Bump React on Rails and Shakapacker to latest releases

[ihabadham]

Summary

• bump react_on_rails from 16.3.0.rc.2 to 16.4.0.rc.9
• bump react-on-rails from 16.3.0-rc.2 to 16.4.0-rc.9
• bump shakapacker gem/npm from 9.5.0 to 9.6.1
• regenerate Gemfile.lock and yarn.lock

Notes

• reviewed upstream release notes for both packages before opening this PR
• no additional repo changes looked required for this app beyond the version bump
• did not run tests locally; CI can validate the bump

Summary by CodeRabbit

• Chores
  • Updated key JavaScript/Rails frontend dependencies to newer releases for improved compatibility and stability.
  • Added a Yarn registry configuration to standardize package resolution from the npm registry.

[github-actions]

🚀 Quick Review App Commands

Welcome! Here are the commands you can use in this PR:

/deploy-review-app

Deploy your PR branch for testing

/delete-review-app

Remove the review app when done

/help

Show detailed instructions, environment setup, and configuration options.

---

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: fe174faa-9e8b-40bb-b59e-fd1fc5739118

📥 Commits

Reviewing files that changed from the base of the PR and between 9574cea and 2c5fbc9.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (1)

• .yarnrc

---

Walkthrough

Dependency version bumps and registry configuration: react_on_rails updated to 16.4.0.rc.9 and shakapacker to 9.6.1 in both Ruby and JS manifests, and a new .yarnrc file sets the npm registry. No functional code changes.

Changes

Cohort / File(s)	Summary
Dependency Updates Gemfile, package.json	Bump react_on_rails 16.3.0.rc.2 → 16.4.0.rc.9 and shakapacker 9.5.0 → 9.6.1 in Ruby and JS dependency manifests.
Yarn Config .yarnrc	Add registry setting directing Yarn to https://registry.npmjs.org.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 I hopped through specs with joy and cheer,
Pushed versions forward, the path is clear.
Registry set, and packages climb,
A tidy bump — a little rhyme. ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main changes: bumping react_on_rails and shakapacker to newer versions, which are the primary modifications across Gemfile and package.json.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ihabadham/chore/bump-ror-shakapacker

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This PR performs a straightforward dual-stack version bump: the react_on_rails Ruby gem and react-on-rails npm package move from 16.3.0.rc.2/16.3.0-rc.2 to 16.4.0.rc.9/16.4.0-rc.9, and shakapacker (gem + npm) advances from 9.5.0 to 9.6.1. Changes are limited to the four dependency manifest and lock files; no application code was touched.

Key observations:

• Version alignment maintained: the Ruby gem and npm package remain in sync at 16.4.0.rc.9, which is required for correct server-side rendering behaviour.
• Still on an RC release: react_on_rails moves from one release candidate to another (16.3.0.rc.2 → 16.4.0.rc.9). This was already the case before this PR and appears to be an intentional pattern for this tutorial app, which tracks the shakacode library closely.
• Transitive dependency: semantic_range (a shakapacker dependency) was incidentally bumped from 3.1.0 to 3.1.1 in Gemfile.lock — this is a patch update and expected.
• yarn.lock registry URL: the resolved URLs for the two updated npm packages switched from registry.npmjs.org to registry.yarnpkg.com. Both domains point to the same npm registry; this is a harmless normalisation by Yarn and does not introduce any supply-chain concern.
• Tests not run locally: the PR author notes that CI is relied upon for validation. The existing CI suite (RSpec, JS tests, lint) covers the build pipeline end-to-end and is a reasonable safety net for a pure version bump.

Confidence Score: 4/5

• Safe to merge once CI passes — changes are confined to dependency manifests with no application logic modified.
• The bump is clean, version-aligned across Ruby and JS, and has no application code changes. The one point of caution is that react_on_rails remains on a pre-release (RC) version, meaning the package is not yet considered stable by its authors. This is acceptable given the project already tracked an RC, but it does mean the dependency is inherently less battle-tested than a GA release. CI green is a sufficient gate for merging.
• No files require special attention beyond confirming CI passes.

Important Files Changed

Filename	Overview
Gemfile	Two pinned version bumps: react_on_rails 16.3.0.rc.2 → 16.4.0.rc.9 and shakapacker 9.5.0 → 9.6.1. Change is clean and consistent with lock file.
Gemfile.lock	Lock file regenerated correctly; react_on_rails, shakapacker, and transitive semantic_range (3.1.0 → 3.1.1) entries updated. Gem version constraints still satisfied.
package.json	react-on-rails and shakapacker npm versions bumped to match their Ruby gem counterparts. Version alignment between gem and npm package is maintained.
yarn.lock	Lock file entries for react-on-rails and shakapacker updated with new resolved URLs and integrity hashes. Registry URL changed from registry.npmjs.org to registry.yarnpkg.com for the two updated packages — functionally equivalent but worth noting.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Gemfile / package.json] -->|declares| B[react_on_rails 16.4.0.rc.9\nreact-on-rails 16.4.0-rc.9]
    A -->|declares| C[shakapacker 9.6.1]
    B -->|requires| C
    C -->|requires| D[semantic_range >= 2.3.0\nresolved: 3.1.1]
    B -->|resolved in| E[Gemfile.lock]
    C -->|resolved in| E
    B -->|resolved in| F[yarn.lock\nregistry.yarnpkg.com]
    C -->|resolved in| F

    style B fill:#f0f4ff,stroke:#4a6cf7
    style C fill:#f0f4ff,stroke:#4a6cf7
    style D fill:#fff8e1,stroke:#f9a825

