rusackas opened a new pull request, #37450: URL: https://github.com/apache/superset/pull/37450
## Summary This PR fixes a transitive dependency resolution issue that was causing multiple Dependabot PRs to fail CI. **Problem:** When npm regenerates the lockfile (during dependency updates), peer dependencies can resolve to different versions: - `query-string >=5.1.1` was resolving to **9.x** (ESM-only) instead of **6.x** (CommonJS) - `global-box` was being **dropped entirely** from the dependency tree **Symptoms in CI:** - Jest: `SyntaxError: Cannot use import statement outside a module` (query-string ESM issue) - Storybook: `Module not found: Error: Can't resolve 'global-box'` (encodable dependency) **Solution:** Add these as explicit dependencies with pinned versions: - `query-string`: 6.14.1 (CommonJS version, compatible with Jest) - `global-box`: 2.0.2 (required by @encodable/registry) ## Affected Dependabot PRs Once this PR is merged, these PRs can be rebased and should pass CI: - #37319 - core-js (ui-core) - #37240 - @luma.gl/core - #37239 - @deck.gl/mesh-layers - #37237 - @luma.gl/shadertools - #37151 - memoize-one - #36662 - fetch-mock - #36565 - ts-loader - #36560 - @storybook/addon-controls - #37417 - ag-grid-react (ui-core) ## Test Plan - [ ] CI passes on this PR - [ ] Rebase an affected Dependabot PR and verify it passes 🤖 Generated with [Claude Code](https://claude.ai/code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
