

dependabot Bot changed the title ~~CVE-2026-49356 @babel/core: Arbitrary File Read via sourceMappingURL Comment~~ Bump @babel/core from 7.28.4 to 7.29.6 in /openam-ui/openam-ui-ria Jun 16, 2026

dependabot Bot force-pushed the dependabot/npm_and_yarn/openam-ui/openam-ui-ria/babel/core-7.29.6 branch from b0b19a8 to 64627f9 Compare June 16, 2026 18:37

vharseko changed the title ~~Bump @babel/core from 7.28.4 to 7.29.6 in /openam-ui/openam-ui-ria~~ CVE-2026-49356 @babel/core: Arbitrary File Read via sourceMappingURL Comment Jun 16, 2026

dependabot Bot changed the title ~~CVE-2026-49356 @babel/core: Arbitrary File Read via sourceMappingURL Comment~~ Bump @babel/core from 7.28.4 to 7.29.6 in /openam-ui/openam-ui-ria Jun 16, 2026

dependabot Bot force-pushed the dependabot/npm_and_yarn/openam-ui/openam-ui-ria/babel/core-7.29.6 branch from 64627f9 to 4d86acc Compare June 16, 2026 19:05

vharseko changed the title ~~Bump @babel/core from 7.28.4 to 7.29.6 in /openam-ui/openam-ui-ria~~ CVE-2026-49356 @babel/core: Arbitrary File Read via sourceMappingURL Comment Jun 16, 2026

vharseko merged commit 67a263a into master Jun 17, 2026
16 checks passed

dependabot Bot deleted the dependabot/npm_and_yarn/openam-ui/openam-ui-ria/babel/core-7.29.6 branch June 17, 2026 05:18

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2026-49356 @babel/core: Arbitrary File Read via sourceMappingURL Comment #1049

CVE-2026-49356 @babel/core: Arbitrary File Read via sourceMappingURL Comment #1049
vharseko merged 1 commit into
masterfrom
dependabot/npm_and_yarn/openam-ui/openam-ui-ria/babel/core-7.29.6

dependabot Bot commented on behalf of github Jun 15, 2026 •

edited

Loading

Uh oh!

vharseko commented Jun 16, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dependabot Bot commented on behalf of github Jun 15, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v7.29.6 (2026-05-25)

🐛 Bug Fix

Committers: 3

v7.29.5 (2026-05-05)

🏠 Internal

v7.29.4 (2026-05-05)

🐛 Bug Fix

Committers: 1

v7.29.3 (2026-04-30)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

📝 Documentation

Uh oh!

vharseko commented Jun 16, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github Jun 15, 2026 •

edited

Loading