Bump shakapacker from 9.5.0 to 9.7.0 in /ruby-gem/spec/dummy

[dependabot]

Bumps shakapacker from 9.5.0 to 9.7.0.

Release notes

Sourced from shakapacker's releases.

v9.7.0

Added

• Added rspack v2 support. [PR #975](shakacode/shakapacker#975) by justin808. Peer dependencies now accept both rspack v1 and v2 (^1.0.0 || ^2.0.0-0). No source code changes were needed — all existing APIs work identically in v2. Note that rspack v2 requires Node.js 20.19.0+.

Fixed

• Fixed config exporter path traversal and annotation format validation. [PR #914](shakacode/shakapacker#914) by justin808. Added safeResolvePath security check to prevent path traversal in export save paths, and enforced YAML format when using annotations with build exports.
• Fixed webpack-subresource-integrity v5 named export handling. [PR #978](shakacode/shakapacker#978) by justin808. Supports both the default export (older versions) and the named SubresourceIntegrityPlugin export (v5.1+), preventing runtime breakage when upgrading the plugin. Fixes #972.

v9.6.1

[v9.6.1] - March 8, 2026

Fixed

• Fixed Env#current crashing when Rails is not loaded. [PR #963](shakacode/shakapacker#963) by ihabadham. Added defined?(Rails) guard to Shakapacker::Env#current so it falls back to RAILS_ENV/RACK_ENV environment variables when called from non-Rails Ruby processes (e.g., bin/dev scripts). Previously, this would raise a NameError and silently fall back to "production".

Documentation

• Added Node package API documentation. [PR #900](shakacode/shakapacker#900) by justin808. New guide (docs/node_package_api.md) documenting the JavaScript API exports, configuration objects, import entrypoints for webpack and rspack, and built-in third-party support resources.

v9.6.0

[v9.6.0] - March 7, 2026

Security

• Removed default Access-Control-Allow-Origin: * header from dev server configuration. This header allowed any website to access dev server resources. If your setup runs webpack-dev-server on a different port from your Rails server, uncomment the headers section in config/shakapacker.yml to restore cross-origin asset loading. [PR #936](shakacode/shakapacker#936) by justin808. Fixes #935.

Added

• Added SKIP=true installer mode to preserve existing files. [PR #926](shakacode/shakapacker#926) by justin808. Running rails shakapacker:install SKIP=true now skips conflicting files instead of overwriting them. This is useful for CI/CD pipelines and automated setups where you want to install only missing files without touching existing configuration.

• Export bundler utility functions for Webpack/Rspack compatibility. [PR #922](shakacode/shakapacker#922) by justin808. New utility functions that make it easier to write bundler-agnostic configuration code: isRspack, isWebpack, getBundler(), getCssExtractPlugin(), getCssExtractPluginLoader(), getDefinePlugin(), getEnvironmentPlugin(), and getProvidePlugin(). Users no longer need to write conditional logic to handle differences between Webpack and Rspack.

  // Before: manual conditional logic
  const { config } = require("shakapacker")
  const CssPlugin =
    config.assets_bundler === "rspack"
      ? require("@rspack/core").CssExtractRspackPlugin
      : require("mini-css-extract-plugin")
  // After: use bundler utilities
  const { getCssExtractPlugin } = require("shakapacker")
  const CssPlugin = getCssExtractPlugin()

Changed

• Changed default file rule type from asset/resource to asset. [PR #901](shakacode/shakapacker#901) by justin808. Static assets (images, fonts, SVGs) now use webpack/rspack's asset type instead of asset/resource, allowing the bundler to automatically inline small files as data URIs for better performance.
• Allow compression-webpack-plugin v12. [PR #937](shakacode/shakapacker#937) by G-Rath.

... (truncated)

Changelog

Sourced from shakapacker's changelog.

[v9.7.0] - March 15, 2026

Added

• Added rspack v2 support. [PR #975](shakacode/shakapacker#975) by justin808. Peer dependencies now accept both rspack v1 and v2 (^1.0.0 || ^2.0.0-0). No source code changes were needed — all existing APIs work identically in v2. Note that rspack v2 requires Node.js 20.19.0+.

