Skip to content

chore(deps): Bump shakapacker from 9.2.0 to 10.0.0#3233

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/shakapacker-10.0.0
Open

chore(deps): Bump shakapacker from 9.2.0 to 10.0.0#3233
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/shakapacker-10.0.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 27, 2026

Bumps shakapacker from 9.2.0 to 10.0.0.

Release notes

Sourced from shakapacker's releases.

v10.0.0

Added

  • Added bin/diff-bundler-config CLI for semantic bundler configuration diffs. [PR #973](shakacode/shakapacker#973) by justin808. Wraps the extracted pack-config-diff package to provide semantic diffing of webpack/rspack configurations with normalized exit codes. Supersedes #961.
  • Added bin/shakapacker-watch binstub for clean Ctrl-C shutdown in Procfile-based workflows. [PR #1026](shakacode/shakapacker#1026) by justin808. The new wrapper script traps INT/TERM signals and forwards TERM to the underlying bin/shakapacker --watch process, preventing Ruby interrupt backtraces when stopping bin/dev. Use bin/shakapacker-watch --watch in Procfiles instead of bin/shakapacker --watch.
  • Allowed webpack-cli v7 (^7.0.0) in peer dependencies. [PR #1021](shakacode/shakapacker#1021) by justin808. Fixes #1020. Note: webpack-cli v7 requires Node.js >= 20.9.0.

⚠️ Breaking Changes

Changed

  • Changed shakapacker:install to default webpack-cli installs to the latest v6 range. [PR #1021](shakacode/shakapacker#1021) by justin808. This keeps installs compatible with Node.js 20.0-20.8; v7 remains supported via peer dependencies for Node.js >= 20.9.0.
  • Changed dev server config handling to warn on deprecated middleware hooks and ignore them for webpack-dev-server v5. [PR #1021](shakacode/shakapacker#1021) by justin808. Use setup_middlewares instead of on_before_setup_middleware and on_after_setup_middleware.

Fixed

v10.0.0-rc.1

Added

  • Added bin/diff-bundler-config CLI for semantic bundler configuration diffs. [PR #973](shakacode/shakapacker#973) by justin808. Wraps the extracted pack-config-diff package to provide semantic diffing of webpack/rspack configurations with normalized exit codes. Supersedes #961.
  • Added bin/shakapacker-watch binstub for clean Ctrl-C shutdown in Procfile-based workflows. [PR #1026](shakacode/shakapacker#1026) by justin808. The new wrapper script traps INT/TERM signals and forwards TERM to the underlying bin/shakapacker --watch process, preventing Ruby interrupt backtraces when stopping bin/dev. Use bin/shakapacker-watch --watch in Procfiles instead of bin/shakapacker --watch.
  • Allowed webpack-cli v7 (^7.0.0) in peer dependencies. [PR #1021](shakacode/shakapacker#1021) by justin808. Fixes #1020. Note: webpack-cli v7 requires Node.js >= 20.9.0.

⚠️ Breaking Changes

Changed

  • Changed shakapacker:install to default webpack-cli installs to the latest v6 range. [PR #1021](shakacode/shakapacker#1021) by justin808. This keeps installs compatible with Node.js 20.0-20.8; v7 remains supported via peer dependencies for Node.js >= 20.9.0.
  • Changed dev server config handling to warn on deprecated middleware hooks and ignore them for webpack-dev-server v5. [PR #1021](shakacode/shakapacker#1021) by justin808. Use setup_middlewares instead of on_before_setup_middleware and on_after_setup_middleware.

Fixed

v10.0.0-rc.0

Added

  • Added bin/shakapacker-watch binstub for clean Ctrl-C shutdown in Procfile-based workflows. [PR #1026](shakacode/shakapacker#1026) by justin808. The new wrapper script traps INT/TERM signals and forwards TERM to the underlying bin/shakapacker --watch process, preventing Ruby interrupt backtraces when stopping bin/dev. Use bin/shakapacker-watch --watch in Procfiles instead of bin/shakapacker --watch.
  • Allowed webpack-cli v7 (^7.0.0) in peer dependencies. [PR #1021](shakacode/shakapacker#1021) by justin808. Fixes #1020. Note: webpack-cli v7 requires Node.js >= 20.9.0.

