Content Security Policy (CSP) might block 'unsafe-eval' which includes eval(), Function(), setTimeout() and setInterval()

One such occurrence comes from regenerator-runtime provided by Babel.
This was somehow fixed by facebook/regenerator#346 and subsequently but Babel:

• Neither updated the dependency
• Neither merged a commit intended to make regenerator-runtime inclusion optional ("regenerator-runtime" import now can be controlled through include/exclude option babel/babel#10768)