chore(deps): bump the npm_and_yarn group across 1 directory with 3 updates

[dependabot]

Bumps the npm_and_yarn group with 2 updates in the / directory: @parcel/reporter-dev-server and immutable.

Updates @parcel/reporter-dev-server from 2.5.0 to 2.16.4

Release notes

Sourced from @​parcel/reporter-dev-server's releases.

v2.16.4

Fixed

• Dev server
  • Add --no-cors option to disable CORS headers – Details

v2.16.2

Fixed

• HTML

  • Fix siblings after <svg> being removed by HTML minifier – Details

• React Server Components

  • Bump react-server-dom-parcel to ^19.1.1 to fix vulnerability
  • Fix cache key clash in @parcel/packager-react-static – Details
  • Fix using inline string transformers with @parcel/packager-react-static – Details
  • Preload CSS as soon as the RSC payload loads, without waiting for it to mount. This is useful for pre-fetching. – Details

v2.16.1

Fixed

• JavaScript

  • Fix macro location information – Details

• React Server Components Improve performance of RSC builds – Details

v2.16.0

This release significantly improves code splitting and tree shaking when scope hoisting is disabled, e.g. when using React Server Components with static rendering. It enables re-exports to be followed when resolving a dependency, so that only used exports from large libraries get bundled together for each page rather than across all pages. This was already the case when using scope hoisting, but now it works without scope hoisting as well.

Added

• JavaScript
  • Code split re-exports when scope hoisting is disabled – Details

Fixed

• JavaScript
  • Scope macro asset unique keys to the parent asset – Details

v2.15.3

Fixed

• JavaScript

  • Expose line and column number to macros – Details

• React Server Components

  • Invalidate cache in ReactStaticPackager when pages are added or client components change – Details
  • Fix lazy mode with React Server Components – Details
  • Fix @parcel/rsc duplicate types – Details

... (truncated)

Changelog

Sourced from @​parcel/reporter-dev-server's changelog.

[2.16.4] – 2026-02-01

Fixed

• Dev server
  • Add --no-cors option to disable CORS headers – Details

[2.16.3] – 2025-12-06

Fixed

• React Server Components
  • Fix react-dom import (bug in 2.16.2)

[2.16.2] – 2025-12-06

Fixed

• HTML

  • Fix siblings after <svg> being removed by HTML minifier – Details

• React Server Components

  • Bump react-server-dom-parcel to ^19.1.1 to fix vulnerability
  • Fix cache key clash in @parcel/packager-react-static – Details
  • Fix using inline string transformers with @parcel/packager-react-static – Details
  • Preload CSS as soon as the RSC payload loads, without waiting for it to mount. This is useful for pre-fetching. – Details

[2.16.1] – 2025-11-04

Fixed

• JavaScript

  • Fix macro location information – Details

• React Server Components Improve performance of RSC builds – Details

[2.16.0] – 2025-09-18

Added

• JavaScript
  • Code split re-exports when scope hoisting is disabled – Details

Fixed

• JavaScript
  • Scope macro asset unique keys to the parent asset – Details

... (truncated)

Commits

• 5948485 v2.16.4
• 9e2f6f1 Add --no-cors option (#10268)
• 73f691d v2.16.3
• b270626 Fix react-dom import
• 44a1121 v2.16.2
• ee7026d Preserve siblings after <svg> (#10234)
• 7689f7d Bump node-forge from 1.3.1 to 1.3.2 (#10242)
• 13904ab RSC fixes (#10245)
• 546e941 Bump react-server-dom-parcel from 19.1.0 to 19.1.2 (#10244)
• 9f01c02 v2.16.1
• Additional commits viewable in compare view

Updates base-x from 3.0.9 to 3.0.11

Commits

• 043a888 3.0.11
• 2705ddd [backport 3.x] Prohibit char codes that would overflow the BASE_MAP
• 3d43c0e 3.0.10
• 0a35446 Improve decoding performance
• See full diff in compare view

Updates immutable from 4.0.0 to 4.3.8

Release notes

Sourced from immutable's releases.

