Releases: zmaril/Straitjacket
Releases · zmaril/Straitjacket
Release list
v0.2.3
Fixed
duplicationin Markdown now honoursstraitjacket-allowmarkers too. A clone inside a doc's fenced code block carries a:<lang>tag on its source id (e.g.docs.md:bash), so the finding's path wasn't a real file — the suppression added in 0.2.2 couldn't open it and the marker was ignored. The:<lang>tag is now stripped, which also tidies the reported path.
Install: curl -fsSL https://raw.githubusercontent.com/zmaril/straitjacket/main/install.sh | sh
Full changelog: v0.2.2...v0.2.3
v0.2.2
Fixed
duplicationfindings now honourstraitjacket-allowmarkers. The cross-file copy/paste pass runs separately from the per-file rules, soallow-file:duplication(and line-scopedstraitjacket-allow) previously had no effect on a clone — you couldn't suppress a genuinely-coincidental duplicate, which blocked gating a repo on duplication. They're now filtered through the same suppression the other rules use.
Install: curl -fsSL https://raw.githubusercontent.com/zmaril/straitjacket/main/install.sh | sh
Full changelog: v0.2.1...v0.2.2
v0.2.1
Fixed
inline-fontno longer flags a quoted CSS variable —fontFamily: "var(--mantine-font-family-monospace)"is a token reference just like the barevar(--x)form, so both are allowed now. A quoted font ("Inter") is still a hardcoded literal and stays flagged.
Install: curl -fsSL https://raw.githubusercontent.com/zmaril/straitjacket/main/install.sh | sh
Full changelog: v0.2.0...v0.2.1
v0.2.0
Added
- SARIF output —
--format sarifemits SARIF 2.1.0 for GitHub code scanning, and--sarif <PATH>writes SARIF to a file alongside the normal stdout report. The GitHub Action now uploads SARIF by default (annotations on the PR diff + Security tab); grantsecurity-events: writeto enable the upload. Still gates on findings —no-fail: "true"opts out,sarif: "false"disables the upload.
Changed
effect-in-componentis now scope-aware: it flags auseEffectonly when defined inside a component's body, not merely present in a file that has a component. Effects inside a co-locateduse*hook are fine.- Upgrade the OXC crates from 0.133 to 0.138.
Fixed
inline-fontno longer flags a font token reference (fontFamily: MONO) or bare generic families (monospace,sans-serif). Only a quoted font or a hardcoded multi-family stack is flagged.
Install: curl -fsSL https://raw.githubusercontent.com/zmaril/straitjacket/main/install.sh | sh
Full changelog: v0.1.0...v0.2.0