Update react-on-rails-rsc to 19.0.5-rc.6

[justin808]

Summary

• Update react-on-rails-rsc to 19.0.5-rc.6.
• Refresh yarn.lock to the published rc.6 package integrity.

Rationale

• There is no stable react-on-rails-rsc@19.0.5 on npm yet; rc.6 is the current published release candidate for this integration path.
• Follow-up: move to stable 19.0.5 after it is published.

Verification

• npm view react-on-rails-rsc@19.0.5-rc.6 version dist.integrity dist.shasum --json --prefer-online
• npm pack react-on-rails-rsc@19.0.5-rc.6 --pack-destination /tmp/ror-rsc-registry-pack-rc6 --prefer-online
• yarn install --frozen-lockfile --non-interactive
• bundle exec rake react_on_rails:locale
• bundle exec rails react_on_rails:generate_packs
• git diff --check

Note

• The branch name was created for rc.4 before this PR was refreshed to later release candidates. The PR title, package.json, yarn.lock, and this body are authoritative for rc.6.

[coderabbitai]

Walkthrough

Updated react-on-rails-rsc dependency from 19.0.4 to 19.0.5-rc.6 in package.json.

Changes

Dependency Version Update

Layer / File(s)	Summary
React-on-Rails-RSC version update package.json	Updated react-on-rails-rsc from 19.0.4 to 19.0.5-rc.6.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A tiny hop, a version nudge,
From .4 to -rc.6 I trudge,
In package.json I softly write,
One-line change, tidy and light,
🌿 npm dreams hopping through the night

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main change: updating react-on-rails-rsc to 19.0.5-rc.6, which matches the actual version specified in package.json.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch jg-codex/rollout-rsc-19.0.5-rc.4

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🚀 Quick Review App Commands

Welcome! Here are the commands you can use in this PR:
They require the repository to have cpflow review apps configured, including the CPLN_TOKEN_STAGING secret.

+review-app-deploy

Deploy your PR branch for testing.

+review-app-delete

Remove the review app when done.

+review-app-help

Show detailed instructions, environment setup, and configuration options.

Comment +review-app-help for full setup details.

[claude]

Code Review

Overview

This PR bumps react-on-rails-rsc from 19.0.4 (stable) to 19.0.5-rc.4 (release candidate) and refreshes the lockfile accordingly. Only 2 files are touched; no application logic or configuration changes.

---

What looks good

• Diff is correct and consistent: yarn.lock properly reflects the new version string, updated tarball URL, and new integrity hash.
• Transitive dependencies unchanged: The acorn-loose and neo-async dependencies for the package remain identical — no unexpected version churn.
• Minimal blast radius: Only the RSC integration package is updated; nothing else in the dependency tree is affected.

---

Concerns

1. RC version in the main branch
The version being pinned (19.0.5-rc.4) is a release candidate, not a stable release. Using RC packages in production carries the risk of undocumented breaking changes, missing fixes between RC cuts, or the RC never reaching a stable release in its current form. Is there a specific bug fix or feature in rc.4 that requires this upgrade before the stable 19.0.5 is published?

2. No changelog or motivation link
The PR body describes what changed but not why the RC is needed now. Linking to the react-on-rails-rsc changelog or the specific issue/commit this RC resolves would make it easier to assess risk and revisit later.

3. Integrity hash length (minor)
The old integrity hash appears truncated relative to a standard sha512-base64 output (88 characters). The new hash looks correctly formed. This is likely a display artifact of how yarn formats hashes, but worth a quick yarn install --frozen-lockfile on a clean checkout to confirm.

---

Recommendation

Approve with a minor suggestion: If there is a concrete reason to use the RC (e.g., a bug that blocks work), document it in the PR description. If the stable release is imminent, it may be worth waiting for 19.0.5 stable. The diff mechanics are correct and the change is otherwise low-risk.

[justin808]

Blocked for now: local verification found that the published react-on-rails-rsc@19.0.5-rc.4 tarball still vendors dist/react-server-dom-webpack/package.json at 19.0.3, and its client runtime reports reconcilerVersion: "19.0.3". That conflicts with the React on Rails docs/checks that require 19.0.4+ for the RSC runtime. Please do not merge this rc.4 rollout PR until a corrected RSC package, likely rc.5, is published and this branch is updated.

