mr. m
3166d50412
no-bug: Sync upstream Firefox to version 150.0 (gh-13351)
2026-04-21 23:18:10 +02:00
mr. m
3b8e6f4718
no-bug: Start making use of blacksmith macos runners for release (gh-13350)
2026-04-21 22:28:15 +02:00
mr. m
c2d45162e0
no-bug: New Crowdin updates (gh-13349)
2026-04-21 22:26:50 +02:00
mr. m
1753d8855c
no-bug: Fixed trying to update without verified MAR channels (gh-13341)
2026-04-21 10:41:53 +02:00
mr. m
014eabed3c
no-bug: Fixed loading bar appearing twice (gh-13337)
2026-04-21 01:18:48 +02:00
mr. m
1f77fe2ea7
no-bug: Run less color blending for macos and windows (gh-13335)
2026-04-21 00:05:50 +02:00
mr. m
77dbc2090c
no-bug: Fixed transparency not working after Firefox 150.0 (gh-13334)
2026-04-20 23:15:23 +02:00
mr. m
f828d2eb20
no-bug: Add more PGO training and enable clang plugins (gh-13325)
2026-04-20 22:21:06 +02:00
mr. m
6562610df1
no-bug: Add a flag to indicate new windows (gh-13323)
2026-04-20 01:02:58 +02:00
mr. m
68d66136ff
gh-13318: Make MacOS windows follow inactive preference (gh-13322)
2026-04-19 22:59:23 +02:00
mr. m
4e84352023
no-bug: Remove extra verification when signing mars (gh-13321)
2026-04-19 20:41:42 +02:00
mr. m
3fa5b4867c
no-bug: Add a switch case for pin unloading (gh-13317)
2026-04-19 18:34:19 +02:00
mr. m
049c39839f
no-bug: Update public key for mar signing (gh-13316)
2026-04-19 16:18:38 +02:00
mr. m
598c299e18
no-bug: Add Move to folder context menu item (gh-13315)
2026-04-19 16:14:25 +02:00
mr. m
721b10abda
no-bug: Ignore certs when running windows profiling (gh-13313)
2026-04-19 09:10:02 +02:00
mr. m
e9634e1057
no-bug: Move API keys to release script (gh-13309)
2026-04-19 01:11:44 +02:00
mr. m
3d14e98c76
no-bug: Add alt+click for splitting tabs and other polishing details (gh-13308)
2026-04-19 00:38:23 +02:00
mr. m
2700722a1e
gh-9836: Register correct signing issuers for windows (gh-13304)
2026-04-18 16:25:58 +02:00
mr. m
a164e226dc
gh-10649: Avoid making unnecessary sidebar duplications (gh-13299)
2026-04-17 14:33:32 +02:00
mr. m
d3a601bd77
gh-13296: Fixed toolbars having white text on white bg (gh-13297)
2026-04-17 13:32:38 +02:00
mr. m
7046d16956
gh-13149: Fixed WS marking tabs as inactive in certain cases (gh-13298)
2026-04-17 13:32:22 +02:00
KelTech
3b85ac912e
gh-13095: restore multi-select highlight for split-view tabs (gh-13292)
...
Fixes #13095 .
The selector change in fe19b44
2026-04-17 08:55:13 +02:00
mr. m
1964922df7
no-bug: Update to Firefox 150.0 (gh-13281)
2026-04-17 00:59:38 +02:00
mr. m
8249814f68
gh-11593: Fixed links from external apps not opening up (gh-13275)
2026-04-16 12:37:06 +02:00
dependabot[bot]
4363ec399d
no-bug: bump follow-redirects from 1.15.11 to 1.16.0 (gh-13269)
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-15 23:46:35 +02:00
mr. m
4caa33d627
gh-13267: Add unit tests for site control panel (gh-13268)
2026-04-15 21:25:31 +02:00
mr. m
29e7fe12a8
gh-13264: Add tests for media player (gh-13262)
2026-04-15 20:25:10 +02:00
mr. m
b988f23a14
gh-10649: Implement JSON store length hints (gh-13260)
2026-04-15 18:59:40 +02:00
mr. m
c128b79723
gh-13258: Implement new loading indicator (gh-13259)
2026-04-15 16:49:52 +02:00
rain capsule
767dfce556
gh-7099: slight CSS and SVG optimizations on notes anim loop (gh-13246)
2026-04-14 16:11:18 +02:00
mr. m
826f1f355f
no-bug: New popup layout and stylings (gh-13245)
2026-04-14 11:17:41 +02:00
mr. m
7ed7b63b08
no-bug: Adress possible memory leaks (gh-13242)
2026-04-14 01:03:47 +02:00
mr. m
d540c6cddf
no-bug: Block loading glance from unmatching principals (gh-13237)
2026-04-13 20:33:01 +02:00
mr. m
adc8c92816
gh-9836: Finish the MAR signing workflow (gh-13216)
2026-04-13 15:49:24 +02:00
mr. m
7bbbdd3c4b
gh-9540: Fixed duplicate bookmarks appearing on startup (gh-13232)
2026-04-12 22:55:36 +02:00
Phannawich Jadpotwanich
cc46a1ee55
gh-11835: resolve copy URL return about:blank during pending navigations (gh-12521)
...
Co-authored-by: mr. m <91018726+mr-cheffy@users.noreply.github.com >
2026-04-11 17:32:23 +02:00
mr. m
a4f0d01a88
no-bug: Sign mars after building them (gh-13213)
2026-04-11 16:45:24 +02:00
JDX50S
76b7bc96ef
gh-10746: Fix SMAuthorizedClients wrong Team ID (gh-13191)
2026-04-11 12:39:44 +02:00
mr. m
fd8308fcb1
Revert "no-bug: Individually download each artifact on release" (gh-13211)
...
Reverts zen-browser/desktop#13199
---------
Signed-off-by: mr. m <91018726+mr-cheffy@users.noreply.github.com >
2026-04-11 12:03:04 +02:00
mr. m
97451e23c8
no-bug: Individually download each artifact on release (gh-13199)
2026-04-10 17:17:52 +02:00
JDX50S
11cf410f87
no-bug: fix SIGNMAR path in Sign MAR step to point at binary not directory (gh-13193)
2026-04-10 12:25:16 +02:00
dependabot[bot]
000098adb1
no-bug: bump axios from 1.13.6 to 1.15.0 in the npm_and_yarn group across 1 directory (gh-13187)
...
Bumps the npm_and_yarn group with 1 update in the / directory:
[axios](https://github.com/axios/axios ).
Updates `axios` from 1.13.6 to 1.15.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/releases ">axios's
releases</a>.</em></p>
<blockquote>
<h2>v1.15.0</h2>
<p>This release delivers two critical security patches, adds runtime
support for Deno and Bun, and includes significant CI hardening,
documentation improvements, and routine dependency updates.</p>
<h2>⚠️ Important Changes</h2>
<ul>
<li><strong>Deprecation:</strong> <code>url.parse()</code> usage has
been replaced to address Node.js deprecation warnings. If you are on a
recent version of Node.js, this resolves console warnings you may have
been seeing. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10625 ">#10625</a></strong>)</li>
</ul>
<h2>🔒 Security Fixes</h2>
<ul>
<li><strong>Proxy Handling:</strong> Fixed a <code>no_proxy</code>
hostname normalisation bypass that could lead to Server-Side Request
Forgery (SSRF). (<strong><a
href="https://redirect.github.com/axios/axios/issues/10661 ">#10661</a></strong>)</li>
<li><strong>Header Injection:</strong> Fixed an unrestricted cloud
metadata exfiltration vulnerability via a header injection chain.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10660 ">#10660</a></strong>)</li>
</ul>
<h2>🚀 New Features</h2>
<ul>
<li><strong>Runtime Support:</strong> Added compatibility checks and
documentation for Deno and Bun environments. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10652 ">#10652</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10653 ">#10653</a></strong>)</li>
</ul>
<h2>🔧 Maintenance & Chores</h2>
<ul>
<li><strong>CI Security:</strong> Hardened workflow permissions to least
privilege, added the <code>zizmor</code> security scanner, pinned action
versions, and gated npm publishing with OIDC and environment protection.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10618 ">#10618</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10619 ">#10619</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10627 ">#10627</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10637 ">#10637</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10666 ">#10666</a></strong>)</li>
<li><strong>Dependencies:</strong> Bumped
<code>serialize-javascript</code>, <code>handlebars</code>,
<code>picomatch</code>, <code>vite</code>, and
<code>denoland/setup-deno</code> to latest versions. Added a 7-day
Dependabot cooldown period. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10574 ">#10574</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10572 ">#10572</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10568 ">#10568</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10663 ">#10663</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10664 ">#10664</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10665 ">#10665</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10669 ">#10669</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10670 ">#10670</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10616 ">#10616</a></strong>)</li>
<li><strong>Documentation:</strong> Unified docs, improved
<code>beforeRedirect</code> credential leakage example, clarified
<code>withCredentials</code>/<code>withXSRFToken</code> behaviour,
HTTP/2 support notes, async/await timeout error handling, header case