Loading

_{Last reviewed commit: 9574cea}

[claude]

PR Review: Bump React on Rails and Shakapacker to latest releases

Overall this is a clean, focused dependency bump with no application code changes. A few observations:

RC versions

Both react_on_rails versions in this PR are release candidates (16.3.0.rc.2 → 16.4.0.rc.9). For a tutorial/demo app that tracks upstream pre-releases this is expected, but it's worth confirming this repo intentionally follows RC releases rather than stable ones. The jump spans 7 RC iterations (rc.2 → rc.9) which is significant — the PR description mentions release notes were reviewed, which is good practice here.

Transitive dependency

semantic_range bumped from 3.1.0 → 3.1.1 in Gemfile.lock as a transitive dep. This is a patch bump and looks fine.

CI not run locally

The PR description calls out that tests weren't run locally. CI checks are in progress — merging should be gated on those passing.

Minor: yarn registry URL inconsistency

The two bumped npm packages now reference registry.yarnpkg.com instead of registry.npmjs.org in yarn.lock. Both resolve to the same content, but it creates an inconsistency with the rest of the lockfile. This is harmless but can be normalized by running yarn install with a consistent registry config or simply accepted as yarn's default behavior. See inline comment.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@Gemfile`:
- Around line 8-9: Update the Gemfile to point to an existing react_on_rails
prerelease (replace "react_on_rails", "16.4.0.rc.9" with the latest published
prerelease, e.g., "16.4.0.rc.7") so bundle install succeeds, and before
upgrading remove or migrate the deprecated generated_assets_dir key from the
react_on_rails.rb initializer: delete generated_assets_dir and instead set
Shakapacker's public_output_path in shakapacker.yml (or align existing
shakapacker.yml public_output_path to the same output directory) while leaving
supported keys (auto_load_bundle, server_bundle_js_file,
server_bundle_output_path, prerender, rendering_extension) unchanged.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: b4ab8809-60a6-4ad6-a5ba-e133df0c08b0

📥 Commits

Reviewing files that changed from the base of the PR and between 0ec62b0 and 9574cea.

⛔ Files ignored due to path filters (2)

• Gemfile.lock is excluded by !**/*.lock
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (2)

• Gemfile
• package.json

[claude]

PR Review: Bump React on Rails and Shakapacker

This is a straightforward dependency bump PR. The changes are well-scoped and lock files have been regenerated. A few observations worth discussing:

RC Versions Still in Use

Both react_on_rails (16.4.0.rc.9) and react-on-rails (16.4.0-rc.9) are still pinned to release candidates. The project was already on RC versions, so this continues an existing pattern. Pinning to specific RC versions is the right call, but it is worth having a plan to migrate to stable 16.4.0 once it is released rather than continuing to track RCs long-term.

Unexplained .yarnrc Addition

A new .yarnrc file is added containing: registry "https://registry.npmjs.org". The PR description does not explain why this file is needed now. Was it added to resolve a registry resolution issue during the bump? Could it conflict with any CI or internal mirror configuration? If it was intentionally added to ensure correct resolution of the new package versions, that context belongs in the PR description.

Tests Not Run Locally

The PR description notes: did not run tests locally; CI can validate the bump. This is a low-risk stance for a dependency bump, but CI status should be confirmed before merging.

Minor: Transitive Dependency

semantic_range bumped from 3.1.0 to 3.1.1 as a transitive dependency of shakapacker. This appears to be a patch release and is not a concern.

Verdict

The version bumps look correct and the lock files appear consistently updated. The main open question is the unexplained .yarnrc addition. Please clarify its purpose before merging.

[claude]

PR Review: Dependency Version Bumps

Summary: straightforward version bump across four files. Version strings are consistent between Gemfile/Gemfile.lock and package.json/yarn.lock.

Observations:

1. RC versions, not stable releases: The PR title says 'latest releases', but both react_on_rails and react-on-rails are still release candidates (16.4.0.rc.9). This is fine if the project intentionally tracks RC builds, but worth being explicit.

2. No local test run: The author relies on CI — reasonable for a lockfile-only bump, but worth confirming CI passes before merging since this jumps a minor RC cycle (16.3.0 to 16.4.0).

3. Transitive dep bump: semantic_range was incidentally upgraded from 3.1.0 to 3.1.1 in Gemfile.lock (transitive dep of shakapacker) — low risk patch bump.

Verdict: Changes look correct and low-risk. Approve once CI is green.

[github-actions]

✅ Review app for PR #701 was successfully deleted

View Completed Delete Logs

Control Plane Organization