[claude]

Code Review

Overview

This PR bumps react-on-rails-rsc from 19.0.4 → 19.0.5-rc.5 and refreshes the corresponding yarn.lock entry. Only two files change; there are no application source modifications.

---

Issues

🔴 Version mismatch — PR metadata vs. actual change
The PR title, branch name (jg-codex/rollout-rsc-19.0.5-rc.4), and the body summary all say rc.4, but package.json and yarn.lock are actually set to 19.0.5-rc.5. This makes the PR description an unreliable changelog entry and will confuse anyone correlating the branch/title to what was actually merged. The title, description, and ideally the branch should be updated to match rc.5.

🟡 Stable → Release Candidate regression
19.0.4 is a stable release; 19.0.5-rc.5 is a pre-release. Pinning an RC in package.json means this dependency will never be auto-updated to a stable release by renovate/dependabot without a manual PR. The PR body should explicitly justify why the RC is needed right now (e.g., a required bug fix not yet in a stable release) and include a follow-up plan to move to 19.0.5 once it ships.

🟡 PR title says "Blocked"
The title prefix Blocked: signals this isn't ready to merge, but there's no explanation of what is blocking it or what condition must be met before it can proceed. Adding a blocking reason (e.g., "waiting for upstream stable release", "blocked on CI failure") would make triage easier.

---

Lockfile

The yarn.lock diff looks correct — the resolved tarball URL, version string, and sha512 integrity hash are all updated consistently. No concerns there.

---

Validation Steps

The PR body lists:

yarn install --frozen-lockfile
RAILS_ENV=test bin/conductor-exec bundle exec rails react_on_rails:locale && bin/conductor-exec yarn build:test

These are appropriate for a dependency-only bump. Confirm the build passes with the RC before merging.

---

Summary

Area	Status
Diff correctness (lockfile consistent)	✅
Version in title/branch matches code	❌ rc.4 vs rc.5
Justification for RC over stable	⚠️ Missing
Blocking reason explained	⚠️ Missing
Test/build validation described	✅

The change itself is minimal and low-risk, but the metadata inconsistency should be fixed before merge to keep the git history and PR record accurate.

[greptile-apps]

Greptile Summary

This PR updates the react-on-rails-rsc package from the stable 19.0.4 release to the 19.0.5-rc.5 release candidate, and refreshes the yarn.lock entry to match the new published artifact.

• package.json: Single version string change; the RC pin is consistent with react-on-rails-pro and react-on-rails-pro-node-renderer already being pinned to 16.7.0-rc.3 in this project.
• yarn.lock: Updated resolved URL and SHA-512 integrity hash for the new RC tarball; both the old and new hashes are valid 512-bit digests and no other lock entries were touched.

Confidence Score: 5/5

A narrow, well-scoped dependency bump with a verified registry artifact, passing CI, and a matching lock file update — safe to merge.

Only two lines in package.json and four lines in yarn.lock changed. The new RC tarball is published on the npm registry, the SHA-512 digest in the lock file is well-formed, and the PR author confirmed frozen-lockfile install and CI green on Node 22.x / Ruby 3.4.6. Moving from a stable to an RC version is the only risk surface, and it mirrors the pattern already established by the other react-on-rails-pro RC pins in this project.

No files require special attention.

Important Files Changed

Filename	Overview
package.json	Single dependency version bump: react-on-rails-rsc from 19.0.4 (stable) to 19.0.5-rc.5 (release candidate). Consistent with other RC-pinned react-on-rails packages already in this file.
yarn.lock	Lock file entry updated for react-on-rails-rsc@19.0.5-rc.5 with correct resolved URL and valid SHA-512 integrity hash. No other entries changed.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[package.json\nreact-on-rails-rsc] -->|was| B["19.0.4\n(stable)"]
    A -->|now| C["19.0.5-rc.5\n(release candidate)"]
    C --> D[yarn.lock updated\nresolved URL + SHA-512 integrity]
    D --> E[CI passed\nNode 22.x / Ruby 3.4.6]

Loading

_{Reviews (1): Last reviewed commit: "Update react-on-rails-rsc to 19.0.5-rc.5" | Re-trigger Greptile}

[claude]

Code Review: Update react-on-rails-rsc to 19.0.5-rc.5

Overview

Small, focused dependency bump: react-on-rails-rsc from stable 19.0.4 → pre-release 19.0.5-rc.5. Two files changed — package.json and the corresponding yarn.lock integrity update.