preservation, and various typo fixes. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10649 ">#10649</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10624 ">#10624</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/7452 ">#7452</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/7471 ">#7471</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10654 ">#10654</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10644 ">#10644</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10589 ">#10589</a></strong>)</li>
<li><strong>Housekeeping:</strong> Removed stale files, regenerated
lockfile, and updated sponsor scripts and blocks. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10584 ">#10584</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10650 ">#10650</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10582 ">#10582</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10640 ">#10640</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10659 ">#10659</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10668 ">#10668</a></strong>)</li>
<li><strong>Tests:</strong> Added regression coverage for urlencoded
<code>Content-Type</code> casing. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10573 ">#10573</a></strong>)</li>
</ul>
<h2>🌟 New Contributors</h2>
<p>We are thrilled to welcome our new contributors. Thank you for
helping improve Axios:</p>
<ul>
<li><strong><a
href="https://github.com/raashish1601 "><code>@raashish1601</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10573 ">#10573</a></strong>)</li>
<li><strong><a
href="https://github.com/Kilros0817 "><code>@Kilros0817</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10625 ">#10625</a></strong>)</li>
<li><strong><a
href="https://github.com/ashstrc "><code>@ashstrc</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10624 ">#10624</a></strong>)</li>
<li><strong><a
href="https://github.com/Abhi3975 "><code>@Abhi3975</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10589 ">#10589</a></strong>)</li>
<li><strong><a
href="https://github.com/theamodhshetty "><code>@theamodhshetty</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/7452 ">#7452</a></strong>)</li>
</ul>
<h2>v1.14.0</h2>
<p>This release focuses on compatibility fixes, adapter stability
improvements, and test/tooling modernisation.</p>
<h2>⚠️ Important Changes</h2>
<ul>
<li><strong>Breaking Changes:</strong> None identified in this
release.</li>
<li><strong>Action Required:</strong> If you rely on env-based proxy
behaviour or CJS resolution edge-cases, validate your integration after
upgrade (notably <code>proxy-from-env</code> v2 alignment and
<code>main</code> entry compatibility fix).</li>
</ul>
<h2>🚀 New Features</h2>
<ul>
<li><strong>Runtime Features:</strong> No new end-user features were
introduced in this release.</li>
<li><strong>Test Coverage Expansion:</strong> Added broader smoke/module
test coverage for CJS and ESM package usage. (<a
href="https://redirect.github.com/axios/axios/pull/7510 ">#7510</a>)</li>
</ul>
<h2>🐛 Bug Fixes</h2>
<ul>
<li><strong>Headers:</strong> Trim trailing CRLF in normalised header
values. (<a
href="https://redirect.github.com/axios/axios/pull/7456 ">#7456</a>)</li>
<li><strong>HTTP/2:</strong> Close detached HTTP/2 sessions on timeout
to avoid lingering sessions. (<a
href="https://redirect.github.com/axios/axios/pull/7457 ">#7457</a>)</li>
<li><strong>Fetch Adapter:</strong> Cancel <code>ReadableStream</code>
created during request-stream capability probing to prevent async
resource leaks. (<a
href="https://redirect.github.com/axios/axios/pull/7515 ">#7515</a>)</li>
<li><strong>Proxy Handling:</strong> Fixed env proxy behavior with
<code>proxy-from-env</code> v2 usage. (<a
href="https://redirect.github.com/axios/axios/pull/7499 ">#7499</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md ">axios's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2><a
href="https://github.com/axios/axios/compare/v1.13.2...v1.13.3 ">1.13.3</a>
(2026-01-20)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>http2:</strong> Use port 443 for HTTPS connections by
default. (<a
href="https://redirect.github.com/axios/axios/issues/7256 ">#7256</a>)
(<a
href="d7e6065346https://redirect.github.com/axios/axios/issues/6269 ">#6269</a>)
(<a
href="5945e40bb1https://redirect.github.com/axios/axios/issues/5756 ">#5756</a>)
(<a
href="7373fbff24https://redirect.github.com/axios/axios/issues/5754 ">#5754</a>)
(<a
href="b89217e3e9https://redirect.github.com/axios/axios/issues/7253 ">#7253</a>)
(<a
href="https://redirect.github.com/axios/axios/issues/7257 ">#7257</a>)
(<a
href="7d19335e43https://redirect.github.com/axios/axios/issues/5394 ">#5394</a>)
(<a
href="https://redirect.github.com/axios/axios/issues/5558 ">#5558</a>)
(<a
href="1c6a86dd2chttps://redirect.github.com/axios/axios/issues/5551 ">#5551</a>)
(<a
href="8d1271b49fhttps://redirect.github.com/axios/axios/issues/7327 ">#7327</a>)
(<a
href="d8233d9e8ehttps://redirect.github.com/axios/axios/issues/6314 ">#6314</a>)
(<a
href="6ef867e684https://redirect.github.com/axios/axios/issues/5560 ">#5560</a>)
(<a
href="095033c626https://redirect.github.com/axios/axios/issues/6053 ">#6053</a>)
(<a
href="65a7584edahttps://redirect.github.com/axios/axios/issues/7289 ">#7289</a>)
(<a
href="https://redirect.github.com/axios/axios/issues/7294 ">#7294</a>)
(<a
href="ec9d94e9f83f83143bfehttps://redirect.github.com/axios/axios/issues/6265 ">#6265</a>)
(<a
href="860e03396ahttps://redirect.github.com/axios/axios/issues/7169 ">#7169</a>)
(<a
href="88d7884254https://redirect.github.com/axios/axios/issues/6134 ">#6134</a>)
(<a
href="f73474d02chttps://redirect.github.com//redirect.github.com/microsoft/TypeScript/issues/33471/issues/issuecomment-1376364329 ">microsoft/TypeScript#33471</a></li>
</ul>
<h3>Reverts</h3>
<ul>
<li>Revert "fix: silentJSONParsing=false should throw on invalid
JSON (<a
href="https://redirect.github.com/axios/axios/issues/7253 ">#7253</a>)
(<a
href="https://redirect.github.com/axios/axios/issues/7 ">#7</a>…"
(<a
href="https://redirect.github.com/axios/axios/issues/7298 ">#7298</a>)
(<a
href="a4230f5581https://redirect.github.com/axios/axios/issues/7253 ">#7253</a> <a
href="https://redirect.github.com/axios/axios/issues/7 ">#7</a> <a
href="https://redirect.github.com/axios/axios/issues/7298 ">#7298</a></li>
<li><strong>deps:</strong> bump peter-evans/create-pull-request from 7
to 8 in the github-actions group (<a
href="https://redirect.github.com/axios/axios/issues/7334 ">#7334</a>)
(<a
href="2d6ad5e48bhttps://github.com/ashvin2005 "
title="+1752/-4 ([#7218 ](https://github.com/axios/axios/issues/7218 )
[#7218 ](https://github.com/axios/axios/issues/7218 ) )">Ashvin
Tiwari</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/mochinikunj "
title="+940/-12 ([#7294 ](https://github.com/axios/axios/issues/7294 )
[#7294 ](https://github.com/axios/axios/issues/7294 ) )">Nikunj
Mochi</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/imanchalsingh "
title="+544/-102 ([#7169 ](https://github.com/axios/axios/issues/7169 )
[#7185 ](https://github.com/axios/axios/issues/7185 ) )">Anchal
Singh</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/jasonsaayman "
title="+317/-73 ([#7334 ](https://github.com/axios/axios/issues/7334 )
[#7298 ](https://github.com/axios/axios/issues/7298 )
)">jasonsaayman</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/brodo "
title="+99/-120 ([#5558 ](https://github.com/axios/axios/issues/5558 )
)">Julian Dax</a></li>
<li><!-- raw HTML omitted --> <a
href="https://github.com/AKASHDHARDUBEY " title="+167/-0
([#7287 ](https://github.com/axios/axios/issues/7287 )
[#7288 ](https://github.com/axios/axios/issues/7288 ) )">Akash Dhar
Dubey</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/madhumitaaa "
title="+20/-68 ([#7198 ](https://github.com/axios/axios/issues/7198 )
)">Madhumita</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/Tackoil "
title="+80/-2 ([#6269 ](https://github.com/axios/axios/issues/6269 )
)">Tackoil</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/justindhillon "
title="+41/-41 ([#6324 ](https://github.com/axios/axios/issues/6324 )
[#6315 ](https://github.com/axios/axios/issues/6315 ) )">Justin
Dhillon</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/Rudrxxx "
title="+71/-2 ([#7257 ](https://github.com/axios/axios/issues/7257 )
)">Rudransh</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/WuMingDao "
title="+36/-36 ([#7215 ](https://github.com/axios/axios/issues/7215 )
)">WuMingDao</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/codenomnom "
title="+70/-0 ([#7201 ](https://github.com/axios/axios/issues/7201 )
[#7201 ](https://github.com/axios/axios/issues/7201 )
