[Snyk] Upgrade parcel from 2.10.0 to 2.12.0

[apiiro-snyk]

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade parcel from 2.10.0 to 2.12.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 5 versions ahead of your current version.

• The recommended version was released on 4 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	169	Proof of Concept
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	169	No Known Exploit
	Denial of Service (DoS) SNYK-JS-MSGPACKR-6140431	169	No Known Exploit

Release notes

Package name: parcel

• 2.12.0 - 2024-02-28
  

  Blog post: https://parceljs.org/blog/v2-12-0/

  Added

  • Core

    • Add REPL playground for Parcel to the website – Details
    • Improve package manager detection for auto install – Details

  • JavaScript

    • Add support for JS macros – Details
    • Statically evaluate constants referenced by macros – Details
    • Upgrade to ESLint 8 – Details
    • Bump swc – Details

  • CSS

    • Use lightningcss to implement CSS packager – Details

  • Bundler

    • Rename "parentAsset" to "root" for Manual Shared Bundle config and remove unstable prefix – Details

  • Web Extensions

    • Add content script world property to manifest schema validation – Details

  • Performance

    • Adjacency list optimizations – Details
    • Break up request graph cache serialisation and run after build completion – Details

  Fixed

  • Core

    • Drop per-pipeline transformation cache – Details
    • Clippy and use napi's Either3 – Details
    • Add lazy/eager cache key to avoid invalid change when switching modes – Details

  • JavaScript

    • Remove decl_collector pass and use SWC's unresolved_mark instead – Details

  • Bundler

    • Fix multiple css bundles in entry bundle groups issue – Details
    • Allow parallel type change bundles to be reused by async siblings – Details
    • Skip on missing parent asset for manual shared bundles – Details

  Unstable

  • Add source map support to the inline-require optimizer – Details
• 2.11.0 - 2024-01-04
  

  [2.11.0] - 2023-12-19

  Added

  • Dev
    • Log build phase times for dev builds Details
    • Progress messages for writing to cache Details
    • VSC Extension JSON schema Details
    • Print phase times on development builds Details
    • Publish bundle-stats-cli and parcel-query Details

  Fixed

  • Dev

    • Increase threshold for showing progress bar to 500k nodes Details
    • Fix parcel-query Details
    • FIX[dev-server]: Fix html file matching from URL Details
    • Fix parcel query's inspect cache Details
    • Bug fix for exiting early when identifying requestGraph in loadGraphs Details
    • Fix HMR on .localhost domains Details
    • Modify parcel query to not require all graphs on startup Details
    • Bug fix for async Parcel-query Details
    • Remove reliance on requestTracker in loadGraphs Details

  • Core

    • Reduce redundancy in the RequestGraph's Request, Env, and Option nodes Details
    • Move registerCoreWithSerializer to its own file Details
    • Filter --expose-gc and --max-semi-space-size execArgv Node args from workers Details
    • Optimize Symbol Propagation (propagateSymbolsUp) Details
    • Convert Request Graph node types + request node requestTypes to numbers Details
    • fsFixture: ignore empty lines in fixtures Details
    • Unstable File Invalidations Details
    • Configurable watch root Details

  • Resolver

    • Add ~ and / support to the glob resolver Details

  • JavaScript

    • Bump swc Details
    • Bumping lightningcss to 1.22.1 Details
    • Fix CI Details
    • Change inline-requires to only run when optimizing Details
    • Fix tsconfig extends from node_modules Details
    • Bump some deps Details
    • Bump swc and napi-rs Details
    • Fix references to packages.atlassian.com Details
    • Fix build-ts step Details
    • Bump rimraf version to ^5.05 Details
    • Use centos image with newer Node 16 Details
• 2.10.3 - 2023-11-15
  

  Fixed

  • Core

    • Mark previously deferred assets as dirty for symbol prop - Details
    • Write bundle graph to cache if error occurs during bundling - Details
    • Fixing issues when import * as is used with export * - Details
    • Writing cache in chunks - Details
    • Reduce redundancy in the RequestGraph's file nodes - Details
    • Fix dependency retargeting with ambiguous reexports - Details

  • JavaScript

    • Fixing behavior for hasOwnProperty in modules exporting member with same name - Details

  • WebExtension

    • Don't crash if WebExt has no content_scripts - Details

  • PostHTML, Pug, Stylus

    • Simplified calls to invalidateOnFileChange - Details
• 2.10.2 - 2023-11-02
  

  Fixed

  • Core

    • Use clz32 for counting trailing zeroes – Details

  • JavaScript

    • Do not wrap duplicated assets when they are in different targets – Details
• 2.10.1 - 2023-10-24
  

  Fixed

  • Core

    • Use modern node versions in CI Details
    • Support multiple workspaces/clients in Parcel for VSCode Details

  • Bundler

    • Make sure to set unique key Details
    • Fix bundler tests assertions on Windows Details

  • JavaScript

    • Add logic to disable scope hoisting if the this key word is pointing to an export module Details
    • Detect TSC polyfills to avoid marking them as CJS Details
    • Remove this exports tracking for files with module syntax Details
    • Bump swc Details

  Unstable

  • Bundler

    • Fix inline constants in shared bundles Details
    • Use Manual "name" for publicIds, remove source bundles from Unique Keys Details
    • Simplify MSB code for code split bundle creation section Details
• 2.10.0 - 2023-10-11
  

  Parcel v2.10.0 includes big performance improvements, an improved --lazy mode, reduced runtime bundle sizes, web extension improvements, and tons of bug fixes and improvements.

  Added

  • Core

    • Add support for include and exclude globs for --lazy mode – Details, Details
    • Merge all native Rust modules into one package – Details
    • Add async resolver and JS transformer functions using rayon – Details
    • Support "register" tools in module loader (e.g. @ babel/register, esbuild-register, ts-node) – Details
    • Limit default number of JS workers to 4 to improve memory usage/performance – Details

  • Bundler

    • Optimize bundler performance – Details
    • Add disableSharedBundles config option – Details

  • Resolver

    • Support node: prefix for CJS dependencies – Details, Details

  • JavaScript

    • Add import helper to decrease ESM loader runtime footprint – Details
    • Support parallel bundle imports in libraries – Details
    • Only include globalThis polyfill for old browsers – Details
    • Updated parcelRequire.register to be minifiable – Details

  • CSS

    • Add include and exclude globs for CSS modules – Details

  • WASM

    • Add WASM packager with source map support – Details

  • XML

    • Transform xml-stylesheet processing instructions – Details

  • Web Extensions

    • Add support for Chrome Extension manifest V3 side_panel property – Details
    • Improve HMR for web extensions – Details

  • Web Manifest

    • Add support for icons in file_handlers – Details

  Fixed

  • Core

    • Query glibc version only once to speed up JSTransformer on Linux – Details
    • Refresh cache before writing contents to bundle – Details
    • Fix --lazy mode bugs – Details
    • Ignore no-opt command line option – Details
    • Bump lmdb – Details
    • Don't hide error when diagnostic is malformed – Details
    • Don't autoinstall local files in package manager – Details
    • Fix bug with cache and glob entries – Details

  • JavaScript

    • Migrate to swc_core – Details
    • Move ESM loader runtime to absolute URLs – Details
    • Fix duplicate asset references – Details
    • Bump swc – Details, Details, Details
    • Fix shorthand identifier import usage – Details
    • Ensure nested member expressions are marked used in dev mode – Details
    • Set ascii_only for swc emit – Details
    • Add tests for non-identifier symbol names – Details

  • Bundler

    • Exclude inline assests from parallel request limit – Details
    • Fix unexpected undefined when creating shared bundles – Details

  • Images

    • Bump oxipng from 6.0.0 -> 8.0.0 – Details

  • Sass

    • Fix sass import edge case – Details

  • Dev Server

    • Fix index page loading in dev server when bundle type isn't html – Details

  Unstable

  • Core

    • Expose unstable_transform and unstable_resolve APIs – Details

  • Bundler

    • Add unstable manual shared bundles config – Details

  • JavaScript

    • Experimental inline / deferred requires optimiser – Details
    • Add constants inlining optimization – Details
    • Add unstable async bundle runtime to the JS Packager – Details

from parcel GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs