davsclaus opened a new pull request, #1665: URL: https://github.com/apache/camel-website/pull/1665
## Summary - Add 20+ yarn resolutions to fix transitive dependency vulnerabilities (tar, fast-xml-parser, flatted, esbuild, minimatch, braces, cross-spawn, ws, picomatch, browserslist, ip-address, cookie, send, serve-static, semver, js-yaml, and more) - Delete unused `antora-ui-camel/yarn.lock` — legacy lockfile not used by any CI workflow (all workflows use workspace `yarn install` from root) - Pin jsonpath to 1.2.1 to avoid breaking change in 1.3.0 that rejects filter expressions used by asciidoctor-jsonpath ## Details This should resolve ~60 of the 82 open Dependabot alerts. The remaining ~20 are either: - **No upstream fix**: ip, elliptic, lodash.pick, url-regex - **Incompatible major version jumps**: postcss (7→8 breaks gulp plugins), svgo (1→2+), uuid (3→11), got (7→11), file-type, yargs-parser, glob ## Test plan - [x] `yarn install` completes successfully - [x] Antora build passes (no jsonpath regression) - [ ] CI build passes (local build hits GitHub API rate limit, unrelated to these changes) 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
