docs: modernize dependency update commands by justin808 · Pull Request #2864 · shakacode/react_on_rails

justin808 · 2026-03-26T22:01:54Z

Summary

Refresh the dependency-updating guide so it matches current React on Rails app layout and package-manager guidance.

Changes in this PR:

replace the stale client/ + Yarn-only commands with root-level package-manager guidance
use pnpm as the primary example, matching current project standards
add npm and yarn equivalents so the page still works for apps using a different package manager

Why

The published page is still an active contributor-facing guide, but it assumes JavaScript dependencies live under client/ and that every app uses Yarn. Current React on Rails apps usually keep package.json at the app root, and this repo standardizes on pnpm.

Test plan

/Users/justin/codex/react_on_rails/node_modules/.bin/prettier --check docs/oss/misc/updating-dependencies.md
git diff --check
lychee --offline --no-progress --format compact docs/oss/misc/updating-dependencies.md

Note

Low Risk
Low risk documentation-only changes; updates command examples and guidance without affecting runtime code or dependencies.

Overview
Updates docs/oss/misc/updating-dependencies.md to modernize Node dependency instructions: switches from Yarn + client/-directory examples to root package.json guidance with pnpm as the primary command set.

Adds explicit equivalent commands/notes for npm and yarn, including npm-check-updates usage, pnpm up --latest semantics vs npm update, and updated dev-dependency install examples.

^{Written by Cursor Bugbot for commit e264e39. This will update automatically on new commits. Configure here.}

Summary by CodeRabbit

Documentation
- Renamed "Node/Yarn" section to "Node Dependencies" and clarified running commands from the directory containing package.json (typically project/app root)
- Made pnpm the primary package manager and replaced Yarn examples with pnpm equivalents for checking, updating, installing, and adding deps (including dev deps)
- Added explicit npm, Yarn, and bun command equivalents
- Clarified npm update behavior (updates lockfile by default; use flags to change package.json ranges)

chatgpt-codex-connector · 2026-03-26T22:02:00Z

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

coderabbitai · 2026-03-26T22:02:07Z

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 697f51ee-d224-478f-be70-409802d71cc3

📥 Commits

Reviewing files that changed from the base of the PR and between e264e39 and 069f568.

📒 Files selected for processing (1)

docs/oss/misc/updating-dependencies.md

🚧 Files skipped from review as they are similar to previous changes (1)

docs/oss/misc/updating-dependencies.md

Walkthrough

Renamed the Node section to "Node Dependencies", changed working-directory guidance to the directory containing package.json (typically app root), replaced Yarn-centric commands with pnpm-first equivalents, and added explicit npm/yarn/bun command equivalents for checking/updating/adding dependencies. (46 words)

Changes

Cohort / File(s)	Summary
Documentation `docs/oss/misc/updating-dependencies.md`	Rename "Node/Yarn" → "Node Dependencies"; instruct running commands from the directory containing `package.json`; replace Yarn commands with `pnpm`-first commands (`pnpm outdated`, `pnpm dlx npm-check-updates -u -a`, `pnpm install`, `pnpm up --latest`, `pnpm add`, `pnpm add -D`); add explicit npm, yarn, and bun equivalents and notes about `npm update`/lockfile behavior.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 I nibble docs where commands once curled,
Swapped yarn for pnpm and hopped into the world,
From package.json roots I bound and play,
Updating deps in a lighter way —
🥕 Hops, hops, and builds that stay!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'docs: modernize dependency update commands' accurately reflects the main change—updating documentation to modernize dependency management command examples with current best practices.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Commit unit tests in branch jg-codex/docs-review-pass-8

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

claude · 2026-03-26T22:03:12Z

Review: docs: modernize dependency update commands

Good improvement overall — replacing the stale client/ + Yarn-only workflow with root-level pnpm-first guidance is the right direction.

Two minor issues to address:

"Install npm-check-updates" step is now outdated (line 34, unchanged context): Step 1 tells users to install npm-check-updates, but Option 1's commands now use pnpm dlx (and npx for the npm/yarn equivalents) which run the package without a global install. The install step is now both unnecessary and misleading — consider removing it or replacing it with a one-step intro.
yarn dlx is Yarn Berry–only (addressed in inline comment on line 50): yarn dlx was introduced in Yarn v2. Yarn Classic (v1) users will hit an error. Using npx covers all cases and is what most developers expect.

Everything else looks solid.

greptile-apps · 2026-03-26T22:03:35Z

Greptile Summary

This PR modernizes docs/oss/misc/updating-dependencies.md by replacing stale client/-directory and Yarn-only commands with root-level, pnpm-first guidance while adding npm and yarn equivalents throughout. The changes correctly reflect current React on Rails project conventions.

Key changes:

Section renamed from "Node/Yarn" to "Node Dependencies" with a helpful note about package.json location.
yarn outdated / ncu / yarn upgrade / yarn add commands replaced with pnpm equivalents (pnpm outdated, pnpm dlx npm-check-updates, pnpm up --latest, pnpm add).
Equivalent npm and yarn commands added as alternatives throughout.

Issues found:

The yarn dlx alternative on line 50 only works with Yarn Berry (v2+); Yarn Classic (v1) users will hit an unknown-command error — npx should be suggested as the yarn v1 fallback.
Step 1 ("Install npm-check-updates") in Option 1 is now redundant because pnpm dlx handles the download/run without a pre-install step.

Confidence Score: 4/5

Safe to merge after the yarn dlx / Yarn v1 inaccuracy is addressed; the rest of the changes are a clear improvement.

Documentation-only PR that is largely correct and a net improvement. One concrete technical inaccuracy (yarn dlx not working on Yarn Classic) warrants a targeted fix before merge, but it does not affect the pnpm-primary path at all.

docs/oss/misc/updating-dependencies.md — specifically line 50 (yarn dlx compatibility).

Important Files Changed

Filename	Overview
docs/oss/misc/updating-dependencies.md	Documentation modernized from Yarn-only/client-dir workflow to pnpm-primary with npm/yarn equivalents; one inaccuracy with `yarn dlx` (Yarn v1 incompatible) and a minor stale step-1 instruction remain.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Start: Update Node Dependencies] --> B{Which package manager?}
    B -->|pnpm| C[pnpm outdated]
    B -->|npm| D[npm outdated]
    B -->|yarn| E[yarn outdated]
    C --> F{Update strategy?}
    D --> F
    E --> F
    F -->|Option 1: ncu| G[pnpm dlx npm-check-updates -u -a]
    F -->|Option 2: native| H[pnpm up --latest]
    G --> I[pnpm install]
    H --> J[Done]
    I --> J
    J --> K[Verify: hot-reload dev server + Rails server]

Comments Outside Diff (1)

docs/oss/misc/updating-dependencies.md, line 34-35 (link)

Step 1 ("Install") is unnecessary when using pnpm dlx

pnpm dlx (like npx) downloads and runs a package in a temporary environment without a prior installation step, so the numbered step 1 telling the reader to "Install npm-check-updates" is now redundant and could confuse readers who follow the pnpm path. Consider removing it or rewriting the list to a single step.

_{Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!}

_{Reviews (1): Last reviewed commit: "docs: modernize dependency update comman..." | Re-trigger Greptile}

coderabbitai

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/oss/misc/updating-dependencies.md`:
- Around line 66-67: The current equivalence is misleading: clarify that `npm
update` respects existing semver ranges and will not change package.json,
whereas `pnpm up --latest` (and `npm install <package>@latest` / `npm i
<package>@latest`) installs the newest versions and updates package.json; update
the sentence to explicitly map `npm update` to the behavior that respects ranges
and map `npm install <package>@latest` (or `npm i <package>@latest`) to the
behavior that upgrades to latest and updates package.json, and mention the
behavioral difference relative to `pnpm up --latest`.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d3cdd63c-9afc-4f55-a579-d6ef850e4e25

📥 Commits

Reviewing files that changed from the base of the PR and between 9b30cc1 and 0aa989c.

📒 Files selected for processing (1)

docs/oss/misc/updating-dependencies.md

claude · 2026-03-26T23:30:53Z

Follow-up review (second commit)

The second commit correctly fixed the yarn dlx → npx issue raised in my earlier review. That path is now accurate for all Yarn versions.

One remaining issue: The numbered "Install" step in Option 1 (line 34) is still there and is now misleading. pnpm dlx (and npx for the npm/yarn equivalents) fetch and run npm-check-updates without any prior global install, so telling the reader to "Install npm-check-updates" as Step 1 is confusing. I've left an inline suggestion.

Everything else looks good to me.

claude · 2026-03-26T23:38:59Z

Review: docs: modernize dependency update commands

This is a clean, well-scoped documentation update. The shift from client/-centric Yarn-only examples to root-level pnpm-primary guidance with multi-package-manager fallbacks is an improvement.

Two minor issues to address:

Missing yarn upgrade --latest for Option 2 (update all packages). The line describing equivalents for pnpm up --latest (all packages) only gives single-package equivalents (npm install <pkg>@latest, yarn add <pkg>@latest). For yarn, yarn upgrade --latest updates all packages to latest, matching the semantics of pnpm up --latest. This should be called out alongside the note about npm update not being equivalent.
Line 49 is dense/hard to scan. The inline code block listing both npm and yarn ncu flows on one sentence is long and may wrap awkwardly in some renderers. Breaking it into a small list (matching how the pnpm example is structured) would improve readability.

Minor nit (PR description only, not in merged code): The test plan references an absolute local path /Users/justin/codex/react_on_rails/node_modules/.bin/prettier. Not a blocker since it's not in the file itself, but using pnpm exec prettier would be more portable for future contributors copying the command.

Address unresolved review feedback and add missing coverage: - Split `pnpm up --latest` into two commands: `pnpm up` (within ranges) and `pnpm up --latest` (ignore ranges), fixing a silent behavioral shift from the old `yarn upgrade` which respected semver ranges - Break dense inline npm/yarn equivalents into scannable lists - Add `yarn upgrade --latest` for the all-packages case - Add bun equivalents throughout (outdated, update, ncu, add) - Add comparison table for upgrade command behavior across package managers - Clarify that `npm update` only touches the lockfile by default - Replace first-person "combinations that I often run" phrasing Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

claude · 2026-03-27T19:26:56Z

Good documentation update overall — the move from Yarn + client/ to pnpm-first with multi-package-manager equivalents is accurate and much more useful to contributors.

One minor accuracy concern worth verifying:

bun commands — bun update --latest and bun outdated may not be valid. Bun's CLI uses bun upgrade (not bun update) for upgrading packages, and bun outdated was only added in Bun v1.2.0+. If the docs are targeting a minimum bun version, it's worth noting that; otherwise consider replacing bun update --latest with the ncu path from Option 1 (consistent with the npm row which already says _(use ncu from Option 1)_).

Everything else looks accurate:

pnpm dlx npm-check-updates -u -a is correct pnpm syntax
pnpm up --latest correctly captures the "ignore semver ranges" semantics
The note about npm update not modifying package.json by default is accurate for npm v7+

## Summary - Stamped `### [16.5.1] - 2026-03-27` with two Pro fixes (PRs #2872, #2768) - Removed the `### [16.5.0.rc.0]` section (was already released as 16.5.0 stable) - Consolidated the 16.5.0 section with full entries (previously just said "no changes from rc.0") - Updated diff links at bottom of file ## Skipped PRs (docs/internal only) #2856, #2860, #2857, #2859, #2864, #2870, #2863, #2868, #2827, #2862, #2850, #2851, #2852, #2831, #2610, #2848 ## Test plan - [ ] Verify CHANGELOG.md formatting and diff links are correct - [ ] Run `rake release` (no args) after merge to publish 16.5.1 🤖 Generated with [Claude Code](https://claude.com/claude-code)  --- > [!NOTE] > **Low Risk** > Low risk: changes are limited to `CHANGELOG.md` release notes and version/compare links with no runtime code modifications. > > **Overview** > Documents the `16.5.1` release by adding a new section under *Unreleased* with two **[Pro]** fixes (missing packaged rake tasks and avoiding duplicated bundles during remote renderer asset uploads). > > Cleans up the `16.5.0` entry by removing the `16.5.0.rc.0` section and updating the compare-link footer so `unreleased` now starts from `v16.5.1` and `16.5.0` compares from `v16.4.0`. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 9a6b224. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup>   ## Summary by CodeRabbit * **Documentation** * Updated changelog to document version 16.5.1 release with consolidated version history and updated comparison links.  Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

…olve-2835 * origin/main: Bump version to 16.5.1 Update CHANGELOG.md for 16.5.1 (#2873) fix: include lib/tasks/ in pro gem so rake tasks are available (#2872) docs: clarify how React on Rails compares to alternatives (#2856) docs: fix published setup guidance gaps (#2860) docs: refresh setup and runtime guidance (#2857) docs: refresh pro upgrade examples (#2859) docs: modernize dependency update commands (#2864) Update spec/dummy Gemfile.lock for async >= 2.29 (#2870) # Conflicts: # CHANGELOG.md

…olve-2849 * origin/main: Bump version to 16.5.1 Update CHANGELOG.md for 16.5.1 (#2873) fix: include lib/tasks/ in pro gem so rake tasks are available (#2872) docs: clarify how React on Rails compares to alternatives (#2856) docs: fix published setup guidance gaps (#2860) docs: refresh setup and runtime guidance (#2857) docs: refresh pro upgrade examples (#2859) docs: modernize dependency update commands (#2864) Update spec/dummy Gemfile.lock for async >= 2.29 (#2870) # Conflicts: # CHANGELOG.md

…olve-2828 * origin/main: Bump version to 16.5.1 Update CHANGELOG.md for 16.5.1 (#2873) fix: include lib/tasks/ in pro gem so rake tasks are available (#2872) docs: clarify how React on Rails compares to alternatives (#2856) docs: fix published setup guidance gaps (#2860) docs: refresh setup and runtime guidance (#2857) docs: refresh pro upgrade examples (#2859) docs: modernize dependency update commands (#2864) Update spec/dummy Gemfile.lock for async >= 2.29 (#2870) # Conflicts: # CHANGELOG.md

…olve-2834 * origin/main: Bump version to 16.5.1 Update CHANGELOG.md for 16.5.1 (#2873) fix: include lib/tasks/ in pro gem so rake tasks are available (#2872) docs: clarify how React on Rails compares to alternatives (#2856) docs: fix published setup guidance gaps (#2860) docs: refresh setup and runtime guidance (#2857) docs: refresh pro upgrade examples (#2859) docs: modernize dependency update commands (#2864) Update spec/dummy Gemfile.lock for async >= 2.29 (#2870) # Conflicts: # CHANGELOG.md

…olve-2833 * origin/main: Bump version to 16.5.1 Update CHANGELOG.md for 16.5.1 (#2873) fix: include lib/tasks/ in pro gem so rake tasks are available (#2872) docs: clarify how React on Rails compares to alternatives (#2856) docs: fix published setup guidance gaps (#2860) docs: refresh setup and runtime guidance (#2857) docs: refresh pro upgrade examples (#2859) docs: modernize dependency update commands (#2864) Update spec/dummy Gemfile.lock for async >= 2.29 (#2870) # Conflicts: # CHANGELOG.md

…olve-2661 * origin/main: Clarify streaming narrative in RSC docs (#2813) (#2814) Bump version to 16.5.1 Update CHANGELOG.md for 16.5.1 (#2873) fix: include lib/tasks/ in pro gem so rake tasks are available (#2872) docs: clarify how React on Rails compares to alternatives (#2856) docs: fix published setup guidance gaps (#2860) docs: refresh setup and runtime guidance (#2857) docs: refresh pro upgrade examples (#2859) docs: modernize dependency update commands (#2864) Update spec/dummy Gemfile.lock for async >= 2.29 (#2870) # Conflicts: # docs/oss/migrating/rsc-data-fetching.md

Modernize the dependency-updating guide (`docs/oss/misc/updating-dependencies.md`) for the new reactonrails.com docs site. - Replace stale `client/` + Yarn-only commands with root-level, pnpm-first guidance - Add equivalents for all four package managers (npm, yarn, pnpm, bun) throughout - Split `pnpm up` vs `pnpm up --latest` to preserve the original within-range update behavior alongside the aggressive latest-version option - Add comparison table for upgrade command behavior across package managers - Remove redundant "Install npm-check-updates" step (pnpm dlx/npx handle it) - Clarify that `npm update` only touches the lockfile by default Co-Authored-By: Justin Gordon <justin@shakacode.com> Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

## Summary - Stamped `### [16.5.1] - 2026-03-27` with two Pro fixes (PRs #2872, #2768) - Removed the `### [16.5.0.rc.0]` section (was already released as 16.5.0 stable) - Consolidated the 16.5.0 section with full entries (previously just said "no changes from rc.0") - Updated diff links at bottom of file ## Skipped PRs (docs/internal only) #2856, #2860, #2857, #2859, #2864, #2870, #2863, #2868, #2827, #2862, #2850, #2851, #2852, #2831, #2610, #2848 ## Test plan - [ ] Verify CHANGELOG.md formatting and diff links are correct - [ ] Run `rake release` (no args) after merge to publish 16.5.1 🤖 Generated with [Claude Code](https://claude.com/claude-code)  --- > [!NOTE] > **Low Risk** > Low risk: changes are limited to `CHANGELOG.md` release notes and version/compare links with no runtime code modifications. > > **Overview** > Documents the `16.5.1` release by adding a new section under *Unreleased* with two **[Pro]** fixes (missing packaged rake tasks and avoiding duplicated bundles during remote renderer asset uploads). > > Cleans up the `16.5.0` entry by removing the `16.5.0.rc.0` section and updating the compare-link footer so `unreleased` now starts from `v16.5.1` and `16.5.0` compares from `v16.4.0`. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 9a6b224. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup>   ## Summary by CodeRabbit * **Documentation** * Updated changelog to document version 16.5.1 release with consolidated version history and updated comparison links.  Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

docs: modernize dependency update commands

0aa989c

claude Bot reviewed Mar 26, 2026

View reviewed changes