rigor-module-graph 0.1.1 → 0.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cf3abcab20d49807ed210e09aedba79d88b5ef2bbb1d96c15a95d5d06cf8806d
-  data.tar.gz: 5579a21f011ed0dddb58ed3c62dad92eb682920a3f5c92f5f9d63576d8b231ad
+  metadata.gz: 0ed5f8fe6226376ad089b013b8ad16cecc453da2202cbaf6b3a590e6b64d0c85
+  data.tar.gz: 47bdbc75a44a9887a58246783fcc3f57b5f1ad119b3c336c6673e72799678fe2
 SHA512:
-  metadata.gz: df1406e30ec2d1efcbb8f7fb884435f320fdc4911746189c5d9063f2c02980a458f4765c8a6707f8b229e0d03c8475bc8d0a153a95ee6c4fc3580da7e2a9456a
-  data.tar.gz: 0de9b8e511b698d3d8af731086a1df08890e72eda20254629d75f707ded01f367f5d536742fd8352269f2362f0b4a0f4ce295c6ab3de21b6b31a7ffd73f01c4f
+  metadata.gz: ae0a36d5c2107420b5a3577a2030c5417789f52ed0732f5d67669ac31444e73131135273d067e7f3fb6dfd7cafde845a7ef5183f4abd414bfae8ff446688d68d
+  data.tar.gz: 43ad7597db1d1fd945159afb81ee36339450b2ffa487bd94d21fc0da8ed0ae044af02a5b6c482044b510ee1ce0df56c2e215f72707307c8aef803ff0a9eab42e

data/CHANGELOG.md

@@ -17,6 +17,122 @@ Categories:
 
 ## [Unreleased]
 
+## [0.1.3] — 2026-06-20
+
+The first release that pairs the published gem with the
+[interactive viewer](docs/how-it-works.md) the README has been
+showcasing, plus the supply-chain hardening that justifies
+shipping a vendored third-party JS file inside the gem.
+
+### Added
+
+- **Interactive `view --output html` viewer.** Replaces the
+  static Mermaid embed with a [Cytoscape.js](https://js.cytoscape.org/)-based
+  page that renders 5k+ nodes, filters live by `kind` /
+  `confidence`, supports a name-substring search, and copies
+  `path:line` to the clipboard on node click. The Cytoscape
+  library is vendored into the gem at a sha256-pinned version
+  (`lib/rigor/module_graph/templates/vendor/cytoscape.min.js`);
+  no CDN, no npm, no Dependabot auto-bump.
+  See [`docs/plan.md`](docs/plan.md) "2D interactive viewer"
+  for the supply-chain rationale.
+- `--path-mode {relative,absolute,none}` flag on `view` —
+  controls how node paths reach the viewer's click-through
+  metadata. `none` strips paths from the HTML artefact, which
+  is the right setting when sharing the file outside the
+  project (PR comment, gist, …).
+- `--open-with vscode` flag on `view` — flips the node-click
+  action from clipboard copy to `vscode://file/<path>:<line>`
+  so the editor jumps straight to the source location.
+- `bundle exec rake vendor:verify` task — recomputes sha256
+  for every file in `vendor/CHECKSUMS` and fails on mismatch.
+  Wired into pre-commit on any staged file under
+  `lib/**/templates/vendor/**`.
+- `.github/dependabot.yml` — weekly Bundler + GitHub Actions
+  bumps; `vendor/**` is explicitly excluded so vendored
+  third-party JS never auto-updates.
+- `bundle exec rake vendor:audit` — 4-source cross-check
+  (local sha256 / npm tarball `dist.integrity` /
+  tarball-internal copy / GitHub raw / every CDN). Reads
+  `lib/rigor/module_graph/templates/vendor/MANIFEST.yml` for
+  the provenance metadata. Use on bump PRs; not part of the
+  regular CI pipeline (network-using).
+- CI now runs `rake vendor:verify` independently of
+  pre-commit so an unaudited bump can't land on `main` even
+  if local hooks were skipped.
+- CI now regenerates `examples/billing/` via `script/
+  check_billing_drift.rb` and fails on drift between the
+  freshly-built artefacts and the committed copies.
+  Normalises the graphviz version banner so the runner's
+  apt-shipped version doesn't trigger a false positive.
+- New `docs/security.md` consolidates the supply-chain story
+  (Bundler / Dependabot cooldown, vendored-JS sha256 +
+  4-source audit, action SHA pinning, OIDC trusted
+  publishing).
+
+### Changed
+
+- **`view --output html` semantics.** The flag now produces
+  the interactive viewer. The previous static Mermaid HTML
+  moves behind `--output mermaid-html` (still loads Mermaid
+  from a CDN, kept for back-compat).
+- CI workflows read Ruby from `.ruby-version` instead of
+  pinning `"4.0.0"` inline, so future `.ruby-version` bumps
+  no longer need a `.github/workflows/` chase.
+- RDoc dependency bumped from `~> 6.0` to `~> 7.0` (resolves
+  to 7.2.0). `gemspec.rdoc_options` corrected to `--markup
+  markdown` to match `.rdoc_options` and the Rakefile, fixing
+  the silent inconsistency left when the README rendering
+  fix landed in [0.1.2]. No code change; `rake rdoc` emits no
+  warnings under 7.x.
+- README hero leads with the Cytoscape viewer screenshot
+  (the default output) and the Graphviz SVG follows.
+  `examples/billing/preview.png` resized from 1280x860 to
+  720x483 so it fits the RDoc darkfish content pane on the
+  GitHub Pages site without overflow.
+- README Documentation index re-ordered along the natural
+  reading flow: how-it-works → security → limitation →
+  development → plan.
+
+## [0.1.2] — 2026-06-20
+
+First release that exercises the full automated pipeline end
+to end — Trusted Publishing + GitHub Release + asset upload
+all drive off a single `gh workflow run release.yml` after the
+tag is pushed.
+
+### Added
+
+- `view` and `collect` now emit step-level progress on stderr:
+  `==> Running rigor check ...`, post-step counts (`18 edge(s),
+  16 node(s)`), and inline elapsed time (`done (428ms)`).
+  TTY-aware — the start / done halves render inline on a
+  terminal, on separate lines for redirected output, so logs
+  stay grep-friendly. `-q` / `--quiet` suppresses the progress
+  output for scripted use; the final `wrote N edge(s) to ...`
+  summary line stays. Driven by a new `StatusReporter` class
+  pinned by `test/rigor/module_graph/status_reporter_test.rb`.
+
+### Changed
+
+- README restructured along the install → getting started →
+  usage → configuration flow. The "How it works" walkthrough
+  (pipeline diagram + the "not a call graph" framing) moves to
+  `docs/how-it-works.md` so the README stays focused on
+  "what do I type". Configuration section now notes that
+  `.rigor.yml` is required (rigor reads it to discover the
+  plugin), with a two-line minimum example up top and the
+  fully-elaborated default form below.
+
+### Fixed
+
+- RDoc generation now parses Markdown instead of RDoc syntax,
+  so `![alt](path)` images in `README.md` / `CHANGELOG.md` /
+  `docs/*.md` actually render. `Rake::Task[:rdoc]` is enhanced
+  to copy `examples/billing/graph.svg` (and any future
+  `RDOC_ASSET_PATHS` entries) into `doc/` so the generated site
+  resolves the relative image references the README uses.
+
 ## [0.1.1] — 2026-06-20
 
 First Action-driven publish. The 0.1.0 release happened via the
@@ -134,6 +250,8 @@ spike through Phase 5 (UML class diagram).
   baseline and YJIT, and trailed baseline on Stats and
   CycleDetector — recommendation stays YJIT.
 
-[Unreleased]: https://github.com/nozomemein/rigor-module-graph/compare/v0.1.1...HEAD
+[Unreleased]: https://github.com/nozomemein/rigor-module-graph/compare/v0.1.3...HEAD
+[0.1.3]: https://github.com/nozomemein/rigor-module-graph/compare/v0.1.2...v0.1.3
+[0.1.2]: https://github.com/nozomemein/rigor-module-graph/compare/v0.1.1...v0.1.2
 [0.1.1]: https://github.com/nozomemein/rigor-module-graph/compare/v0.1.0...v0.1.1
 [0.1.0]: https://github.com/nozomemein/rigor-module-graph/releases/tag/v0.1.0

data/README.md

@@ -1,64 +1,37 @@
 # rigor-module-graph
 
+[![Gem Version](https://img.shields.io/gem/v/rigor-module-graph.svg)](https://rubygems.org/gems/rigor-module-graph)
+[![License: MIT](https://img.shields.io/github/license/nozomemein/rigor-module-graph.svg)](LICENSE.txt)
+[![CI](https://github.com/nozomemein/rigor-module-graph/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/nozomemein/rigor-module-graph/actions/workflows/ci.yml)
+[![Docs](https://github.com/nozomemein/rigor-module-graph/actions/workflows/docs.yml/badge.svg?branch=main)](https://github.com/nozomemein/rigor-module-graph/actions/workflows/docs.yml)
+
 Class/module/constant dependency graph for Ruby projects, built on
 [Rigor](https://rigor.typedduck.fail/). The class-level counterpart
 to Packwerk/Graphwerk: where those look at package boundaries, this
 looks at the Ruby nominal graph — inheritance, `include`/`prepend`/
 `extend`, and (later) constant references.
 
-![billing example](examples/billing/graph.svg)
-
-The screenshot above is from `examples/billing/`. Open
-`examples/billing/index.html` for the live Mermaid version.
-
-## What this actually does
-
-In principle this is a static-analysis tool that turns Ruby source
-into a graph whose **nodes are classes / modules / constants** and
-whose **edges are the references the language itself spells out**.
-
-The pipeline:
-
-1. Rigor parses Ruby into an AST with Prism.
-2. The plugin's `node_rule`s pick up `ClassNode` / `CallNode` /
-   `ConstantReadNode` and friends.
-3. Each interesting node becomes one or more edges:
-   - `class A < B` → `A -> B / inherits`
-   - `include M` → `A -> M / include`
-   - a `Money` constant reference → `A -> Money / const_ref`
-     (Phase 2 and later)
-4. `from` is the lexical owner, assembled by walking
-   `context.ancestors` — so `class Billing::Invoice` produces
-   `Billing::Invoice`, not just `Invoice`.
-5. `to` is resolved through a confidence ladder: syntax →
-   Zeitwerk convention → Rigor type information. Whatever we
-   couldn't pin down stays visible in the `confidence` field
-   rather than being dropped.
-6. Every edge ships as a Rigor `:info` diagnostic. The `collect`
-   subcommand filters them on `rule == "edge"` and writes JSONL.
-7. DOT, SVG, Mermaid, and cycle detection are all derived from
-   that JSONL.
-
-So we are not watching what Ruby *does at runtime*. We're reading
-Ruby's *named structure* and reconstructing, approximately, "which
-constants depend on which other constants".
-
-### This is not a call graph
-
-We do not track who `foo.bar` resolves to at runtime. We track
-the fact that the `Billing::Invoice` name depends on the
-`ApplicationRecord` / `Auditable` / `Money` names. That is a
-**nominal dependency graph** — a compiler-front-end-style view
-of the project's syntactic and lexical structure, projected into
-edges with explicit confidence.
-
-Not re-implementing Ruby constant lookup is deliberate. For
-understanding a Rails codebase's shape, it's more useful to leave
-each edge tagged `syntax` / `zeitwerk` / `rigor_type` /
-`unresolved` than to fake a `resolved` answer and silently get it
-wrong.
-
-## Installation
+**Two ways to look at the same graph.** Static SVG via
+Graphviz for committing into PRs and docs; interactive HTML
+via Cytoscape.js for actually exploring a 1000+-node Rails
+codebase. Both rendered from the same `edges.jsonl` —
+no second analysis pass.
+
+### Cytoscape (`--output html`, the default)
+
+![billing graph via Cytoscape](examples/billing/preview.png)
+
+### Graphviz (`--output svg`)
+
+![billing graph via Graphviz](examples/billing/graph.svg)
+
+Both screenshots are from `examples/billing/`. Open
+`examples/billing/index.html` directly to try the
+interactive version — pan, zoom, filter by `kind` /
+`confidence`, search by name, click a node to copy
+`path:line`.
+
+## Install
 
 Via Bundler:
 
@@ -71,87 +44,101 @@ gem "rigor-module-graph"
 bundle install
 ```
 
-Or globally:
+Or system-wide:
 
 ```sh
 gem install rigor-module-graph
 ```
 
-Both paths pull in `rigortype` and `rbs ~> 4.0` transitively. The
-`rbs ~> 4.0` constraint is the key one: rigortype 0.2.x calls
-`RBS::Environment::ClassEntry#each_decl`, which only exists in
-rbs 4.x. The Ruby 4.0 stdlib bundles rbs 3.10 as a default gem,
-so installing `rigor-module-graph` (which depends on rbs 4.x)
-makes RubyGems activate the 4.x gem at run time and the
-analyzer stays alive.
-
-## Configuration
+Both paths pull in `rigortype` and `rbs ~> 4.0` transitively.
+The `rbs ~> 4.0` constraint is the one that matters: rigortype
+0.2.x calls `RBS::Environment::ClassEntry#each_decl`, which
+only exists in rbs 4.x. The Ruby 4.0 stdlib bundles rbs 3.10
+as a default gem, so installing `rigor-module-graph` (which
+depends on rbs 4.x) makes RubyGems activate the 4.x gem at
+run time and the analyzer stays alive.
 
-Add the plugin to your project's `.rigor.yml`:
+For the full pipeline you also want `graphviz` installed so
+`view --output svg` and `dot -Tsvg` can render PNG / SVG from
+the generated DOT:
 
-```yaml
-target_ruby: '4.0'
-paths:
-  - app
-  - lib
-plugins:
-  - gem: rigor-module-graph
-    config:
-      rails_zeitwerk: true
-      autoload_paths:
-        - app/models
-        - app/controllers
-        - app/services
-        - app/jobs
-        - lib
-      concern_dirs:
-        - app/models/concerns
-        - app/controllers/concerns
-      include_constant_refs: false
+```sh
+brew install graphviz       # macOS
+apt-get install graphviz    # Debian / Ubuntu
 ```
 
-Every key shown is the default. Set `include_constant_refs: true`
-to emit `const_ref` edges from constant references inside method
-bodies. Set `rails_zeitwerk: false` to keep every edge at
-`confidence: "syntax"` and skip path-based owner inference.
-
-## Usage
+A working `dot` on `$PATH` is optional — text / Mermaid / HTML
+output paths don't need it. See [How it works](docs/how-it-works.md)
+for the pipeline overview.
 
-### One-shot: `view`
+## Getting started
 
-The default subcommand analyses the current directory, writes a
-self-contained Mermaid HTML report under `.rigor/module_graph/`,
-and opens it in your browser. No flags needed for a Rails-shaped
-project.
+The default subcommand analyses the current directory, writes
+a self-contained Mermaid HTML report under
+`.rigor/module_graph/`, and opens it in a browser:
 
 ```sh
 cd path/to/your/project
 bundle exec rigor-module-graph         # same as: rigor-module-graph view
 ```
 
-Useful flags:
+A `.rigor.yml` must exist in the project root — that's how
+`rigor` knows to load this plugin. The minimal version is two
+lines:
+
+```yaml
+plugins:
+  - gem: rigor-module-graph
+```
+
+That's enough for `view` to run with all defaults. Everything
+else (`paths:`, `autoload_paths:`, …) goes in the
+[Configuration](#configuration) section below, and every key
+defaults to a sensible Rails-shaped value.
+
+## Usage
+
+### `view` — one-shot HTML / SVG / Mermaid
+
+The default `html` output is an interactive
+[Cytoscape.js](https://js.cytoscape.org/)-based viewer:
+filter checkboxes for `kind` and `confidence`, live name
+search, `fit` button, and node-click → copy `path:line` to
+the clipboard. The Cytoscape library is vendored into the gem
+at a sha256-pinned version, so the generated HTML opens
+offline with no network round-trip.
 
 ```sh
 # Don't open the browser (just write the HTML)
 rigor-module-graph view --no-open
 
-# Pick a different output format — html (default) opens a viewer
-# in the browser; everything else streams to stdout unless `-o`
-# is given.
+# Pick a different output format. `html` is the interactive
+# viewer; `mermaid-html` is the legacy static-Mermaid embed
+# (loads Mermaid from a CDN, kept for back-compat). Everything
+# else streams to stdout unless `-o` is given.
+rigor-module-graph view --no-open --output mermaid-html  > graph.html
 rigor-module-graph view --no-open --output mermaid       > graph.mmd
 rigor-module-graph view --no-open --output dot           > graph.dot
 rigor-module-graph view --no-open --output svg           > graph.svg
 rigor-module-graph view --no-open --output class-diagram > class.mmd
 rigor-module-graph view --output svg -o graph.svg
 
-# Focus on what's around one or a few constants (Mermaid can't
-# render 1000+-node graphs cleanly — this is the escape hatch)
+# Click on a node opens the file in VSCode rather than copying
+# path:line to the clipboard. `--path-mode none` strips the
+# path metadata entirely — useful when sharing the HTML
+# artefact outside the project.
+rigor-module-graph view --open-with vscode
+rigor-module-graph view --path-mode none      # share-safe
+rigor-module-graph view --path-mode absolute  # cwd-resolved
+
+# Focus on what's around one or a few constants
 rigor-module-graph view --from Article --depth 5
 rigor-module-graph view --from Article --depth 5 --direction out
 rigor-module-graph view --from Billing::Invoice,Billing::Payment --depth 2
 
 # Pick your own collapse list (default: auto-detect top-level
-# namespaces with ≥ 3 members)
+# namespaces with ≥ 3 members; applies to mermaid / dot / svg
+# outputs — the interactive html viewer ignores it).
 rigor-module-graph view --collapse Billing,Auth
 rigor-module-graph view --no-collapse
 
@@ -164,7 +151,7 @@ rigor-module-graph view --package
 rigor-module-graph view --package-root /path/to/repo
 ```
 
-`--direction` controls how the +--from+ walk follows edges:
+`--direction` controls how the `--from` walk follows edges:
 
 | direction | meaning                                |
 |-----------|----------------------------------------|
@@ -179,17 +166,19 @@ rigor-module-graph view --package-root /path/to/repo
 | `cluster`  | keep every edge whose endpoints both fall in the reachable set (default — good for "show me the Article neighbourhood as a cluster") |
 | `walk`     | keep only the edges the BFS actually traversed (good for "show me what depends on Article and nothing else"; drops sibling edges like `Foo inherits ApplicationRecord` that just happen to share a base class with reachable nodes) |
 
-A 1-hop `--from Article --direction out --edge-scope walk` returns
-exactly the edges whose `from` is `Article`, never the sibling
-`inherits ApplicationRecord` of a reached node.
+A 1-hop `--from Article --direction out --edge-scope walk`
+returns exactly the edges whose `from` is `Article`, never the
+sibling `inherits ApplicationRecord` of a reached node.
 
 ### Lower-level pipeline
 
-The pipeline `view` runs is also exposed as discrete subcommands
-when you want JSONL on disk or a pipeable text output:
+The pipeline `view` runs is also exposed as discrete
+subcommands when you want JSONL on disk or a pipeable text
+output:
 
 ```sh
-# Run `rigor check` and write edges JSONL (default: .rigor/module_graph/edges.jsonl)
+# Run `rigor check` and write edges JSONL
+# (default: .rigor/module_graph/edges.jsonl)
 bundle exec rigor-module-graph collect
 
 # Render the graph
@@ -210,18 +199,19 @@ bundle exec rigor-module-graph class-diagram .rigor/module_graph/edges.jsonl > c
 bundle exec rigor-module-graph class-diagram --no-private --no-attributes edges.jsonl
 ```
 
-`collect` shells out to `rigor check --format json --no-cache` and
-filters diagnostics on `source_family == "plugin.module-graph"` +
-`rule == "edge"`, so re-running is deterministic and there's no
-on-disk side-effect from the plugin itself.
+`collect` shells out to `rigor check --format json --no-cache`
+and filters diagnostics on
+`source_family == "plugin.module-graph"` + `rule == "edge"`,
+so re-running is deterministic and there's no on-disk
+side-effect from the plugin itself.
 
 `dot` / `mermaid` / `cycles` accept a file argument or read stdin.
 
 ### Filters and collapse
 
-All three reader subcommands accept the same filter flags. They
-prune the edge set before rendering / detecting; the JSONL on
-disk is untouched.
+All reader subcommands accept the same filter flags. They prune
+the edge set before rendering / detecting; the JSONL on disk is
+untouched.
 
 ```sh
 # Drop noisy const_ref / unresolved edges
@@ -230,7 +220,8 @@ bundle exec rigor-module-graph dot --kind inherits,include,prepend,extend edges.
 # Only the edges we're sure about
 bundle exec rigor-module-graph dot --confidence syntax,zeitwerk,rigor_type edges.jsonl
 
-# Fold every Billing::* node into one cluster (Dot subgraph_cluster_; Mermaid subgraph)
+# Fold every Billing::* node into one cluster
+# (Dot: subgraph_cluster_; Mermaid: subgraph)
 bundle exec rigor-module-graph dot     --collapse Billing,Auth edges.jsonl
 bundle exec rigor-module-graph mermaid --collapse Billing edges.jsonl
 
@@ -247,21 +238,45 @@ bundle exec rigor-module-graph mermaid --package-root /path/to/repo edges.jsonl
 bundle exec rigor-module-graph cycles --kind inherits,include edges.jsonl
 ```
 
-## Edge format
+## Configuration
 
-Each edge in the JSONL file looks like:
+`.rigor.yml` lives in the project root and is **required** —
+`rigor` reads it to discover this plugin. `rigor init` scaffolds
+a `.rigor.dist.yml` you can rename, or write it by hand. The
+two-line minimum from [Getting started](#getting-started) is
+enough; the full form below is for tuning.
 
-```json
-{"from":"Billing::Invoice","to":"ApplicationRecord","kind":"inherits","path":"app/models/billing/invoice.rb","line":2,"column":3,"confidence":"syntax"}
+```yaml
+target_ruby: '4.0'
+paths:
+  - app
+  - lib
+plugins:
+  - gem: rigor-module-graph
+    config:
+      rails_zeitwerk: true
+      autoload_paths:
+        - app/models
+        - app/controllers
+        - app/services
+        - app/jobs
+        - lib
+      concern_dirs:
+        - app/models/concerns
+        - app/controllers/concerns
+      include_constant_refs: false
 ```
 
-- `kind`: `inherits` / `include` / `prepend` / `extend` /
-  `const_ref` (the last one is reserved for Phase 2).
-- `confidence`: `syntax` / `zeitwerk` / `rigor_type` /
-  `unresolved`. MVP only emits `syntax`.
+Every key shown is the default. Two switches worth knowing:
 
-The renderers dedup by `(from, to, kind, confidence)` so two
-`include Foo` on the same class across files collapse to one edge.
+- `include_constant_refs: true` — emit `const_ref` edges from
+  bare constant references inside method bodies. Off by default
+  because the volume of edges grows fast on a typical Rails app
+  and the noise can drown the structural picture.
+- `rails_zeitwerk: false` — keep every edge at
+  `confidence: "syntax"` and skip the path-based owner
+  inference. Useful when the project doesn't follow Zeitwerk's
+  autoload convention.
 
 ## Compatibility
 
@@ -279,14 +294,22 @@ published to GitHub Pages on every push to `main`.
   built from `main`, mirrors the current source.
 - [API reference (RubyGems)](https://rubydoc.info/gems/rigor-module-graph) —
   the last released gem on rubydoc.info.
+- [How it works](docs/how-it-works.md) — the static-analysis
+  pipeline (Prism → node rules → confidence ladder → JSONL →
+  renderers), and why this is a nominal dependency graph and
+  not a call graph.
+- [Security](docs/security.md) — supply-chain controls
+  (Bundler cooldown, vendored-JS sha256 + 4-source audit,
+  action SHA pinning, trusted publishing) and the layered
+  pre-commit / CI gates that enforce them.
+- [Known limitations](docs/limitation.md) — rough edges shipped
+  with the current release (visibility tracker gaps, the
+  bundled inflector, Mermaid 10.x quirks).
 - [Development guide](docs/development.md) — local setup, git
   hooks, CI / Release workflows, test suite layout.
 - [Design plan](docs/plan.md) — the decisions still
   load-bearing for the code (edge model, confidence ladder,
   output channel, owner resolution, architecture map).
-- [Known limitations](docs/limitation.md) — rough edges shipped
-  with the current release (visibility tracker gaps, the
-  bundled inflector, Mermaid 10.x quirks).
 - [Changelog](CHANGELOG.md) — per-version changes, formatted
   per [Keep a Changelog](https://keepachangelog.com/en/1.1.0/)
   with [Semantic Versioning](https://semver.org/spec/v2.0.0.html).