Skip to content

fix: 4.5.0 release-review fixes — detection parity, changelog, release metadata#149

Merged
sidmohan0 merged 3 commits into
devfrom
fix/4.5-release-review
Jul 2, 2026
Merged

fix: 4.5.0 release-review fixes — detection parity, changelog, release metadata#149
sidmohan0 merged 3 commits into
devfrom
fix/4.5-release-review

Conversation

@sidmohan0

Copy link
Copy Markdown
Contributor

Summary

Fixes from the pre-release code review of the v4.4.0 → 4.5.0 diff. Two silent detection regressions plus release-metadata cleanups, all blocking or recommended-before-stable.

Detection parity (HIGH)

  • Restore v4.4.0 SSN behavior for default users. The base SSN pattern had gained (?<!DE)/(?<!DE\s)/(?<!DE-) lookbehinds (added to stop German VAT IDs double-matching as SSNs), but the pattern is always active — so default (no-locale) users silently lost SSN detection for inputs like DE 123456789. The exact v4.4.0 pattern is restored; the DE_VAT_ID overlap is instead resolved by the engine's existing span-overlap suppression, which only applies when locales=["de"] is active. Regression tests pin both behaviors.
  • Scope DataFog.detect() output keys to configured locales. Previously returned seven always-empty DE_* keys for every caller; now returns the 7 base keys by default and includes DE_* keys only when constructed with locales=["de"] (matching the documented backward-compatible v4.4.0 shape). Implemented via a new RegexAnnotator.active_labels_for() classmethod.

Guardrail engine default — documented, not reverted

The smartregex default change on sanitize/scan_prompt/filter_output/create_guardrail/Guardrail is kept (it aligns with the top-level scan/redact/protect defaults and the no-network core design gates), but it is no longer silent:

  • New "Behavior Changes Since 4.4.0" section at the top of the changelog with engine="smart" migration guidance
  • Docstring notes on Guardrail and all three helpers
  • A regression test pinning the defaults so they can't drift silently again

Release metadata

  • CHANGELOG dated for 4.5.0; fixed stale "German VAT IDs/IBANs detected by default" claim (all German labels are locale-gated) here and in docs/v45-release-readiness.rst; fixed stale 4.4.0a5 version-alignment note
  • .bumpversion.cfg synced to 4.5.0b5 to match __about__.py
  • Python <3.14 cap documented as intentional in the behavior-changes section

Test plan

  • Full non-slow suite: 544 passed, 0 new failures (3 pre-existing spacy-integration failures reproduce on the pristine tree in a core-only env; covered by CI's full matrix)
  • New regression tests: default SSN parity for country-prefixed digits, DE-locale VAT/SSN suppression, detect() output shapes, guardrail engine defaults
  • Live behavioral checks: scan("Reference DE 123456789") → SSN by default / DE_VAT_ID with locales=["de"]; detect() returns 7 keys default, 14 with German locale; core-path helpers emit zero warnings
  • black / isort / flake8 clean on all modified files
  • CI matrix (including nlp/nlp-advanced profiles) green

sidmohan0 added 3 commits July 2, 2026 09:55
Two silent behavior regressions found in the 4.5.0 pre-release review:

- The SSN pattern had gained (?<!DE) lookbehinds to stop German VAT IDs
  double-matching as SSNs, but the pattern is always active, so default
  (no-locale) users silently lost detection of nine-digit runs preceded
  by 'DE', 'DE ', or 'DE-'. Restore the exact v4.4.0 pattern and let the
  engine's span-overlap suppression resolve the DE_VAT_ID overlap only
  when German locale support is active.

- DataFog.detect() pre-populated its result dict from the full LABELS
  list, adding seven always-empty DE_* keys for every caller. Scope the
  keys to the labels active under the configured locales via a new
  RegexAnnotator.active_labels_for() classmethod.

Both changes are covered by new regression tests pinning the default
(v4.4.0-parity) behavior.
Release-readiness cleanups from the 4.5.0 pre-release review:

- Date the 4.5.0 changelog entry and add a 'Behavior Changes Since
  4.4.0' section covering the guardrail helpers' regex default (with
  engine="smart" migration guidance), the locale-scoped detect() output
  shape, and the intentional Python <3.14 cap.
- Fix the stale claim that German VAT IDs/IBANs are detected by default
  (all German labels are locale-gated) in the changelog and the release
  readiness doc, and fix the stale 4.4.0a5 version-alignment note.
- Document the regex default on Guardrail and the sanitize/scan_prompt/
  filter_output helpers, and pin the defaults with a regression test so
  they cannot drift silently again.
- Sync .bumpversion.cfg current_version (4.4.0a5 -> 4.5.0b5) with
  __about__.py.
The lint job started failing because prettier now reformats
docs/audit/01-coverage-baseline.md, a UTF-16LE-encoded captured test
log committed as a historical audit artifact (#121). The file hasn't
changed since the last green run on dev, so this is hook-environment
drift on the runner, not a content change.

Exclude docs/audit/ from the prettier hook: these are quarantined
historical artifacts and letting prettier rewrite a UTF-16 test log
would corrupt it. Verified pre-commit run --all-files passes locally.
@sidmohan0 sidmohan0 merged commit 4de587e into dev Jul 2, 2026
25 checks passed
@sidmohan0 sidmohan0 mentioned this pull request Jul 2, 2026
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant