2025.03.06-1

This week's push hero is @diox

Previous Release: 2025.02.20-1

Blockers:

Cherry-picks:

• e169744
• mozilla/addons-frontend@db143a0

Before we push:

Before we start:

Before we promote:

After we're done:

• run ./manage.py retry_unreported_abuse_reports
• run ./manage.py process_translations --task=strip_html_from_summaries

Addons-Frontend Changelog:

mozilla/addons-frontend@2025.02.20...2025.03.06-1

Addons Server Changelog:

What's Changed

Notable things shipping

• Define the ENV setting for all environments (including test/build/local) by @KevinMind in #23073
• Expose target affected versions for decision on held review page by @eviljeff in #23090
• Update local dev docker images for autograph, elasticsearch, memcached by @wagnerand in #23086
• Cinder sends a 200 for a successfull decision override, not 201 by @eviljeff in #23091
• prevent 2nd level approval form from being submitted if not pending by @eviljeff in #23101
• create approve 2nd level decision with non-addon entities too by @eviljeff in #23099
• Clarify URL handling for extension fields. by @dotproto in #23100
• Use reasons from the delayed rejection(s) when automatically rejecting versions by @diox in #23106
• Only hold REJECT_VERSION action if it affects signed versions by @eviljeff in #23107
• Clear NHR immediately on reviewer action, even if held for approval by @diox in #23112
• Add github actions to dependabot.yml by @eviljeff in #23114
• Prevent automatic actions from being recorded in review queue history table by @diox in #23118
• Add retry to some abuse tasks by @eviljeff in #23098
• add retry_unreported_abuse_reports command to retry AbuseReports by @eviljeff in #23108
• prevent .git directory from being copied into docker images by @fkiriakos07 in #23123
• Split forwarded appeal into separate review queue filter by @wagnerand in #23122
• Move AttachmentLog to the latest activity on a decision by @eviljeff in #23121
• Add task to remove HTML from public add-on summaries by @diox in #23119
• remove mv3 compatibility warning from devhub by @eviljeff in #23135
• Fix review queue flag icon for cinder forwarded jobs by @wagnerand in #23136
• seperate forwards from 2nd level approval queue NHRs by @eviljeff in #23133

Dependendabots

• Bump pytest-django from 4.9.0 to 4.10.0 in /requirements by @dependabot in #23066
• Bump jsdom from 24.1.3 to 26.0.0 by @dependabot in #23048
• Bump prompt-toolkit from 3.0.48 to 3.0.50 in /requirements by @dependabot in #23003
• Bump cachetools from 5.5.0 to 5.5.1 in /requirements by @dependabot in #23008
• Bump ipython from 8.31.0 to 8.32.0 in /requirements by @dependabot in #23046
• Bump pytz from 2024.2 to 2025.1 in /requirements by @dependabot in #23042
• Bump deprecated from 1.2.15 to 1.2.18 in /requirements by @dependabot in #23029
• Bump certifi from 2024.12.14 to 2025.1.31 in /requirements by @dependabot in #23040
• Bump django from 4.2.18 to 4.2.19 in /requirements by @dependabot in #23056
• Bump lxml from 5.3.0 to 5.3.1 in /requirements by @dependabot in #23062
• Bump cryptography from 44.0.0 to 44.0.1 in /requirements by @dependabot in #23068
• Bump vitest from 1.6.0 to 1.6.1 by @dependabot in #23085
• Bump vite from 6.0.11 to 6.1.1 by @dependabot in #23087
• Bump vitest from 1.6.1 to 3.0.7 by @dependabot in #23110
• Bump vite from 6.1.1 to 6.2.0 by @dependabot in #23109
• Bump prettier from 3.4.2 to 3.5.2 by @dependabot in #23102
• Bump pytest from 8.3.4 to 8.3.5 in /requirements by @dependabot in #23129
• Bump django-cors-headers from 4.5.0 to 4.7.0 in /requirements by @dependabot in #23057

New Contributors

• @dotproto made their first contribution in #23100
• @fkiriakos07 made their first contribution in #23123

Full Changelog: 2025.02.20...2025.03.06-1

2025.03.06

This week's push hero is @diox

Previous Release: 2025.02.20-1

Blockers:

Cherry-picks:

Before we push:

Before we start:

Before we promote:

After we're done:

• run ./manage.py retry_unreported_abuse_reports
• run ./manage.py process_translations --task=strip_html_from_summaries

Addons-Frontend Changelog:

mozilla/addons-frontend@2025.02.20...2025.03.06

Addons Server Changelog:

What's Changed

Notable things shipping

• Define the ENV setting for all environments (including test/build/local) by @KevinMind in #23073
• Expose target affected versions for decision on held review page by @eviljeff in #23090
• Update local dev docker images for autograph, elasticsearch, memcached by @wagnerand in #23086
• Cinder sends a 200 for a successfull decision override, not 201 by @eviljeff in #23091
• prevent 2nd level approval form from being submitted if not pending by @eviljeff in #23101
• create approve 2nd level decision with non-addon entities too by @eviljeff in #23099
• Clarify URL handling for extension fields. by @dotproto in #23100
• Use reasons from the delayed rejection(s) when automatically rejecting versions by @diox in #23106
• Only hold REJECT_VERSION action if it affects signed versions by @eviljeff in #23107
• Clear NHR immediately on reviewer action, even if held for approval by @diox in #23112
• Add github actions to dependabot.yml by @eviljeff in #23114
• Prevent automatic actions from being recorded in review queue history table by @diox in #23118
• Add retry to some abuse tasks by @eviljeff in #23098
• add retry_unreported_abuse_reports command to retry AbuseReports by @eviljeff in #23108
• prevent .git directory from being copied into docker images by @fkiriakos07 in #23123
• Split forwarded appeal into separate review queue filter by @wagnerand in #23122
• Move AttachmentLog to the latest activity on a decision by @eviljeff in #23121
• Add task to remove HTML from public add-on summaries by @diox in #23119
• remove mv3 compatibility warning from devhub by @eviljeff in #23135
• Fix review queue flag icon for cinder forwarded jobs by @wagnerand in #23136
• seperate forwards from 2nd level approval queue NHRs by @eviljeff in #23133

Dependendabots

• Bump pytest-django from 4.9.0 to 4.10.0 in /requirements by @dependabot in #23066
• Bump jsdom from 24.1.3 to 26.0.0 by @dependabot in #23048
• Bump prompt-toolkit from 3.0.48 to 3.0.50 in /requirements by @dependabot in #23003
• Bump cachetools from 5.5.0 to 5.5.1 in /requirements by @dependabot in #23008
• Bump ipython from 8.31.0 to 8.32.0 in /requirements by @dependabot in #23046
• Bump pytz from 2024.2 to 2025.1 in /requirements by @dependabot in #23042
• Bump deprecated from 1.2.15 to 1.2.18 in /requirements by @dependabot in #23029
• Bump certifi from 2024.12.14 to 2025.1.31 in /requirements by @dependabot in #23040
• Bump django from 4.2.18 to 4.2.19 in /requirements by @dependabot in #23056
• Bump lxml from 5.3.0 to 5.3.1 in /requirements by @dependabot in #23062
• Bump cryptography from 44.0.0 to 44.0.1 in /requirements by @dependabot in #23068
• Bump vitest from 1.6.0 to 1.6.1 by @dependabot in #23085
• Bump vite from 6.0.11 to 6.1.1 by @dependabot in #23087
• Bump vitest from 1.6.1 to 3.0.7 by @dependabot in #23110
• Bump vite from 6.1.1 to 6.2.0 by @dependabot in #23109
• Bump prettier from 3.4.2 to 3.5.2 by @dependabot in #23102
• Bump pytest from 8.3.4 to 8.3.5 in /requirements by @dependabot in #23129
• Bump django-cors-headers from 4.5.0 to 4.7.0 in /requirements by @dependabot in #23057