v4.3.8

Fix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable

v4.3.7

What's Changed

• Fix issue with slice negative of filtered sequence by @​jdeniau in immutable-js/immutable-js#2006

Full Changelog: immutable-js/immutable-js@v4.3.6...v4.3.7

v4.3.6

What's Changed

• Fix Repeat().equals(undefined) incorrectly returning true by @​butchler in immutable-js/immutable-js#1994

Internals

• change youtube image by @​jdeniau in immutable-js/immutable-js#1973
• Upgrade eslint and ignore no-constructor-return rule for actual constructors by @​jdeniau in immutable-js/immutable-js#1974
• upgrate documentation website to next 14 by @​jdeniau in immutable-js/immutable-js#1975
• start migrating to nextjs app router by @​jdeniau in immutable-js/immutable-js#1976
• upgrade next sitemap by @​jdeniau in immutable-js/immutable-js#1978

New Contributors

• @​butchler made their first contribution in immutable-js/immutable-js#1994

Full Changelog: immutable-js/immutable-js@v4.3.5...v4.3.6

v4.3.5

What's Changed

• Fix Set.fromKeys types with Map constructor in TS 5.0 by @​jdeniau in immutable-js/immutable-js#1971
• upgrade to TS 5.1 by @​jdeniau in immutable-js/immutable-js#1972
• fix dist-stats command by @​jdeniau in immutable-js/immutable-js#1964
• fix Read the Docs link on readme by @​joshding in immutable-js/immutable-js#1970

New Contributors

• @​joshding made their first contribution in immutable-js/immutable-js#1970

Full Changelog: immutable-js/immutable-js@v4.3.4...v4.3.5

4.3.4

What's Changed

• Rollback toJS type due to circular reference error by @​jdeniau in immutable-js/immutable-js#1958

Full Changelog: immutable-js/immutable-js@v4.3.3...v4.3.4

v4.3.3

What's Changed

• [typescript] manage to handle toJS circular reference. #1932 by @​jdeniau

... (truncated)

Changelog

Sourced from immutable's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning. Dates are formatted as YYYY-MM-DD.

Unreleased

5.1.5

• Fix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable

5.1.4

• Migrate some files to TS by @​jdeniau in immutable-js/immutable-js#2125
  • Iterator.ts
  • PairSorting.ts
  • toJS.ts
  • Math.ts
  • Hash.ts
• Extract CollectionHelperMethods and convert to TS by @​jdeniau in immutable-js/immutable-js#2131
• Use npm trusted publishing only to avoid token stealing.

Documentation

• Fix/a11y issues by @​lyannel in immutable-js/immutable-js#2136
• Doc add Map.get signature update by @​borracciaBlu in immutable-js/immutable-js#2138
• fix(doc):minor-issues#2132 by @​JayMeDotDot in immutable-js/immutable-js#2133
• Fix algolia search by @​jdeniau in immutable-js/immutable-js#2135
• Typo in OrderedMap by @​jdeniau in immutable-js/immutable-js#2144

Internal

• chore: Sort all imports and activate eslint import rule by @​jdeniau in immutable-js/immutable-js#2119

5.1.3

TypeScript

• fix: allow readonly map entry constructor by @​septs in immutable-js/immutable-js#2123

Documentation

There has been a huge amount of changes in the documentation, mainly migrate from an autogenerated documentation from .d.ts file, to a proper documentation in markdown. The playground has been included on nearly all method examples. We added a page about browser extensions too: https://immutable-js.com/browser-extension/

Internal

... (truncated)

Commits

• 485cbe0 4.3.8
• 6ed4eb6 Merge commit from fork
• 94bcd3c fix new proto key injection
• faeb58b fix Prototype Pollution in mergeDeep, toJS, etc.
• 37ca417 release 4.3.7 (#2007)
• 23daf26 Fix issue with slice negative of filtered sequence (#2006)
• 493afba release 4.3.6 (#1997)
• be3cb9a Fix Repeat(<value>).equals(undefined) incorrectly returning true (#1994)
• d7664bf generate sitemap in path that will be deployed
• f8327b1 upgrade next sitemap (#1978)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for immutable since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.