dosubot[bot] commented on issue #35797: URL: https://github.com/apache/superset/issues/35797#issuecomment-3441340080
<!-- Answer --> You're right—luxon 3.6.1 still satisfies ^3.5.0, and 3.7.2 being released months ago shouldn't have caused an immediate break. The npm ci failure happens because npm expects package.json and package-lock.json to be perfectly in sync, not just semver compatible. If the lockfile was generated with 3.6.1 but the registry or npm client changes how it resolves or validates dependencies, npm ci can suddenly require the latest matching version (like 3.7.2), even if nothing changed in your repo or in luxon itself. This is a known npm behavior and has recurred in Superset before—see [Issue #33881](https://github.com/apache/superset/issues/33881) and [this discussion](https://github.com/apache/superset/discussions/35078). The best way to avoid this is to regularly update and commit package-lock.json whenever a new compatible dependency version is published, or to pin the luxon version in package.json if you need strict reproducibility. This isn't caused by indirect dependencies or codebase changes, but by npm's strict lockfile validation and possible registry metadata changes or npm client updates enforcing stricter checks. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/b167b421-2b0e-462d-91bf-de7b0e7b0c87?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/b167b421-2b0e-462d-91bf-de7b0e7b0c87?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/b167b421-2b0e-462d-91bf-de7b0e7b0c87?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/b167b421-2b0e-462d-91bf-de7b0e7b0c87?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/b167b421-2b0e-462d-91bf-de7b0e7b0c87?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/b167b421-2b0e-462d-91bf-de7b0e7b0c87?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/b167b421-2b0e-462d-91bf-de7b0e7b0c87?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=githu b) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/issues/35797) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
