2026.06.11
This week's push hero is @eviljeff
Previous Release: 2026.05.28
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
Addons Server Changelog:
What's Changed
Notable things shipping
- Add dedicated permission for ActivityLog admin + list filtering on changelist by @diox in #24949
- docs: add missing status code description to the scanners API docs by @willdurand in #24951
- Add psutil requirement (needed by ipython >= 9.13.0) by @diox in #24954
- Make CinderPolicy.enforcement_actions null=False by @eviljeff in #24950
- Update brace-expansion, smol-toml and yaml by @diox in #24961
- Mark ScannerRule.name field as read-only after creation by @willdurand in #24955
- Optimize ActivityLog admin SQL query ; fix typo for "known_ip_addresses" by @diox in #24953
- Don't fail if we can't resolve translations for a given locale in a XPI by @diox in #24959
- Enable policy->action selection in reviewer tools, for negative policies by @eviljeff in #24918
- Update yara-x by @willdurand in #24963
- Remove db_constraint on TranslatedField as translations are not unique by @diox in #24812
- Duplicate scanner results for rollbacked versions by @eviljeff in #24962
- Support manual Cinder decisions in webhook by @eviljeff in #24967
- Allow multiple versions to be selected with a policy. by @eviljeff in #24980
- Add an enforcement action for legal to use for takedowns with emails or appeals by @eviljeff in #24987
- Add logging around scanner results patch&post API by @diox in #25002
Dependendabots
- Bump mozilla/addons-frontend from 2026.05.14-1 to 2026.05.28 by @dependabot[bot] in #24952
- Bump certifi from 2026.4.22 to 2026.5.20 by @dependabot[bot] in #24958
- Bump sphinx from 8.1.3 to 9.1.0 by @dependabot[bot] in #24861
- Bump nginx from 1.29.8 to 1.31.1 by @dependabot[bot] in #24943
- Bump pytest-env from 1.2.0 to 1.6.0 by @dependabot[bot] in #24851
- Bump knip from 5.88.0 to 6.14.1 by @dependabot[bot] in #24942
- Bump stylelint from 17.11.1 to 17.12.0 by @dependabot[bot] in #24956
- Bump requests from 2.33.1 to 2.34.2 by @dependabot[bot] in #24938
- Bump addons-linter from 10.5.0 to 10.6.0 by @dependabot[bot] in #24964
- Bump docutils from 0.21.2 to 0.22.4 by @dependabot[bot] in #24852
- Bump sphinxcontrib-httpdomain from 1.8.1 to 2.0.0 by @dependabot[bot] in #24855
- Bump decorator from 5.2.1 to 5.3.1 by @dependabot[bot] in #24944
- Bump mysql from 8.4.8 to 8.4.9 by @dependabot[bot] in #24919
- Bump mozilla/autograph from 7.8.0 to 8.0.0 by @dependabot[bot] in #24936
- Bump vitest from 4.1.6 to 4.1.7 by @dependabot[bot] in #24957
- Bump responses from 0.26.0 to 0.26.1 by @dependabot[bot] in #24970
- Bump idna from 3.15 to 3.16 by @dependabot[bot] in #24973
- Bump ruff from 0.15.13 to 0.15.14 by @dependabot[bot] in #24974
- Bump knip from 6.14.1 to 6.14.2 by @dependabot[bot] in #24968
- Bump wrapt from 2.1.2 to 2.2.0 by @dependabot[bot] in #24966
- Bump the celery group across 1 directory with 3 updates by @dependabot[bot] in #24845
- Bump dennis from 1.2.0 to 1.3.0 by @dependabot[bot] in #24979
- Bump elasticsearch from 8.19.15 to 8.19.16 by @dependabot[bot] in #24969
- Bump @babel/preset-env from 7.29.5 to 7.29.7 by @dependabot[bot] in #24975
- Bump snowballstemmer from 3.0.1 to 3.1.0 by @dependabot[bot] in #24977
- Bump eslint-plugin-prettier from 5.5.5 to 5.5.6 by @dependabot[bot] in #24984
- Bump ruff from 0.15.14 to 0.15.15 by @dependabot[bot] in #24988
- Bump idna from 3.16 to 3.17 by @dependabot[bot] in #24989
- Bump vitest from 4.1.7 to 4.1.8 by @dependabot[bot] in #24995
- Bump docutils from 0.22.4 to 0.23 by @dependabot[bot] in #24983
Full Changelog: 2026.05.28...2026.06.11