Skip to content

Prepare v4.5.0 stable release#150

Merged
sidmohan0 merged 74 commits into
mainfrom
release/4.5.0
Jul 2, 2026
Merged

Prepare v4.5.0 stable release#150
sidmohan0 merged 74 commits into
mainfrom
release/4.5.0

Conversation

@sidmohan0

Copy link
Copy Markdown
Contributor

Summary

Merges dev into main for the 4.5.0 stable release. Last stable release was v4.4.0 (#133); this brings the 73 commits since, including the 4.5.0 release-review fixes from #149.

Merge resolution note

The merge tree is set to dev's tree exactly (git diff origin/dev on the result is empty). This was deliberate:

  • 10 files had textual conflicts (__about__.py, README.md, release.yml, docs, etc.) — all correctly resolve to dev's side, since main's only unique history is the v4.4.0 release snapshot whose content was already synced back to dev in Sync dev version after v4.4.0 release #134.
  • More importantly, a naive auto-merge silently reintroduced stale 4.4.0 code in the non-conflicting hunks: duplicate scan()/redact() definitions in datafog/__init__.py (main's copies sat at a different offset than dev's restructured versions) and the retired Python 3.13 nlp/nlp-advanced CI matrix exclusions. Setting the tree to dev's exactly avoids both.

What ships in 4.5.0 (highlights)

  • Opt-in telemetry (default off; DO_NOT_TRACK honored)
  • Removal of all runtime dependency installation, with regression-guard tests
  • Locale-gated German structured PII support (locales=["de"])
  • Lean-core guardrail helpers (regex default, documented with migration guidance)
  • Python 3.13 certification for core/CLI/nlp/nlp-advanced/ocr profiles
  • Full changelog: see CHANGELOG.MD (dated 2026-07-02)

Test plan

Merge with "Create a merge commit" (not squash) — squashing #133 is why main/dev diverged and this release needed manual conflict surgery; a true merge commit keeps the next dev→main sync clean.

dependabot Bot and others added 30 commits February 13, 2026 10:33
Bumps [sentencepiece](https://github.com/google/sentencepiece) from 0.2.0 to 0.2.1.
- [Release notes](https://github.com/google/sentencepiece/releases)
- [Commits](google/sentencepiece@v0.2.0...v0.2.1)

---
updated-dependencies:
- dependency-name: sentencepiece
  dependency-version: 0.2.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [cryptography](https://github.com/pyca/cryptography) from 44.0.2 to 46.0.5.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@44.0.2...46.0.5)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* feat: add v4.4 bridge release runway

* docs: clarify contributor workflow

* style: apply lint formatting
Security cleanup tracked in DFPY-60.
Security cleanup tracked in DFPY-61.
actions-user and others added 29 commits May 25, 2026 03:22
Co-authored-by: Pranjal Parmar <pranjalrparmar@gmail.com>
Two silent behavior regressions found in the 4.5.0 pre-release review:

- The SSN pattern had gained (?<!DE) lookbehinds to stop German VAT IDs
  double-matching as SSNs, but the pattern is always active, so default
  (no-locale) users silently lost detection of nine-digit runs preceded
  by 'DE', 'DE ', or 'DE-'. Restore the exact v4.4.0 pattern and let the
  engine's span-overlap suppression resolve the DE_VAT_ID overlap only
  when German locale support is active.

- DataFog.detect() pre-populated its result dict from the full LABELS
  list, adding seven always-empty DE_* keys for every caller. Scope the
  keys to the labels active under the configured locales via a new
  RegexAnnotator.active_labels_for() classmethod.

Both changes are covered by new regression tests pinning the default
(v4.4.0-parity) behavior.
Release-readiness cleanups from the 4.5.0 pre-release review:

- Date the 4.5.0 changelog entry and add a 'Behavior Changes Since
  4.4.0' section covering the guardrail helpers' regex default (with
  engine="smart" migration guidance), the locale-scoped detect() output
  shape, and the intentional Python <3.14 cap.
- Fix the stale claim that German VAT IDs/IBANs are detected by default
  (all German labels are locale-gated) in the changelog and the release
  readiness doc, and fix the stale 4.4.0a5 version-alignment note.
- Document the regex default on Guardrail and the sanitize/scan_prompt/
  filter_output helpers, and pin the defaults with a regression test so
  they cannot drift silently again.
- Sync .bumpversion.cfg current_version (4.4.0a5 -> 4.5.0b5) with
  __about__.py.
The lint job started failing because prettier now reformats
docs/audit/01-coverage-baseline.md, a UTF-16LE-encoded captured test
log committed as a historical audit artifact (#121). The file hasn't
changed since the last green run on dev, so this is hook-environment
drift on the runner, not a content change.

Exclude docs/audit/ from the prettier hook: these are quarantined
historical artifacts and letting prettier rewrite a UTF-16 test log
would corrupt it. Verified pre-commit run --all-files passes locally.
fix: 4.5.0 release-review fixes — detection parity, changelog, release metadata
Merge dev into main for the 4.5.0 stable release. The merge tree is set
to dev's tree exactly: main's only unique history is the v4.4.0 release
snapshot (#133), whose content was already synced back to dev in #134,
and a naive auto-merge would have reintroduced stale 4.4.0 code
(duplicate scan/redact definitions in datafog/__init__.py and the
retired Python 3.13 nlp matrix exclusions in ci.yml).

Verified: git diff origin/dev is empty on the merge result.
@sidmohan0 sidmohan0 merged commit a8378c1 into main Jul 2, 2026
26 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants