fix(deps): update dependency @babel/traverse to v7.23.2 [security] (#…

…9322)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [@babel/traverse](https://babel.dev/docs/en/next/babel-traverse)
([source](https://togithub.com/babel/babel)) | [`7.23.0` ->
`7.23.2`](https://renovatebot.com/diffs/npm/@babel%2ftraverse/7.23.0/7.23.2)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@babel%2ftraverse/7.23.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@babel%2ftraverse/7.23.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@babel%2ftraverse/7.23.0/7.23.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@babel%2ftraverse/7.23.0/7.23.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2023-45133](https://togithub.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92)

### Impact

Using Babel to compile code that was specifically crafted by an attacker
can lead to arbitrary code execution during compilation, when using
plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()`
internal Babel methods.

Known affected plugins are:
- `@babel/plugin-transform-runtime`
- `@babel/preset-env` when using its
[`useBuiltIns`](https://babeljs.io/docs/babel-preset-env#usebuiltins)
option
- Any "polyfill provider" plugin that depends on
`@babel/helper-define-polyfill-provider`, such as
`babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`,
`babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`

No other plugins under the `@babel/` namespace are impacted, but
third-party plugins might be.

**Users that only compile trusted code are not impacted.**

### Patches

The vulnerability has been fixed in `@babel/traverse@7.23.2`.

Babel 6 does not receive security fixes anymore (see [Babel's security
policy](https://togithub.com/babel/babel/security/policy)), hence there
is no patch planned for `babel-traverse@6`.

### Workarounds

- Upgrade `@babel/traverse` to v7.23.2 or higher. You can do this by
deleting it from your package manager's lockfile and re-installing the
dependencies. `@babel/core` >=7.23.2 will automatically pull in a
non-vulnerable version.
- If you cannot upgrade `@babel/traverse` and are using one of the
affected packages mentioned above, upgrade them to their latest version
to avoid triggering the vulnerable code path in affected
`@babel/traverse` versions:
  - `@babel/plugin-transform-runtime` v7.23.2
  - `@babel/preset-env` v7.23.2
  - `@babel/helper-define-polyfill-provider` v0.4.3
  - `babel-plugin-polyfill-corejs2` v0.4.6
  - `babel-plugin-polyfill-corejs3` v0.8.5
  - `babel-plugin-polyfill-es-shims` v0.10.0
  - `babel-plugin-polyfill-regenerator` v0.5.3

---

### Release Notes

<details>
<summary>babel/babel (@&#8203;babel/traverse)</summary>

###
[`v7.23.2`](https://togithub.com/babel/babel/blob/HEAD/CHANGELOG.md#v7232-2023-10-11)

[Compare
Source](https://togithub.com/babel/babel/compare/v7.23.0...v7.23.2)

##### 🐛 Bug Fix

-   `babel-traverse`
- [#&#8203;16033](https://togithub.com/babel/babel/pull/16033) Only
evaluate own String/Number/Math methods
([@&#8203;nicolo-ribaudo](https://togithub.com/nicolo-ribaudo))
-   `babel-preset-typescript`
- [#&#8203;16022](https://togithub.com/babel/babel/pull/16022) Rewrite
`.tsx` extension when using `rewriteImportExtensions`
([@&#8203;jimmydief](https://togithub.com/jimmydief))
-   `babel-helpers`
- [#&#8203;16017](https://togithub.com/babel/babel/pull/16017) Fix:
fallback to typeof when toString is applied to incompatible object
([@&#8203;JLHwung](https://togithub.com/JLHwung))
- `babel-helpers`, `babel-plugin-transform-modules-commonjs`,
`babel-runtime-corejs2`, `babel-runtime-corejs3`, `babel-runtime`
- [#&#8203;16025](https://togithub.com/babel/babel/pull/16025) Avoid
override mistake in namespace imports
([@&#8203;nicolo-ribaudo](https://togithub.com/nicolo-ribaudo))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/redwoodjs/redwood).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xOS4yIiwidXBkYXRlZEluVmVyIjoiMzcuMTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

yarn.lock

@@ -1994,8 +1994,8 @@ __metadata:
   linkType: hard
 
 "@babel/traverse@npm:^7.1.6, @babel/traverse@npm:^7.14.0, @babel/traverse@npm:^7.16.8, @babel/traverse@npm:^7.22.20, @babel/traverse@npm:^7.22.8, @babel/traverse@npm:^7.23.0":
-  version: 7.23.0
-  resolution: "@babel/traverse@npm:7.23.0"
+  version: 7.23.2
+  resolution: "@babel/traverse@npm:7.23.2"
   dependencies:
     "@babel/code-frame": ^7.22.13
     "@babel/generator": ^7.23.0
@@ -2007,7 +2007,7 @@ __metadata:
     "@babel/types": ^7.23.0
     debug: ^4.1.0
     globals: ^11.1.0
-  checksum: 84f93e64179965a0de6109a8b1ce92d66eb52a76e8ba325d27bdec6952cedd8fc98eabf09fe443ef667a051300dc7ed8924e7bf61a87ad456501d1da46657509
+  checksum: d096c7c4bab9262a2f658298a3c630ae4a15a10755bb257ae91d5ab3e3b2877438934859c8d34018b7727379fe6b26c4fa2efc81cf4c462a7fe00caf79fa02ff
   languageName: node
   linkType: hard