Releases: mozilla/addons-server
Releases · mozilla/addons-server
2025.04.03
This week's push hero is @diox
Previous Release: 2025.03.20-1
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
./manage.py waffle_switch enable_dev_experience_survey on./manage.py promote_by_firefox_themes./manage.py backfill_reviewactionreasons_for_delayed_rejections./manage.py sync_promoted_addons
Addons-Frontend Changelog:
mozilla/addons-frontend@2025.03.20-1...2025.04.03
Addons Server Changelog:
What's Changed
Notable things shipping
- Read Promoted Group Information Via Models by @chrstinalin in #23082
- Use MinimalUserProfileSerializer for AccountViewSet for non-developers by @eviljeff in #23192
- Check If Promoted Is Array in AddonSerializers by @chrstinalin in #23191
- Migrate remaining files to vite by @KevinMind in #23180
- Refactor UsageTier to avoid exceptions being raised in the admin by @diox in #23197
- Replace drf-yasg with drf_specatcular and make swagger enable-able in production via environment variable by @KevinMind in #22478
- Remove legacy less processing by @KevinMind in #23181
- Enhance health check workflows and scripts by @KevinMind in #23190
- add linter for workflows by @KevinMind in #23193
- Make "Cancel and Disable Version" behave like Disable Version ; remove "Cancel Review Request" by @diox in #23215
- Deactivate jitter for Cinder tasks we're retrying by @diox in #23210
- Correct PromotedGroup Approvals by @chrstinalin in #23218
- Use relative path resolution and manually include static assets in vite's module graph. by @KevinMind in #23209
- Prevent creation of PromotedAddonVersion for PromotedApproval with null application_id; added corresponding test case. by @KevinMind in #23217
- Add short format to enable/disable version activity logs by @diox in #23225
- Add command to give "By Firefox" badge to themes with "Firefox" as author by @diox in #23224
- Merge /services/__heartbeat and /services/monitor.json by @KevinMind in #23233
- Add ESLint + StyleLint + Knip (with all rules disabled) by @KevinMind in #23229
- Use primary db in promote_by_firefox_themes and promoted models sync in general by @diox in #23237
- Styling improvements and better organization of the healtcheck message by @KevinMind in #23238
- drop minimal-profile-has-all-fields-shim from api/v5 by @eviljeff in #23223
- Fix intermittent test failure TestSessionIDAuthentication.test_invalid_user_other_user by @diox in #23239
- Show all possible reasons for NeedsHumanReview in review queue filter UI by @diox in #23234
- mimimal -> minimal for v3 API_GATE by @eviljeff in #23253
- backfill ReviewActionReason and CinderPolicy for expired rejections by @eviljeff in #23235
- Mark swagger as experimental by @KevinMind in #23254
- Use sha hashes for docker images, update through dependabot by @diox in #23250
Dependendabots
- Bump sentry-sdk from 1.35.0 to 2.23.1 in /requirements by @dependabot in #23186
- Bump ruff from 0.9.10 to 0.11.2 in /requirements by @dependabot in #23212
- Bump vitest from 3.0.7 to 3.1.1 by @dependabot in #23242
- Bump vite from 6.2.0 to 6.2.4 by @dependabot in #23243
Full Changelog: 2025.03.20...2025.04.03
Contributors
diox, eviljeff, and 3 other contributors
Assets 2
2025.03.20-1
This week's push hero is @KevinMind
Previous Release: 2025.03.20
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
Addons Server Changelog:
Full Changelog: 2025.03.20...2025.03.20-1
Contributors
KevinMind
Assets 2
2025.03.20
This week's push hero is @KevinMind
Previous Release: 2025.03.06-1
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
mozilla/addons-frontend@2025.03.06-1...2025.03.20
Addons Server Changelog:
What's Changed
Notable things shipping
- always detect if there is an attachment for a decision by @eviljeff in #23138
- Refactor FxA authentication configuration and fake auth handling by @KevinMind in #23077
- Bump Node.js to 20.x by @diox in #23139
- Add GitHub Actions health check workflow by @KevinMind in #23036
- Correct PromotedAddonPromotion Signals by @chrstinalin in #23127
- Migrate addon admin pages to vite bundles by @KevinMind in #23137
- Add ci_completed.yml workflow to notify slack when something goes wrong. by @KevinMind in #23080
- Migrate all admin js/css to vite compilation by @KevinMind in #23141
- Use specific emoji for cancelled workflows by @KevinMind in #23157
- Disable locales that have completion rate below 40%, enable those above by @diox in #23158
- Add command to check locales completion rates and send emails about it by @diox in #23153
- rm TAAR service integrations by @eviljeff in #23147
- Update ci_completed.yml by @KevinMind in #23163
- Add py-call-uwsgi-fork-hooks to local development uwsgi config by @diox in #23164
- Always run the post run step, logging conditionally and exiting based on the success/failure of the run step by @KevinMind in #23169
- Fix broken tests following locales tweaks by @diox in #23168
- test fix for TestGetAddonRecommendations by @eviljeff in #23170
- Return minimal user profile for non-developer users. by @eviljeff in #23154
- sync enforcement actions from Cinder for policies by @eviljeff in #23161
- Update ci_completed.yml by @KevinMind in #23172
- Add Slack notification to healthcheck by @KevinMind in #23162
- Update health_check.yml by @KevinMind in #23176
- Migrate the last admin pages. by @KevinMind in #23179
- expose what versions would be re-enabled with a force enable by @eviljeff in #23165
- Add Developer Experience Survey to DevHub by @chrstinalin in #23166
- Add some reserved guids by @diox in #23171
- send 400 response to Cinder for some webhook validation errors by @eviljeff in #23175
- Vite config updates by @KevinMind in #23177
- all appeals back to their original queues by @eviljeff in #23189
Dependendabots
- Bump ruff from 0.7.1 to 0.9.9 in /requirements by @dependabot in #23126
- Bump actions/checkout from 3 to 4 by @dependabot in #23116
- Bump actions/configure-pages from 4 to 5 by @dependabot in #23117
- Bump actions/setup-node from 2 to 4 by @dependabot in #23115
- Bump markupsafe from 2.1.5 to 3.0.2 in /requirements by @dependabot in #22787
- Bump terser from 5.37.0 to 5.39.0 by @dependabot in #23075
- Bump jinja2 from 3.1.5 to 3.1.6 in /requirements by @dependabot in #23140
- Bump mmh3 from 5.0.1 to 5.1.0 in /requirements by @dependabot in #23026
- Bump glob from 11.0.0 to 11.0.1 by @dependabot in #22979
- Bump grpcio from 1.69.0 to 1.70.0 in /requirements by @dependabot in #23021
- Bump protobuf from 4.25.5 to 4.25.6 in /requirements by @dependabot in #23025
- Bump attrs from 24.3.0 to 25.1.0 in /requirements by @dependabot in #23027
- Bump babel from 2.16.0 to 2.17.0 in /requirements by @dependabot in #23044
- Bump pip from 24.3.1 to 25.0.1 in /requirements by @dependabot in #23063
- Bump cachetools from 5.5.1 to 5.5.2 in /requirements by @dependabot in #23097
- Bump django from 4.2.19 to 4.2.20 in /requirements by @dependabot in #23142
- Bump the google group across 1 directory with 4 updates by @dependabot in #23155
- Bump googleapis-common-protos from 1.66.0 to 1.69.1 in /requirements by @dependabot in #23144
- Bump myst-parser from 4.0.0 to 4.0.1 in /requirements by @dependabot in #23069
- Bump ruff from 0.9.9 to 0.9.10 in /requirements by @dependabot in #23150
- Bump addons-linter from 7.8.0 to 7.9.0 by @dependabot in #23188
- Bump prettier from 3.5.2 to 3.5.3 by @dependabot in #23128
Full Changelog: 2025.03.06...2025.03.20
Contributors
diox, eviljeff, and 3 other contributors
Assets 2
2025.03.06-1
This week's push hero is @diox
Previous Release: 2025.02.20-1
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
- run
./manage.py retry_unreported_abuse_reports - run
./manage.py process_translations --task=strip_html_from_summaries
Addons-Frontend Changelog:
mozilla/addons-frontend@2025.02.20...2025.03.06-1
Addons Server Changelog:
What's Changed
Notable things shipping
- Define the ENV setting for all environments (including test/build/local) by @KevinMind in #23073
- Expose target affected versions for decision on held review page by @eviljeff in #23090
- Update local dev docker images for autograph, elasticsearch, memcached by @wagnerand in #23086
- Cinder sends a 200 for a successfull decision override, not 201 by @eviljeff in #23091
- prevent 2nd level approval form from being submitted if not pending by @eviljeff in #23101
- create approve 2nd level decision with non-addon entities too by @eviljeff in #23099
- Clarify URL handling for extension fields. by @dotproto in #23100
- Use reasons from the delayed rejection(s) when automatically rejecting versions by @diox in #23106
- Only hold REJECT_VERSION action if it affects signed versions by @eviljeff in #23107
- Clear NHR immediately on reviewer action, even if held for approval by @diox in #23112
- Add github actions to dependabot.yml by @eviljeff in #23114
- Prevent automatic actions from being recorded in review queue history table by @diox in #23118
- Add retry to some abuse tasks by @eviljeff in #23098
- add retry_unreported_abuse_reports command to retry AbuseReports by @eviljeff in #23108
- prevent .git directory from being copied into docker images by @fkiriakos07 in #23123
- Split forwarded appeal into separate review queue filter by @wagnerand in #23122
- Move AttachmentLog to the latest activity on a decision by @eviljeff in #23121
- Add task to remove HTML from public add-on summaries by @diox in #23119
- remove mv3 compatibility warning from devhub by @eviljeff in #23135
- Fix review queue flag icon for cinder forwarded jobs by @wagnerand in #23136
- seperate forwards from 2nd level approval queue NHRs by @eviljeff in #23133
Dependendabots
- Bump pytest-django from 4.9.0 to 4.10.0 in /requirements by @dependabot in #23066
- Bump jsdom from 24.1.3 to 26.0.0 by @dependabot in #23048
- Bump prompt-toolkit from 3.0.48 to 3.0.50 in /requirements by @dependabot in #23003
- Bump cachetools from 5.5.0 to 5.5.1 in /requirements by @dependabot in #23008
- Bump ipython from 8.31.0 to 8.32.0 in /requirements by @dependabot in #23046
- Bump pytz from 2024.2 to 2025.1 in /requirements by @dependabot in #23042
- Bump deprecated from 1.2.15 to 1.2.18 in /requirements by @dependabot in #23029
- Bump certifi from 2024.12.14 to 2025.1.31 in /requirements by @dependabot in #23040
- Bump django from 4.2.18 to 4.2.19 in /requirements by @dependabot in #23056
- Bump lxml from 5.3.0 to 5.3.1 in /requirements by @dependabot in #23062
- Bump cryptography from 44.0.0 to 44.0.1 in /requirements by @dependabot in #23068
- Bump vitest from 1.6.0 to 1.6.1 by @dependabot in #23085
- Bump vite from 6.0.11 to 6.1.1 by @dependabot in #23087
- Bump vitest from 1.6.1 to 3.0.7 by @dependabot in #23110
- Bump vite from 6.1.1 to 6.2.0 by @dependabot in #23109
- Bump prettier from 3.4.2 to 3.5.2 by @dependabot in #23102
- Bump pytest from 8.3.4 to 8.3.5 in /requirements by @dependabot in #23129
- Bump django-cors-headers from 4.5.0 to 4.7.0 in /requirements by @dependabot in #23057
New Contributors
- @dotproto made their first contribution in #23100
- @fkiriakos07 made their first contribution in #23123
Full Changelog: 2025.02.20...2025.03.06-1
Contributors
diox, eviljeff, and 5 other contributors
Assets 2
2025.03.06