New Contributors

• @dotproto made their first contribution in #23100
• @fkiriakos07 made their first contribution in #23123

Full Changelog: 2025.02.20...2025.03.06

2025.02.20-1

This week's push hero is @eviljeff

Previous Release: 2025.02.06-1

Blockers:

Cherry-picks:

7f1bf77

Before we push:

Before we start:

Before we promote:

After we're done:

Addons-Frontend Changelog:

Addons Server Changelog:

What's Changed

Notable things shipping

• Allow regular reviewers to delay-reject again without changing the date by @diox in #23064
• Refactor promoted groups to use APIChoicesWithNone by @KevinMind in #23051
• Clear pending rejections & set human review date in approve_multiple_versions() by @diox in #23053
• Make DOCKER_TARGET a buid time argument only. by @KevinMind in #23076
• Remove 'enable-soft-blocking' Waffle Switch Migration by @KevinMind in #23052
• Add Forward to Legal to important changes history in review page by @diox in #23079
• Create PromotedGroup, PromotedAddonPromotion and PromotedAddonVersion models, synced to PromotedAddon and PromotedApproval models by @KevinMind in #23060
• Allow API authentication for source package downloads by @chrstinalin in #23081
• create override decision for denied 2nd level approvals by @eviljeff in #23083

Full Changelog: 2025.02.06...2025.02.20

2025.02.20

This week's push hero is @eviljeff

Previous Release: 2025.02.06-1

Blockers:

Cherry-picks:

Before we push:

Before we start:

Before we promote:

After we're done:

Addons-Frontend Changelog:

Addons Server Changelog:

What's Changed

Notable things shipping

• Allow regular reviewers to delay-reject again without changing the date by @diox in #23064
• Refactor promoted groups to use APIChoicesWithNone by @KevinMind in #23051
• Clear pending rejections & set human review date in approve_multiple_versions() by @diox in #23053
• Make DOCKER_TARGET a buid time argument only. by @KevinMind in #23076
• Remove 'enable-soft-blocking' Waffle Switch Migration by @KevinMind in #23052
• Add Forward to Legal to important changes history in review page by @diox in #23079
• Create PromotedGroup, PromotedAddonPromotion and PromotedAddonVersion models, synced to PromotedAddon and PromotedApproval models by @KevinMind in #23060
• Allow API authentication for source package downloads by @chrstinalin in #23081
• create override decision for denied 2nd level approvals by @eviljeff in #23083

Full Changelog: 2025.02.06...2025.02.20

2025.02.06-1

This week's push hero is @diox

Previous Release: 2025.02.06

Cherry-picks:

• 2219c27

What's Changed

Full Changelog: 2025.02.06...2025.02.06-1

Notable things shipping

• Allow regular reviewers to delay-reject again without changing the date #23064

2025.02.06

This week's push hero is @diox

Previous Release: 2025.01.23

Blockers:

Cherry-picks:

Before we push:

Before we start:

Before we promote:

After we're done:

Addons-Frontend Changelog:

mozilla/addons-frontend@2025.01.23...2025.02.06

Addons Server Changelog:

