fix(deps): remove encodable dependency and pin query-string to fix Dependabot CI failures

[rusackas]

Summary

This PR fixes transitive dependency resolution issues that were causing multiple Dependabot PRs to fail CI, by removing the root cause rather than just pinning versions.

The Problem

When npm regenerates the lockfile (during dependency updates), peer dependencies were resolving differently:

• query-string >=5.1.1 was resolving to 9.x (ESM-only) instead of 6.x (CommonJS)
• global-box was being dropped entirely from the dependency tree

This caused CI failures:

• Jest: SyntaxError: Cannot use import statement outside a module
• Storybook: Module not found: Error: Can't resolve 'global-box'

Root Cause

The global-box dependency came from encodable, an unmaintained library (last updated 2021) used only by the word-cloud plugin. Rather than pin global-box, we removed the dependency chain entirely.

Solution

1. Refactored word-cloud plugin to remove encodable dependency

   • Replaced with a simple SimpleEncoder class (~90 lines)
   • Uses d3-scale (already a dependency) for fontSize scaling
   • Deleted configureEncodable.ts (no longer needed)

2. Removed unused @encodable/color from superset-ui-demo

   • Was listed in package.json but never imported anywhere

3. Pinned query-string at 6.14.1 to prevent ESM resolution issues

   • This is a peer dependency that can resolve to ESM-only 9.x

Changes

File	Change
plugins/plugin-chart-word-cloud/src/chart/WordCloud.tsx	Replaced encodable with SimpleEncoder
plugins/plugin-chart-word-cloud/src/configureEncodable.ts	Deleted
plugins/plugin-chart-word-cloud/src/index.ts	Removed configureEncodable export
plugins/plugin-chart-word-cloud/src/plugin/index.ts	Removed configureEncodable import/call
plugins/plugin-chart-word-cloud/package.json	Removed encodable dependency
packages/superset-ui-demo/package.json	Removed unused @encodable/color
package.json	Added query-string pin
package-lock.json	Regenerated (encodable & global-box removed)

Affected Dependabot PRs

Once this PR is merged, these PRs can be rebased and should pass CI:

• chore(deps): update core-js requirement from ^3.38.1 to ^3.48.0 in /superset-frontend/packages/superset-ui-core #37319 - core-js (ui-core)
• chore(deps): update @luma.gl/core requirement from ~9.2.2 to ~9.2.6 in /superset-frontend/plugins/legacy-preset-chart-deckgl #37240 - @luma.gl/core
• chore(deps): update @deck.gl/mesh-layers requirement from ~9.2.2 to ~9.2.6 in /superset-frontend/plugins/legacy-preset-chart-deckgl #37239 - @deck.gl/mesh-layers
• chore(deps): update @luma.gl/shadertools requirement from ~9.2.2 to ~9.2.6 in /superset-frontend/plugins/legacy-preset-chart-deckgl #37237 - @luma.gl/shadertools
• chore(deps): bump memoize-one from 5.2.1 to 6.0.0 in /superset-frontend/packages/superset-ui-demo #37151 - memoize-one
• chore(deps-dev): bump fetch-mock from 11.1.5 to 12.6.0 in /superset-frontend/packages/superset-ui-core #36662 - fetch-mock
• chore(deps-dev): update ts-loader requirement from ^9.5.2 to ^9.5.4 in /superset-frontend/packages/superset-ui-demo #36565 - ts-loader
• chore(deps): bump @storybook/addon-controls from 8.1.11 to 9.0.8 in /superset-frontend/packages/superset-ui-demo #36560 - @storybook/addon-controls
• chore(deps): bump ag-grid-react from 34.3.1 to 35.0.1 in /superset-frontend/packages/superset-ui-core #37417 - ag-grid-react (ui-core)

Test Plan

• Word-cloud plugin tests pass (4 tests)
• TypeScript compiles without errors
• CI passes on this PR
• Rebase an affected Dependabot PR and verify it passes

🤖 Generated with Claude Code

[bito-code-review]

Bito Automatic Review Skipped - Files Excluded

Bito didn't auto-review this change because all changed files are in the exclusion list for automatic reviews. No action is needed if you didn't intend for the agent to review it. Otherwise, to manually trigger a review, type /review in a comment and save.
You can change the excluded files settings here, or contact your Bito workspace admin at evan@preset.io.

