mozfreddyb
commented
1 year ago v4? There is no version 4
Closed tyteen4a03 closed 1 year ago
mozfreddyb
commented
1 year ago v4? There is no version 4
mozfreddyb
commented
1 year ago We usually do not do changelogs or release notes. I think it's best you go through the commit logs and linked issues manually. If something doesn't make sense (which should rarely be the case), feel free to ask in the respective GitHub issues even if they are marked as closed.
tyteen4a03
commented
1 year ago According to https://github.com/mozilla/eslint-plugin-no-unsanitized/blob/87f185c3087a38b8f0220002e57211140913ef56/package.json#L4 we are currently on 4.0.1.
It would be much more helpful for ensure to have a changelog, or at least document the BC-breaking changes between major versions.
mozfreddyb
commented
1 year ago OK, to answer your question for version 4.0: We made the "variable tracing" feature that we introduced in https://github.com/mozilla/eslint-plugin-no-unsanitized/commit/07c343c1b8c2bd915b8b3ffa89596516f7525c5c from disabled to enabled by default. The new version will therefore find way more potential security issues and generally complain a bit more thoroughly. We made the bump so that people will expect new and more linter warnings than the version before.
As mentioned at the start of our README file, this plugin is built for and used within Mozilla to maintain and improve the security of our products and services.
You're free to use this, but the little time I have to work on this project would go to waste if I also had to maintain a changelog.
Hi, I'm currently dependent on the v3 release. I can't seem to find a changelog detailing what BC breaks v4 had, could this be added please?