Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump serialize-to-js and parcel #678

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 3, 2024

Bumps serialize-to-js to 3.1.2 and updates ancestor dependency parcel. These dependencies need to be updated together.

Updates serialize-to-js from 1.2.2 to 3.1.2

Release notes

Sourced from serialize-to-js's releases.

v2.0.0

Breaking changes:

  • removal of deserialize function as being vulnerable to DOS
Commits

Updates parcel from 1.12.3 to 1.12.4

Changelog

Sourced from parcel's changelog.

Changelog

All notable changes to Parcel will be documented in this file.

The format is based on Keep a Changelog and Parcel adheres to Semantic Versioning.

[2.12.0] - 2024-02-28

Added

  • Core

    • Add REPL playground for Parcel to the website – Details
    • Improve package manager detection for auto install – Details
  • JavaScript

    • Add support for JS macros – Details
    • Statically evaluate constants referenced by macros – Details
    • Upgrade to ESLint 8 – Details
    • Bump swc – Details
  • CSS

    • Use lightningcss to implement CSS packager – Details
  • Bundler

    • Rename "parentAsset" to "root" for Manual Shared Bundle config and remove unstable prefix – Details
  • Web Extensions

    • Add content script world property to manifest schema validation – Details
  • Performance

    • Adjacency list optimizations – Details
    • Break up request graph cache serialisation and run after build completion – Details

Fixed

  • Core

    • Drop per-pipeline transformation cache – Details
    • Clippy and use napi's Either3 – Details
    • Add lazy/eager cache key to avoid invalid change when switching modes – Details
  • JavaScript

    • Remove decl_collector pass and use SWC's unresolved_mark instead – Details
  • Bundler

    • Fix multiple css bundles in entry bundle groups issue – Details
    • Allow parallel type change bundles to be reused by async siblings – Details
    • Skip on missing parent asset for manual shared bundles – Details

Unstable

... (truncated)

Commits
  • d9ec7af Publish
  • 430679c Update yarn.lock
  • fe08980 fix source maps on coffeescript assets (#3423)
  • dc393bf Fixes #3133 by upgrading serialize-to-js from 1.1.1 to 3.0.0 (#3451)
  • 96119be Fix up misleading usage information (#3158)
  • a92e9b2 bump chokidar to get a reload fix for linux (#2878)
  • 75a891e Use uppercase for the first letter of the issue template (#3192)
  • 6fbfe96 Update dotenv-expand to allow overriding of falsy values (#2971)
  • 7ad25fd Fixes 3076: HMR update breaks in webworker due to window (and location.reload...
  • 4b50182 Scope hoisting destructuring (#2742)
  • Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added the Dependencies Pull requests that update a dependency file label Jun 3, 2024
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-99c7f86258 branch from be9448f to f36dd02 Compare June 28, 2024 11:19
Bumps [serialize-to-js](https://github.com/commenthol/serialize-to-js) to 3.1.2 and updates ancestor dependency [parcel](https://github.com/parcel-bundler/parcel). These dependencies need to be updated together.


Updates `serialize-to-js` from 1.2.2 to 3.1.2
- [Release notes](https://github.com/commenthol/serialize-to-js/releases)
- [Commits](commenthol/serialize-to-js@v1.2.2...v3.1.2)

Updates `parcel` from 1.12.3 to 1.12.4
- [Release notes](https://github.com/parcel-bundler/parcel/releases)
- [Changelog](https://github.com/parcel-bundler/parcel/blob/v2/CHANGELOG.md)
- [Commits](https://github.com/parcel-bundler/parcel/compare/[email protected]@1.12.4)

---
updated-dependencies:
- dependency-name: serialize-to-js
  dependency-type: indirect
- dependency-name: parcel
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-99c7f86258 branch from f36dd02 to 9add0ef Compare June 28, 2024 11:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants