I'm sure a few of these could have been backported but weren't severe enough to warrant an immediate push when 88 was right around the corner: https://www.mozilla.org/en-US/security/advisories/mfsa2021-1...

And this apparently happens quite a lot [no security patches in between versions]: https://www.mozilla.org/en-US/security/known-vulnerabilities...

I definitely noticed like "huh, it's weird we haven't had a new Firefox version to deploy yet this month". I'm used to seeing a point release nearly as soon as I deploy the previous Firefox version, lol. It isn't the first time, but it's infrequent enough to be kinda notable when they go an entire cycle without a point release.

<cranky>Perhaps in the olden days when various releases were somewhat fundamental in nature - not sure it's quite so impressive when we've had 3 'major' releases this year already</cranky>

Not that I much care - FF4Lyfe here!

Somewhat related is how libraries like three.js don't follow semver and only use a single incrementing version number. Reading the changelogs, it also looks like they never make any mistakes. It seems that there has never been a point in three.js's history where there's been a critical security flaw or bug severe enough to justify incrementing the version number solely for a bugfix. I have no idea how they do it.

Personally I would prefer to keep things as simple as possible, but unlike the maintainers of those projects, when it comes to making releases, I'm not perfect.