)">codenomnom</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/Nandann018-ux "
title="+60/-10 ([#7272 ](https://github.com/axios/axios/issues/7272 )
)">Nandan Acharya</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/KernelDeimos "
title="+22/-40 ([#7042 ](https://github.com/axios/axios/issues/7042 )
)">Eric Dubé</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/tiborpilz "
title="+40/-4 ([#5551 ](https://github.com/axios/axios/issues/5551 )
)">Tibor Pilz</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/joaoGabriel55 "
title="+31/-4 ([#6314 ](https://github.com/axios/axios/issues/6314 )
)">Gabriel Quaresma</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/turadg "
title="+23/-6 ([#6265 ](https://github.com/axios/axios/issues/6265 )
)">Turadg Aleahmad</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="772a4e54echttps://redirect.github.com/axios/axios/issues/10671 ">#10671</a>)</li>
<li><a
href="4b071371behttps://redirect.github.com/axios/axios/issues/10663 ">#10663</a>)</li>
<li><a
href="51e57b39dbhttps://redirect.github.com/axios/axios/issues/10664 ">#10664</a>)</li>
<li><a
href="fba1a77930https://redirect.github.com/axios/axios/issues/10665 ">#10665</a>)</li>
<li><a
href="0bf6e28eachttps://redirect.github.com/axios/axios/issues/10669 ">#10669</a>)</li>
<li><a
href="8107157c57https://redirect.github.com/axios/axios/issues/10670 ">#10670</a>)</li>
<li><a
href="e66530e330https://redirect.github.com/axios/axios/issues/10666 ">#10666</a>)</li>
<li><a
href="49f23cbfe4https://redirect.github.com/axios/axios/issues/10668 ">#10668</a>)</li>
<li><a
href="363185461bhttps://redirect.github.com/axios/axios/issues/10 ">#10</a>...</li>
<li><a
href="fb3befb6dahttps://redirect.github.com/axios/axios/issues/10661 ">#10661</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/axios/axios/compare/v1.13.6...v1.15.0 ">compare
view</a></li>
</ul>
</details>
<details>
<summary>Install script changes</summary>
<p>This version modifies <code>prepare</code> script that runs during
installation. Review the package contents before updating.</p>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/zen-browser/desktop/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-09 23:40:53 +02:00
DQSS
dfc47ee5d7
gh-12241: fix skip startup bookmark invalidation when no workspace bookmarks exist (gh-13168)
2026-04-09 22:51:24 +02:00
CosmoCreeper
4add28d3c0
no-bug: Remove non-existent hooks property (gh-13160)
...
Co-authored-by: mr. m <91018726+mr-cheffy@users.noreply.github.com >
2026-04-09 22:46:47 +02:00
mr. m
0a7e81f532
gh-8932: Add more PGO instrumentation (gh-13158)
2026-04-09 22:41:27 +02:00
mr. m
fc2eb5a20b
no-bug: Re-enable maintenance service (gh-13186)
2026-04-09 22:40:38 +02:00
Slowlife
a2a64cec6a
gh-13085: add support for new gh pull request dashboard (gh-13090)
2026-04-09 20:22:06 +02:00
mr. m
4ca83bfe33
no-bug: remove unnecessary verification option from build configuration (gh-13182)
2026-04-09 20:06:27 +02:00
mr. m
5163cf68d6
no-bug: update script execution to use bash for mar_sign.sh (gh-13181)
2026-04-09 19:57:59 +02:00
JDX50S
270db6d671
Merge commit from fork
...
* security: enable MAR signature verification for updates
Remove `--enable-unverified-updates` from the common mozconfig. This flag
was disabling all MAR (Mozilla ARchive) signature verification in the
updater binary, meaning update packages were applied without any
cryptographic authenticity check.
With this flag removed, the Mozilla build system will:
- Link NSS and signmar into the updater binary
- Enable SecVerifyTransformCreate-based signature verification on macOS
- Require MAR files to contain valid signatures before applying
REQUIRED FOLLOW-UP (maintainer action):
1. Generate a Zen-specific MAR signing keypair (RSA-PKCS1-SHA384)
See: https://firefox-source-docs.mozilla.org/build/buildsystem/mar.html
2. Place the public key DER file(s) in the source tree at
toolkit/mozapps/update/updater/release_primary.der
3. Sign MAR files during the release build with the private key
4. Set ACCEPTED_MAR_CHANNEL_IDS in update-settings.ini to restrict
which update channels the updater will accept
Ref: GHSA-qpj9-m8jc-mw6q
* no-bug: Added signature steps
* no-bug: Export browser/installer/package-manifest.in
---------
Co-authored-by: Maliq Barnard <maliqbarnard@Maliqs-MacBook-Air.local >
Co-authored-by: Mr. M <mr.m@tuta.com >
2026-04-09 19:28:31 +02:00
