sergehuber opened a new pull request, #818:
URL: https://github.com/apache/unomi/pull/818

   ## Plain-language summary
   
   After the main 3.1 platform PR merged, several small security updates were 
still open for the web tracker and GraphQL UI front-end builds. Those modules 
are build-time only and do not change Unomi runtime behavior.
   
   This PR applies them in one batch so we do not run five separate full 
integration test cycles for tiny yarn lockfile changes.
   
   ## What changed
   
   * **web-tracker wab:** bump rollup to 2.80.0; pin transitive minimatch, 
picomatch, @babel/runtime, and serialize-javascript via yarn resolutions
   * **graphql-ui:** bump webpack to 5.104+ (resolves to 5.108.x)
   * Refresh both `yarn.lock` files; no Java or Karaf changes
   
   ## Dependabot follow-up (after merge)
   
   * Comment `@dependabot rebase` on #813–#817 so they auto-close
   * Keep #799, #800, #801 closed/deferred to 3.2 (log4j, opencsv, comet majors)
   
   ## Test plan
   
   - [x] `yarn build` in `extensions/web-tracker/wab`
   - [x] `yarn build:production` in `graphql/graphql-ui`
   - [x] `mvn -pl extensions/web-tracker/wab,graphql/graphql-ui,wab -am package 
-DskipTests`
   - [ ] CI unit tests
   - [ ] CI ES + OS integration tests
   
   ## References
   
   UNOMI-875 (optional post-3.1 hygiene); supersedes Dependabot #813, #814, 
#815, #816, #817


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to