Oskar-Bonde opened a new issue, #35797: URL: https://github.com/apache/superset/issues/35797
### Bug description **Description:** ## Problem `npm ci` fails when building Superset 4.1.4 and 4.1.3 with the following error: ``` Invalid: lock file's [email protected] does not satisfy [email protected] ``` ## Timeline - **2025-10-17**: `npm ci` worked correctly - **2025-10-18**: `npm ci` started failing consistently ## Workaround Running `npm install` (instead of `npm ci`) updates luxon to 3.7.2, after which `npm ci` works. However, this defeats the purpose of using `npm ci` for reproducible builds. ## Root Cause Analysis `npm ci` validates that `package.json` and `package-lock.json` are in sync by generating a virtual lockfile and comparing it. The issue is that `npm install` now produces a different `package-lock.json` than it did before 2025-10-18, despite no changes to our dependency specifications. Why this change occurred is unclear. Luxon 3.7.2 was released 2 months ago. ## Impact - Breaks CI/CD pipelines using `npm ci` - Breaks Docker builds - Affects reproducible builds for versions 4.1.3 and 4.1.4 - **This is a recurring issue** - similar problems occurred ~4 months ago. See Issue #33881 ## Questions 1. Why does `npm install` produce different lockfiles after 2025-10-18 without any code changes? 2. How can we prevent this from happening again in future releases? ## Environment - Superset versions: 4.1.4, 4.1.3 - npm version: 10.2.4 - Node version: 18.19.1 ### Screenshots/recordings _No response_ ### Superset version 4.1.3 ### Python version 3.10 ### Node version 18 or greater ### Browser Chrome ### Additional context _No response_ ### Checklist - [x] I have searched Superset docs and Slack and didn't find a solution to my problem. - [x] I have searched the GitHub issue tracker and didn't find a similar bug report. - [x] I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
