Skip to content

CHANGELOG.md

Latest commit

 

History

History
398 lines (232 loc) · 36 KB

CHANGELOG.md

File metadata and controls

398 lines (232 loc) · 36 KB

Changelog

1.6.2 (2026-04-14)

Bug Fixes

  • analyzer/csp: split CSP headers into policies (#496) (08a2456)

Miscellaneous

  • deps: bump axios from 1.14.0 to 1.15.0 (#489) (9635e55)
  • deps: bump follow-redirects from 1.15.11 to 1.16.0 (#504) (1a9835d)
  • deps: bump the npm-prod group across 1 directory with 3 updates (#505) (eb4b813)
  • package: set repository field (#492) (e34202f)

1.6.1 (2026-04-07)

Bug Fixes

Miscellaneous

  • deps-dev: bump @faker-js/faker from 10.3.0 to 10.4.0 in the npm-dev group across 1 directory (#482) (8513d01)
  • deps-dev: bump @faker-js/faker in the npm-dev group (8513d01)
  • deps-dev: bump brace-expansion from 1.1.12 to 1.1.13 (#475) (976f49d)
  • deps-dev: bump lefthook from 2.1.4 to 2.1.5 in the npm-dev group (46e638e)
  • deps-dev: bump lefthook from 2.1.4 to 2.1.5 in the npm-dev group across 1 directory (#486) (46e638e)
  • deps-dev: bump npm from 11.6.2 to 11.9.0 (#480) (23fbba4)
  • deps: bump lodash from 4.17.23 to 4.18.1 (#487) (4fee9dc)
  • deps: bump the npm-prod group with 2 updates (#481) (8373c00)
  • deps: bump the npm-prod group with 2 updates (#485) (3496925)

1.6.0 (2026-03-26)

Features

Miscellaneous

  • deps-dev: bump ajv from 6.12.6 to 6.14.0 (#451) (8af689d)
  • deps-dev: bump flatted from 3.3.3 to 3.4.2 (#469) (d0b41fe)
  • deps-dev: bump lefthook from 2.1.1 to 2.1.2 in the npm-dev group (#455) (759c4fb)
  • deps-dev: bump lefthook from 2.1.3 to 2.1.4 in the npm-dev group (#467) (235116c)
  • deps-dev: bump nodemon from 3.1.11 to 3.1.14 in the npm-dev group (#452) (138bcbf)
  • deps-dev: bump the npm-dev group with 2 updates (#462) (ceb9076)
  • deps-dev: bump typescript from 5.9.3 to 6.0.2 (#472) (2901020)
  • deps: bump htmlparser2 from 10.1.0 to 12.0.0 (#471) (5cb2dce)
  • deps: bump picomatch from 2.3.1 to 2.3.2 (#473) (ef89010)
  • deps: bump the npm-prod group with 3 updates (#466) (6c6c09d)
  • deps: bump the npm-prod group with 4 updates (#470) (043a086)
  • deps: bump the npm-prod group with 6 updates (#454) (9592d96)
  • deps: bump the npm-prod group with 6 updates (#461) (3e6ea37)
  • deps: bump yaml from 2.8.1 to 2.8.3 (#474) (5f06e4e)
  • grader: refine SRI descriptions re. protocol-relative URLs (#465) (8dbaf0d)
  • lefthook: run tests on pre-push (#448) (8dc2eb0)

1.5.4 (2026-02-17)

Bug Fixes

  • error: ignore unresolvable www. error (#441) (d8940cb)

Miscellaneous

  • deps-dev: bump lefthook from 2.0.15 to 2.0.16 (#426) (535b055)
  • deps-dev: bump the npm-dev group with 2 updates (#434) (ae0a276)
  • deps: bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 (#430) (ca8ac1b)
  • deps: bump @sentry/node from 10.38.0 to 10.39.0 in the npm-prod group (#447) (490821b)
  • deps: bump @sentry/node in the npm-prod group (490821b)
  • deps: bump axios from 1.13.3 to 1.13.4 (#424) (79f0285)
  • deps: bump axios from 1.13.4 to 1.13.5 (#439) (4218ca7)
  • deps: bump fastify from 5.7.2 to 5.7.4 (#425) (5c16abf)
  • deps: bump pg from 8.17.2 to 8.18.0 (#423) (1daaf30)
  • deps: bump the npm-prod group with 3 updates (#429) (31f37ac)
  • deps: bump tldts from 7.0.21 to 7.0.23 in the npm-prod group across 1 directory (#443) (38b3a3a)
  • deps: bump tldts in the npm-prod group across 1 directory (38b3a3a)

1.5.3 (2026-01-28)

Miscellaneous

  • deps: migrate from jsdom to htmlparser2 (#419) (4b4204e)

1.5.2 (2026-01-27)

Bug Fixes

  • db: limit connections across replicas to pg limit (#386) (68800e5)

Miscellaneous

  • deps-dev: add lefthook (#397) (d25d035)
  • deps-dev: bump @faker-js/faker from 10.1.0 to 10.2.0 (#398) (4c078d9)
  • deps-dev: bump chai from 6.2.1 to 6.2.2 (#390) (90f573c)
  • deps-dev: bump lefthook from 2.0.14 to 2.0.15 (#407) (a93e2fe)
  • deps: bump @fastify/cors from 11.1.0 to 11.2.0 (#383) (71de538)
  • deps: bump @fastify/static from 8.3.0 to 9.0.0 (#392) (52b6ed4)
  • deps: bump @sentry/node from 10.29.0 to 10.30.0 (#384) (2289d16)
  • deps: bump @sentry/node from 10.30.0 to 10.32.1 (#391) (1523dfd)
  • deps: bump @sentry/node from 10.32.1 to 10.33.0 (#399) (2170730)
  • deps: bump @sentry/node from 10.33.0 to 10.35.0 (#408) (f163785)
  • deps: bump @sentry/node from 10.35.0 to 10.36.0 (#413) (553106e)
  • deps: bump axios from 1.13.2 to 1.13.3 (#416) (9ccf10c)
  • deps: bump csvtojson from 2.0.10 to 2.0.14 (#417) (ff674ec)
  • deps: bump fastify from 5.6.2 to 5.7.1 (#404) (72d66fa)
  • deps: bump fastify from 5.7.1 to 5.7.2 (#415) (6f38160)
  • deps: bump jsdom from 27.3.0 to 27.4.0 (#393) (cd13148)
  • deps: bump lodash from 4.17.21 to 4.17.23 (#411) (64ae144)
  • deps: bump pg from 8.16.3 to 8.17.1 (#406) (79b7d9a)
  • deps: bump pg from 8.17.1 to 8.17.2 (#414) (0129cd7)
  • deps: bump pg-pool from 3.10.1 to 3.11.0 (#405) (6ddc3c9)
  • deps: sync package-lock.json (#402) (a21aa27)
  • Dockerfile: run npm ci, not npm install (#382) (577e15c)
  • github: remove obsolete settings.yml (#409) (fef55b5)
  • sentry: filter errors from malformed requests (#387) (7c8dc2f)

1.5.1 (2025-12-11)

Bug Fixes

  • deps: update Docker base image to node 24 (#378) (3542081)

Miscellaneous

  • deps-dev: bump chai from 6.2.0 to 6.2.1 (#357) (5acdcc8)
  • deps-dev: bump js-yaml from 4.1.0 to 4.1.1 (#351) (b8535d4)
  • deps-dev: bump mocha from 11.7.4 to 11.7.5 (#355) (7b4d695)
  • deps-dev: bump nodemon from 3.1.10 to 3.1.11 (#368) (ef04f1d)
  • deps: bump @sentry/node from 10.20.0 to 10.25.0 (#356) (8cb6eba)
  • deps: bump @sentry/node from 10.25.0 to 10.27.0 (#361) (ada17d3)
  • deps: bump @sentry/node from 10.27.0 to 10.29.0 (#374) (8c61295)
  • deps: bump axios from 1.12.2 to 1.13.2 (#364) (89246a6)
  • deps: bump axios-cookiejar-support from 6.0.4 to 6.0.5 (#362) (7efd18b)
  • deps: bump commander from 14.0.1 to 14.0.2 (#344) (a6e5ed5)
  • deps: bump dayjs from 1.11.18 to 1.11.19 (#343) (bca44e7)
  • deps: bump fastify from 5.6.1 to 5.6.2 (#363) (72d89c6)
  • deps: bump glob (#360) (243e5b1)
  • deps: bump http-cookie-agent from 7.0.2 to 7.0.3 (#354) (93b02fa)
  • deps: bump jsdom from 27.0.1 to 27.1.0 (#345) (98e3079)
  • deps: bump jsdom from 27.1.0 to 27.2.0 (#365) (b159225)
  • deps: bump jsdom from 27.2.0 to 27.3.0 (#375) (e7ae6f1)
  • deps: bump tldts from 7.0.17 to 7.0.19 (#367) (191d15a)
  • deps: set packageManager field + enable engine-strict (#377) (cfca4ec)

1.5.0 (2025-10-28)

Features

  • tests: un-deprecated x-frame-options and re-score (#332) (102df60)

Miscellaneous

  • deps-dev: bump @faker-js/faker from 10.0.0 to 10.1.0 (#335) (ef9c72a)
  • deps-dev: bump @types/chai from 5.2.2 to 5.2.3 (#342) (f54e6d9)
  • deps-dev: bump chai from 5.3.1 to 6.2.0 (#306) (3297ad7)
  • deps: bump @fastify/static from 8.2.0 to 8.3.0 (#334) (71e0a89)
  • deps: bump @sentry/node from 10.19.0 to 10.20.0 (#337) (21a98e3)
  • deps: bump jsdom from 27.0.0 to 27.0.1 (#336) (b58ee3a)
  • migrate GitHub team references (#340) (b8a9c32)