This week's push hero is @diox
Previous Release: 2025.02.20-1
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
- run
./manage.py retry_unreported_abuse_reports - run
./manage.py process_translations --task=strip_html_from_summaries
Addons-Frontend Changelog:
mozilla/addons-frontend@2025.02.20...2025.03.06
Addons Server Changelog:
What's Changed
Notable things shipping
- Define the ENV setting for all environments (including test/build/local) by @KevinMind in #23073
- Expose target affected versions for decision on held review page by @eviljeff in #23090
- Update local dev docker images for autograph, elasticsearch, memcached by @wagnerand in #23086
- Cinder sends a 200 for a successfull decision override, not 201 by @eviljeff in #23091
- prevent 2nd level approval form from being submitted if not pending by @eviljeff in #23101
- create approve 2nd level decision with non-addon entities too by @eviljeff in #23099
- Clarify URL handling for extension fields. by @dotproto in #23100
- Use reasons from the delayed rejection(s) when automatically rejecting versions by @diox in #23106
- Only hold REJECT_VERSION action if it affects signed versions by @eviljeff in #23107
- Clear NHR immediately on reviewer action, even if held for approval by @diox in #23112
- Add github actions to dependabot.yml by @eviljeff in #23114
- Prevent automatic actions from being recorded in review queue history table by @diox in #23118
- Add retry to some abuse tasks by @eviljeff in #23098
- add retry_unreported_abuse_reports command to retry AbuseReports by @eviljeff in #23108
- prevent .git directory from being copied into docker images by @fkiriakos07 in #23123
- Split forwarded appeal into separate review queue filter by @wagnerand in #23122
- Move AttachmentLog to the latest activity on a decision by @eviljeff in #23121
- Add task to remove HTML from public add-on summaries by @diox in #23119
- remove mv3 compatibility warning from devhub by @eviljeff in #23135
- Fix review queue flag icon for cinder forwarded jobs by @wagnerand in #23136
- seperate forwards from 2nd level approval queue NHRs by @eviljeff in #23133
Dependendabots
- Bump pytest-django from 4.9.0 to 4.10.0 in /requirements by @dependabot in #23066
- Bump jsdom from 24.1.3 to 26.0.0 by @dependabot in #23048
- Bump prompt-toolkit from 3.0.48 to 3.0.50 in /requirements by @dependabot in #23003
- Bump cachetools from 5.5.0 to 5.5.1 in /requirements by @dependabot in #23008
- Bump ipython from 8.31.0 to 8.32.0 in /requirements by @dependabot in #23046
- Bump pytz from 2024.2 to 2025.1 in /requirements by @dependabot in #23042
- Bump deprecated from 1.2.15 to 1.2.18 in /requirements by @dependabot in #23029
- Bump certifi from 2024.12.14 to 2025.1.31 in /requirements by @dependabot in #23040
- Bump django from 4.2.18 to 4.2.19 in /requirements by @dependabot in #23056
- Bump lxml from 5.3.0 to 5.3.1 in /requirements by @dependabot in #23062
- Bump cryptography from 44.0.0 to 44.0.1 in /requirements by @dependabot in #23068
- Bump vitest from 1.6.0 to 1.6.1 by @dependabot in #23085
- Bump vite from 6.0.11 to 6.1.1 by @dependabot in #23087
- Bump vitest from 1.6.1 to 3.0.7 by @dependabot in #23110
- Bump vite from 6.1.1 to 6.2.0 by @dependabot in #23109
- Bump prettier from 3.4.2 to 3.5.2 by @dependabot in #23102
- Bump pytest from 8.3.4 to 8.3.5 in /requirements by @dependabot in #23129
- Bump django-cors-headers from 4.5.0 to 4.7.0 in /requirements by @dependabot in #23057
New Contributors
- @dotproto made their first contribution in #23100
- @fkiriakos07 made their first contribution in #23123
Full Changelog: 2025.02.20...2025.03.06
Contributors
diox, eviljeff, and 5 other contributors
Assets 2
2025.02.20-1
This week's push hero is @eviljeff
Previous Release: 2025.02.06-1
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
Addons Server Changelog:
What's Changed
Notable things shipping
- Allow regular reviewers to delay-reject again without changing the date by @diox in #23064
- Refactor promoted groups to use APIChoicesWithNone by @KevinMind in #23051
- Clear pending rejections & set human review date in
approve_multiple_versions()by @diox in #23053 - Make DOCKER_TARGET a buid time argument only. by @KevinMind in #23076
- Remove 'enable-soft-blocking' Waffle Switch Migration by @KevinMind in #23052
- Add Forward to Legal to important changes history in review page by @diox in #23079
- Create PromotedGroup, PromotedAddonPromotion and PromotedAddonVersion models, synced to PromotedAddon and PromotedApproval models by @KevinMind in #23060
- Allow API authentication for source package downloads by @chrstinalin in #23081
- create override decision for denied 2nd level approvals by @eviljeff in #23083
Full Changelog: 2025.02.06...2025.02.20
Contributors
diox, eviljeff, and 2 other contributors
Assets 2
2025.02.20
This week's push hero is @eviljeff
Previous Release: 2025.02.06-1
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
Addons Server Changelog:
What's Changed
Notable things shipping
- Allow regular reviewers to delay-reject again without changing the date by @diox in #23064
- Refactor promoted groups to use APIChoicesWithNone by @KevinMind in #23051
- Clear pending rejections & set human review date in
approve_multiple_versions()by @diox in #23053 - Make DOCKER_TARGET a buid time argument only. by @KevinMind in #23076
- Remove 'enable-soft-blocking' Waffle Switch Migration by @KevinMind in #23052
- Add Forward to Legal to important changes history in review page by @diox in #23079
- Create PromotedGroup, PromotedAddonPromotion and PromotedAddonVersion models, synced to PromotedAddon and PromotedApproval models by @KevinMind in #23060
- Allow API authentication for source package downloads by @chrstinalin in #23081
- create override decision for denied 2nd level approvals by @eviljeff in #23083
Full Changelog: 2025.02.06...2025.02.20
Contributors
diox, eviljeff, and 2 other contributors
Assets 2
2025.02.06-1
This week's push hero is @diox
Previous Release: 2025.02.06
Cherry-picks:
What's Changed
Full Changelog: 2025.02.06...2025.02.06-1
Notable things shipping
- Allow regular reviewers to delay-reject again without changing the date #23064
Contributors
diox
Assets 2
2025.02.06
This week's push hero is @diox
Previous Release: 2025.01.23
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
mozilla/addons-frontend@2025.01.23...2025.02.06
Addons Server Changelog:
What's Changed
Notable things shipping
- Support long locale in dynamic served js catalog by @KevinMind in #23006
- Add MLBF validation logic and corresponding management command by @KevinMind in #22983
- Make build-docker locally debuggable by @KevinMind in #23010
- Group celery and google packages together in dependabot config by @diox in #23018
- Log image digest in docker build by @KevinMind in #23007
- Migrate build scripts to python with single script to orchestrate during make up by @KevinMind in #23011
- delegate review actions to cinder by @eviljeff in #23004
- Support Markdown in Add-on Listing Fields by @chrstinalin in #22956
- replace uWSGI with pyuwsgi by @KevinMind in #23020
- Better checks that static file routing works as expected by @KevinMind in #23014
- Bleach Add-on Summary of all HTML by @chrstinalin in #22994
- delegate reject actions to ContentActions too by @eviljeff in #23023
- Migrate dependencies to /data/olympia by @KevinMind in #23015
- Split
eslocale into several variations and migrate existing user translations toes-ESby @diox in #22982 - Don't translate admin events / activities hidden to developers by @diox in #23035
- Add npm dependencies in the production image by @KevinMind in #23037
- Don't flag add-ons for growth threshold if hotness is negative by @diox in #23031
- Remove extra docker volumes and extra associated configurations by @KevinMind in #23034
- Introduce vite to transpile js/css assets for development and production + vitest for static file testing by @KevinMind in #22957
- Make reviewer pending rejection input a datetime widget and allow changing it through an action by @diox in #23001
- process jobs from legal escalations with no abuse reports by @eviljeff in #23024
- Ensure we clear stashes when uploading new blocklist filters by @KevinMind in #23039
Dependendabots
- Bump mysqlclient from 2.2.6 to 2.2.7 in /requirements by @dependabot in #22986
- Bump google-cloud-storage from 2.18.2 to 2.19.0 in /requirements by @dependabot in #22918
- Bump google-api-core[grpc] from 2.21.0 to 2.24.0 in /requirements by @dependabot in #22931
- Bump grpcio from 1.68.1 to 1.69.0 in /requirements by @dependabot in #22968
- Bump prettier from 3.3.3 to 3.4.2 by @dependabot in #22915
- Bump responses from 0.25.3 to 0.25.6 in /requirements by @dependabot in #22988
- Bump pillow from 11.0.0 to 11.1.0 in /requirements by @dependabot in #22963
- Bump wrapt from 1.17.0 to 1.17.2 in /requirements by @dependabot in #22991
- Bump ipython from 8.29.0 to 8.31.0 in /requirements by @dependabot in #22960
- Bump pygments from 2.18.0 to 2.19.1 in /requirements by @dependabot in #22974
- Bump pyparsing from 3.2.0 to 3.2.1 in /requirements by @dependabot in #22964
- Bump tomli from 2.1.0 to 2.2.1 in /requirements by @dependabot in #22901
- Bump setuptools from 75.6.0 to 75.8.0 in /requirements by @dependabot in #22980
- Bump less from 4.2.1 to 4.2.2 by @dependabot in #22999
- Bump the google group across 1 directory with 4 updates by @dependabot in #23038
Full Changelog: 2025.01.23...2025.02.06
Contributors
diox, eviljeff, and 3 other contributors
Assets 2
2025.01.23
This week's push hero is @KevinMind
Previous Release: 2025.01.09-1
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
mozilla/addons-frontend@2025.01.09...2025.01.23
Addons Server Changelog:
What's Changed
Notable things shipping
- don't set forwarded to legal job as resolvable_in_reviewer_tools by @eviljeff in #22973
- Don't specify a package name or version, this package is not published by @diox in #22976
- Allow deleted versions to use "Confirm Multiple Versions" action by @chrstinalin in #22942
- flag correct versions for a developer appeal by @eviljeff in #22975
- Serve django locale bundles from django as a fallback in local dev by @KevinMind in #22977
- Change Wording of Escalated Appeals in Version History by @chrstinalin in #22972
- Refactor ContentDecision to be used consistently by @eviljeff in #22967
- Rename docker.md in comment in Dockerfile by @Rob--W in #22996
- Redirect incoming URLs with short languages to the long-language variant by @diox in #22998
- Do not include current extension in 'Other popular extensions' by @chrstinalin in #22946
- Move /deps/node_modules to /data/olympia/node_modules by @KevinMind in #22955
- Revert "Move /deps/node_modules to /data/olympia/node_modules (#22955)" by @KevinMind in #23002
Dependendabots
- Bump charset-normalizer from 3.4.0 to 3.4.1 in /requirements by @dependabot in #22965
- Bump click from 8.1.7 to 8.1.8 in /requirements by @dependabot in #22961
- Bump django from 4.2.17 to 4.2.18 in /requirements by @dependabot in #22993
- Bump addons-linter from 7.7.0 to 7.8.0 by @dependabot in #23005
Full Changelog: 2025.01.09...2025.01.23
Contributors
diox, eviljeff, and 4 other contributors