Bump @babel/core from 7.29.0 to 7.29.7 in the npm-and-yarn group across 1 directory

[dependabot]

Bumps the npm-and-yarn group with 1 update in the / directory: @babel/core.

Updates @babel/core from 7.29.0 to 7.29.7

Release notes

Sourced from @​babel/core's releases.

v7.29.7 (2026-05-25)

Re-release all packages with npm provenance attestations

v7.29.6 (2026-05-25)

🐛 Bug Fix

• babel-generator
  • #18014 Catchup source map position in preserveFormat (@​nicolo-ribaudo)
• babel-core
  • #18001 [7.x packport]Improve input source map handling (@​JLHwung)
• babel-core, babel-generator
  • #17998 Preserve original identifier names from input sourcemaps (#17992) (@​Andarist)

Committers: 3

• Huáng Jùnliàng (@​JLHwung)
• Mateusz Burzyński (@​Andarist)
• Nicolò Ribaudo (@​nicolo-ribaudo)

v7.29.5 (2026-05-05)

🏠 Internal

• babel-preset-env
  • Update @babel/* dependencies

v7.29.4 (2026-05-05)

🐛 Bug Fix

• babel-plugin-transform-modules-systemjs
  • #17974 [7.x backport]fix(systemjs): improve module string name support (@​JLHwung)

Committers: 1

• Huáng Jùnliàng (@​JLHwung)

v7.29.3 (2026-04-30)

👓 Spec Compliance

• babel-parser
  • #17923 Support flow extends bound (@​JLHwung)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #17931 fix(decorators): replace super within all removed static elements (@​JLHwung)
• babel-register
  • #17915 Fix thread synchronization issues in @babel/register (@​liuxingbaoyu)
• babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env
  • #17788 Add bugfix plugin for Safari array rest destructuring bug (@​JLHwung)

💅 Polish

• babel-parser

... (truncated)

Commits

• 4fba754 v7.29.7
• 04ea6b2 v7.29.6
• 99f498a [7.x packport]Improve input source map handling (#18001)
• feba0a3 Preserve original identifier names from input sourcemaps (#17992) (#17998)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[jameslamb]

Dependabot keeps opening PRs 1 at a time, despite us wanting them to be grouped. I'm not really sure why and haven't been able to figure it out :/

[jameslamb]

/ok to test 44c5d6c

[jameslamb]

/ok to test 60f295f

[ncclementi]

Dependabot keeps opening PRs 1 at a time, despite us wanting them to be grouped. I'm not really sure why and haven't been able to figure it out :/

I was reading about it, and maybe there is something on the UI security settings that might be overriding this? I'm not sure why this is happening.

[jameslamb]

I'm not sure exactly why, but discussion in dependabot/dependabot-core#13919 suggests that removing patterns: "*" fixes this.

We can try that.

[jameslamb]

Let's not merge this.

I want to test dependabot grouping once #290 is merged. Hoping that once that's in, dependabot will close this PR and open a new one with the 2 package updates it currently wants to make.

[jameslamb]

I tried manually re-running dependabot after #290 but it didn't create a new PR or close this one. Gonna try closing it and running again.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

[jameslamb]

sigh, dependabot refused to open a new PR because it saw this branch sitting here (I think)

So I've restored this branch and re-opened this.

But it's even more confusing.... now here on this PR I see this:

Your .github/dependabot.yml contained invalid details
Dependabot encountered the following error when parsing your .github/dependabot.yml:

The property '#/updates/0/groups/npm-and-yarn' of type object did not match one or more of the required schemas
Please update the config file to conform with Dependabot's specification.

https://github.com/rapidsai/jupyterlab-nvdashboard/pull/289/checks?check_run_id=83294655025

[jameslamb]

Looks like #292 made the config validator happy, at least: https://github.com/rapidsai/jupyterlab-nvdashboard/pull/289/checks?check_run_id=83298943365

[jameslamb]

/ok to test 40338ba

[jameslamb]

This is a +0, -0 PR (its changes are redundant with #289) but I think we still need to merge it to help dependabot understand that this update was made 🤷🏻