Adding exact version for NPM libraries

[Ashi1993]

Adding exact version for NPM libraries

Fix NPM libraries to use exact version.

Issue link: required

Doc Issue: Optional, link issue from documentation repository

Applicable Labels: Spec, product, version, type (specify requested labels)

---

Development Checklist

1. Build complete solution with pull request in place.
2. Ran checkstyle plugin with pull request in place.
3. Ran Findbugs plugin with pull request in place.
4. Ran FindSecurityBugs plugin and verified report.
5. Formatted code according to WSO2 code style.
6. Have you verified the PR doesn't commit any keys, passwords, tokens, usernames, or other secrets?
7. Migration scripts written (if applicable).
8. Have you followed secure coding standards in WSO2 Secure Engineering Guidelines?

Testing Checklist

1. Written unit tests.
2. Verified tests in multiple database environments (if applicable).
3. Tested with BI enabled (if applicable).

Summary by CodeRabbit

• Chores
  • Updated project dependencies to use fixed version specifications, ensuring consistent package installations across environments.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

All dependency version specifiers in package.json were changed from caret-prefixed ranges (e.g., "^1.2.3") to exact versions (e.g., "1.2.3") for dependencies and devDependencies. This pins all package versions at install time.

Changes

Cohort / File(s)	Summary
Dependency version pinning package.json	Updated all dependencies and devDependencies from caret-prefixed ranges to exact versions, fixing resolved versions at install time across react, react-axios, reactjs-popup, styled-components, and others

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

• Verify all version changes follow the pattern of removing caret prefix
• Confirm no accidental changes to package names or other JSON structure
• Understand the rationale for switching from flexible to fixed versioning strategy

Poem

🐰 A rabbit hops through versions bright,
No more the caret's floating flight!
Each package now sits locked in place,
Like carrots sealed in storage space,
Predictable and set just right.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is incomplete. Critical required fields like 'Issue link' are marked as required but left unfilled, and several template sections are missing or only partially implemented.	Fill in the required 'Issue link' field, add 'Secure Development Checklist' section, include 'Automation Test Details' and 'Conformance Tests Details' tables if applicable, and complete all empty checklist items.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title accurately describes the main change: fixing NPM library dependencies to use exact version specifiers instead of caret ranges.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

financial-services-accelerator/react-apps/self-care-portal/self-care-portal-frontend/package.json (2)

25-25: Consider updating significantly outdated dependencies.

Several dependencies are notably older and lack newer major versions with improvements, bug fixes, and security patches:

• React 17.0.1 (v18 & v19 available)
• React Router 5.2.0 (v6+ available with breaking changes)
• @testing-library/react 9.5.0 (v14+ available)
• reactjs-popup 2.0.5 (last release from 2020)

While not blocking this PR, consider prioritizing upgrades in a follow-up, especially for testing libraries which impact development velocity and reliability. Updating these may require code adjustments but would improve maintainability.

Also applies to: 26-26, 29-29, 35-35

---

56-68: Establish a process for managing pinned devDependency versions.

Build tooling versions (Babel, Webpack, Webpack CLI) are pinned. Ensure your team has:

• A documented schedule or trigger for reviewing these versions
• CI/CD checks that alert on security advisories
• A rollback plan if updates introduce build failures

Consider integrating npm audit into your CI pipeline to catch vulnerabilities early.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e7fae32 and 4accedb.

⛔ Files ignored due to path filters (1)

• financial-services-accelerator/react-apps/self-care-portal/self-care-portal-frontend/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• financial-services-accelerator/react-apps/self-care-portal/self-care-portal-frontend/package.json (2 hunks)

🔇 Additional comments (1)

financial-services-accelerator/react-apps/self-care-portal/self-care-portal-frontend/package.json (1)

6-36: Document the security and maintenance strategy for pinned versions.

Exact version pinning improves build reproducibility and is a solid practice for production deployments. However, this strategy requires active security management: establish a process to monitor for vulnerabilities in these pinned versions and schedule periodic dependency reviews to address security patches and necessary updates.

Before merging, run npm audit to verify no transitive vulnerabilities are introduced through these dependencies.