Update CHANGELOG.md for 16.6.0

[justin808]

Summary

• Consolidate rc.0 and rc.1 prerelease sections into a single 16.6.0 stable release section
• Add new entries for PRs merged since rc.1 (PR 3086, PR 2877, PR 3083)
• Reorder sections per changelog guidelines (Removed -> Added -> Improved -> Fixed)
• Remove orphaned RC diff links

Test plan

• Verify changelog formatting is correct
• Verify version diff links at bottom of file

After merge, run rake release to publish and auto-create the GitHub release.

Summary by CodeRabbit

• Bug Fixes

  • Fixed third-party dependency version pinning in the generator.

• Improvements

  • Enhanced exception messages for clearer context in node-renderer requests.
  • Improved diagnostic output for invalid render requests with updated documentation guidance.

---

Note

Low Risk
Documentation-only change updating release notes and compare links; no runtime behavior is modified.

Overview
Publishes the 16.6.0 changelog section (dated 2026-04-09) by consolidating the prior RC content and reordering entries to match the changelog guidelines.

Adds release-note entries for recently merged work (notably Pro node-renderer diagnostic/error-message improvements and generator npm dependency pinning), and updates the bottom compare links to reference v16.6.0 instead of the RC tag.

^{Reviewed by Cursor Bugbot for commit 956cc0f. Bugbot is set up for automated code reviews on this repo. Configure here.}

[coderabbitai]

Walkthrough

The CHANGELOG.md file was updated to promote the release candidate version 16.6.0.rc.1 to final release 16.6.0 (dated April 9), adjust comparison links accordingly, reorganize fixed/improved entries, and add documentation for node-renderer exception messages and render-request diagnostics.

Changes

Cohort / File(s)	Summary
Changelog Release Update CHANGELOG.md	Promoted version from 16.6.0.rc.1 (April 7) to 16.6.0 (April 9); updated range comparison links; reorganized fixed and improved entries; added documentation for node-renderer context and renderer timeout guidance.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• shakacode/react_on_rails#3079: Similar changelog modifications involving rc.1 to final release promotion and comparison link adjustments.

Poem

🐰 A version hops from test to true,
From sixteen-six point-oh-rc we flew,
The changelog dances, links arranged,
Documentation fresh and changed,
Hop, hop—release day's here! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 44.44% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: updating CHANGELOG.md to document the 16.6.0 release, which is the primary objective of the pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch jg/changelog-16.6.0.rc.1

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This PR stamps ### [16.6.0.rc.1] - 2026-04-07, collapses the previously un-stamped rc.0 unreleased entries into it, adds changelog entries for PRs merged since rc.0, and updates the comparison links at the bottom of the file. The content, structure, PR attribution, and link references all look correct.

Confidence Score: 5/5

Safe to merge — documentation-only change with no code modifications.

The PR only modifies CHANGELOG.md. All new entries are accurately attributed to their PRs, the section headers are well-formed, the [Unreleased] section is correctly left empty, and the comparison links at the bottom correctly point from v16.5.1 to v16.6.0.rc.1. No issues found.

No files require special attention.

Vulnerabilities

No security concerns identified.

Important Files Changed

Filename	Overview
CHANGELOG.md	Adds the 16.6.0.rc.1 release section, moves Fixed entries from the old rc.0 position, adds new entries for PRs #2834, #3063, #3069, #2921, #3070, #3068, #2932, #2881, #2918, and updates comparison links — all structurally correct and complete.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["### [Unreleased] (empty)"] --> B["### [16.6.0.rc.1] - 2026-04-07"]
    B --> C[Removed\nimmediate_hydration – PR 2834]
    B --> D[Added\nENV password, interactive prompt,\nkeep-alive timeout, Pro upgrade – PRs 2921/3063/3069/2822]
    B --> E[Improved\nDoctor, error messages, sync_versions,\nnode renderer errors – PRs 3070/3068/2823/2849]
    B --> F[Fixed\nTanStack, fork loop, generator rewrites,\nSSR stale connections, etc. – PRs 2932/2881/2918/3069/2901/2891/2652/2885]
    B --> G["### [16.5.1] - 2026-03-27 (unchanged)"]
    H["[unreleased] link → compare/v16.6.0.rc.1...main"]
    I["[16.6.0.rc.1] link → compare/v16.5.1...v16.6.0.rc.1"]

