Skip to content

Security Patches & API Improvements

Latest

Choose a tag to compare

@RubenHalman RubenHalman released this 04 Jul 12:14
Immutable release. Only release title and notes can be modified.

Security Patches & API Improvements

Expose configurableOptions on Rule Instances (UMD)

Resolves #298. Third-party consumers of the UMD build (e.g. browser extensions) can now dynamically discover rule configuration capabilities without hardcoding rule-specific knowledge.

getRules() now reliably exposes configurableOptions on all configurable rule instances:

const rules = lightningflowscanner.getRules();
for (const rule of rules) {
  if (rule.isConfigurable && rule.configurableOptions) {
    for (const opt of rule.configurableOptions) {
      console.log(`${rule.name}: ${opt.name} (${opt.type}), default: ${opt.defaultValue}`);
      // APIVersion: expression (expression), default: ">= 50"
      // CyclomaticComplexity: threshold (number), default: 25
      // FlowName: expression (expression), default: "[A-Za-z0-9]+_[A-Za-z0-9]+"
    }
  }
}

The ConfigurableOption type is now also exported from the public API for consumers who want to type against it.

Security Patches

Several dependencies were updated to resolve known vulnerabilities:

  • vite updated from 6.4.1 → 6.4.3 — resolves server.fs.deny bypass on Windows alternate paths (high) and NTLMv2 hash disclosure via UNC path handling (medium)
  • turbo updated from ^2.6.1 → ^2.9.14 — resolves login callback CSRF/session fixation (medium) and unexpected local code execution during Yarn Berry detection (low)
  • uuid updated from ^11.0.5 → ^11.1.1 — resolves missing buffer bounds check in v3/v5/v6

Release tags:

Action: action-v3.7.2
Core: core-v6.19.3
CLI: v6.19.4
VSX: vsx-v3.4.2