DOMPurify not following semantic versioning

[NicholasEllul]

Background & Context

https://semver.org/ states:

MAJOR version when you make incompatible API changes,
MINOR version when you add functionality in a backwards compatible manner, and
PATCH version when you make backwards compatible bug fixes.

I noticed that DOMPurify version updates aren't following this structure, but instead are marking every release as a patch even when it adds new functionality. This can cause confusion for downstream consumers.

For an example, if an application specifies DOMPurify in their package.json using something like ~2.0.8, they will be automatically updated with any patch version updates (which as specified by https://semver.org/ should be reserved bug fixes). Having new features added in a patch versions could cause unexpected changes for users who are expecting only bug fixes on a patch version update.

Suggestion

• For future releases follow semantic versioning rules.

[cure53]

Heya, thanks for the suggestion. We do recognize Semantic Versioning and understand it has advantages for many projects - but are not the biggest fans of it for our project.