Cut a release about credential HOT 14 CLOSED

I'm not sure I'm following your logic RE: versions.

afaik, e3a7bd4 was a non-breaking change, meaning we don't need a major version bump. We're not even at 1.x, let alone 2.x -- for good reason. I still don't think that we've had adequate expert security review (though we have had a LOT more than most other password libs in npm...)

If we cut a release, it needs to be 1.0.0, and I'm hoping to get a security expert to endorse the lib for the 1.0.0 release. If you want to commit a breaking change after that, the new version will be 2.0.0, not 3.0.0.

Right?

from credential.

All this said, I'd be happy to publish the latest master to npm, assuming all the tests still pass and there are no breaking changes. =)

from credential.

The version number was a mistake, I meant 0.3.

This is a breaking change, that's why you'd have to increase the version number: 47ab3b7
Because we are still on 0.x I guess it is fine to have breaking changes in the minor spot.

The v0.2.x branch could be released as 0.2.6 - with the benefit of being an upgrade path for v0.3.x.

I totally agree with you on the need for expert review by the way, and that it would be nice for a 1.0 release.

from credential.

Maybe we should just publish the latest with the breaking change as v1.0.0 and continue the push for security review towards a v2.0.0 that refuses to work without 2FA? ;)

from credential.

Sounds good to me.

But I think we should release a minor upgrade to the current 0.2.5 as well for those that have legacy dbs and want to migrate.

from credential.

You want to create a 0.x branch and prep it for a security update?

from credential.

As far as I can see none of the new commits are source changes, so I see no value in backporting those to 0.2.x.
My suggestion is therefore:

1. Set up a 0.2.x branch here identical to mine (https://github.com/srcagency/credential/tree/v0.2.x)
2. Bump version to 0.2.6 and release it (upgrade path for all existing users)
3. Release 0.3 from current master

With your "go" I'll happily do 1-2.

from credential.

Go! =)

from credential.

Done. You should be able to checkout the v0.2.x branch and do npm publish.

from credential.

@tjconcept Do you know if there's any way to delegate publish permissions on npm (as in share them with your team)?

from credential.

Sure, just add a collaborator: npm owner add thomas-jensen credential

from credential.

Done. 😎

Precede. =)

from credential.

Mission accomplished. Almost two years after the last release, 0.2.6 is up.

from credential.

Next stop: 1.0. =)

from credential.