⚠️ Breaking Changes

... (truncated)

Changelog

Sourced from shakapacker's changelog.

[v10.0.0] - April 8, 2026

Added

  • Added bin/diff-bundler-config CLI for semantic bundler configuration diffs. [PR #973](shakacode/shakapacker#973) by justin808. Wraps the extracted pack-config-diff package to provide semantic diffing of webpack/rspack configurations with normalized exit codes. Supersedes #961.
  • Added bin/shakapacker-watch binstub for clean Ctrl-C shutdown in Procfile-based workflows. [PR #1026](shakacode/shakapacker#1026) by justin808. The new wrapper script traps INT/TERM signals and forwards TERM to the underlying bin/shakapacker --watch process, preventing Ruby interrupt backtraces when stopping bin/dev. Use bin/shakapacker-watch --watch in Procfiles instead of bin/shakapacker --watch.
  • Allowed webpack-cli v7 (^7.0.0) in peer dependencies. [PR #1021](shakacode/shakapacker#1021) by justin808. Fixes #1020. Note: webpack-cli v7 requires Node.js >= 20.9.0.

⚠️ Breaking Changes

Changed

  • Changed shakapacker:install to default webpack-cli installs to the latest v6 range. [PR #1021](shakacode/shakapacker#1021) by justin808. This keeps installs compatible with Node.js 20.0-20.8; v7 remains supported via peer dependencies for Node.js >= 20.9.0.
  • Changed dev server config handling to warn on deprecated middleware hooks and ignore them for webpack-dev-server v5. [PR #1021](shakacode/shakapacker#1021) by justin808. Use setup_middlewares instead of on_before_setup_middleware and on_after_setup_middleware.

Fixed

[v9.7.0] - March 15, 2026

Added

  • Added rspack v2 support. [PR #975](shakacode/shakapacker#975) by justin808. Peer dependencies now accept both rspack v1 and v2 (^1.0.0 || ^2.0.0-0). No source code changes were needed — all existing APIs work identically in v2. Note that rspack v2 requires Node.js 20.19.0+.

Fixed

  • Fixed config exporter path traversal and annotation format validation. [PR #914](shakacode/shakapacker#914) by justin808. Added safeResolvePath security check to prevent path traversal in export save paths, and enforced YAML format when using annotations with build exports.
  • Fixed webpack-subresource-integrity v5 named export handling. [PR #978](shakacode/shakapacker#978) by justin808. Supports both the default export (older versions) and the named SubresourceIntegrityPlugin export (v5.1+), preventing runtime breakage when upgrading the plugin. Fixes #972.

[v9.6.1] - March 8, 2026

Fixed

  • Fixed Env#current crashing when Rails is not loaded. [PR #963](shakacode/shakapacker#963) by ihabadham. Added defined?(Rails) guard to Shakapacker::Env#current so it falls back to RAILS_ENV/RACK_ENV environment variables when called from non-Rails Ruby processes (e.g., bin/dev scripts). Previously, this would raise a NameError and silently fall back to "production".

Documentation

  • Added Node package API documentation. [PR #900](shakacode/shakapacker#900) by justin808. New guide (docs/node_package_api.md) documenting the JavaScript API exports, configuration objects, import entrypoints for webpack and rspack, and built-in third-party support resources.

[v9.6.0] - March 7, 2026

Security

  • Removed default Access-Control-Allow-Origin: * header from dev server configuration. This header allowed any website to access dev server resources. If your setup runs webpack-dev-server on a different port from your Rails server, uncomment the headers section in config/shakapacker.yml to restore cross-origin asset loading. [PR #936](shakacode/shakapacker#936) by justin808. Fixes #935.

Added

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): Bump shakapacker from 9.2.0 to 10.0.0
63688fe 
Bumps [shakapacker](https://github.com/shakacode/shakapacker) from 9.2.0 to 10.0.0.
- [Release notes](https://github.com/shakacode/shakapacker/releases)
- [Changelog](https://github.com/shakacode/shakapacker/blob/main/CHANGELOG.md)
- [Commits](shakacode/shakapacker@v9.2.0...v10.0.0)

---
updated-dependencies:
- dependency-name: shakapacker
  dependency-version: 10.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels May 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants