Releases: mozilla/addons-server
Releases Β· mozilla/addons-server
2025.05.15
This week's push hero is @diox
Previous Release: 2025.05.01-1
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
mozilla/addons-frontend@2025.05.01...2025.05.15
Addons Server Changelog:
What's Changed
Notable things shipping
- Ignore all decisions that originated from the api by @eviljeff in #23386
- Enable Partner Group for High Profile Rating by @chrstinalin in #23390
- prevent empty
job_idvalues -nullshould be the only empty value by @eviljeff in #23396 - Only consider active NHR when filtering for due date reasons by @diox in #23421
- Remove locales below 80% threshold by @diox in #23395
- Prepare Drop of Old Promotion Models by @chrstinalin in #23315
- Only Show Badged Promoted Groups in Devhub by @chrstinalin in #23372
- Expose the policy text for decisions in version|important-changes history by @eviljeff in #23401
- Re-order needs human review reasons, display them in the review queue for each add-on by @diox in #23426
- associate deny appeal version logs with original versions by @eviljeff in #23449
- Record
reasoningandprivate_notesseparately in Content Decisions by @diox in #23419 - Add runbooks with examples for localdev/dev/statistics by @KevinMind in #23286
Dependendabots
- Bump django from 4.2.20 to 4.2.21 in /requirements by @dependabot in #23433
- Bump vitest from 3.1.1 to 3.1.3 by @dependabot in #23422
- Bump vite from 6.2.6 to 6.3.5 by @dependabot in #23410
- Bump jsdom from 26.0.0 to 26.1.0 by @dependabot in #23310
- Bump pillow from 11.1.0 to 11.2.1 in /requirements by @dependabot in #23313
- Bump less from 4.2.2 to 4.3.0 by @dependabot in #23278
- Bump pytz from 2025.1 to 2025.2 in /requirements by @dependabot in #23221
- Bump mozilla/addons-frontend from 2025.04.17 to 2025.05.01 by @dependabot in #23413
- Bump drf-yasg from 1.21.8 to 1.21.10 in /requirements by @dependabot in #23152
- Bump drf-spectacular from 0.27.2 to 0.28.0 in /requirements by @dependabot in #23201
- Bump glob from 11.0.1 to 11.0.2 by @dependabot in #23364
- Bump iniconfig from 2.0.0 to 2.1.0 in /requirements by @dependabot in #23196
- Bump attrs from 25.1.0 to 25.3.0 in /requirements by @dependabot in #23167
- Bump proto-plus from 1.25.0 to 1.26.1 in /requirements by @dependabot in #23156
- Bump python from
a866731to8582432by @dependabot in #23382
Full Changelog: 2025.05.01...2025.05.15
Contributors
diox, eviljeff, and 3 other contributors
Assets 2
2025.05.01-1
Off-band release
This week's push hero is @eviljeff
Previous Release: 2025.05.01
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Contributors
eviljeff
Assets 2
2025.05.01
This week's push hero is @eviljeff
Previous Release: 2025.04.17-2
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
mozilla/addons-frontend@2025.04.17...2025.05.01
Addons Server Changelog:
What's Changed
Notable things shipping
- Record which versions were affected when force disabling/enabling add-ons by @diox in #23308
- Enable swagger on dev by @KevinMind in #23332
- migrate PrimaryHero model to use addon instead of promoted_addon in a migration safe way by @KevinMind in #23333
- allow multiple ContentDecision to link to CinderJob; etc by @eviljeff in #23301
- Update 0055_fill_cinderjob_fk_on_decision.py by @eviljeff in #23339
- Correct approved_applications_for() by @chrstinalin in #23337
- fix Expression injection in Actions by @odaysec in #23358
- Fix broken settings import in review_reports command by @diox in #23371
- Allow selecting "AMO_CLOSED_NO_ACTION" policies when resolving jobs in reviewer tools by @diox in #23369
- Hide Strategic and Notable groups from the API by @chrstinalin in #23373
- Update PrimaryHero to Drop promoted_addon field and Add Null Constraint by @chrstinalin in #23391
- allow null CinderJob.job_id by @eviljeff in #23387
- Don't inherit due date and/or NeedsHumanReview for ABUSE_ADDON_VIOLATION/CINDER_ESCALATION by @diox in #23343
Dependendabots
- Bump addons-linter from 7.10.0 to 7.11.0 by @dependabot in #23340
- Bump mozilla/addons-frontend from 2025.04.03@sha256:7e69b592cd2e47290c1cbf3f9251553359aed57e5b5d8c50fa6fb93145104de0 to sha256:649541aa871dda9e5befcc9b036c94e99b1fecee5ce26128d960eb2d601f0529 by @dependabot in #23353
- Bump the google group across 1 directory with 2 updates by @dependabot in #23317
- Bump asttokens from 2.4.1 to 3.0.0 in /requirements by @dependabot in #22907
- Bump executing from 2.1.0 to 2.2.0 in /requirements by @dependabot in #23017
- Bump responses from 0.25.6 to 0.25.7 in /requirements by @dependabot in #23159
- Bump decorator from 5.1.1 to 5.2.1 in /requirements by @dependabot in #23103
- Bump cryptography from 44.0.1 to 44.0.2 in /requirements by @dependabot in #23131
- Bump cssselect from 1.2.0 to 1.3.0 in /requirements by @dependabot in #23151
- Bump googleapis-common-protos from 1.69.1 to 1.70.0 in /requirements by @dependabot in #23314
- Bump @eslint/compat from 1.2.7 to 1.2.8 by @dependabot in #23257
- Bump eslint-plugin-prettier from 5.2.5 to 5.2.6 by @dependabot in #23263
- Bump pytest-django from 4.10.0 to 4.11.1 in /requirements by @dependabot in #23271
- Bump prompt-toolkit from 3.0.50 to 3.0.51 in /requirements by @dependabot in #23319
- Bump markdown from 3.7 to 3.8 in /requirements by @dependabot in #23312
- Bump lxml from 5.3.1 to 5.4.0 in /requirements by @dependabot in #23361
New Contributors
Full Changelog: 2025.04.17...2025.05.01
Contributors
diox, eviljeff, and 4 other contributors
Assets 2
2025.04.17-2
964bd82
This commit was signed with the committerβs verified signature.
willdurand
William Durand
This week's push hero is @KevinMind
Previous Release: 2025.04.17-1
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
- IMMEDIATELY run the task triggering a data migration for primary hero migrating
promoted_addontoaddon
- Run the task in a web pod
celery -A olympia.amo.celery:app call olympia.hero.tasks.sync_primary_hero_addon- Notify #addons channel that promoted_addon and promoted_approval tables are no longer being written to and that redash dashboards need to be updated to use promoted_addon_promotion and promoted_version tables.
Addons Server Changelog:
Full Changelog: 2025.04.03...2025.04.17-2
Contributors
KevinMind
Assets 2
2025.04.17-1
This week's push hero is @KevinMind
Previous Release: 2025.04.17
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
- Notify #addons channel that promoted_addon and promoted_approval tables are no longer being written to and that redash dashboards need to be updated to use promoted_addon_promotion and promoted_version tables.
Addons-Frontend Changelog:
Addons Server Changelog:
Contributors
KevinMind
Assets 2
2025.04.17
This week's push hero is @KevinMind
Previous Release: 2025.04.03-1
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
Addons Server Changelog:
What's Changed
Notable things shipping
- Log when an admin deletes/undeletes a collection through the admin by @diox in #23228
- Add validation for DOCKER_* variables: by @KevinMind in #23236
- Write Promoted Information to New Models by @chrstinalin in #23216
- Bump check locales completion rate to 70% by @diox in #23261
- Limit height of notes for reviewers and replies in review page, add scroll by @diox in #23267
- Link Extension Workshop for Markdown Field Syntax by @chrstinalin in #23260
- Fix broken statistics dashboard. (Enable no-undef and no-reassign-const eslint rules) by @KevinMind in #23274
- email stakeholders when a promoted signed version is rejected by @eviljeff in #23270
- Bring back max-width on review page history comments/notes to prevent text overflow by @diox in #23287
- add GCP token file to dockerignore by @fkiriakos07 in #23293
- Revert ./stats/js/stats files closer to original state before vite migration by @KevinMind in #23290
- load stats_overview before stats_stats by @KevinMind in #23294
- rm dsa-appeals-review waffle switch; always offer and handle appeals by @eviljeff in #23259
- support placeholder values in Policy text by @eviljeff in #23249
- Add Partner Promoted Group by @chrstinalin in #23269
- Update blocklist docs by @KevinMind in #23248
- Remove 3rd party dependencies from health_check by @KevinMind in #23300
- Update language on DSA Ignore abuse report template by @wagnerand in #23309
- Allow Multiple Promoted Groups by @chrstinalin in #23268