What's Changed

Notable things shipping

• Support long locale in dynamic served js catalog by @KevinMind in #23006
• Add MLBF validation logic and corresponding management command by @KevinMind in #22983
• Make build-docker locally debuggable by @KevinMind in #23010
• Group celery and google packages together in dependabot config by @diox in #23018
• Log image digest in docker build by @KevinMind in #23007
• Migrate build scripts to python with single script to orchestrate during make up by @KevinMind in #23011
• delegate review actions to cinder by @eviljeff in #23004
• Support Markdown in Add-on Listing Fields by @chrstinalin in #22956
• replace uWSGI with pyuwsgi by @KevinMind in #23020
• Better checks that static file routing works as expected by @KevinMind in #23014
• Bleach Add-on Summary of all HTML by @chrstinalin in #22994
• delegate reject actions to ContentActions too by @eviljeff in #23023
• Migrate dependencies to /data/olympia by @KevinMind in #23015
• Split es locale into several variations and migrate existing user translations to es-ES by @diox in #22982
• Don't translate admin events / activities hidden to developers by @diox in #23035
• Add npm dependencies in the production image by @KevinMind in #23037
• Don't flag add-ons for growth threshold if hotness is negative by @diox in #23031
• Remove extra docker volumes and extra associated configurations by @KevinMind in #23034
• Introduce vite to transpile js/css assets for development and production + vitest for static file testing by @KevinMind in #22957
• Make reviewer pending rejection input a datetime widget and allow changing it through an action by @diox in #23001
• process jobs from legal escalations with no abuse reports by @eviljeff in #23024
• Ensure we clear stashes when uploading new blocklist filters by @KevinMind in #23039

Dependendabots

• Bump mysqlclient from 2.2.6 to 2.2.7 in /requirements by @dependabot in #22986
• Bump google-cloud-storage from 2.18.2 to 2.19.0 in /requirements by @dependabot in #22918
• Bump google-api-core[grpc] from 2.21.0 to 2.24.0 in /requirements by @dependabot in #22931
• Bump grpcio from 1.68.1 to 1.69.0 in /requirements by @dependabot in #22968
• Bump prettier from 3.3.3 to 3.4.2 by @dependabot in #22915
• Bump responses from 0.25.3 to 0.25.6 in /requirements by @dependabot in #22988
• Bump pillow from 11.0.0 to 11.1.0 in /requirements by @dependabot in #22963
• Bump wrapt from 1.17.0 to 1.17.2 in /requirements by @dependabot in #22991
• Bump ipython from 8.29.0 to 8.31.0 in /requirements by @dependabot in #22960
• Bump pygments from 2.18.0 to 2.19.1 in /requirements by @dependabot in #22974
• Bump pyparsing from 3.2.0 to 3.2.1 in /requirements by @dependabot in #22964
• Bump tomli from 2.1.0 to 2.2.1 in /requirements by @dependabot in #22901
• Bump setuptools from 75.6.0 to 75.8.0 in /requirements by @dependabot in #22980
• Bump less from 4.2.1 to 4.2.2 by @dependabot in #22999
• Bump the google group across 1 directory with 4 updates by @dependabot in #23038

Full Changelog: 2025.01.23...2025.02.06

2025.01.23

This week's push hero is @KevinMind

Previous Release: 2025.01.09-1

Blockers:

Cherry-picks:

Before we push:

Before we start:

Before we promote:

After we're done:

Addons-Frontend Changelog:

mozilla/addons-frontend@2025.01.09...2025.01.23

Addons Server Changelog:

What's Changed

Notable things shipping

• don't set forwarded to legal job as resolvable_in_reviewer_tools by @eviljeff in #22973
• Don't specify a package name or version, this package is not published by @diox in #22976
• Allow deleted versions to use "Confirm Multiple Versions" action by @chrstinalin in #22942
• flag correct versions for a developer appeal by @eviljeff in #22975
• Serve django locale bundles from django as a fallback in local dev by @KevinMind in #22977
• Change Wording of Escalated Appeals in Version History by @chrstinalin in #22972
• Refactor ContentDecision to be used consistently by @eviljeff in #22967
• Rename docker.md in comment in Dockerfile by @Rob--W in #22996
• Redirect incoming URLs with short languages to the long-language variant by @diox in #22998
• Do not include current extension in 'Other popular extensions' by @chrstinalin in #22946
• Move /deps/node_modules to /data/olympia/node_modules by @KevinMind in #22955
• Revert "Move /deps/node_modules to /data/olympia/node_modules (#22955)" by @KevinMind in #23002

Dependendabots

• Bump charset-normalizer from 3.4.0 to 3.4.1 in /requirements by @dependabot in #22965
• Bump click from 8.1.7 to 8.1.8 in /requirements by @dependabot in #22961
• Bump django from 4.2.17 to 4.2.18 in /requirements by @dependabot in #22993
• Bump addons-linter from 7.7.0 to 7.8.0 by @dependabot in #23005

Full Changelog: 2025.01.09...2025.01.23

2025.01.09-1

This week's push hero is @diox

Previous Release: 2024.12.12-2

Blockers:

Cherry-picks

• 1656bff

Before we push:

Before we start:

Before we promote:

After we're done:

• Push mozilla-it/webservices-infra#3617 to prod. The PR removes all code-manager related Kubernetes resources and the code-manager references in the Nginx proxies.

Addons-Frontend Changelog:

mozilla/addons-frontend@2024.12.12...2025.01.09

Addons Server Changelog:

What's Changed

Notable things shipping

• CI tests for make check to prevent breakage to our local dev: by @KevinMind in #22928
• Add forward to legal option in reviewer tools by @eviljeff in #22886
• rm crontab by @eviljeff in #22933
• Store override decisions as seperate ContentDecision instances by @eviljeff in #22917
• Use integer to index ratings counts, there might be more than what fits in a short by @diox in #22939
• Follow up for "Migrate from BlockVersion.soft to BlockVersion.block_type" by @bakulf in #22821
• relax hold criteria, to promoted add-ons in groups but not approved yet by @eviljeff in #22941
• Faster post build startup: by @KevinMind in #22938
• Embed build info into the docker image instead of relying on runtime variables. by @KevinMind in #22930
• Mark orphaned Cinder Policies as such when syncing them, delete the ones we don't use by @diox in #22937
• Skip reindex on normal make up where index alias exists by @KevinMind in #22819
• partial revert: 46f608f by @KevinMind in #22947
• link the activity log to the ContentDecision so we can backtrack it by @eviljeff in #22936
• Switch to Python 3.12 by @diox in #22880
• send owner email for override of takedown -> ignore by @eviljeff in #22944
• Allow reviewers to reply to blocked versions by @diox in #22952
• Use monitors instead of custom healthcheck.py script to verify service dependencies' health by @KevinMind in #22951
• Add named volume for mounting host files via OLYMPIA_MOUNT by @KevinMind in #22929
• Split CI dependencies and add ./deps:/deps mount. by @KevinMind in #22934
• Fix python version used by dependabot by @diox in #22958
• Record review queue history: when a version enters the queue, when they leave it by @diox in #22927

Dependendabots

• Bump six from 1.16.0 to 1.17.0 in /requirements by @dependabot in #22919
• Bump pytest from 8.3.3 to 8.3.4 in /requirements by @dependabot in #22909
• Bump amqp from 5.2.0 to 5.3.1 in /requirements by @dependabot in #22848
• Bump django-waffle from 4.1.0 to 4.2.0 in /requirements by @dependabot in #22866
• Bump jinja2 from 3.1.4 to 3.1.5 in /requirements by @dependabot in #22962
• Bump sqlparse from 0.5.2 to 0.5.3 in /requirements by @dependabot in #22935
• Bump certifi from 2024.8.30 to 2024.12.14 in /requirements by @dependabot in #22949
• Bump addons-linter from 7.6.0 to 7.7.0 by @dependabot in #22950
• Bump setuptools from 75.2.0 to 75.6.0 in /requirements by @dependabot in #22876
• Bump cryptography from 43.0.3 to 44.0.0 in /requirements by @dependabot in #22903
• Bump dotenv from 16.4.5 to 16.4.7 by @dependabot in #22914
• Bump bitarray from 2.9.2 to 3.0.0 in /requirements by @dependabot in #22770
• Bump attrs from 24.2.0 to 24.3.0 in /requirements by @dependabot in #22948
• Bump terser from 5.36.0 to 5.37.0 by @dependabot in #22926
• Bump pyjwt from 2.9.0 to 2.10.1 in /requirements by @dependabot in #22902
• Bump grpcio from 1.67.0 to 1.68.1 in /requirements by @dependabot in #22908
• Bump django-tables2 from 2.7.0 to 2.7.5 in /requirements by @dependabot in #22966

