v2.5.0 - TypeScript improvements and security updates

What's Changed

TypeScript Improvements

• Added missing TypeScript declarations for TreeRender methods including:
  • spacing_x() / spacing_y() - horizontal/vertical spacing control
  • font_size() / scale_bar_font_size() - font size control
  • node_circle_size() - node circle sizing
  • css() / transitions() - CSS and transition settings
  • layout() / refresh() / placenodes() - layout methods
  • separation() - node separation callback
  • internalLabel() - internal node labeling
  • countHandler() - selection count handler
  • updateKeyName() / set_size() - key name and size control
  • container property

Security Updates

• Bump lodash from 4.17.21 to 4.17.23 (prototype pollution fix)
• Bump fast-xml-parser from 5.3.3 to 5.3.4 (HTML entity handling fix)

Other

• Simplified CI to test only on Node.js 22
• Fixed docs workflow gh-pages deployment

Full Changelog: v2.4.0...v2.5.0

v2.4.0 - Major dependency updates

What's Changed

Major dependency updates bringing all packages to their latest versions.

Dependency Updates

Package	From	To
rollup	2.x	4.x
eslint	7.x	9.x
commander	6.x	14.x
prettier	2.x	3.x
concurrently	6.x	9.x
csv-stringify	5.x	6.x
jsdoc-to-markdown	7.x	9.x
tape	5.2	5.9
@rollup/plugin-commonjs	28.x	29.x

Cleanup

• Removed deprecated rollup-plugin-node-resolve
• Removed unused rollup-plugin-execute
• Replaced rollup-plugin-terser with @rollup/plugin-terser

Breaking Changes Addressed

• Migrated to ESLint 9 flat config format
• Updated all CLI tools for Commander 14 API
• Updated csv-stringify import for v6

Full Changelog: v2.3.0...v2.4.0

v2.3.0 - Bug fixes and improvements

What's New in v2.3.0

Bug Fixes

• Fix zoom transform reset after branch selection (#467, #474)
• Fix RTL layout label positioning (#483, #488)
• Fix zoom not working for multiple trees on same page (#474, #490)
• Fix custom edge styling not applying to selected branches (#473, #492)
• Fix RTL mode labels overlapping with branches (#212, #493)

Features

• Add TypeScript type declarations (#445, #491)

Maintenance

• Update dependencies and fix security vulnerabilities (#470, #489)

Installation

npm install phylotree@2.3.0

Or via CDN:

<script src="https://cdn.jsdelivr.net/npm/phylotree@2.3.0/dist/phylotree.min.js"></script>

🤖 Generated with Claude Code

v2.2.1 - Fix context menu multi-set selection

Bug Fix

Context menu items now respect multi-set selection mode. When in multi-set mode with an active set, the following menu items now use addToSet() instead of modifySelection():

• "All descendant branches"
• "All terminal branches"
• "All internal branches"
• "Incident branch"
• "Path to root"

This fixes the issue where context menu selections weren't being added to the active set in multi-set mode.

v2.2.0 - Interactive Branch Selection API

New Features

Event System

• on(event, callback) / off(event, callback) / emit(event, ...args)
• Events: nodeClick, branchClick, nodeHover, selectionChange, collapsed, rerooted, rendered

Selection API

• selectNodes(names) - Select nodes by name
• deselectNodes(names) - Deselect nodes by name
• clearSelection() - Clear all selections
• getSelection() - Get selected nodes

Multi-Set Selection

• Named selection sets with colors for tools like RELAX and Contrast-FEL
• setActiveSet(name), getActiveSet(), getSetMembers(name)
• addToSet(node, setName), removeFromSet(node, setName)
• setChange event

Tagged Newick Export

• getTaggedNewick() - Export with {Foreground} tags
• getTaggedNewick({ tag: 'CUSTOM' }) - Custom tag name
• getTaggedNewick({ multiSet: true }) - Use set names as tags

