[Snyk] Fix for 2 vulnerabilities

[prodsecmachine]

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-15309438	828
	Infinite loop SNYK-JS-BNJS-15274301	738

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[prodsecmachine]

This upgrade includes a major version update for parcel from v1 to v2, which introduces significant and actionable breaking changes. The postcss-assets upgrade drops support for very old Node.js versions.

parcel 1.12.4 → 2.0.0 (High Risk)

This is a major rewrite of Parcel and requires several migration steps. Key breaking changes include:

• Package Name Change: The npm package has been renamed from parcel-bundler to parcel. You must update your package.json and installation scripts.
• Configuration: Parcel 2 introduces a new configuration system using .parcelrc for extensive customization, whereas Parcel 1 was zero-config.
• Default Transpilation: Parcel 2 no longer transpiles JavaScript by default. You must add a browserslist field to your package.json to specify targets and enable transpilation.
• Asset Imports: Importing non-code assets to get a URL now requires using the new URL('asset.ext', import.meta.url) syntax or prefixing the import with url:.
• HTML Script Tags: Scripts referenced via <script src="..."> are no longer treated as modules. You must explicitly use <script type="module" src="..."> to enable ES module support, aligning with modern browser behavior.
• Cache Directory: The cache folder has moved from .cache to .parcel-cache. Your .gitignore file should be updated accordingly.

Recommendation: A dedicated effort is required to migrate. Follow the official migration guide before merging this upgrade.

Source: Official Parcel v2 Migration Guide

postcss-assets 5.0.0 → 6.0.0 (Medium Risk)

This major version upgrade has the following breaking changes:

• Node.js Support: Drops support for Node.js v0.12.
• PostCSS Dependency: Updates its core dependency to PostCSS v6. The PostCSS v6 upgrade itself dropped support for Node.js v4.

Recommendation: This is considered a medium risk because it changes the required runtime environment. Verify that your application is running on a supported version of Node.js (v6 or higher).

Source: Release Notes

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-actions]

A documentation preview will be available soon.

• 🔨 Buildkite builds
• 📚 HTML diff
• 📙 Preview page

Request a new doc build by commenting

• Rebuild this PR: run docs-build
• Rebuild this PR and all Elastic docs: run docs-build rebuild

_{run docs-build is much faster than run docs-build rebuild. A rebuild should only be needed in rare situations.}

_{If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status here.}