Immutable
release. Only release title and notes can be modified.
Security Patches & API Improvements
Expose configurableOptions on Rule Instances (UMD)
Resolves #298. Third-party consumers of the UMD build (e.g. browser extensions) can now dynamically discover rule configuration capabilities without hardcoding rule-specific knowledge.
getRules() now reliably exposes configurableOptions on all configurable rule instances:
const rules = lightningflowscanner.getRules();
for (const rule of rules) {
if (rule.isConfigurable && rule.configurableOptions) {
for (const opt of rule.configurableOptions) {
console.log(`${rule.name}: ${opt.name} (${opt.type}), default: ${opt.defaultValue}`);
// APIVersion: expression (expression), default: ">= 50"
// CyclomaticComplexity: threshold (number), default: 25
// FlowName: expression (expression), default: "[A-Za-z0-9]+_[A-Za-z0-9]+"
}
}
}The ConfigurableOption type is now also exported from the public API for consumers who want to type against it.
Security Patches
Several dependencies were updated to resolve known vulnerabilities:
- vite updated from 6.4.1 → 6.4.3 — resolves
server.fs.denybypass on Windows alternate paths (high) and NTLMv2 hash disclosure via UNC path handling (medium) - turbo updated from ^2.6.1 → ^2.9.14 — resolves login callback CSRF/session fixation (medium) and unexpected local code execution during Yarn Berry detection (low)
- uuid updated from ^11.0.5 → ^11.1.1 — resolves missing buffer bounds check in v3/v5/v6
Release tags:
Action: action-v3.7.2
Core: core-v6.19.3
CLI: v6.19.4
VSX: vsx-v3.4.2