2026.05.28
This week's push hero is @diox
Previous Release: 2026.05.14-2
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
mozilla/addons-frontend@2026.05.14...2026.05.28
Addons Server Changelog:
What's Changed
Notable things shipping
- Prevent the creation of a new service account when a webhook scanner name is changed by @willdurand in #24893
- Fix overenthusiastic marking of CinderPolicy.DELETED by @eviljeff in #24900
- Raise error on broken locales when linting them by @diox in #24870
- Add a management command to backfill source-builder scanner results by @willdurand in #24906
- Store automatic block reasons per version as constant by @eviljeff in #24885
- Start services earlier in CI to improve speed by @diox in #24914
- Expose policies in devhub review history by @wagnerand-moz in #24931
- Add ability to ask for API key email confirmation to be resent by @diox in #24907
- Don't compile python dependencies on install if dev is one of the targets by @diox in #24940
- Add more packages to the google group in dependabot by @diox in #24946
- Prevent duplicate rules when receiving PUSH'ed scanner results by @willdurand in #24947
- Add bulk banning functionality to the admin by @diox in #24939
Dependendabots
- Bump packaging from 26.1 to 26.2 by @dependabot[bot] in #24848
- Bump cryptography from 46.0.7 to 48.0.0 by @dependabot[bot] in #24889
- Bump click from 8.3.2 to 8.3.3 by @dependabot[bot] in #24858
- Bump pytz from 2026.1.post1 to 2026.2 by @dependabot[bot] in #24880
- Bump jsdom from 28.1.0 to 29.1.1 by @dependabot[bot] in #24841
- Bump jquery from 3.7.1 to 4.0.0 by @dependabot[bot] in #24372
- Bump addons-linter from 10.4.0 to 10.5.0 by @dependabot[bot] in #24886
- Bump pip from 26.1 to 26.1.1 by @dependabot[bot] in #24890
- Bump idna from 3.11 to 3.15 by @dependabot[bot] in #24917
- Bump regex from 2026.4.4 to 2026.5.9 by @dependabot[bot] in #24912
- Bump mozilla/addons-frontend from 2026.04.02 to 2026.05.14-1 by @dependabot[bot] in #24922
- Bump mozilla/autograph from 7.7.4 to 7.8.0 by @dependabot[bot] in #24921
- Bump stylelint from 17.10.0 to 17.11.1 by @dependabot[bot] in #24932
- Bump zizmorcore/zizmor from 1.23.1 to 1.25.2 by @dependabot[bot] in #24926
- Bump globals from 17.5.0 to 17.6.0 by @dependabot[bot] in #24873
- Bump zod from 4.3.6 to 4.4.3 by @dependabot[bot] in #24875
- Bump elasticsearch from 8.19.13 to 8.19.15 by @dependabot[bot] in #24925
- Bump traitlets from 5.14.3 to 5.15.0 by @dependabot[bot] in #24892
- Bump parso from 0.8.6 to 0.8.7 by @dependabot[bot] in #24881
- Bump jedi from 0.19.2 to 0.20.0 by @dependabot[bot] in #24882
- Bump wcwidth from 0.6.0 to 0.7.0 by @dependabot[bot] in #24878
- Bump ipython from 9.12.0 to 9.13.0 by @dependabot[bot] in #24849
- Bump ruff from 0.15.12 to 0.15.13 by @dependabot[bot] in #24937
- Bump vitest from 4.1.5 to 4.1.6 by @dependabot[bot] in #24910
- Bump sentry-sdk from 2.58.0 to 2.60.0 by @dependabot[bot] in #24928
- Bump googleapis-common-protos from 1.74.0 to 1.75.0 by @dependabot[bot] in #24897
- Bump proto-plus from 1.27.2 to 1.28.0 by @dependabot[bot] in #24899
- Bump jiti from 2.6.1 to 2.7.0 by @dependabot[bot] in #24891
- Bump redis from 6.2.21 to 6.2.22 by @dependabot[bot] in #24923
- Bump @vitest/eslint-plugin from 1.6.14 to 1.6.17 by @dependabot[bot] in #24901
- Bump eslint from 10.3.0 to 10.4.0 by @dependabot[bot] in #24941
- Bump @eslint/compat from 2.0.5 to 2.1.0 by @dependabot[bot] in #24902
- Bump @babel/preset-env from 7.29.3 to 7.29.5 by @dependabot[bot] in #24888
- Bump markdown-it-py from 4.0.0 to 4.2.0 by @dependabot[bot] in #24905
- Bump lxml from 6.1.0 to 6.1.1 by @dependabot[bot] in #24948
- Bump mdit-py-plugins from 0.5.0 to 0.6.1 by @dependabot[bot] in #24929
- Bump myst-parser from 5.0.0 to 5.1.0 by @dependabot[bot] in #24927
- Bump the google group across 1 directory with 5 updates by @dependabot[bot] in #24844
Full Changelog: 2026.05.14...2026.05.28