Currently, when "mvn package" is run, yarn package manager in some cases updates the yarn.lock file. In theory, yarn.lock file should not change unless package.json is changed. However, it seems that this behavior is not guaranteed in some cases. This is a pain since yarn.lock is checked into git so whenever yarn.lock is updated, it is treated as uncommitted changes.
In Yarn package manager, there's an option called "--pure-lockfile" that prevents unexpected behavior from happening (there are some long discussions about why this behavior is not by default in the first place: https://github.com/yarnpkg/yarn/issues/570).
For mvn based builds, we can simply use that option.
Verified that builds via "mvn clean package" are successful with the patch, and that yarn.lock does not change. The resulting build passes all ambari-web unit tests:
20701 passing (19s)