Loading

_{Reviews (1): Last reviewed commit: "Update CHANGELOG.md for 16.6.0.rc.1" | Re-trigger Greptile}

[claude]

The [Pro] tag formatting here (and on lines 47, 54, 55, 56) differs from the project's documented convention. Per .claude/docs/changelog-guidelines.md, the format should be **[Pro]** as a separate bold token followed by a separate bold feature name:

Suggested change

- **[Pro] Configurable HTTP keep-alive timeout for node renderer connections**: Added `renderer_http_keep_alive_timeout` configuration option (default: 30s) to control how long idle persistent HTTP/2 connections to the node renderer are kept alive, preventing SSR failures from stale connections. [PR 3069](https://github.com/shakacode/react_on_rails/pull/3069) by [justin808](https://github.com/justin808).

- **[Pro]** **Configurable HTTP keep-alive timeout for node renderer connections**: Added `renderer_http_keep_alive_timeout` configuration option (default: 30s) to control how long idle persistent HTTP/2 connections to the node renderer are kept alive, preventing SSR failures from stale connections. [PR 3069](https://github.com/shakacode/react_on_rails/pull/3069) by [justin808](https://github.com/justin808).

Affected lines using the merged **[Pro] Feature name** style: 47, 54, 55, 56 (same fix needed on each).

[claude]

PR #3069 also appears in the Added section above (the renderer_http_keep_alive_timeout config entry). That's intentional and accurate — one PR contributing both a new feature and a bug fix — but it's worth a quick sanity-check that the two entries together tell a complete, non-redundant story. The current split looks fine: the Added entry describes the new knob, this Fixed entry describes the underlying stale-connection bug it solves.

[claude]

Changelog Review — 16.6.0.rc.1

This is a changelog-only PR and the overall structure is correct: empty [Unreleased] placeholder, consolidated rc.1 section, updated footer comparison links.

Issues

[Pro] tag formatting inconsistency (minor, flagged inline)

The project convention (per .claude/docs/changelog-guidelines.md) is:

- **[Pro]** **Feature name**: Description...

Several new entries in this PR use a merged form (**[Pro] Feature name**) instead. Affected lines: 39, 47, 54, 55, 56. Suggestion posted on line 39; same pattern applies to the rest.

PR #3069 appears in both Added and Fixed (noted inline, not a bug)

The dual appearance is accurate — the PR introduced a new config option and fixed a stale-connection bug — but it's called out on line 56 for awareness.

Everything else looks good

• All entries include PR links and author attribution ✓
• [16.6.0.rc.0] section correctly collapsed and removed (its link reference in the footer is also removed consistently) ✓
• Footer comparison links updated to v16.6.0.rc.1 ✓
• PR Update CHANGELOG.md unreleased section #3077 supersession noted in the description ✓

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

packages/react-on-rails-pro-node-renderer/src/worker/handleRenderRequest.ts (1)

177-194: ⚠️ Potential issue | 🟠 Major

Please keep handleNewBundlesProvided on Promise.all to preserve the existing protocol behavior.

Line 182’s Promise.allSettled migration changes the established per-bundle orchestration contract in this path. This should stay on Promise.all unless protocol-level behavior changes are coordinated end-to-end.

Suggested patch

-  // Defensive: use allSettled so that if handleNewBundleProvided ever throws
-  // unexpectedly, all in-flight operations still complete before the handler
-  // returns and the onResponse hook deletes req.uploadDir. Currently
-  // handleNewBundleProvided catches its own errors, so Promise.all would also
-  // wait for every promise.
-  const settled = await Promise.allSettled(handlingPromises);
-  const firstFailure = settled.find((r): r is PromiseRejectedResult => r.status === 'rejected');
-  if (firstFailure) {
-    throw firstFailure.reason;
-  }
-
-  // handleNewBundleProvided returns undefined on success or a ResponseResult on
-  // failure (e.g., lock timeout). Find the first error response, if any.
-  const results = settled
-    .filter((r): r is PromiseFulfilledResult<ResponseResult | undefined> => r.status === 'fulfilled')
-    .map((r) => r.value);
+  const results = await Promise.all(handlingPromises);
   return results.find((result) => result !== undefined);

Based on learnings: In packages/react-on-rails-pro-node-renderer, the Promise.all pattern for per-bundle operations is intentional, and switching to Promise.allSettled requires Ruby-side protocol changes.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/react-on-rails-pro-node-renderer/src/worker/handleRenderRequest.ts`
around lines 177 - 194, The code changed per-bundle orchestration from
Promise.all to Promise.allSettled, altering the protocol; revert to using
Promise.all on the handlingPromises array so failures short-circuit as before:
replace the Promise.allSettled(handlingPromises) call with
Promise.all(handlingPromises), remove the
PromiseRejectedResult/PromiseFulfilledResult handling (the
settled/find-first-failure logic), and then treat the resolved array directly
(it will be an array of ResponseResult | undefined) and return the first
non-undefined result; reference symbols: handlingPromises,
handleNewBundleProvided, and the surrounding function in handleRenderRequest.ts.

🧹 Nitpick comments (3)

react_on_rails/lib/generators/react_on_rails/templates/base/base/bin/switch-bundler (1)

93-96: Consider extracting package-name normalization into a helper.

The same regex appears in both loops (Line 93 and Line 96). A tiny helper would reduce duplication and make future edits safer.

♻️ Optional refactor

+  def package_name(dep)
+    dep[%r{\A(@[^/]+/[^@]+|[^@]+)}]
+  end
+
   def update_dependencies
@@
     remove_deps[:dependencies].each do |dep|
-      package_json["dependencies"]&.delete(dep[%r{\A(@[^/]+/[^@]+|[^@]+)}])
+      package_json["dependencies"]&.delete(package_name(dep))
     end
     remove_deps[:dev_dependencies].each do |dep|
-      package_json["devDependencies"]&.delete(dep[%r{\A(@[^/]+/[^@]+|[^@]+)}])
+      package_json["devDependencies"]&.delete(package_name(dep))
     end

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@react_on_rails/lib/generators/react_on_rails/templates/base/base/bin/switch-bundler`
around lines 93 - 96, The package-name extraction regex is duplicated in the
loops that delete entries from package_json ("dependencies" and
"devDependencies"); extract that regex into a small helper (e.g.,
normalize_package_name or package_basename) and replace the inline
dep[%r{\A(@[^/]+/[^@]+|[^@]+)}] calls with a call to that helper in both
remove_deps[:dependencies] and remove_deps[:dev_dependencies] loops, keeping
behavior identical; ensure the helper is defined near the surrounding code so
it’s visible to the deletion logic and reuse it wherever this pattern appears.

react_on_rails/spec/react_on_rails/generators/js_dependency_manager_spec.rb (1)

713-714: Reduce duplicated Babel preset literal to avoid drift.

These three selectors can reference the existing constant instead of repeating the versioned string.

♻️ Proposed refactor

+  let(:babel_preset) do
+    ReactOnRails::Generators::JsDependencyManager::BABEL_REACT_DEPENDENCIES.first
+  end
+
   describe "#add_js_dependencies" do
@@
       babel_calls = instance.add_npm_dependencies_calls.select do |call|
-        call[:packages].include?("@babel/preset-react@^7.0.0")
+        call[:packages].include?(babel_preset)
       end
@@
       babel_calls = instance.add_npm_dependencies_calls.select do |call|
-        call[:packages].include?("@babel/preset-react@^7.0.0")
+        call[:packages].include?(babel_preset)
       end
@@
       babel_calls = instance.add_npm_dependencies_calls.select do |call|
-        call[:packages].include?("@babel/preset-react@^7.0.0")
+        call[:packages].include?(babel_preset)
       end

Also applies to: 725-726, 749-750

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@react_on_rails/spec/react_on_rails/generators/js_dependency_manager_spec.rb`
around lines 713 - 714, The spec duplicates the literal
"@babel/preset-react@^7.0.0" in multiple selectors (e.g.,
call[:packages].include?("@babel/preset-react@^7.0.0") at the shown diff and
also at lines referenced 725-726 and 749-750); replace those repeated string
literals with the existing constant that already holds that versioned preset
value (use the project's defined Babel preset constant instead of repeating the
string) so all include? checks reference the single constant.

packages/react-on-rails-pro-node-renderer/src/worker/handleRenderRequest.ts (1)

84-91: Update stale JSDoc params for handleNewBundleProvided.

The doc block still references bundleFilePathPerTimestamp and renderingRequest, but Line 91 now takes requestContext: RequestInfo. Please sync the param docs with the current signature.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/react-on-rails-pro-node-renderer/src/worker/handleRenderRequest.ts`
around lines 84 - 91, Update the JSDoc for the function handleNewBundleProvided
to match its current signature by replacing or removing outdated params like
bundleFilePathPerTimestamp and renderingRequest and documenting the actual
parameter requestContext: RequestInfo (and any other real params used in the
function). Ensure the JSDoc `@param` entries reference the correct symbol names
(e.g., requestContext) and describe their types/roles consistently with the
implementation in handleNewBundleProvided.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@packages/react-on-rails-pro-node-renderer/src/worker/handleRenderRequest.ts`:
- Around line 177-194: The code changed per-bundle orchestration from
Promise.all to Promise.allSettled, altering the protocol; revert to using
Promise.all on the handlingPromises array so failures short-circuit as before:
replace the Promise.allSettled(handlingPromises) call with
Promise.all(handlingPromises), remove the
PromiseRejectedResult/PromiseFulfilledResult handling (the
settled/find-first-failure logic), and then treat the resolved array directly
(it will be an array of ResponseResult | undefined) and return the first
non-undefined result; reference symbols: handlingPromises,
handleNewBundleProvided, and the surrounding function in handleRenderRequest.ts.

---

Nitpick comments:
In `@packages/react-on-rails-pro-node-renderer/src/worker/handleRenderRequest.ts`:
- Around line 84-91: Update the JSDoc for the function handleNewBundleProvided
to match its current signature by replacing or removing outdated params like
bundleFilePathPerTimestamp and renderingRequest and documenting the actual
parameter requestContext: RequestInfo (and any other real params used in the
function). Ensure the JSDoc `@param` entries reference the correct symbol names
(e.g., requestContext) and describe their types/roles consistently with the
implementation in handleNewBundleProvided.

In
`@react_on_rails/lib/generators/react_on_rails/templates/base/base/bin/switch-bundler`:
- Around line 93-96: The package-name extraction regex is duplicated in the
loops that delete entries from package_json ("dependencies" and
"devDependencies"); extract that regex into a small helper (e.g.,
normalize_package_name or package_basename) and replace the inline
dep[%r{\A(@[^/]+/[^@]+|[^@]+)}] calls with a call to that helper in both
remove_deps[:dependencies] and remove_deps[:dev_dependencies] loops, keeping
behavior identical; ensure the helper is defined near the surrounding code so
it’s visible to the deletion logic and reuse it wherever this pattern appears.

