fix(security): update css-what, glob-parent, trim-newlines

[jsjoeio]

This PR fixes the following security vulnerabilities:

• https://www.npmjs.com/advisories/1753
• https://www.npmjs.com/advisories/1754
• https://www.npmjs.com/advisories/1751

Checklist

• updated CHANGELOG.md

[codecov]

Codecov Report

Merging #3563 (6f2e8c9) into main (ecbef27) will not change coverage.
The diff coverage is n/a.

❗ Current head 6f2e8c9 differs from pull request most recent head 9652e65. Consider uploading reports for the commit 9652e65 to get more accurate results

@@           Coverage Diff           @@
##             main    #3563   +/-   ##
=======================================
  Coverage   59.21%   59.21%           
=======================================
  Files          35       35           
  Lines        1709     1709           
  Branches      379      379           
=======================================
  Hits         1012     1012           
  Misses        559      559           
  Partials      138      138           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ecbef27...9652e65. Read the comment docs.

[oxy]

This broke parcel-bundler :(
We're likely either going to have to ignore the vuln or move to parcel v2, which is still in beta months after v1 was deprecated :(

[jsjoeio]

We're likely either going to have to ignore the vuln or move to parcel v2

Shoot :( I wonder how easy/difficult that will be. Do you have a preference on which approach we take?

[code-asher]

Could also consider removing Parcel and just compile with plain tsc using the UMD target. We would need a loader like require.js to handle the loading on the browser side.

I don't believe we make use of any other Parcel features other than the loading.

[jsjoeio]

Closing in favor of #3586 and #3578