[codeant-ai-for-open-source]

Sequence Diagram

This PR pins query-string and global-box in package.json to force compatible CommonJS versions and reintroduce a missing transitive dependency, preventing CI failures caused by npm lockfile regenerations during dependency updates.

sequenceDiagram
    participant Dependabot
    participant npm
    participant CI
    participant Repo

    Dependabot->>npm: Run dependency update (regenerate lockfile)
    npm-->>Repo: Resolve deps (query-string -> 9.x (ESM), global-box dropped)
    Repo->>CI: Run tests (Jest/Storybook)
    CI-->>Dependabot: Fail (SyntaxError / Module not found)
    Repo->>Repo: Add pinned deps (query-string@6.14.1, global-box@2.0.2) in package.json
    Repo->>npm: Install & regenerate lockfile
    npm-->>CI: Resolved compatible deps
    CI-->>Dependabot: Tests pass (Dependabot PRs can be rebased)

Loading

---

Generated by CodeAnt AI

[Copilot]

Pull request overview

This PR pins query-string and global-box as top-level frontend dependencies to stabilize transitive resolution and prevent ESM/peer-dependency issues that were breaking Jest and Storybook in Dependabot PRs.

Changes:

• Add global-box@2.0.2 to superset-frontend dependencies so it remains present in the dependency tree for @encodable/registry and Storybook.
• Add query-string@6.14.1 (CommonJS) to superset-frontend dependencies so Jest no longer resolves to the ESM-only 9.x line.
• Regenerate package-lock.json to reflect the new direct dependencies and their dependency metadata (removing obsolete "peer": true flags where these are now regular deps).

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File	Description
superset-frontend/package.json	Adds pinned global-box and query-string as explicit runtime dependencies to control resolution.
superset-frontend/package-lock.json	Updates lockfile to align with the new direct dependencies and their transitive packages, ensuring consistent installs in CI.

Files not reviewed (1)

• superset-frontend/package-lock.json: Language not supported

[bito-code-review]

Code Review Agent Run #16cd60

Actionable Suggestions - 0

Additional Suggestions - 1

• superset-frontend/plugins/plugin-chart-word-cloud/src/chart/WordCloud.tsx - 1

  • Incorrect zero value handling in font size · Line 170-170
    The `getFontSize` method uses `||` for default fallback, which incorrectly treats zero font sizes as falsy and replaces them with the default (20), potentially causing words with zero size data to render at default size instead of being invisible or minimal.
    Code suggestion

     @@ -166,4 +166,4 @@
    -    if (this.fontSizeScale) {
    -      return this.fontSizeScale(value);
    -    }
    -    return value || this.defaults.fontSize;
    +    if (this.fontSizeScale) {
    +      return this.fontSizeScale(value);
    -    }
    +    return value ?? this.defaults.fontSize;

Review Details

• Files reviewed - 4 · Commit Range: 23f619a..9b6a4cf

  • superset-frontend/plugins/plugin-chart-word-cloud/src/chart/WordCloud.tsx
  • superset-frontend/plugins/plugin-chart-word-cloud/src/configureEncodable.ts
  • superset-frontend/plugins/plugin-chart-word-cloud/src/index.ts
  • superset-frontend/plugins/plugin-chart-word-cloud/src/plugin/index.ts
• Files skipped - 5

  • superset-frontend/package-lock.json - Reason: Filter setting
  • superset-frontend/package.json - Reason: Filter setting
  • superset-frontend/packages/superset-ui-demo/package.json - Reason: Filter setting
  • superset-frontend/plugins/plugin-chart-echarts/package.json - Reason: Filter setting
  • superset-frontend/plugins/plugin-chart-word-cloud/package.json - Reason: Filter setting
• Tools

  • Eslint (Linter) - ✔︎ Successful
  • Whispers (Secret Scanner) - ✔︎ Successful
  • Detect-secrets (Secret Scanner) - ✔︎ Successful

---

Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

• /review - Manually triggers a full AI review.

• /pause - Pauses automatic reviews on this pull request.

• /resume - Resumes automatic reviews.

• /resolve - Marks all Bito-posted review comments as resolved.

• /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at evan@preset.io.

Documentation & Help

• Customize agent settings
• Review rules
• General documentation
• FAQ

AI Code Review powered by

[github-actions]

🎪 Showtime is building environment on GHA for 9b6a4cf