webpack 5.106.0 (released 2026-04-08) introduces a codegen bug where
anonymous default exports generate a reference to __WEBPACK_DEFAULT_EXPORT__
without declaring it when output.environment.const is false. This causes
ReferenceError at runtime in ExecJS-based SSR.

Upstream bug: webpack/webpack#20793
Upstream fix (draft): webpack/webpack#20796

Pin webpack <5.106.0 in all three dummy app package.json files and add
a pnpm override as a safety net across all workspaces.

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>

webpack 5.106.0 (released 2026-04-08) introduces a codegen bug where
anonymous default exports generate a reference to __WEBPACK_DEFAULT_EXPORT__
without declaring it when output.environment.const is false. This causes
ReferenceError at runtime in ExecJS-based SSR.

Upstream bug: webpack/webpack#20793
Upstream fix (draft): webpack/webpack#20796

Pin webpack <5.106.0 in all three dummy app package.json files and add
a pnpm override as a safety net across all workspaces.

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>

## Summary

- **webpack 5.106.0** (released 2026-04-08) introduces a codegen bug in
anonymous default exports that causes `ReferenceError:
__WEBPACK_DEFAULT_EXPORT__ is not defined` at runtime in ExecJS-based
SSR
- Upstream bug: webpack/webpack#20793
- Upstream fix (draft): webpack/webpack#20796

### Changes

- Cap webpack `<5.106.0` in all three dummy app `package.json` files:
- `react_on_rails/spec/dummy/package.json`: `^5.104.1` → `>=5.76.0
<5.106.0`
- `react_on_rails_pro/spec/dummy/package.json`: `5` → `>=5.0.0 <5.106.0`
- `react_on_rails_pro/spec/execjs-compatible-dummy/package.json`: `5` →
`>=5.0.0 <5.106.0`
- Add pnpm override in root `package.json` as a safety net across all
workspaces
- Updated `pnpm-lock.yaml` — all workspaces now resolve to webpack
5.105.2

### Context

Same codebase, same commit on main — CI passed at 10:48 UTC (webpack
5.105.4), failed at 16:44 UTC (webpack 5.106.0). Only ExecJS-based SSR
is affected; the node renderer is unaffected.

This override should be removed once webpack ships a patched release.

## Test plan

- [ ] CI passes (gem-tests, package-js-tests, pro-integration-tests)
- [ ] Verify webpack resolves to <5.106.0 in all workspaces

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Limits the allowed `webpack` range across workspaces, which can affect
build outputs and CI, but is a constrained dependency change intended to
prevent a known SSR runtime regression.
> 
> **Overview**
> Caps `webpack` to `>=5.76.0 <5.106.0` via a root `pnpm.overrides`
entry and aligns all dummy app `package.json` files to the same range to
prevent the `[email protected]` ExecJS SSR breakage.
> 
> Regenerates `pnpm-lock.yaml` so installs consistently resolve to
`[email protected]` and updates related lockfile peer/dependency metadata
accordingly.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
e25f387. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Chores**
* Standardized webpack dependency version constraints across development
packages to ensure compatible versions are installed consistently
throughout all environments. This update improves build stability and
performance, reduces version-related conflicts and compatibility issues,
and maintains build tool reliability across development stages and
deployment workflows.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]>

## Summary

- **webpack 5.106.0** (released 2026-04-08) introduces a codegen bug in
anonymous default exports that causes `ReferenceError:
__WEBPACK_DEFAULT_EXPORT__ is not defined` at runtime in ExecJS-based
SSR
- Upstream bug: webpack/webpack#20793
- Upstream fix (draft): webpack/webpack#20796

### Changes

- Cap webpack `<5.106.0` in all three dummy app `package.json` files:
- `react_on_rails/spec/dummy/package.json`: `^5.104.1` → `>=5.76.0
<5.106.0`
- `react_on_rails_pro/spec/dummy/package.json`: `5` → `>=5.0.0 <5.106.0`
- `react_on_rails_pro/spec/execjs-compatible-dummy/package.json`: `5` →
`>=5.0.0 <5.106.0`
- Add pnpm override in root `package.json` as a safety net across all
workspaces
- Updated `pnpm-lock.yaml` — all workspaces now resolve to webpack
5.105.2

### Context

Same codebase, same commit on main — CI passed at 10:48 UTC (webpack
5.105.4), failed at 16:44 UTC (webpack 5.106.0). Only ExecJS-based SSR
is affected; the node renderer is unaffected.

This override should be removed once webpack ships a patched release.

## Test plan

- [ ] CI passes (gem-tests, package-js-tests, pro-integration-tests)
- [ ] Verify webpack resolves to <5.106.0 in all workspaces

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Limits the allowed `webpack` range across workspaces, which can affect
build outputs and CI, but is a constrained dependency change intended to
prevent a known SSR runtime regression.
> 
> **Overview**
> Caps `webpack` to `>=5.76.0 <5.106.0` via a root `pnpm.overrides`
entry and aligns all dummy app `package.json` files to the same range to
prevent the `[email protected]` ExecJS SSR breakage.
> 
> Regenerates `pnpm-lock.yaml` so installs consistently resolve to
`[email protected]` and updates related lockfile peer/dependency metadata
accordingly.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
e25f387. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Chores**
* Standardized webpack dependency version constraints across development
packages to ensure compatible versions are installed consistently
throughout all environments. This update improves build stability and
performance, reduces version-related conflicts and compatibility issues,
and maintains build tool reliability across development stages and
deployment workflows.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]>

Webpack 5.106.1 (released 2026-04-10) ships the fix for the anonymous
default export regression that caused ReferenceError:
__WEBPACK_DEFAULT_EXPORT__ is not defined in ExecJS-based SSR
(webpack/webpack#20796). The pin added to shakapacker_examples.rake is
no longer needed — generated example apps will now install webpack
5.106.x uncapped.

The companion package.json / pnpm.override pins were removed in the
preceding revert commit.

Closes #3166.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>

Webpack 5.106.1 (released 2026-04-10) shipped the upstream fix for the ExecJS SSR regression that made us pin <5.106.0 (webpack/webpack#20796). 5.106.2 followed on 2026-04-15. The pin is no longer needed.

- Reverts the package.json / pnpm.overrides pins from #3095
- Removes the pin_webpack_version method and its call site from shakapacker_examples.rake (added in #3097)

Empirically validated: the examples (3.4, latest) CI job compiled webpack 5.106.2 successfully in rake-generated example apps — the exact path that originally broke at 5.106.0.

Closes #3166.