- Update Elasticsearch local image to 8.x, enable compatibility mode by @diox in #23299
- Remove duplicate entry for github-actions in .dependabot.yml by @willdurand in #23320
- Add PromotedGroupAdmin by @chrstinalin in #23321
Dependendabots
- Bump mozilla/addons-frontend from 2025.03.20-1 to 2025.04.03 by @dependabot in #23330
- Bump vite from 6.2.4 to 6.2.6 by @dependabot in #23297
- Bump addons-linter from 7.9.0 to 7.10.0 by @dependabot in #23326
- Bump @vitest/eslint-plugin from 1.1.38 to 1.1.42 by @dependabot in #23307
Full Changelog: 2025.04.03...2025.04.17
Contributors
diox, willdurand, and 6 other contributors
Assets 2
2025.04.03-1
This week's push hero is @KevinMind
Previous Release: 2025.04.03
Blockers:
Cherry-picks:
5301926
82f4981
0291b62
fc21d6d
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
Addons Server Changelog:
Full Changelog: 2025.04.03...2025.04.03-1
Contributors
KevinMind
Assets 2
2025.04.03
This week's push hero is @diox
Previous Release: 2025.03.20-1
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
./manage.py waffle_switch enable_dev_experience_survey on./manage.py promote_by_firefox_themes./manage.py backfill_reviewactionreasons_for_delayed_rejections./manage.py sync_promoted_addons
Addons-Frontend Changelog:
mozilla/addons-frontend@2025.03.20-1...2025.04.03
Addons Server Changelog:
What's Changed
Notable things shipping
- Read Promoted Group Information Via Models by @chrstinalin in #23082
- Use MinimalUserProfileSerializer for AccountViewSet for non-developers by @eviljeff in #23192
- Check If Promoted Is Array in AddonSerializers by @chrstinalin in #23191
- Migrate remaining files to vite by @KevinMind in #23180
- Refactor UsageTier to avoid exceptions being raised in the admin by @diox in #23197
- Replace drf-yasg with drf_specatcular and make swagger enable-able in production via environment variable by @KevinMind in #22478
- Remove legacy less processing by @KevinMind in #23181
- Enhance health check workflows and scripts by @KevinMind in #23190
- add linter for workflows by @KevinMind in #23193
- Make "Cancel and Disable Version" behave like Disable Version ; remove "Cancel Review Request" by @diox in #23215
- Deactivate jitter for Cinder tasks we're retrying by @diox in #23210
- Correct PromotedGroup Approvals by @chrstinalin in #23218
- Use relative path resolution and manually include static assets in vite's module graph. by @KevinMind in #23209
- Prevent creation of PromotedAddonVersion for PromotedApproval with null application_id; added corresponding test case. by @KevinMind in #23217
- Add short format to enable/disable version activity logs by @diox in #23225
- Add command to give "By Firefox" badge to themes with "Firefox" as author by @diox in #23224
- Merge /services/__heartbeat and /services/monitor.json by @KevinMind in #23233
- Add ESLint + StyleLint + Knip (with all rules disabled) by @KevinMind in #23229
- Use primary db in promote_by_firefox_themes and promoted models sync in general by @diox in #23237
- Styling improvements and better organization of the healtcheck message by @KevinMind in #23238
- drop minimal-profile-has-all-fields-shim from api/v5 by @eviljeff in #23223
- Fix intermittent test failure TestSessionIDAuthentication.test_invalid_user_other_user by @diox in #23239
- Show all possible reasons for NeedsHumanReview in review queue filter UI by @diox in #23234
- mimimal -> minimal for v3 API_GATE by @eviljeff in #23253
- backfill ReviewActionReason and CinderPolicy for expired rejections by @eviljeff in #23235
- Mark swagger as experimental by @KevinMind in #23254
- Use sha hashes for docker images, update through dependabot by @diox in #23250
Dependendabots
- Bump sentry-sdk from 1.35.0 to 2.23.1 in /requirements by @dependabot in #23186
- Bump ruff from 0.9.10 to 0.11.2 in /requirements by @dependabot in #23212
- Bump vitest from 3.0.7 to 3.1.1 by @dependabot in #23242
- Bump vite from 6.2.0 to 6.2.4 by @dependabot in #23243
Full Changelog: 2025.03.20...2025.04.03
Contributors
diox, eviljeff, and 3 other contributors
Assets 2
2025.03.20-1
This week's push hero is @KevinMind
Previous Release: 2025.03.20
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
Addons Server Changelog:
Full Changelog: 2025.03.20...2025.03.20-1
Contributors
KevinMind
Assets 2
2025.03.20
This week's push hero is @KevinMind
Previous Release: 2025.03.06-1
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
mozilla/addons-frontend@2025.03.06-1...2025.03.20
Addons Server Changelog:
What's Changed
Notable things shipping
- always detect if there is an attachment for a decision by @eviljeff in #23138
- Refactor FxA authentication configuration and fake auth handling by @KevinMind in #23077
- Bump Node.js to 20.x by @diox in #23139
- Add GitHub Actions health check workflow by @KevinMind in #23036
- Correct PromotedAddonPromotion Signals by @chrstinalin in #23127
- Migrate addon admin pages to vite bundles by @KevinMind in #23137
- Add ci_completed.yml workflow to notify slack when something goes wrong. by @KevinMind in #23080
- Migrate all admin js/css to vite compilation by @KevinMind in #23141
- Use specific emoji for cancelled workflows by @KevinMind in #23157
- Disable locales that have completion rate below 40%, enable those above by @diox in #23158
- Add command to check locales completion rates and send emails about it by @diox in #23153
- rm TAAR service integrations by @eviljeff in #23147
- Update ci_completed.yml by @KevinMind in #23163
- Add py-call-uwsgi-fork-hooks to local development uwsgi config by @diox in #23164
- Always run the post run step, logging conditionally and exiting based on the success/failure of the run step by @KevinMind in #23169
- Fix broken tests following locales tweaks by @diox in #23168
- test fix for TestGetAddonRecommendations by @eviljeff in #23170
- Return minimal user profile for non-developer users. by @eviljeff in #23154
- sync enforcement actions from Cinder for policies by @eviljeff in #23161
- Update ci_completed.yml by @KevinMind in #23172
- Add Slack notification to healthcheck by @KevinMind in #23162
- Update health_check.yml by @KevinMind in #23176
- Migrate the last admin pages. by @KevinMind in #23179
- expose what versions would be re-enabled with a force enable by @eviljeff in #23165
- Add Developer Experience Survey to DevHub by @chrstinalin in #23166
- Add some reserved guids by @diox in #23171
- send 400 response to Cinder for some webhook validation errors by @eviljeff in #23175
- Vite config updates by @KevinMind in #23177
- all appeals back to their original queues by @eviljeff in #23189
Dependendabots
- Bump ruff from 0.7.1 to 0.9.9 in /requirements by @dependabot in #23126
- Bump actions/checkout from 3 to 4 by @dependabot in #23116
- Bump actions/configure-pages from 4 to 5 by @dependabot in #23117
- Bump actions/setup-node from 2 to 4 by @dependabot in #23115
- Bump markupsafe from 2.1.5 to 3.0.2 in /requirements by @dependabot in #22787
- Bump terser from 5.37.0 to 5.39.0 by @dependabot in #23075
- Bump jinja2 from 3.1.5 to 3.1.6 in /requirements by @dependabot in #23140
- Bump mmh3 from 5.0.1 to 5.1.0 in /requirements by @dependabot in #23026
- Bump glob from 11.0.0 to 11.0.1 by @dependabot in #22979
- Bump grpcio from 1.69.0 to 1.70.0 in /requirements by @dependabot in #23021
- Bump protobuf from 4.25.5 to 4.25.6 in /requirements by @dependabot in #23025
- Bump attrs from 24.3.0 to 25.1.0 in /requirements by @dependabot in #23027
- Bump babel from 2.16.0 to 2.17.0 in /requirements by @dependabot in #23044
- Bump pip from 24.3.1 to 25.0.1 in /requirements by @dependabot in #23063
- Bump cachetools from 5.5.1 to 5.5.2 in /requirements by @dependabot in #23097
- Bump django from 4.2.19 to 4.2.20 in /requirements by @dependabot in #23142
- Bump the google group across 1 directory with 4 updates by @dependabot in #23155
- Bump googleapis-common-protos from 1.66.0 to 1.69.1 in /requirements by @dependabot in #23144
- Bump myst-parser from 4.0.0 to 4.0.1 in /requirements by @dependabot in #23069
- Bump ruff from 0.9.9 to 0.9.10 in /requirements by @dependabot in #23150
- Bump addons-linter from 7.8.0 to 7.9.0 by @dependabot in #23188
- Bump prettier from 3.5.2 to 3.5.3 by @dependabot in #23128
Full Changelog: 2025.03.06...2025.03.20
Contributors
diox, eviljeff, and 3 other contributors