Skip to content

Reduce exact pinning in the edx-platform package.json file. #37961

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
feanil wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Reduce exact pinning in the edx-platform package.json file. #37961

feanil wants to merge 2 commits into from
+2,199 −1,599

Conversation

@feanil
Copy link
Contributor

@feanil feanil commented Jan 29, 2026
edited
Loading

Change package.json to use caret (^) pinning for flexible version resolution.
Packages >=1.0.0 pin to major version, packages <1.0.0 pin to minor version.

The following packages remain exact-pinned due to compatibility issues:

  • redux (3.7.2) and redux-thunk (2.2.0): Newer versions of redux-thunk
    (2.3+) require redux@^4 as a peer dependency. Since the codebase uses
    redux 3.x, allowing redux-thunk to upgrade would cause peer dependency
    conflicts and potential runtime issues.

  • @edx/frontend-component-cookie-policy-banner (2.2.0): Newer versions
    (2.6.0+) depend on @openedx/[email protected] which requires PNG file loaders
    and uses SCSS files incompatible with the current webpack/sass-loader
    configuration.

  • bootstrap (4.0.0): Newer versions (4.6.x) use a deprecate mixin in
    their SCSS that the current sass compilation setup doesn't support.

  • jasmine-core (2.6.4): Newer 2.x versions (2.99+) enforce stricter
    afterEach placement rules that break edx-ui-toolkit's ajax-helpers.js,
    which calls afterEach() inside helper functions rather than directly
    in describe() blocks. See: https://github.com/edx/edx-ui-toolkit/blob/master/src/js/utils/spec-helpers/ajax-helpers.js#L53

@feanil feanil force-pushed the feanil/update_package_lock branch 2 times, most recently from d9a0ce9 to 6b39b13 Compare January 29, 2026 20:10
feanil and others added 2 commits January 29, 2026 16:30
@feanil @claude
build(deps): switch to caret version pinning for npm dependencies
0b3665e 
Change package.json to use caret (^) pinning for flexible version
resolution. Packages >=1.0.0 pin to major version, packages <1.0.0
pin to minor version.

The following packages remain exact-pinned due to compatibility issues:

- redux (3.7.2) and redux-thunk (2.2.0): Newer versions of redux-thunk
  (2.3+) require redux@^4 as a peer dependency. Since the codebase uses
  redux 3.x, allowing redux-thunk to upgrade would cause peer dependency
  conflicts and potential runtime issues.

- @edx/frontend-component-cookie-policy-banner (2.2.0): Newer versions
  (2.6.0+) depend on @openedx/[email protected] which requires PNG file loaders
  and uses SCSS files incompatible with the current webpack/sass-loader
  configuration.

- bootstrap (4.0.0): Newer versions (4.6.x) use a `deprecate` mixin in
  their SCSS that the current sass compilation setup doesn't support.

- [email protected]: Newer 2.x versions (2.99+) enforce stricter
  afterEach placement rules that break edx-ui-toolkit's ajax-helpers.js

Co-Authored-By: Claude Opus 4.5 <[email protected]>
@feanil @claude
test: update Jest snapshots for @edx/paragon 2.6.4 → 2.7.0
ccfa8d6 
The caret version pinning change updated @edx/paragon from 2.6.4 to
2.7.0, which caused Icon component IDs to change from "Icon2" to
"Icon1" in snapshot tests.

This is a cosmetic change with no functional impact. The Icon
component generates unique IDs using a module-level counter in
src/utils/newId.js:

    let lastId = 0;
    const newId = (prefix = 'id') => {
      lastId += 1;
      return `${prefix}${lastId}`;
    };

The ID values depend on module import order, which changed slightly
between versions. The visual rendering and accessibility features
(screen reader text) are unaffected.

References:
- Paragon Icon component: https://github.com/edx/paragon/blob/v2.7.0/src/Icon/index.jsx
- Paragon newId utility: https://github.com/edx/paragon/blob/v2.7.0/src/utils/newId.js
- Version comparison: openedx/paragon@v2.6.4...v2.7.0

Co-Authored-By: Claude Opus 4.5 <[email protected]>
@feanil feanil force-pushed the feanil/update_package_lock branch from 6a8e325 to ccfa8d6 Compare January 29, 2026 21:30
@feanil feanil marked this pull request as ready for review January 29, 2026 21:54
bradenmacdonald
bradenmacdonald approved these changes Jan 30, 2026
View reviewed changes
Copy link
Contributor

@bradenmacdonald bradenmacdonald left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense to me. I also tried out this branch and clicked around in a few legacy pages and didn't see any obvious issues.

package.json
"@edx/brand": "npm:@openedx/brand-openedx@^1.2.2",
"@edx/edx-bootstrap": "1.0.4",
"@edx/edx-proctoring": "^4.18.1",
"@babel/core": "^7",
Copy link
Contributor

@bradenmacdonald bradenmacdonald Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For versions above 1.0.0 there isn't any difference between specifying ^7 and ^7.26.0 as far as I know, but I do find the shorter major-only version much cleaner.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bradenmacdonald bradenmacdonald bradenmacdonald approved these changes

@arbrandes arbrandes Awaiting requested review from arbrandes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@feanil @bradenmacdonald