1.4.9 (2025-10-15)

Miscellaneous

  • CODEOWNERS: add Engineering for workflows and CODEOWNERS (#329) (df3c1e6)
  • deps: bump @sentry/node from 10.17.0 to 10.19.0 (#326) (5532855)
  • deps: bump tldts from 7.0.16 to 7.0.17 (#327) (66ac776)

1.4.8 (2025-10-07)

Miscellaneous

1.4.7 (2025-10-06)

Miscellaneous

  • deps-dev: bump mocha from 11.7.2 to 11.7.4 (#317) (086d7e8)
  • deps-dev: bump typescript from 5.9.2 to 5.9.3 (#321) (1b3b34c)
  • deps: bump @sentry/node from 10.16.0 to 10.17.0 (#318) (bbad0a6)
  • deps: bump fastify from 5.5.0 to 5.6.1 (#319) (2e8500d)
  • remove webext experiment (#315) (e7c644d)

1.4.6 (2025-09-30)

Miscellaneous

  • deps: bump @fastify/helmet from 13.0.1 to 13.0.2 (#309) (a6ac7fc)
  • deps: bump @sentry/node from 10.11.0 to 10.16.0 (#311) (8fe595a)
  • deps: bump postgrator-cli from 9.0.1 to 9.1.0 (#314) (5a0644f)
  • deps: bump tldts from 7.0.15 to 7.0.16 (#312) (fa847b9)

1.4.5 (2025-09-29)

Miscellaneous

  • use native libpq for postgres access (#304) (68c0f8e)

1.4.4 (2025-09-24)

Bug Fixes

1.4.3 (2025-09-23)

Miscellaneous

  • dependabot: specify commit message format (#295) (2d5b0ce)
  • deps-dev: bump esbuild from 0.25.9 to 0.25.10 in /mdn-observatory-webext (#300) (983b2d7)
  • deps: bump tldts from 7.0.12 to 7.0.15 (#301) (a2aac99)
  • filter out common non-fatal errors from sentry (#298) (8790079)
  • pgpool settings adjustments (#299) (88d06b7)

1.4.2 (2025-09-11)

Miscellaneous

  • workflows: remove advanced CodeQL setup (#280) (816df5b)

1.4.1 (2025-06-27)

Bug Fixes

Miscellaneous

1.4.0 (2025-03-17)

Features

  • api: add version endpoint (/api/v2/version) (4bf980c)

Bug Fixes

  • grader: update HTTP Redirection link (#181) (93d3c44)

1.3.9 (2025-01-03)

Bug Fixes

  • csp: allow duplicate report-* directives (#151) (c172ce8)

1.3.8 (2024-12-20)

Bug Fixes

Miscellaneous

1.3.7 (2024-12-16)

Miscellaneous

1.3.6 (2024-12-04)

Bug Fixes

  • redirection: provide additional intermediate ca certs (#123) (0200be8)

1.3.5 (2024-10-15)

Miscellaneous

  • api: added a migration paragraph to the README (#113) (7ba23ac)

1.3.4 (2024-09-23)

Bug Fixes

1.3.3 (2024-09-17)

Bug Fixes

1.3.2 (2024-09-16)

Bug Fixes

  • cli: make the scan command npx compatible (#92) (6d66d0e)

1.3.1 (2024-09-16)

Bug Fixes

  • ci: check dependabot PR user instead of actor (#84) (723f3a6)

1.3.0 (2024-08-26)

Bug Fixes

  • scanner: allow 401 and 403 responses, set proper accept header on requests (#64) (b90b1ff)

1.2.1 (2024-08-05)

Bug Fixes

Miscellaneous

  • types: solidify type annotations, add tsc checks (#56) (fa09305)

1.2.0 (2024-07-26)

Features

Bug Fixes

  • hsts: resolve path for hsts-preload.json file (0ea5178)
  • hsts: rework file path resolution (#50) (1b2e9ed)

1.1.0 (2024-07-22)

Features

Bug Fixes

  • api: properly refuse hostnames in special TLDs (MP-1287) (ea315ba)
  • api: typos in policy copy (e1d710d)
  • auto-merge: approve before comment (#22) (c2519a1)
  • auto-merge: remove accidental quote (#23) (561b2dd)
  • csp: make sure a single frame-ancestors in meta equiv tags gets ignored correctly (5080718)
  • xframeoptions: added a test that ensures meta equiv tags with x-frame-options are ignored (39cf38c)

Miscellaneous