Responsive SVG

• responsive: true option enables viewBox-based scaling
• preserve-aspect-ratio option for SVG scaling behavior

Native Menu CSS

• Bundled phylotree-menus.css removes Bootstrap dependency
• Backward compatible with Bootstrap classes

Initial Selection

• initial-selection: ['nodeA', 'nodeB'] for pre-selecting branches
• initial-sets: { 'TEST': ['A', 'B'] } for multi-set mode

All features are backward compatible with existing v2.x code.

v2.1.6 - Remove xml2js for browser compatibility

What's Changed

This release completely removes the xml2js dependency which was causing Node.js built-in module errors in browser environments like Observable.

Breaking Changes

• None - the NeXML parser continues to work exactly the same way

Bug Fixes

• Completely fix "invalid module" errors on Observable by removing xml2js dependency
• Replace xml2js with fast-xml-parser (already included) in the NeXML parser
• Remove unnecessary rollup-plugin-polyfill-node
• Simplify rollup configuration

Improvements

• Significantly smaller bundle size (412KB → 167KB minified)
• No more Node.js built-in dependencies (string_decoder, events, timers)
• Cleaner, simpler build configuration

Full Changelog: v2.1.5...v2.1.6

v2.1.5 - Fix browser compatibility for Observable

What's Changed

This release fixes browser compatibility issues when using phylotree.js in environments like Observable.

Bug Fixes

• Fix "invalid module" errors in browser environments by properly handling Node.js built-ins
• Add rollup-plugin-polyfill-node to provide browser-compatible polyfills for string_decoder, events, and timers
• Configure rollup for proper browser module resolution with preferBuiltins: false and browser: true

Technical Details

The issue was caused by the xml2js dependency requiring Node.js built-in modules that don't exist in browser environments. The fix adds proper polyfills and configures the build process to create a fully browser-compatible bundle.

Full Changelog: v2.1.4...v2.1.5

v2.1.4

What's Changed

🔧 Browser Compatibility Fix - Resolves dependency loading issues

Bug Fixes

• Fixed xml2js and fast-xml-parser bundling for browser environments
• Resolved ERR_BLOCKED_BY_CLIENT errors when using phylotree as a dependency
• Fixed require is not defined errors in browser builds
• Updated rollup configuration to properly bundle CommonJS dependencies

Technical Changes

• Added @rollup/plugin-commonjs and updated @rollup/plugin-node-resolve
• Modified import statements to work with bundled dependencies
• Updated build process to include xml parsing dependencies in browser bundle

This release fixes compatibility issues introduced in v2.1.3 when using phylotree in browser-based applications.

Full Changelog: v2.1.3...v2.1.4

v2.1.3

What's Changed

🔒 Security Release - Fixed 33 out of 43 security vulnerabilities

Security Fixes

• Critical: Fixed minimist prototype pollution vulnerability
• High: Resolved multiple ReDoS vulnerabilities in:
  • rollup (DOM Clobbering XSS)
  • terser (ReDoS)
  • semver (ReDoS)
  • marked (ReDoS)
  • taffydb (data access vulnerability)
• Moderate: Various DoS and prototype pollution fixes

Dependencies

• Added missing fast-xml-parser dependency for PhyloXML support
• Updated multiple packages to secure versions

Remaining Vulnerabilities

10 vulnerabilities remain in development dependencies (tape-watch and its dependencies) - these don't affect production builds.

Full Changelog: v2.1.2...v2.1.3

This version significantly improves security posture while maintaining full functionality.

v2.1.2

What's Changed

• 🚀 Added comprehensive GitHub Actions CI/CD workflows (#479)
• 🐛 Fixed test expectations and missing test data files (#478)
• 🎨 Resolved CSS class handling issue #471
• ✨ Improved selectionCallback implementation (#468)
• 🔧 Enhanced build and testing infrastructure

This release includes significant infrastructure improvements with automated CI/CD workflows, comprehensive test coverage, and several bug fixes.

Full Changelog: v2.1.1...v2.1.2