Fixed

• Fixed config exporter path traversal and annotation format validation. [PR #914](shakacode/shakapacker#914) by justin808. Added safeResolvePath security check to prevent path traversal in export save paths, and enforced YAML format when using annotations with build exports.
• Fixed webpack-subresource-integrity v5 named export handling. [PR #978](shakacode/shakapacker#978) by justin808. Supports both the default export (older versions) and the named SubresourceIntegrityPlugin export (v5.1+), preventing runtime breakage when upgrading the plugin. Fixes #972.

[v9.6.1] - March 8, 2026

Fixed

• Fixed Env#current crashing when Rails is not loaded. [PR #963](shakacode/shakapacker#963) by ihabadham. Added defined?(Rails) guard to Shakapacker::Env#current so it falls back to RAILS_ENV/RACK_ENV environment variables when called from non-Rails Ruby processes (e.g., bin/dev scripts). Previously, this would raise a NameError and silently fall back to "production".

Documentation

• Added Node package API documentation. [PR #900](shakacode/shakapacker#900) by justin808. New guide (docs/node_package_api.md) documenting the JavaScript API exports, configuration objects, import entrypoints for webpack and rspack, and built-in third-party support resources.

[v9.6.0] - March 7, 2026

Security

• Removed default Access-Control-Allow-Origin: * header from dev server configuration. This header allowed any website to access dev server resources. If your setup runs webpack-dev-server on a different port from your Rails server, uncomment the headers section in config/shakapacker.yml to restore cross-origin asset loading. [PR #936](shakacode/shakapacker#936) by justin808. Fixes #935.

Added

• Added SKIP=true installer mode to preserve existing files. [PR #926](shakacode/shakapacker#926) by justin808. Running rails shakapacker:install SKIP=true now skips conflicting files instead of overwriting them. This is useful for CI/CD pipelines and automated setups where you want to install only missing files without touching existing configuration.

• Export bundler utility functions for Webpack/Rspack compatibility. [PR #922](shakacode/shakapacker#922) by justin808. New utility functions that make it easier to write bundler-agnostic configuration code: isRspack, isWebpack, getBundler(), getCssExtractPlugin(), getCssExtractPluginLoader(), getDefinePlugin(), getEnvironmentPlugin(), and getProvidePlugin(). Users no longer need to write conditional logic to handle differences between Webpack and Rspack.

  // Before: manual conditional logic
  const { config } = require("shakapacker")
  const CssPlugin =
    config.assets_bundler === "rspack"
      ? require("@rspack/core").CssExtractRspackPlugin
      : require("mini-css-extract-plugin")
  // After: use bundler utilities
  const { getCssExtractPlugin } = require("shakapacker")
  const CssPlugin = getCssExtractPlugin()

Changed

• Changed default file rule type from asset/resource to asset. [PR #901](shakacode/shakapacker#901) by justin808. Static assets (images, fonts, SVGs) now use webpack/rspack's asset type instead of asset/resource, allowing the bundler to automatically inline small files as data URIs for better performance.
• Allow compression-webpack-plugin v12. [PR #937](shakacode/shakapacker#937) by G-Rath.
• BREAKING: sass-loader now defaults to modern Sass API. [PR #879](shakacode/shakapacker#879) by justin808. The sass-loader configuration now uses api: "modern" instead of the deprecated legacy API. This improves compatibility with plugins like sass-resources-loader that require the modern API. If you experience issues after upgrading, you can revert to the legacy API by customizing your webpack config:

... (truncated)

Commits

• db297e3 Release 9.7.0
• 17bf648 Rename create_release to release and fix version.rb staging path (#986)
• 34e95ac Add v9.7.0 release notes to CHANGELOG (#985)
• 55af8b9 Port update-changelog improvements from react_on_rails (#982)
• 5d55b9a Fix webpack-subresource-integrity v5 named export handling (#978)
• d9232d8 Improve release-task dry-run UX and AUTO_CONFIRM docs (#981)
• f7ebb57 Fix claude-code-review checkout action version (#979)
• 73a08bd Remove yalc artifact from spec/dummy lockfiles (#977)
• 2df4659 Add rspack v2 support (#975)
• b259a0e Supersede #905: all-builds validation fix with lint unblock (#914)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)