Skip to content

2015 03 20

Jump to bottom Edit New page
Paul O’Shannessy edited this page Sep 10, 2015 · 3 revisions

Attendees:

  • @zpao
  • @sebmarkbage
  • @spicyj
  • @jeffmo

Week in Review

  • @fkling shipped react-docgen. It’s being used by fixed-data-table and the upcoming react-native website
  • @jeffmo shipped ES6 module support to Flow
  • @zpao started work on some improvements to jstransform in order to replace react-tools. RFC is up in a PR.

XSS

There was an XSS hole in HackerOne. It was directly related to their use of React, though it was not an XSS hole in React itself. There was some discussion about what we might be able to do to prevent this sort of thing. @sebmarkbage filed #3473 to discuss and see where we can end up.

Versioning

@sebmarkbage and @zpao presented a plan for versioning which would hopefully allow for sane consumption of React and React components via npm. The proposed plan would still follow semver rules, but we would start making use of the major version number.

We would add deprecation warnings in X.Y releases. We would also add replacement APIs at the same time. X+1.0 would have the deprecated APIs removed. We could also add completely new APIs in minor versions (e.g., the new update API being duscussed).

It is ultimately very similar to what we do now, except instead of shipping a 0.X+1 release with deprecation notices and 0.X+2 with APIs removed, we have the major version number to work with.

There was some discussion about whether or not adding a warning to an API still fits into the “behavior change” rules of semver.

One big impetus of this is that we want a sane way for people to be able to specify React as a peerDependency.

Add a custom footer
Add a custom sidebar
Clone this wiki locally