sergehuber opened a new pull request, #818: URL: https://github.com/apache/unomi/pull/818
## Plain-language summary After the main 3.1 platform PR merged, several small security updates were still open for the web tracker and GraphQL UI front-end builds. Those modules are build-time only and do not change Unomi runtime behavior. This PR applies them in one batch so we do not run five separate full integration test cycles for tiny yarn lockfile changes. ## What changed * **web-tracker wab:** bump rollup to 2.80.0; pin transitive minimatch, picomatch, @babel/runtime, and serialize-javascript via yarn resolutions * **graphql-ui:** bump webpack to 5.104+ (resolves to 5.108.x) * Refresh both `yarn.lock` files; no Java or Karaf changes ## Dependabot follow-up (after merge) * Comment `@dependabot rebase` on #813–#817 so they auto-close * Keep #799, #800, #801 closed/deferred to 3.2 (log4j, opencsv, comet majors) ## Test plan - [x] `yarn build` in `extensions/web-tracker/wab` - [x] `yarn build:production` in `graphql/graphql-ui` - [x] `mvn -pl extensions/web-tracker/wab,graphql/graphql-ui,wab -am package -DskipTests` - [ ] CI unit tests - [ ] CI ES + OS integration tests ## References UNOMI-875 (optional post-3.1 hygiene); supersedes Dependabot #813, #814, #815, #816, #817 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
