Update shakapacker to 9.6.0 (gem and npm)

[justin808]

Summary

• Updates shakapacker from 9.5.0 to 9.6.0 across all test environments (gem pin and npm pin)
• Regenerates all lock files (Gemfile.lock and pnpm-lock.yaml)

Files updated

• react_on_rails/Gemfile.development_dependencies — gem pin
• react_on_rails/spec/dummy/package.json — npm pin
• react_on_rails_pro/Gemfile.development_dependencies — gem pin (Pro)
• react_on_rails_pro/spec/dummy/package.json — npm pin (Pro)
• react_on_rails_pro/spec/execjs-compatible-dummy/Gemfile — gem pin (Pro ExecJS)
• react_on_rails_pro/spec/execjs-compatible-dummy/package.json — npm pin (Pro ExecJS)

Test plan

• CI passes with shakapacker 9.6.0 across all test environments

🤖 Generated with Claude Code

---

Note

Medium Risk
Build/asset pipeline dependency bump; risk is mainly potential CI or local compilation regressions due to webpack/shakapacker behavior changes and updated transitive dependencies.

Overview
Updates shakapacker from 9.5.0 to 9.6.0 across the repo’s Ruby and Node test/dummy environments (Gemfile pins and package.json pins).

Regenerates lockfiles (pnpm-lock.yaml, dummy Gemfile.locks), which also pulls minor transitive updates (e.g., semantic_range/package_json) and reflects updated peer dependency ranges (notably compression-webpack-plugin).

^{Written by Cursor Bugbot for commit eb8ac0c. Configure here.}

Summary by CodeRabbit

• Chores
  • Updated shakapacker dependency to version 9.6.0 across development and test environments.

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (2)

• react_on_rails/Gemfile.lock is excluded by !**/*.lock
• react_on_rails_pro/Gemfile.lock is excluded by !**/*.lock

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 8324525a-64bc-43d2-9e66-c2384d6de1b2

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Walkthrough

Updated shakapacker gem/package dependency from version 9.5.0 to 9.6.0 across Ruby Gemfiles and JavaScript package.json files in both react_on_rails and react_on_rails_pro projects, including their test dummy applications.

Changes

Cohort / File(s)	Summary
Ruby Dependency Updates react_on_rails/Gemfile.development_dependencies, react_on_rails_pro/Gemfile.development_dependencies, react_on_rails_pro/spec/execjs-compatible-dummy/Gemfile	Updated shakapacker gem version from 9.5.0 to 9.6.0 across Ruby dependency files.
JavaScript Dependency Updates react_on_rails/spec/dummy/package.json, react_on_rails_pro/spec/dummy/package.json, react_on_rails_pro/spec/execjs-compatible-dummy/package.json	Bumped shakapacker package version from 9.5.0 to 9.6.0 in all JavaScript dependency manifests.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A whisker-twitch and a hop of glee,
Shakapacker's updated, version nine-point-six you see!
Through Gemfiles and package.json they dance,
Dependencies aligned in perfect prance! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The pull request title clearly and accurately summarizes the main change: updating shakapacker to version 9.6.0 across both gem and npm package managers.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch jg/upgrade-shakapacker-9.6

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This PR performs a clean, mechanical version bump of the shakapacker dependency from 9.5.0 to 9.6.0 across all test environments in the monorepo, with all corresponding lock files regenerated.

• Gem pins updated in react_on_rails/Gemfile.development_dependencies, react_on_rails_pro/Gemfile.development_dependencies, and react_on_rails_pro/spec/execjs-compatible-dummy/Gemfile
• npm pins updated in all three matching package.json files
• All Gemfile.lock files regenerated, picking up semantic_range 3.1.1 (up from 3.1.0 in two environments and 3.0.0 in the ExecJS-compatible environment)
• The pnpm-lock.yaml lock is regenerated with new integrity hashes and an expanded compression-webpack-plugin peer dependency range (^12.0.0 added) that comes from the new shakapacker release
• The execjs-compatible-dummy environment additionally received a package_json gem bump from 0.1.0 → 0.2.0 (a transitive shakapacker dependency), bringing it in line with the other two environments which already resolved to 0.2.0
• All three npm workspaces in pnpm-lock.yaml are consistently resolved to shakapacker@9.6.0

