Version 7.13.0 of @babel/plugin-transform-runtime introduces notable changes compared to the previous stable version, 7.12.17, impacting how developers manage polyfilling in their projects. The core functionality, externalizing references to Babel helpers and built-ins to prevent global namespace pollution, remains consistent. However, the dependency list reflects key updates.
Most significantly, version 7.13.0 adds direct dependencies on babel-plugin-polyfill-corejs2, babel-plugin-polyfill-corejs3, and babel-plugin-polyfill-regenerator. This indicates a more streamlined and integrated approach to polyfilling specific features, particularly those related to core-js versions 2 and 3, as well as regenerator-runtime for async/await support. This simplifies configuration for developers who previously might have needed to install and configure these polyfill plugins separately.
Furthermore, the semver dependency has been upgraded from "^5.5.1" to "7.0.0", suggesting enhanced compatibility and potentially bug fixes related to semantic versioning. In the devDependencies, all "@babel/*" packages have been updated to version 7.13.0, ensuring consistent tooling and alignment with the latest Babel features and improvements. These updates collectively contribute to a more robust and potentially more performant polyfilling process, reducing the likelihood of conflicts and simplifying the developer experience when using @babel/plugin-transform-runtime for handling modern JavaScript features in diverse environments. File count and unpacked size of the package also got updated.
All the vulnerabilities related to the version 7.13.0 of the package
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
