chore(deps): babel 7.29.7

[tomkdgun]

Description

Upgrade babel dependencies to 7.29.7 to:

• resolve CVE CVE-2026-49356 (Low) detected in core-7.29.0.tgz - autoclosed #12238
• make sure there are no duplicated babel packages in yarn.lock

Issues Resolved

#12238

After merging PRs below can be closed, since this one is improved version of these below:
#12269
#12252

Screenshot

Testing the changes

Check List

• All tests pass
  • yarn test:jest
  • yarn test:jest_integration
• New functionality includes testing.
• New functionality has been documented.
• Commits are signed per the DCO using --signoff

[github-actions]

PR Code Analyzer ❗

AI-powered 'Code-Diff-Analyzer' found issues on commit 1f0c471.

Path	Line	Severity	Description
package.json	314	high	Multiple @babel/* packages upgraded from ~7.22.x to ^7.29.7 (core, eslint-parser, parser, plugin-transform-class-static-block, plugin-transform-numeric-separator, register, types). Dependency version changes must be verified for artifact authenticity.
packages/osd-babel-preset/package.json	10	high	Seven @babel/* dependencies upgraded to ^7.29.7 including preset-env, preset-react, preset-typescript, and multiple transform plugins. Supply chain risk for core build tooling.
packages/osd-monaco/package.json	27	high	Six @babel/* packages changed — three renamed from plugin-proposal-* to plugin-transform-* and all bumped to ^7.29.7. Rename alongside version bump warrants verification.
packages/osd-interpreter/package.json	12	high	@babel/runtime bumped to ^7.29.7 (runtime dependency, not devDependency) plus four dev babel packages updated. Runtime babel dependency change affects production artifact.
yarn.lock	1079	high	@babel/cli resolved URL and integrity hash changed to 7.29.7 artifact. New commander dependency version (^6.2.0 vs ^4.0.1) introduced in this package.
yarn.lock	1136	high	@babel/core resolved URL and integrity hash replaced. Core compiler artifact change affects all transpilation — must verify SHA integrity against official npm registry.
yarn.lock	7602	high	babel-plugin-polyfill-corejs2 bumped to 0.4.17, babel-plugin-polyfill-corejs3 bumped to 0.13.0/0.14.2, babel-plugin-polyfill-regenerator bumped to 0.6.8. Polyfill injection plugins affect all output bundles.
yarn.lock	8947	high	core-js-compat bumped from 3.33.2 to 3.49.0 with new resolved hash. This package governs polyfill inclusion decisions across the entire build.
yarn.lock	18212	high	regexpu-core bumped from 5.3.2 to 6.4.0 with a major version bump. Dependency on regjsgen switched from @babel/regjsgen to standalone regjsgen package — different artifact, different maintainer.
packages/osd-dev-utils/package.json	16	high	@babel/core bumped to ^7.29.7 in osd-dev-utils, a package used across the development toolchain. Changes to dev-utils babel core affect all package build scripts.

The table above displays the top 10 most important findings.

Total: 14 | Critical: 0 | High: 14 | Medium: 0 | Low: 0

---

Pull Requests Author(s): Please update your Pull Request according to the report above.

Repository Maintainer(s): You can bypass diff analyzer by adding label skip-diff-analyzer after reviewing the changes carefully, then re-run failed actions. To re-enable the analyzer, remove the label, then re-run all actions.

---

⚠️ Note: The Code-Diff-Analyzer helps protect against potentially harmful code patterns. Please ensure you have thoroughly reviewed the changes beforehand.

Thanks.