v1.0.2

This release of Open VSX consists of:

• ovsx CLI
• openvsx-webui frontend library
• openvsx-server Docker image
• openvsx-webui Docker image

Deploying the server application is documented in the Wiki.

What's Changed

🏕 Features

• Change: switch from mocha to vitest by @netomi in #1914
• Change: add check for unsafe paths to MaliciousZipCheckService by @netomi in #1915
• Fix: add consistent and strict http headers when serving files inside extensions by @netomi in #1922

👒 Dependencies

• build(deps): bump tmp from 0.2.6 to 0.2.7 in /cli by @dependabot[bot] in #1903
• build(deps): bump the github-actions group with 2 updates by @dependabot[bot] in #1902
• build(deps): bump tar from 7.5.11 to 7.5.16 in /webui by @dependabot[bot] in #1907
• build(deps): bump js-yaml from 4.1.1 to 4.2.0 in /webui by @dependabot[bot] in #1908
• build(deps-dev): bump vite from 7.3.2 to 7.3.5 in /webui by @dependabot[bot] in #1905
• build(deps): bump dompurify from 3.4.0 to 3.4.9 in /webui by @dependabot[bot] in #1906
• build(deps): bump markdown-it from 14.1.1 to 14.2.0 in /webui by @dependabot[bot] in #1904
• build(deps): bump tar from 7.5.11 to 7.5.16 in /cli by @dependabot[bot] in #1911
• build(deps): bump @babel/core from 7.29.0 to 7.29.7 in /webui by @dependabot[bot] in #1909
• build(deps): bump form-data from 4.0.4 to 4.0.6 in /cli by @dependabot[bot] in #1910
• build(deps): bump js-yaml from 4.1.1 to 4.2.0 in /cli by @dependabot[bot] in #1912
• build(deps): bump markdown-it from 14.1.1 to 14.2.0 in /cli by @dependabot[bot] in #1913
• build(deps): bump dompurify from 3.4.10 to 3.4.11 in /webui by @dependabot[bot] in #1920
• build(deps): bump the github-actions group with 2 updates by @dependabot[bot] in #1921

Full Changelog: v1.0.1...v1.0.2

Frontend Library v1.0.2

Changed

• Migrate unit test framework from mocha to vitest

Dependencies

• Bump tar from 7.5.11 to 7.5.16 (#1907)
• Bump js-yaml from 4.1.1 to 4.2.0 (#1908)
• Bump vite from 7.3.2 to 7.3.5 (#1905)
• Bump dompurify from 3.4.0 to 3.4.11 (#1920)
• Bump markdown-it from 14.1.1 to 14.2.0 (#1904)
• Bump @babel/core from 7.29.0 to 7.29.7 (#1909)

CLI v1.0.2

Dependencies

• Bump tmp from 0.2.6 to 0.2.7 (#1903)
• Bump tar from 7.5.11 to 7.5.16 (#1911)
• Bump form-data from 4.0.4 to 4.0.6 (#1910)
• Bump js-yaml from 4.1.1 to 4.2.0 (#1912)
• Bump markdown-it from 14.1.1 to 14.2.0 (#1913)

v1.0.1

This release of Open VSX consists of:

• ovsx CLI
• openvsx-webui frontend library
• openvsx-server Docker image
• openvsx-webui Docker image

Deploying the server application is documented in the Wiki.

What's Changed

🏕 Features

• Fix: evict all relevant caches when deleting an extension by @netomi in #1890
• Fix: add validation for size/offset parameters for various endpoints by @netomi in #1892
• Fix: properly encode path segments in getUrl by @netomi in #1893
• chore: Update to Gradle 9.5.1 by @cstamas in #1894
• chore(deps): bump qs and react-router by @netomi in #1897

👒 Dependencies

• build(deps): bump the github-actions group across 1 directory with 5 updates by @dependabot[bot] in #1888
• chore(deps): pin opentelemetry version to 1.63.0 by @vinokurig in #1899
• chore(deps): bump netty to 4.1.135.Final by @netomi in #1900

New Contributors

• @cstamas made their first contribution in #1894

Full Changelog: v1.0.0...v1.0.1

Frontend Library v1.0.1

Dependencies

• Bump qs from 6.15.1 to 6.15.2 (#1897)
• Bump react-router and react-router-dom from 6.30.3 to 6.30.4 (#1897)

CLI v1.0.1

Fixes

• Properly encode path segments in getUrl method (#1893)

v1.0.0

This release of Open VSX consists of:

• ovsx CLI
• openvsx-webui frontend library
• openvsx-server Docker image
• openvsx-webui Docker image

Deploying the server application is documented in the Wiki.

What's Changed

🏕 Features

• fix: cache S3Presigner as singleton to prevent IRSA credential refresh failure by @achdmbp in #1856
• Fix: protect sitemap parsing from possible XXE attacks by @netomi in #1876
• Feat: Add read only mode by @netomi in #1835
• Feat: support TLS for redis connectons by @netomi in #1879
• Fix: repo location and yarn version in deployment descriptors by @netomi in #1880
• Remove pull request CodeQL trigger by @autumnfound in #1881
• Fix: include all scanner jobs to be able to retry failed scans by @netomi in #1882
• Fix: fine-tune cache control for public endpoints by @netomi in #1883
• fix: ensure sequential execution of database insert commands by @vinokurig in #1885

👒 Dependencies

• build(deps): bump qs from 6.15.0 to 6.15.2 in /cli by @dependabot[bot] in #1869
• build(deps): bump tmp from 0.2.4 to 0.2.6 in /cli by @dependabot[bot] in #1877

Full Changelog: v0.34.6...v1.0.0

Frontend Library v1.0.0

Added

• Add a settings page in the admin dashboard and support putting the registry in read-only mode (#1835)

CLI v1.0.0

Dependencies

• Bump fast-uri from 3.1.0 to 3.1.2 (#1829)
• Bump brace-expansion from 5.0.5 to 5.0.6 (#1846)
• Bump qs from 6.15.0 to 6.15.2 (#1869)
• Bump tmp from 0.2.4 to 0.2.6 (#1877)

v0.34.6

This release of Open VSX consists of:

• ovsx CLI
• openvsx-webui frontend library
• openvsx-server Docker image
• openvsx-webui Docker image

Deploying the server application is documented in the Wiki.

What's Changed

🏕 Features

• feat(scans): adds retry for failed scanner jobs by @gnugomez in #1832
• feat(scans): expose scanner job lifecycle in scan json by @gnugomez in #1836
• fix(perf): make Gatling simulations runnable again by @gnugomez in #1838
• chore: schedule recurring jobs for scanning only when necessary by @netomi in #1840
• chore: exclude jobrunr tables from jooq by @netomi in #1842
• fix: add proper cache control headers for all public endpoints by @netomi in #1863
• Fix: correctly sort versions returned by latest endpoint in semantic order by @netomi in #1865
• Feat: support GET as method for the extensionquery endpoint by @netomi in #1867

👒 Dependencies

• build(deps): bump brace-expansion from 5.0.5 to 5.0.6 in /cli by @dependabot[bot] in #1846

Full Changelog: v0.34.5...v0.34.6