Full Changelog: 2024.12.12-2...2025.01.09-1

2025.01.09

This week's push hero is @diox

Previous Release: 2024.12.12-2

Blockers:

Cherry-picks:

Before we push:

Before we start:

Before we promote:

After we're done:

Addons-Frontend Changelog:

Addons Server Changelog:

What's Changed

Notable things shipping

• CI tests for make check to prevent breakage to our local dev: by @KevinMind in #22928
• Add forward to legal option in reviewer tools by @eviljeff in #22886
• rm crontab by @eviljeff in #22933
• Store override decisions as seperate ContentDecision instances by @eviljeff in #22917
• Use integer to index ratings counts, there might be more than what fits in a short by @diox in #22939
• Follow up for "Migrate from BlockVersion.soft to BlockVersion.block_type" by @bakulf in #22821
• relax hold criteria, to promoted add-ons in groups but not approved yet by @eviljeff in #22941
• Faster post build startup: by @KevinMind in #22938
• Embed build info into the docker image instead of relying on runtime variables. by @KevinMind in #22930
• Mark orphaned Cinder Policies as such when syncing them, delete the ones we don't use by @diox in #22937
• Skip reindex on normal make up where index alias exists by @KevinMind in #22819
• partial revert: 46f608f by @KevinMind in #22947
• link the activity log to the ContentDecision so we can backtrack it by @eviljeff in #22936
• Switch to Python 3.12 by @diox in #22880
• send owner email for override of takedown -> ignore by @eviljeff in #22944
• Allow reviewers to reply to blocked versions by @diox in #22952
• Use monitors instead of custom healthcheck.py script to verify service dependencies' health by @KevinMind in #22951
• Add named volume for mounting host files via OLYMPIA_MOUNT by @KevinMind in #22929
• Split CI dependencies and add ./deps:/deps mount. by @KevinMind in #22934
• Fix python version used by dependabot by @diox in #22958
• Record review queue history: when a version enters the queue, when they leave it by @diox in #22927

Dependendabots

• Bump six from 1.16.0 to 1.17.0 in /requirements by @dependabot in #22919
• Bump pytest from 8.3.3 to 8.3.4 in /requirements by @dependabot in #22909
• Bump amqp from 5.2.0 to 5.3.1 in /requirements by @dependabot in #22848
• Bump django-waffle from 4.1.0 to 4.2.0 in /requirements by @dependabot in #22866
• Bump jinja2 from 3.1.4 to 3.1.5 in /requirements by @dependabot in #22962
• Bump sqlparse from 0.5.2 to 0.5.3 in /requirements by @dependabot in #22935
• Bump certifi from 2024.8.30 to 2024.12.14 in /requirements by @dependabot in #22949
• Bump addons-linter from 7.6.0 to 7.7.0 by @dependabot in #22950
• Bump setuptools from 75.2.0 to 75.6.0 in /requirements by @dependabot in #22876
• Bump cryptography from 43.0.3 to 44.0.0 in /requirements by @dependabot in #22903
• Bump dotenv from 16.4.5 to 16.4.7 by @dependabot in #22914
• Bump bitarray from 2.9.2 to 3.0.0 in /requirements by @dependabot in #22770
• Bump attrs from 24.2.0 to 24.3.0 in /requirements by @dependabot in #22948
• Bump terser from 5.36.0 to 5.37.0 by @dependabot in #22926
• Bump pyjwt from 2.9.0 to 2.10.1 in /requirements by @dependabot in #22902
• Bump grpcio from 1.67.0 to 1.68.1 in /requirements by @dependabot in #22908
• Bump django-tables2 from 2.7.0 to 2.7.5 in /requirements by @dependabot in #22966

Full Changelog: 2024.12.12-2...2025.01.09

2024.12.12-2

Cherry-Picks:

• 6dd4a74

Full Changelog: 2024.12.12-1...2024.12.12-2