Confidence Score: 5/5

• This PR is safe to merge — it is a straightforward patch/minor version bump with all lock files correctly regenerated and all environments kept consistent.
• All changes are mechanically generated version bumps. Every environment (react_on_rails, react_on_rails_pro dummy, react_on_rails_pro ExecJS-compatible) has been updated in lockstep for both the gem and npm package. Lock files are consistent with their manifests. The only noteworthy detail is that the ExecJS-compatible environment was further behind on transitive deps (semantic_range 3.0.0, package_json 0.1.0), but after regeneration it is now fully aligned with the other environments. No application logic was modified.
• No files require special attention — the ExecJS-compatible Gemfile.lock received slightly more churn (extra transitive dep bumps) but this is expected given it was further behind.

Important Files Changed

Filename	Overview
react_on_rails/Gemfile.development_dependencies	Bumps shakapacker gem pin from 9.5.0 to 9.6.0; change is minimal and correct.
react_on_rails/spec/dummy/Gemfile.lock	Auto-regenerated lock; updates shakapacker 9.5.0→9.6.0 and semantic_range 3.1.0→3.1.1.
react_on_rails/spec/dummy/package.json	Bumps shakapacker npm pin from 9.5.0 to 9.6.0; no other changes.
react_on_rails_pro/Gemfile.development_dependencies	Bumps shakapacker gem pin from 9.5.0 to 9.6.0 in the Pro environment; correct and consistent.
react_on_rails_pro/spec/dummy/Gemfile.lock	Auto-regenerated lock; updates shakapacker 9.5.0→9.6.0 and semantic_range 3.1.0→3.1.1 in the Pro dummy environment.
react_on_rails_pro/spec/dummy/package.json	Bumps shakapacker npm pin from 9.5.0 to 9.6.0 in the Pro dummy; no other changes.
react_on_rails_pro/spec/execjs-compatible-dummy/Gemfile	Bumps the exact shakapacker gem pin from 9.5.0 to 9.6.0 in the Pro ExecJS-compatible environment.
react_on_rails_pro/spec/execjs-compatible-dummy/Gemfile.lock	Auto-regenerated lock; updates shakapacker 9.5.0→9.6.0, semantic_range 3.0.0→3.1.1, and package_json 0.1.0→0.2.0 — this environment was further behind on transitive deps, now aligned with the others.
react_on_rails_pro/spec/execjs-compatible-dummy/package.json	Bumps shakapacker npm pin from 9.5.0 to 9.6.0; no other changes.
pnpm-lock.yaml	Auto-regenerated pnpm lock; updates shakapacker from 9.5.0 to 9.6.0 across all three workspace importers and records the new integrity hash and expanded compression-webpack-plugin peer dep range (adds ^12.0.0).

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    subgraph "Gem Manifests (updated)"
        GEM1["react_on_rails/\nGemfile.development_dependencies\nshakapacker = 9.6.0"]
        GEM2["react_on_rails_pro/\nGemfile.development_dependencies\nshakapacker = 9.6.0"]
        GEM3["react_on_rails_pro/spec/\nexecjs-compatible-dummy/Gemfile\nshakapacker = 9.6.0"]
    end

    subgraph "NPM Manifests (updated)"
        NPM1["react_on_rails/spec/dummy/\npackage.json\nshakapacker: 9.6.0"]
        NPM2["react_on_rails_pro/spec/dummy/\npackage.json\nshakapacker: 9.6.0"]
        NPM3["react_on_rails_pro/spec/\nexecjs-compatible-dummy/package.json\nshakapacker: 9.6.0"]
    end

    subgraph "Lock Files (regenerated)"
        LOCK1["react_on_rails/spec/dummy/\nGemfile.lock"]
        LOCK2["react_on_rails_pro/spec/dummy/\nGemfile.lock"]
        LOCK3["react_on_rails_pro/spec/\nexecjs-compatible-dummy/Gemfile.lock\n⚠ also bumped: package_json 0.1.0→0.2.0\nsemantic_range 3.0.0→3.1.1"]
        PNPM["pnpm-lock.yaml\n(3 workspace importers)"]
    end

    GEM1 --> LOCK1
    GEM2 --> LOCK2
    GEM3 --> LOCK3
    NPM1 --> PNPM
    NPM2 --> PNPM
    NPM3 --> PNPM

    SHAKAPACKER["shakapacker 9.5.0 → 9.6.0"]
    SHAKAPACKER --> GEM1 & GEM2 & GEM3
    SHAKAPACKER --> NPM1 & NPM2 & NPM3

Loading

_{Last reviewed commit: eb8ac0c}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is ON, but it could not run because Privacy Mode (Legacy) is turned on. To enable Bugbot Autofix, switch your privacy mode in the Cursor dashboard.}

[cursor]

Gemfile.lock files not regenerated after gem pin update

Medium Severity

The shakapacker gem pin was updated to "9.6.0" in both react_on_rails/Gemfile.development_dependencies and react_on_rails_pro/Gemfile.development_dependencies, but the corresponding top-level lock files react_on_rails/Gemfile.lock and react_on_rails_pro/Gemfile.lock still reference shakapacker (9.5.0). This Gemfile/Gemfile.lock mismatch will cause bundle install to fail or require lock file regeneration, potentially breaking CI or local development setup. The PR description states it "regenerates all lock files" but these two were missed.

Additional Locations (1)

• react_on_rails_pro/Gemfile.development_dependencies#L10-L11

 

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: eb8ac0c05b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Regenerate OSS Gemfile.lock after shakapacker bump

This version pin was updated to 9.6.0, but react_on_rails/Gemfile.lock is still pinned to shakapacker (= 9.5.0), which leaves Bundler inputs out of sync for the open-source gem workflow. In environments using a frozen lockfile this can fail bundle exec immediately, and in non-frozen installs it means the committed lock state does not actually represent the bumped dependency.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Regenerate Pro Gemfile.lock after shakapacker bump

The Pro development dependency pin is now 9.6.0, but react_on_rails_pro/Gemfile.lock still contains shakapacker (= 9.5.0), so the committed lockfile no longer matches the declared Gemfile dependency. That mismatch can break locked Bundler runs and prevents this commit from reliably validating the intended Shakapacker upgrade in Pro workflows.

Useful? React with 👍 / 👎.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@react_on_rails/Gemfile.development_dependencies`:
- Line 5: The Gemfile was updated to pin gem "shakapacker" to 9.6.0 but the
generated lockfiles still list 9.5.0; run bundle install (or bundle update
shakapacker) in both react_on_rails and react_on_rails_pro to regenerate
Gemfile.lock files so they match the Gemfile, ensuring shakapacker resolves to
9.6.0 in each Gemfile.lock.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: b92c4c8b-012a-4fd4-9f0d-13ded23a56ea

📥 Commits

Reviewing files that changed from the base of the PR and between b1b772b and eb8ac0c.

⛔ Files ignored due to path filters (4)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
• react_on_rails/spec/dummy/Gemfile.lock is excluded by !**/*.lock
• react_on_rails_pro/spec/dummy/Gemfile.lock is excluded by !**/*.lock
• react_on_rails_pro/spec/execjs-compatible-dummy/Gemfile.lock is excluded by !**/*.lock

📒 Files selected for processing (6)

• react_on_rails/Gemfile.development_dependencies
• react_on_rails/spec/dummy/package.json
• react_on_rails_pro/Gemfile.development_dependencies
• react_on_rails_pro/spec/dummy/package.json
• react_on_rails_pro/spec/execjs-compatible-dummy/Gemfile
• react_on_rails_pro/spec/execjs-compatible-dummy/package.json

[claude]

Review Summary

This is a clean, mechanical dependency bump of shakapacker from 9.5.0 to 9.6.0 across all test/development environments.

