Prepare v4.5.0 stable release#150
Merged
Merged
Conversation
Bumps [sentencepiece](https://github.com/google/sentencepiece) from 0.2.0 to 0.2.1. - [Release notes](https://github.com/google/sentencepiece/releases) - [Commits](google/sentencepiece@v0.2.0...v0.2.1) --- updated-dependencies: - dependency-name: sentencepiece dependency-version: 0.2.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [cryptography](https://github.com/pyca/cryptography) from 44.0.2 to 46.0.5. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@44.0.2...46.0.5) --- updated-dependencies: - dependency-name: cryptography dependency-version: 46.0.5 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* feat: add v4.4 bridge release runway * docs: clarify contributor workflow * style: apply lint formatting
Security cleanup tracked in DFPY-60.
Security cleanup tracked in DFPY-61.
Refs DFPY-71
Refs DFPY-74
Refs DFPY-75
Refs DFPY-72
Refs DFPY-73
Refs DFPY-76
Refs DFPY-67
Co-authored-by: Pranjal Parmar <pranjalrparmar@gmail.com>
DFPY-79: Prepare 4.5 release readiness
Two silent behavior regressions found in the 4.5.0 pre-release review: - The SSN pattern had gained (?<!DE) lookbehinds to stop German VAT IDs double-matching as SSNs, but the pattern is always active, so default (no-locale) users silently lost detection of nine-digit runs preceded by 'DE', 'DE ', or 'DE-'. Restore the exact v4.4.0 pattern and let the engine's span-overlap suppression resolve the DE_VAT_ID overlap only when German locale support is active. - DataFog.detect() pre-populated its result dict from the full LABELS list, adding seven always-empty DE_* keys for every caller. Scope the keys to the labels active under the configured locales via a new RegexAnnotator.active_labels_for() classmethod. Both changes are covered by new regression tests pinning the default (v4.4.0-parity) behavior.
Release-readiness cleanups from the 4.5.0 pre-release review: - Date the 4.5.0 changelog entry and add a 'Behavior Changes Since 4.4.0' section covering the guardrail helpers' regex default (with engine="smart" migration guidance), the locale-scoped detect() output shape, and the intentional Python <3.14 cap. - Fix the stale claim that German VAT IDs/IBANs are detected by default (all German labels are locale-gated) in the changelog and the release readiness doc, and fix the stale 4.4.0a5 version-alignment note. - Document the regex default on Guardrail and the sanitize/scan_prompt/ filter_output helpers, and pin the defaults with a regression test so they cannot drift silently again. - Sync .bumpversion.cfg current_version (4.4.0a5 -> 4.5.0b5) with __about__.py.
The lint job started failing because prettier now reformats docs/audit/01-coverage-baseline.md, a UTF-16LE-encoded captured test log committed as a historical audit artifact (#121). The file hasn't changed since the last green run on dev, so this is hook-environment drift on the runner, not a content change. Exclude docs/audit/ from the prettier hook: these are quarantined historical artifacts and letting prettier rewrite a UTF-16 test log would corrupt it. Verified pre-commit run --all-files passes locally.
fix: 4.5.0 release-review fixes — detection parity, changelog, release metadata
Merge dev into main for the 4.5.0 stable release. The merge tree is set to dev's tree exactly: main's only unique history is the v4.4.0 release snapshot (#133), whose content was already synced back to dev in #134, and a naive auto-merge would have reintroduced stale 4.4.0 code (duplicate scan/redact definitions in datafog/__init__.py and the retired Python 3.13 nlp matrix exclusions in ci.yml). Verified: git diff origin/dev is empty on the merge result.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Merges
devintomainfor the 4.5.0 stable release. Last stable release was v4.4.0 (#133); this brings the 73 commits since, including the 4.5.0 release-review fixes from #149.Merge resolution note
The merge tree is set to dev's tree exactly (
git diff origin/devon the result is empty). This was deliberate:__about__.py,README.md,release.yml, docs, etc.) — all correctly resolve to dev's side, since main's only unique history is the v4.4.0 release snapshot whose content was already synced back to dev in Sync dev version after v4.4.0 release #134.scan()/redact()definitions indatafog/__init__.py(main's copies sat at a different offset than dev's restructured versions) and the retired Python 3.13nlp/nlp-advancedCI matrix exclusions. Setting the tree to dev's exactly avoids both.What ships in 4.5.0 (highlights)
DO_NOT_TRACKhonored)locales=["de"])CHANGELOG.MD(dated 2026-07-02)Test plan
git diff origin/devempty on the merge resultrelease_type=stablewithdry_run=true, verify it reports 4.5.0, then re-dispatch withdry_run=false