In `@react_on_rails/spec/react_on_rails/generators/js_dependency_manager_spec.rb`:
- Around line 713-714: The spec duplicates the literal
"@babel/preset-react@^7.0.0" in multiple selectors (e.g.,
call[:packages].include?("@babel/preset-react@^7.0.0") at the shown diff and
also at lines referenced 725-726 and 749-750); replace those repeated string
literals with the existing constant that already holds that versioned preset
value (use the project's defined Babel preset constant instead of repeating the
string) so all include? checks reference the single constant.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e86c4fc5-8ada-49f6-86c0-bb95ab75e49e

📥 Commits

Reviewing files that changed from the base of the PR and between 874c2a1 and cbd4fc4.

⛔ Files ignored due to path filters (6)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
• react_on_rails/Gemfile.lock is excluded by !**/*.lock
• react_on_rails/spec/dummy/Gemfile.lock is excluded by !**/*.lock
• react_on_rails_pro/Gemfile.lock is excluded by !**/*.lock
• react_on_rails_pro/spec/dummy/Gemfile.lock is excluded by !**/*.lock
• react_on_rails_pro/spec/execjs-compatible-dummy/Gemfile.lock is excluded by !**/*.lock

📒 Files selected for processing (18)

• CHANGELOG.md
• package.json
• packages/create-react-on-rails-app/package.json
• packages/react-on-rails-pro-node-renderer/package.json
• packages/react-on-rails-pro-node-renderer/src/shared/utils.ts
• packages/react-on-rails-pro-node-renderer/src/worker.ts
• packages/react-on-rails-pro-node-renderer/src/worker/handleRenderRequest.ts
• packages/react-on-rails-pro-node-renderer/src/worker/vm.ts
• packages/react-on-rails-pro/package.json
• packages/react-on-rails/package.json
• react_on_rails/lib/generators/react_on_rails/js_dependency_manager.rb
• react_on_rails/lib/generators/react_on_rails/templates/base/base/bin/switch-bundler
• react_on_rails/lib/react_on_rails/version.rb
• react_on_rails/spec/dummy/package.json
• react_on_rails/spec/react_on_rails/generators/install_generator_spec.rb
• react_on_rails/spec/react_on_rails/generators/js_dependency_manager_spec.rb
• react_on_rails_pro/lib/react_on_rails_pro/version.rb
• react_on_rails_pro/spec/dummy/package.json

✅ Files skipped from review due to trivial changes (12)

• packages/create-react-on-rails-app/package.json
• react_on_rails_pro/spec/dummy/package.json
• react_on_rails/spec/dummy/package.json
• package.json
• react_on_rails/lib/react_on_rails/version.rb
• packages/react-on-rails-pro-node-renderer/package.json
• packages/react-on-rails-pro/package.json
• packages/react-on-rails/package.json
• react_on_rails/lib/generators/react_on_rails/js_dependency_manager.rb
• react_on_rails_pro/lib/react_on_rails_pro/version.rb
• react_on_rails/spec/react_on_rails/generators/install_generator_spec.rb
• CHANGELOG.md

[claude]

Review: LGTM

This is a clean documentation-only changelog update. All changes look correct:

• RC → stable: ### [16.6.0.rc.1] - 2026-04-07 correctly renamed to ### [16.6.0] - 2026-04-09
• New entries added to the right sections:
  • Improved: PR 2877 (clearer exception labels), PR 3086 (cleaner diagnostic output)
  • Fixed: PR 3083 (dependency version pinning, moved from [Unreleased])
• Section ordering follows guidelines: Removed → Added → Improved → Fixed
• Compare links correctly updated: v16.6.0.rc.1 → v16.6.0 for both [unreleased] and [16.6.0]
• No orphaned RC references remain in the file

One minor note: the PR description says "consolidate rc.0 and rc.1" but only rc.1 appears in the diff — rc.0 content was presumably already folded into rc.1 in a prior PR. No action needed, just noting it in case the description is revised.