There is currently no easy fix (dependency upgrade path) to fix the security issues without upgrading webpack to v5. This is the reason why I mentioned it here regarding to the question which version should be default in Rails 6.? (even considering that Rails 6.? will be supported quite some time. For example the postcss author did already release a backport to postcss 7 to fix a different security issue. He did that very reluctantly, see: https://github.com/postcss/postcss/issues/1574#issuecomment-859226586)
*edit: clarification - these group of “problems” are gone with webpacker v6 due to its thin-layer around webpack. The developer can take care of these problems itself.
I’ve been researching an upcoming blog article on how Shakapacker, the official follow-up fork successor to rails/webpacker came to be and the advantages of it compared to older versions of webpacker.
The retirement of webpacker with the successor of Shakapacker addresses the concerns brought up in this thread.
Below are a few specific responses.
I’m definitely open to feedback on what we can do better with Shakapacker!
@wwahammy commented:
but it seems almost like Webpacker is unmaintained at this point.
We’re updating Shakapacker on an almost daily basis.
- What is the release process for Webpacker? What is holding up a new release?
I’m going to release as soon as there are useful features and bug fixes needed by the community. I intend to do my best to comply with semantic versioning rules.
- What can interested people in the community do to move the Webpacker project forward? Can non-core Rails team members take on more responsibility and, if so, how?
Yes, please head over to Shakapacker, and open up Issues, PR, and Discussions. Or join our Slack discussion channel.
We won’t have this problem with Shakapacker as my React on Rails projects need good integration with Rails and React, currently via Webpack. Besides my own involvement, I’m also funding current and future team members to work on Shakapacker and related projects.
@Eusebius, Yes! Let’s make all this work great in Shakapacker!
3 Likes