`transform-async-to-generator` wrongly mark function as pure when called by apply()/call() · Issue #17227 · babel/babel 💻 Would you like to work on a fix? How are you using Babel? @babel/cli Input code (async function () { console.log('XXXXXXX This is side effect.') })(); (async function () { console.log('YYYYYYY Th...

A new "good first issue" in the Babel repo! Who wants to give it a try? 💪

github.com/babel/babel/...

We just released Babel 7.27.0, go check it out!

babeljs.io/blog/2025/03...

We apologize to all the maintainers of libraries that depend on @babel/runtime, do not actually trigger the vulnerable code path, and will get bug reports asking to "please upgrade Babel because it's insecure" 😅

It is unlikely that you are affected, as the security vulnerability only applies when passing a user-provided string to the second argument of RegExp.prototype.replace.

Inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups ### Impact When using Babel to compile [regular expression named capturing groups](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Regular_expressions/Named_capturing_group), B...

We just released Babel v7.26.10 and v8.0.0-alpha.17, with a security fix that affects transpilation of regular expressions. Make sure to update!

github.com/babel/babel/...

Hello 🦋👋