What looks good:

• All environments updated in sync: gem pins, npm pins, and all lockfiles
• Both Ruby (Gemfile.development_dependencies, Gemfile.lock) and Node (package.json, pnpm-lock.yaml) artifacts are regenerated
• Exact version pinning in test environments is correct practice

Notable transitive changes:

1. package_json gem: 0.1.0 to 0.2.0 (in execjs-compatible-dummy only) - for pre-1.0 packages, a minor bump can include breaking changes. Worth confirming the execjs-compatible-dummy suite passes.

2. semantic_range gem inconsistency resolved - before this PR, execjs-compatible-dummy was on 3.0.0 while other environments were on 3.1.0. All are now on 3.1.1.

3. compression-webpack-plugin peer dep range expanded - shakapacker 9.6.0 adds v12.x support. Additive, does not affect existing installs.

Suggestion: The CI passes checkbox is still unchecked. Merge only after CI is green across all matrix jobs, particularly the execjs-compatible-dummy suite.

Overall: LGTM as a dependency update. No correctness, security, or API concerns.

[github-actions]

size-limit report 📦

Path	Size
react-on-rails/client bundled (gzip)	62.58 KB (0%)
react-on-rails/client bundled (gzip) (time)	62.58 KB (0%)
react-on-rails/client bundled (brotli)	53.7 KB (0%)
react-on-rails/client bundled (brotli) (time)	53.7 KB (0%)
react-on-rails-pro/client bundled (gzip)	63.59 KB (0%)
react-on-rails-pro/client bundled (gzip) (time)	63.59 KB (0%)
react-on-rails-pro/client bundled (brotli)	54.67 KB (0%)
react-on-rails-pro/client bundled (brotli) (time)	54.67 KB (0%)
registerServerComponent/client bundled (gzip)	127.36 KB (+0.01% 🔺)
registerServerComponent/client bundled (gzip) (time)	127.36 KB (0%)
registerServerComponent/client bundled (brotli)	61.55 KB (0%)
registerServerComponent/client bundled (brotli) (time)	61.55 KB (0%)
wrapServerComponentRenderer/client bundled (gzip)	121.94 KB (0%)
wrapServerComponentRenderer/client bundled (gzip) (time)	121.94 KB (0%)
wrapServerComponentRenderer/client bundled (brotli)	56.65 KB (0%)
wrapServerComponentRenderer/client bundled (brotli) (time)	56.65 KB (0%)

[claude]

Review: shakapacker 9.5.0 to 9.6.0

Overall: LGTM. This is a clean, mechanical version bump correctly applied across all environments.

What's correct

• All three test environments updated in lockstep (gem + npm + lockfiles): react_on_rails, react_on_rails_pro, and react_on_rails_pro/execjs-compatible-dummy
• Exact version pinning in test environments is intentional and correct
• pnpm-lock.yaml regenerated with updated integrity hash

Transitive changes worth noting

Dep	Change	Scope	Note
semantic_range	3.0.0 to 3.1.1	execjs-compatible-dummy only	Larger jump than other envs (3.1.0 to 3.1.1), now aligned
package_json gem	0.1.0 to 0.2.0	execjs-compatible-dummy only	Pre-1.0 package; minor bumps may include breaking changes - worth ensuring the ExecJS suite passes CI
compression-webpack-plugin peer dep	adds ^12.0.0	pnpm-lock.yaml	Additive only, no impact on current installs

On CodeRabbit's "Changes Requested"

CodeRabbit's concern that lockfiles were not updated is a false positive - it excluded *.lock files from its review scope, so it did not see that all Gemfile.lock files and pnpm-lock.yaml are updated in this PR. The lockfiles are correct and consistent with their manifests.

Prerequisite before merge

• CI passes across all matrix jobs, especially the execjs-compatible-dummy suite (given the extra transitive dep churn there)