Skip to content

CHANGELOG.md

Latest commit

 

History

History
311 lines (212 loc) · 14.8 KB

CHANGELOG.md

File metadata and controls

311 lines (212 loc) · 14.8 KB

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

0.19.0 - 2026-04-20

Added

  • IGNORE_APP_RELATIONSHIP env var. When set, the app field in target configs is ignored — targets are no longer triggered just because their corresponding app is tainted (only direct changes, lockfile changes, and tainted workspace imports apply).

0.18.1 - 2026-04-13

Changed

0.18.0 - 2026-04-10

Added

  • Global changeDirs field in .goodchangesrc.json (top-level, next to ignores). Matching files taint all exports (libraries) and trigger all targets in the package.

0.17.1 - 2026-04-10

Fixed

  • Detect runtime side-effect statements (e.g. console.log()) in entrypoint/barrel files as affecting all exports — previously these were misclassified as "comments/imports only" and seeded zero taint

0.17.0 - 2026-04-04

Changed

  • Breaking: Lockfile dep change detection now parses old and new pnpm-lock.yaml as YAML (gopkg.in/yaml.v3) instead of diffing text lines. Compares resolved versions for direct deps per importer, and BFS-walks the snapshots section to detect transitive dep version changes — a transitive change taints the direct dep that pulled it in.

0.16.7 - 2026-04-04

Changed

0.16.6 - 2026-04-04

Changed

0.16.5 - 2026-04-04

Changed

0.16.4 - 2026-04-04

Changed

0.16.3 - 2026-04-04

Changed

0.16.2 - 2026-04-04

Changed

0.16.1 - 2026-04-04

Changed

0.16.0 - 2026-04-04

Changed

  • Breaking: Merged target and virtual-target types into a unified target definition. The type field is removed. All targets now support app, targetName, changeDirs, lockfile detection, and fine-grained mode. targetName defaults to the package name when not set. changeDirs defaults to **/* when not set.

0.15.3 - 2026-02-23

Fixed

  • Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

0.15.2 - 2026-02-20

Fixed

  • Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

0.15.1 - 2026-02-17

Changed

0.15.0 - 2026-02-17

Added

  • lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
  • ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

0.14.2 - 2026-02-16

Added

  • Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

0.14.1 - 2026-02-16

Changed

0.14.0 - 2026-02-14

Added

  • JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

0.13.0 - 2026-02-14

Added

  • Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

0.12.0 - 2026-02-14

Changed

  • Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

0.11.2 - 2026-02-14

Fixed

  • Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

0.11.1 - 2026-02-14

Changed

  • Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

0.11.0 - 2026-02-14

Added

  • -v / --version flag prints the embedded version from the VERSION file

0.10.0 - 2026-02-14

Added

  • Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

0.9.5 - 2026-02-14

Changed

  • Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

0.9.4 - 2026-02-14

Fixed

  • Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

0.9.3 - 2026-02-14

Fixed

  • Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)

0.9.2 - 2026-02-14

Changed

  • CSS module imports (*.module.scss/*.module.css) with named bindings now use granular taint: only symbols that reference the imported binding are tainted, instead of all exports in the file

0.9.1 - 2026-02-14

Fixed

  • Changed CSS/SCSS files within a library now taint TS files that relatively import them (e.g. import "./styles.scss" taints all exports of the importing file)

0.9.0 - 2026-02-14

Changed

  • Breaking: changeDirs entries now use glob patterns instead of directory paths ("glob" field replaces "path")
  • Glob matching uses doublestar: * matches files in current dir, **/* matches all nested files, **/*.stories.tsx matches specific patterns
  • Ignores override glob matches: if a file matches a glob but is also in ignores, it is excluded
  • Fine-grained changeDirs only match TS/TSX source files

0.8.0 - 2026-02-14

Changed

  • When TARGETS is set, compute relevant package set (active targets + transitive dependencies) and skip change detection, library analysis, and transitive dependent walks for irrelevant packages

0.7.1 - 2026-02-14

Fixed

  • Load all .goodchangesrc.json configs once at startup instead of re-reading from disk per changed file and again during target detection

0.7.0 - 2026-02-14

Changed

  • Skip expensive target detection (file scanning, taint import checks) for targets excluded by TARGETS filter

0.6.0 - 2026-02-14

Added

  • Optional TARGETS env var to filter output by target name (comma-delimited, supports * wildcard globs)

0.5.1 - 2026-02-14

Fixed

  • Fix ignore globs not supporting ** patterns (e.g. scenarios/**/*.md) by replacing filepath.Match with doublestar.Match

0.5.0 - 2026-02-13

Added

  • Fine-grained virtual target detection: changeDirs entries can specify "type": "fine-grained" to collect specific affected files instead of triggering a full run
  • New FindAffectedFiles analyzer function for transitive file-level taint propagation within directories
  • Output format changed from []string to []{"name", "detections?"} for richer target information

Changed

  • changeDirs config field is now an array of objects ({"path": "...", "type?": "..."}) instead of plain strings

0.4.0 - 2026-02-13

Changed

  • Parallelize library analysis within the same topological level using goroutines

0.3.0 - 2026-02-13

Added

  • install.sh script for downloading and installing standalone binaries with SHA-256 verification

0.2.5 - 2026-02-13

Changed

0.2.4 - 2026-02-12

Changed

  • Trim release binaries to 6 targets: linux/amd64, linux/arm64, darwin/amd64, darwin/arm64, windows/amd64, windows/arm64

0.2.3 - 2026-02-12

Added

  • SHA-256 hash files (.sha256) for every release binary

0.2.2 - 2026-02-12

Fixed

  • Fix runner label for GitHub release job (runners-cxa-xlarge, not cxa-xlarge)

0.2.1 - 2026-02-12

Changed

  • Use cxa-xlarge runner for GitHub release job (cross-compiling 32 binaries)
  • Docker images limited to linux/amd64 and linux/arm64 only (other platforms served via standalone binaries)

0.2.0 - 2026-02-12

Added

  • Cross-platform standalone binaries attached to GitHub releases (32 targets)
  • Support for Linux, macOS, Windows, FreeBSD, OpenBSD, NetBSD, Solaris, Illumos, AIX, DragonFlyBSD

Changed

  • Docker build uses Go cross-compilation instead of QEMU emulation for faster multi-platform builds

0.1.0 - 2026-02-11

Added

  • Initial release
  • AST-level change detection for Rush monorepo libraries using vendored typescript-go parser
  • Taint propagation through workspace dependency graph (unlimited BFS hops)
  • Target and virtual target support via .goodchangesrc.json configuration
  • Lockfile dependency change detection (pnpm-lock.yaml)
  • Optional CSS/SCSS taint tracking and propagation through @use/@import chains
  • Optional type-only change detection (interfaces, type aliases, annotations)
  • Multi-stage Docker build
  • Automated vendor upgrade workflow