Changelog

1.3.9 (2025-01-03)

Bug Fixes

csp: allow duplicate report-* directives (#151) (c172ce8)

1.3.8 (2024-12-20)

Bug Fixes

package.json (#145) (b70469a)

Miscellaneous

rewrite wrapper script in js (#139) (7b863e1)

1.3.7 (2024-12-16)

Miscellaneous

release 1.3.7 (525dfe3)

1.3.6 (2024-12-04)

Bug Fixes

redirection: provide additional intermediate ca certs (#123) (0200be8)

1.3.5 (2024-10-15)

Miscellaneous

api: added a migration paragraph to the README (#113) (7ba23ac)

1.3.4 (2024-09-23)

Bug Fixes

api: fixed link to HSTS docs (#99) (bb6cc34)

1.3.3 (2024-09-17)

Bug Fixes

cli: published package on NPM (#96) (276f84c)

1.3.2 (2024-09-16)

Bug Fixes

cli: make the scan command npx compatible (#92) (6d66d0e)

1.3.1 (2024-09-16)

Bug Fixes

ci: check dependabot PR user instead of actor (#84) (723f3a6)

1.3.0 (2024-08-26)

Bug Fixes

scanner: allow 401 and 403 responses, set proper accept header on requests (#64) (b90b1ff)

1.2.1 (2024-08-05)

Bug Fixes

api: error messages (#58) (efe3ea3)

Miscellaneous

types: solidify type annotations, add tsc checks (#56) (fa09305)

1.2.0 (2024-07-26)

Features

db: cleanup (ee1942e)
db: remove auto-migrate from server startup (#52) (d43d626)

Bug Fixes

hsts: resolve path for hsts-preload.json file (0ea5178)
hsts: rework file path resolution (#50) (1b2e9ed)

1.1.0 (2024-07-22)

Features

api: add Sentry (#24) (f20f546)
workflows: setup release-please (#35) (9c945ca)

Bug Fixes

api: properly refuse hostnames in special TLDs (MP-1287) (ea315ba)
api: typos in policy copy (e1d710d)
auto-merge: approve before comment (#22) (c2519a1)
auto-merge: remove accidental quote (#23) (561b2dd)
csp: make sure a single frame-ancestors in meta equiv tags gets ignored correctly (5080718)
xframeoptions: added a test that ensures meta equiv tags with x-frame-options are ignored (39cf38c)

Miscellaneous

auto-merge: replace workflow (#11) (3ad31e3)
github: add CODEOWNERS (#10) (8f64852)
github: add Dependabot config (#12) (5b9384a)
node: use Node.js v20 via .nvmrc file (#9) (a9992a8)