HBASE-29963 Bump minimatch and serve in /hbase-website

[dependabot]

Bumps minimatch to 3.1.5 and updates ancestor dependency serve. These dependencies need to be updated together.

Updates minimatch from 3.1.2 to 3.1.5

Commits

• 7bba978 3.1.5
• bd25942 docs: add warning about ReDoS
• 1a9c27c fix partial matching of globstar patterns
• 1a2e084 3.1.4
• ae24656 update lockfile
• b100374 limit recursion for **, improve perf considerably
• 26ffeaa lockfile update
• 9eca892 lock node version to 14
• 00c323b 3.1.3
• 30486b2 update CI matrix and actions
• Additional commits viewable in compare view

Updates serve from 14.2.5 to 14.2.6

Release notes

Sourced from serve's releases.

v14.2.6

Patch Changes

• 7fcb924: Bump ajv to 8.18.0
• b3888f9: Update serve-handler to 6.1.7 to fix ReDoS vulnerabilities

Changelog

Sourced from serve's changelog.

14.2.6

Patch Changes

• 7fcb924: Bump ajv to 8.18.0
• b3888f9: Update serve-handler to 6.1.7 to fix ReDoS vulnerabilities

Commits

• f3c702c Version Packages (#846)
• 7fcb924 Add changeset for #842
• a2fecb3 chore(deps): update ajv to v8.18.0 (#842)
• b3888f9 Bump serve-handler to 6.1.7 (#845)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[PDavid]

LGTM.

I checked out the branch locally and built the website. It looks good.

[PDavid]

Spotless complains about:

• hbase-website/playwright-report/data/71ec87d76eb49e0c30e52f3edafb4411bde64b73.md
• hbase-website/test-results/docs-Documentation-Page----c6b0b-o-single-page-documentation-webkit/error-context.md

Maybe we have to ignore hbase-website/playwright-report/* and hbase-website/test-results/* in spotless checks?

There was a failed e2e test:

[INFO] [83/105] [webkit] › e2e-tests/docs.spec.ts:192:3 › Documentation Page - Content & Navigation › can navigate to single-page documentation
[INFO]   1) [webkit] › e2e-tests/docs.spec.ts:192:3 › Documentation Page - Content & Navigation › can navigate to single-page documentation 
[INFO] 
[INFO]     Test timeout of 30000ms exceeded.
[INFO] 
[INFO]     Error: page.waitForLoadState: Test timeout of 30000ms exceeded.
[INFO] 
[INFO]       192 |   test("can navigate to single-page documentation", async ({ page }) => {
[INFO]       193 |     await page.goto("/docs/single-page");
[INFO]     > 194 |     await page.waitForLoadState("networkidle");
[INFO]           |                ^
[INFO]       195 |
[INFO]       196 |     // Verify URL
[INFO]       197 |     await expect(page).toHaveURL(/.*single-page/);
[INFO]         at /home/runner/work/hbase/hbase/src/hbase-website/e2e-tests/docs.spec.ts:194:16
[INFO] 
[INFO]     Error Context: test-results/docs-Documentation-Page----c6b0b-o-single-page-documentation-webkit/error-context.md
[INFO] 

As I saw these might be flaky, probably successful on next run.

[PDavid]

Re-running Yetus General check was successful.

[yuriipalam]

Thanks David.

Maybe we have to ignore hbase-website/playwright-report/* and hbase-website/test-results/* in spotless checks?

What do you mean by ignoring? These are just logs.

I tested it locally, everything works. That's weird it's failing remotely. I am going to investigate. Perhaps the timeout is too small 🤷‍♂️

[yuriipalam]

When I'm opening the details of the failing checks, I don't see any failures. That's weird. Am I doing something wrong @PDavid ?

[PDavid]

When I'm opening the details of the failing checks, I don't see any failures. That's weird. Am I doing something wrong @PDavid ?

Thanks @yuriipalam for looking into these. 👍

Actually the first run of Yetus General check failed and produced these spotless errors:

• hbase-website/playwright-report/data/71ec87d76eb49e0c30e52f3edafb4411bde64b73.md
• hbase-website/test-results/docs-Documentation-Page----c6b0b-o-single-page-documentation-webkit/error-context.md

Then run the site build locally and then the spotless check and could not reproduce these issues locally.

So I re-run the Yetus General check and that is now successful:
https://github.com/apache/hbase/actions/runs/22716047463/

[yuriipalam]

Cool, thanks @PDavid

[PDavid]

I screwed up the commit message, forgot to add the Jira ticket ID and merged it to master. I reverted it now.
Will do this again in #7868