Skip to content

Reduce exact pinning in the edx-platform package.json file. #37961

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
feanil wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Reduce exact pinning in the edx-platform package.json file. #37961

feanil wants to merge 2 commits into from
+2,199 −1,599

Conversation

@feanil
Copy link
Contributor

@feanil feanil commented Jan 29, 2026
edited
Loading

Change package.json to use caret (^) pinning for flexible version resolution.
Packages >=1.0.0 pin to major version, packages <1.0.0 pin to minor version.

The following packages remain exact-pinned due to compatibility issues:

  • redux (3.7.2) and redux-thunk (2.2.0): Newer versions of redux-thunk
    (2.3+) require redux@^4 as a peer dependency. Since the codebase uses
    redux 3.x, allowing redux-thunk to upgrade would cause peer dependency
    conflicts and potential runtime issues.

  • @edx/frontend-component-cookie-policy-banner (2.2.0): Newer versions
    (2.6.0+) depend on @openedx/paragon@21.x which requires PNG file loaders
    and uses SCSS files incompatible with the current webpack/sass-loader
    configuration.

  • bootstrap (4.0.0): Newer versions (4.6.x) use a deprecate mixin in
    their SCSS that the current sass compilation setup doesn't support.

  • jasmine-core (2.6.4): Newer 2.x versions (2.99+) enforce stricter
    afterEach placement rules that break edx-ui-toolkit's ajax-helpers.js,
    which calls afterEach() inside helper functions rather than directly
    in describe() blocks. See: https://github.com/edx/edx-ui-toolkit/blob/master/src/js/utils/spec-helpers/ajax-helpers.js#L53

@feanil feanil force-pushed the feanil/update_package_lock branch 2 times, most recently from d9a0ce9 to 6b39b13 Compare January 29, 2026 20:10
feanil and others added 2 commits January 29, 2026 16:30
@feanil @claude
build(deps): switch to caret version pinning for npm dependencies
0b3665e 
Change package.json to use caret (^) pinning for flexible version
resolution. Packages >=1.0.0 pin to major version, packages <1.0.0
pin to minor version.

The following packages remain exact-pinned due to compatibility issues:

- redux (3.7.2) and redux-thunk (2.2.0): Newer versions of redux-thunk
  (2.3+) require redux@^4 as a peer dependency. Since the codebase uses
  redux 3.x, allowing redux-thunk to upgrade would cause peer dependency
  conflicts and potential runtime issues.

- @edx/frontend-component-cookie-policy-banner (2.2.0): Newer versions
  (2.6.0+) depend on @openedx/paragon@21.x which requires PNG file loaders
  and uses SCSS files incompatible with the current webpack/sass-loader
  configuration.

- bootstrap (4.0.0): Newer versions (4.6.x) use a `deprecate` mixin in
  their SCSS that the current sass compilation setup doesn't support.

- jasmine-core@2.6.4: Newer 2.x versions (2.99+) enforce stricter
  afterEach placement rules that break edx-ui-toolkit's ajax-helpers.js

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@feanil @claude
test: update Jest snapshots for @edx/paragon 2.6.4 → 2.7.0
ccfa8d6 
The caret version pinning change updated @edx/paragon from 2.6.4 to
2.7.0, which caused Icon component IDs to change from "Icon2" to
"Icon1" in snapshot tests.

This is a cosmetic change with no functional impact. The Icon
component generates unique IDs using a module-level counter in
src/utils/newId.js:

    let lastId = 0;
    const newId = (prefix = 'id') => {
      lastId += 1;
      return `${prefix}${lastId}`;
    };

The ID values depend on module import order, which changed slightly
between versions. The visual rendering and accessibility features
(screen reader text) are unaffected.

References:
- Paragon Icon component: https://github.com/edx/paragon/blob/v2.7.0/src/Icon/index.jsx
- Paragon newId utility: https://github.com/edx/paragon/blob/v2.7.0/src/utils/newId.js
- Version comparison: openedx/paragon@v2.6.4...v2.7.0

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@feanil feanil force-pushed the feanil/update_package_lock branch from 6a8e325 to ccfa8d6 Compare January 29, 2026 21:30
@feanil feanil marked this pull request as ready for review January 29, 2026 21:54
@feanil feanil requested a review from arbrandes January 29, 2026 21:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@arbrandes arbrandes Awaiting requested review from arbrandes

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@feanil