Positives

• Verification steps are well-documented in the PR description (npm registry check, frozen lockfile install, rake tasks, CI green on Node 22.x / Ruby 3.4.6).
• The yarn.lock integrity hash and resolved URL are updated correctly and consistently.
• Pre-release dependencies are the established norm in this repo (@rspack/core@2.0.0-beta.7, react-on-rails-pro@16.7.0-rc.3, etc.), so this is consistent.

Concerns

Stable → pre-release regression
This bumps from a stable release (19.0.4) to a release candidate (19.0.5-rc.5). While pre-releases are common here, it would be helpful to explain why rc.5 is preferable to waiting for the stable 19.0.5 — e.g., does it contain a specific bug fix or RSC feature needed by this tutorial?

Branch name / version mismatch
The branch is named jg-codex/rollout-rsc-19.0.5-rc.4 but the actual version bumped to is rc.5. Minor cosmetic issue, but worth noting for traceability.

No changelog reference
The PR doesn't link to a react-on-rails-rsc changelog or release notes for 19.0.5-rc.5. A link would make it easier to audit what changed and why this RC is safe to depend on.

Summary

LGTM as a mechanical dependency bump with solid verification. Adding a brief note on why rc.5 over stable (or waiting for stable) would improve the rationale.

[claude]

Code Review

Overview

This PR bumps react-on-rails-rsc from 19.0.4 (stable) to 19.0.5-rc.6 (release candidate), updating both package.json and the corresponding yarn.lock entry. The diff is minimal and focused — exactly two files, exactly the right lines changed.

---

What's Good

• Lockfile integrity is correct: The resolved URL, version, and integrity hash in yarn.lock are all updated consistently. No stale or mismatched entries.
• Thorough PR description: Verification steps (npm view, npm pack, yarn install --frozen-lockfile) are documented and give reviewers confidence the package was validated before submitting.
• Explicit follow-up noted: The body calls out that this should move to stable 19.0.5 once published, which prevents scope creep here.

---

Concerns

1. Shipping a release candidate in a tutorial repository (main concern)

Moving from a stable release (19.0.4) to a release candidate (19.0.5-rc.6) in a public tutorial repo means learners will pull and run pre-release software without necessarily realising it. If rc.6 has instability or breaking changes before the stable release, bug reports will arrive against the tutorial rather than the upstream package.

Recommendation: Unless there is a specific bug in 19.0.4 that blocks a tutorial feature, prefer waiting for stable 19.0.5. If the RC is genuinely required right now, consider adding a comment in package.json next to the version, or a note in the README/CLAUDE.md, so readers understand it is temporary.

2. Branch name / PR title mismatch

The branch is named jg-codex/rollout-rsc-19.0.5-rc.4 while the PR targets rc.6. The PR body acknowledges this, but it creates a paper-trail inconsistency in git history. Low severity, but worth noting for a repo used as a learning reference.

3. No follow-up issue tracked

The PR body promises a follow-up to pin to stable 19.0.5. If there is no corresponding GitHub issue, this is likely to be forgotten once the PR merges.

Recommendation: Open a tracking issue so the stable upgrade does not slip.

---

Security

No concerns — the yarn.lock integrity hash (sha512) is updated to match the new tarball, so yarn install --frozen-lockfile will verify the download correctly.

Summary

The mechanical change is correct. The main question is whether upgrading to a release candidate in a tutorial repo is the right call right now. If there is a functional reason to need rc.6 (bug fix, required API), this is fine to merge with a tracking issue for the stable follow-up. If not, consider waiting for stable 19.0.5.

[claude]

This pins to a release candidate rather than a stable release. For a tutorial repo that learners clone and run directly, pre-release versions can be a source of unexpected breakage that's hard to diagnose.

If 19.0.4 has a known bug that rc.6 fixes and is blocking something in the tutorial, this is reasonable — but please open a follow-up issue to upgrade to stable 19.0.5 once it's published, so it doesn't get forgotten.

If there's no blocking issue with 19.0.4, consider waiting for the stable release before merging.

[github-actions]

✅ Review App Deleted

Review app for PR #762 is deleted

🎮 Control Plane Console
📋 View Workflow Logs