build(deps-dev): bump @babel/traverse from 7.17.9 to 7.23.2

[dependabot[bot]]

Bumps @babel/traverse from 7.17.9 to 7.23.2.

Release notes

Sourced from @​babel/traverse's releases.

v7.23.2 (2023-10-11)

NOTE: This release also re-publishes @babel/core, even if it does not appear in the linked release commit.

Thanks @​jimmydief for your first PR!

:bug: Bug Fix

• babel-traverse
  • #16033 Only evaluate own String/Number/Math methods (@​nicolo-ribaudo)
• babel-preset-typescript
  • #16022 Rewrite .tsx extension when using rewriteImportExtensions (@​jimmydief)
• babel-helpers
  • #16017 Fix: fallback to typeof when toString is applied to incompatible object (@​JLHwung)
• babel-helpers, babel-plugin-transform-modules-commonjs, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16025 Avoid override mistake in namespace imports (@​nicolo-ribaudo)

Committers: 5

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• James Diefenderfer (@​jimmydief)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu

v7.23.1 (2023-09-25)

Re-publishing @babel/helpers due to a publishing error in 7.23.0.

v7.23.0 (2023-09-25)

Thanks @​lorenzoferre and @​RajShukla1 for your first PRs!

:rocket: New Feature

• babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-import-source, babel-plugin-transform-dynamic-import
  • #15870 Support transforming import source for wasm (@​nicolo-ribaudo)
• babel-helper-module-transforms, babel-helpers, babel-plugin-proposal-import-defer, babel-plugin-syntax-import-defer, babel-plugin-transform-modules-commonjs, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone
  • #15878 Implement import defer proposal transform support (@​nicolo-ribaudo)
• babel-generator, babel-parser, babel-types
  • #15845 Implement import defer parsing support (@​nicolo-ribaudo)
  • #15829 Add parsing support for the "source phase imports" proposal (@​nicolo-ribaudo)
• babel-generator, babel-helper-module-transforms, babel-parser, babel-plugin-transform-dynamic-import, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-traverse, babel-types
  • #15682 Add createImportExpressions parser option (@​JLHwung)
• babel-standalone
  • #15671 Pass through nonce to the transformed script element (@​JLHwung)
• babel-helper-function-name, babel-helper-member-expression-to-functions, babel-helpers, babel-parser, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-optional-chaining-assign, babel-plugin-syntax-optional-chaining-assign, babel-plugin-transform-destructuring, babel-plugin-transform-optional-chaining, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone, babel-types
  • #15751 Add support for optional chain in assignments (@​nicolo-ribaudo)
• babel-helpers, babel-plugin-proposal-decorators
  • #15895 Implement the "decorator metadata" proposal (@​nicolo-ribaudo)
• babel-traverse, babel-types
  • #15893 Add t.buildUndefinedNode (@​liuxingbaoyu)
• babel-preset-typescript

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.23.2 (2023-10-11)

:bug: Bug Fix

• babel-traverse
  • #16033 Only evaluate own String/Number/Math methods (@​nicolo-ribaudo)
• babel-preset-typescript
  • #16022 Rewrite .tsx extension when using rewriteImportExtensions (@​jimmydief)
• babel-helpers
  • #16017 Fix: fallback to typeof when toString is applied to incompatible object (@​JLHwung)
• babel-helpers, babel-plugin-transform-modules-commonjs, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16025 Avoid override mistake in namespace imports (@​nicolo-ribaudo)

v7.23.0 (2023-09-25)

:rocket: New Feature

• babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-import-source, babel-plugin-transform-dynamic-import
  • #15870 Support transforming import source for wasm (@​nicolo-ribaudo)
• babel-helper-module-transforms, babel-helpers, babel-plugin-proposal-import-defer, babel-plugin-syntax-import-defer, babel-plugin-transform-modules-commonjs, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone
  • #15878 Implement import defer proposal transform support (@​nicolo-ribaudo)
• babel-generator, babel-parser, babel-types
  • #15845 Implement import defer parsing support (@​nicolo-ribaudo)
  • #15829 Add parsing support for the "source phase imports" proposal (@​nicolo-ribaudo)
• babel-generator, babel-helper-module-transforms, babel-parser, babel-plugin-transform-dynamic-import, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-traverse, babel-types
  • #15682 Add createImportExpressions parser option (@​JLHwung)
• babel-standalone
  • #15671 Pass through nonce to the transformed script element (@​JLHwung)
• babel-helper-function-name, babel-helper-member-expression-to-functions, babel-helpers, babel-parser, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-optional-chaining-assign, babel-plugin-syntax-optional-chaining-assign, babel-plugin-transform-destructuring, babel-plugin-transform-optional-chaining, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone, babel-types
  • #15751 Add support for optional chain in assignments (@​nicolo-ribaudo)
• babel-helpers, babel-plugin-proposal-decorators
  • #15895 Implement the "decorator metadata" proposal (@​nicolo-ribaudo)
• babel-traverse, babel-types
  • #15893 Add t.buildUndefinedNode (@​liuxingbaoyu)
• babel-preset-typescript
  • #15913 Add rewriteImportExtensions option to TS preset (@​nicolo-ribaudo)
• babel-parser
  • #15896 Allow TS tuples to have both labeled and unlabeled elements (@​yukukotani)

:bug: Bug Fix

• babel-plugin-transform-block-scoping
  • #15962 fix: transform-block-scoping captures the variables of the method in the loop (@​liuxingbaoyu)

:nail_care: Polish

• babel-traverse
  • #15797 Expand evaluation of global built-ins in @babel/traverse (@​lorenzoferre)
• babel-plugin-proposal-explicit-resource-management
  • #15985 Improve source maps for blocks with using declarations (@​nicolo-ribaudo)

:microscope: Output optimization

• babel-core, babel-helper-module-transforms, babel-plugin-transform-async-to-generator, babel-plugin-transform-classes, babel-plugin-transform-dynamic-import, babel-plugin-transform-function-name, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-umd, babel-plugin-transform-parameters, babel-plugin-transform-react-constant-elements, babel-plugin-transform-react-inline-elements, babel-plugin-transform-runtime, babel-plugin-transform-typescript, babel-preset-env
  • #15984 Inline exports.XXX = update in simple variable declarations (@​nicolo-ribaudo)

v7.22.20 (2023-09-16)

... (truncated)

Commits

• b4b9942 v7.23.2
• b13376b Only evaluate own String/Number/Math methods (#16033)
• ca58ec1 v7.23.0
• 0f333da Add createImportExpressions parser option (#15682)
• 3744545 Fix linting
• c7e6806 Add t.buildUndefinedNode (#15893)
• 38ee8b4 Expand evaluation of global built-ins in @babel/traverse (#15797)
• 9f3dfd9 v7.22.20
• 3ed28b2 Fully support || and && in pluginToggleBooleanFlag (#15961)
• 77b0d73 v7.22.19
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/bloomberg/memray/network/alerts).

[codecov-commenter]

Codecov Report

All modified lines are covered by tests :white_check_mark:

Comparison is base (27c1f73) 92.29% compared to head (554e2c7) 92.15%.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #480 +/- ## ========================================== - Coverage 92.29% 92.15% -0.14% ========================================== Files 91 91 Lines 10849 10849 Branches 1498 1498 ========================================== - Hits 10013 9998 -15 - Misses 834 849 +15 Partials 2 2 ``` | [Flag](https://app.codecov.io/gh/bloomberg/memray/pull/480/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=bloomberg) | Coverage Δ | | |---|---|---| | [cpp](https://app.codecov.io/gh/bloomberg/memray/pull/480/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=bloomberg) | `85.68% <ø> (-0.42%)` | :arrow_down: | | [python_and_cython](https://app.codecov.io/gh/bloomberg/memray/pull/480/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=bloomberg) | `95.44% <ø> (ø)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=bloomberg#carryforward-flags-in-the-pull-request-comment) to find out more. [see 3 files with indirect coverage changes](https://app.codecov.io/gh/bloomberg/memray/pull/480/indirect-changes?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=bloomberg)

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[sarahmonod]

Even though this fixes a critical vulnerability, as far as I can tell the only JavaScript that ever gets executed for memray is in the HTML reporters, and we don't expect babel to be called on any user supplied code at any point.

That being said, even with the test in alpine failing (which is definitely unrelated to this PR), I think we want to merge this, to avoid the critical vulnerability from showing up for memray. I'm going to merge this now, but @pablogsal and @godlygeek feel free to let me know if you think this is a problem and we can revert this.