Skip to content

UNOMI-875: Post-3.1 npm hygiene (wab + graphql-ui Dependabot batch)#818

Merged
sergehuber merged 1 commit into
masterfrom
UNOMI-875-pr8-npm-hygiene
Jul 11, 2026
Merged

UNOMI-875: Post-3.1 npm hygiene (wab + graphql-ui Dependabot batch)#818
sergehuber merged 1 commit into
masterfrom
UNOMI-875-pr8-npm-hygiene

Conversation

@sergehuber

Copy link
Copy Markdown
Contributor

Plain-language summary

After the main 3.1 platform PR merged, several small security updates were still open for the web tracker and GraphQL UI front-end builds. Those modules are build-time only and do not change Unomi runtime behavior.

This PR applies them in one batch so we do not run five separate full integration test cycles for tiny yarn lockfile changes.

What changed

  • web-tracker wab: bump rollup to 2.80.0; pin transitive minimatch, picomatch, @babel/runtime, and serialize-javascript via yarn resolutions
  • graphql-ui: bump webpack to 5.104+ (resolves to 5.108.x)
  • Refresh both yarn.lock files; no Java or Karaf changes

Dependabot follow-up (after merge)

Test plan

  • yarn build in extensions/web-tracker/wab
  • yarn build:production in graphql/graphql-ui
  • mvn -pl extensions/web-tracker/wab,graphql/graphql-ui,wab -am package -DskipTests
  • CI unit tests
  • CI ES + OS integration tests

References

UNOMI-875 (optional post-3.1 hygiene); supersedes Dependabot #813, #814, #815, #816, #817

Batch security hygiene for web-tracker wab (rollup, minimatch, picomatch,
babel runtime, serialize-javascript) and graphql-ui webpack 5.104+.
@sergehuber sergehuber merged commit c8878af into master Jul 11, 2026
6 checks passed
@sergehuber sergehuber deleted the UNOMI-875-pr8-npm-hygiene branch July 11, 2026 07:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant