The MissingFaultPath rule now correctly ignores "Wait for Amount of Time" and "Wait Until Date" nodes

Upgraded to lightning-flow-scanner-core v5.9.0. This release fixes the MissingFaultPath rule to correctly ignore "Wait for Amount of Time" and "Wait Until Date" nodes, checking fault paths only for relevant nodes like "Wait for Conditions". Resolves Issue #272 (contributed by @chazwatkins). See v5.9.0 release notes for full details.

Security Patch

🚨 v5.6 – Security Patch

🔒 Security Fixes

• Enforced Security Guards
  • eval and Function constructors are restricted.
  • Dynamic import() from remote URLs are blocked.
• Removed loading of custom rules entirely in the core module.

🛡 Audit & Dependency Updates

• Updated dependencies and applied npm audit fix to resolve known vulnerabilities.

v3.29.0

Full Changelog: v3.27.0...v3.29.0

v3.27.0

Full Changelog: v3.26.0...v3.27.0

3.26.0

Full Changelog: v3.25.0...v3.26.0

3.25.0

Full Changelog: v3.24.0...v3.25.0

3.24.0 | Community Release

Full Changelog: v3.23.0...v3.24.0

3.23.0 | Community Release

What's new?

• Minor fixes to pass suppressed element key from advanced rule to rule common

Full Changelog: v3.22.0...v3.23.0

3.22.0 | Community Release

What's new?

New rule disabled option. This option will bubble up rules and be intentional on the configurations. Bubbling up rules would also increase visibility of new rules that can be adopted

rules:
  MissingFaultPath:
    disabled: true

Full Changelog: v3.21.0...v3.22.0

3.21.0 | Community Release

What's Changed

**Beta** Advanced Rule Configuration

Advanced rules provide granular control by allowing rules to be intentionally disabled at the rule level, ensuring consistent application across all flows. Additionally, the concept of suppressions is introduced, enabling users to "whitelist" specific components. This mechanism allows for exceptions to be defined, offering flexibility in rule enforcement while maintaining overall governance and compliance.

JSON

{
  "rules": {
    "<RuleName>": {
      "path": "local_path_of_your_js_file", // optional: when defined, this configuration will be used for the engine to recognize your custom rule
      "severity": "<User Configured Severity>",
      "expression": "<User Configured Expression which only applies to rules that take in `options`>",
      "disabled": "true", // optional: when true, rule will not be applied to all flows being scanned
      "suppressions": ["<User Configured Suppressions>"] // optional: when defined, takes an array of suppressed elements (not based on name but on specific type)
    }
  }
}

YAML

rules:
  MissingFaultPath: # User Defined Rule configuration
    path: "local_path_of_your_js_file" # Optional: when defined, this configuration will be used for the engine to recognize your rule
    severity: error # Optional: User Defined severity, can be `info`, `warn`, `error`
    expression: ">=58" # Optional: User defined expression, only applies if rule is Configurable=true
    disabled: "true" # Optional: when true, rule will not be applied to all flows being scanned
    suppressions: # Optional: when defined, takes an array of elements to be suppressed, keys can be found on suppressionElements on the rule definition
      - LogACall # Optional: when defined, rule engine will look at suppressionElement defined on the rule to match against this list

Activation

To activate advanced rule set environment variable IS_NEW_SCAN_ENABLED=true prior to running your commands
MacOs:

export IS_NEW_SCAN_ENABLED=true
sf flow scan

Windows

setx IS_NEW_SCAN_ENABLED=true
sf flow scan

• feat: prep for advanced rule rollout by @junners in Flow-Scanner/lightning-flow-scanner-core#235
• fixes: Flow-Scanner/lightning-flow-scanner-core#230 @Jono-Hills

Full Changelog: v3.20.0...v3.21.0