- Improved Respect verbose logs to display response headers.
- Updated @redocly/respect-core to v2.0.7.
- Fixed an issue where files specified in decorators parameters were not always resolved correctly. The resolution logic now properly locates the specified files relative to the config file for
info-description-override
,media-type-examples-override
,operation-description-override
, andtag-description-override
decorators. - Improved messaging to clarify when API alias configuration is implicitly applied during linting or bundling by filename.
- Updated the
retryAfter
property in Respect to use seconds (instead of milliseconds) for consistency with the Arazzo specification. - Updated @redocly/openapi-core to v2.0.6.
- Fixed an issue where the root config was not properly merged with the
apis
config. - Resolved an issue that caused configuration parsing to fail when the config value was set to
null
. - Improved join command server handling for specifications with differing servers.
- Updated @redocly/respect-core to v2.0.5.
- Fixed an issue where the
openapi
config options were ignored when running thebuild-docs
command. - Ensure
externalRefResolver
option is correctly passed to nested workflow contexts. - Updated @redocly/respect-core to v2.0.4.
- Fixed type definitions for Respect
input
andserver
options to support both string and string[] values. - Fixed binary response data in
Respect
results by properly encoding it as base64. - Updated @redocly/respect-core to v2.0.3.
- Made
executionTimeout
parameter optional in therun
function exported fromrespect-core
. - Updated @redocly/respect-core to v2.0.2.
- Fixed an issue where the
no-required-schema-properties-undefined
rule incorrectly resolved nested$ref
s relative to the file in which they were defined. - Fixed an issue where multipart form-data parameters were not properly resolved and evaluated before sending requests.
- Updated @redocly/openapi-core to v2.0.1.
- Removed backward compatibility for the
spec
rule. Usestruct
instead. - Removed support for the deprecated
apiDefinitions
option in the Redocly config. Useapis
instead. Removed thelabels
field within theapis
section, which was associated with the legacy Redocly API Registry product. - Removed support for default config file names other than
redocly.yaml
. - Removed support for the deprecated
features.openapi
andfeatures.mockServer
configuration options. Useopenapi
andmockServer
directly instead. - Removed backward compatibility for the deprecated
lint
andstyleguide
options in the Redocly config. Userules
,decorators
and other related options on the root level instead. - Removed the deprecated
disallowAdditionalProperties
option support in rules. UseallowAdditionalProperties
instead. - Removed support for the deprecated
theme
property of Redocly config. All the properties oftheme
are now available in the config root. - Removed the deprecated
path-excludes-patterns
andinfo-license-url
rules. - Removed the deprecated
undefined
assertion. Usedefined
instead. - Removed support for the legacy Redocly API Registry in favor of the new Reunite platform. Reunite provides improved API management capabilities and better integration with Redocly's tooling ecosystem. Migrated the
login
andpush
commands to work exclusively with Reunite. Removed thepreview-docs
command as part of platform modernization. Use thepreview
command instead. - Removed support for the deprecated
referenceDocs
option, which was related to the legacy Reference docs product. - Removed support for the deprecated
assert/
prefix in configurable rules. Userule/
prefix instead. - Migrated the codebase to ES Modules from CommonJS, bringing improved code organization and better support for modern JavaScript features. Update to Node.js version 20.19.0+, 22.12.0+, or 23+.
Added
x-security
extension for Respect that enables secure handling of authentication in Arazzo workflows. Use this extension to:- Define security schemes at the step level using either predefined schemes or inline definitions
- Pass values of secrets (passwords, tokens, API keys)
- Support multiple authentication types including API Key (query, header, or cookie), Basic Authentication, Bearer Token, Digest Authentication, OAuth2, and OpenID Connect
- Automatically transform security parameters into appropriate HTTP headers or query parameters
Added environment variable support for CLI arguments using Yargs
.env()
method to parse environment variables with matching prefixes.Added validation for JSON Schema format.
Extracted
nullable
validation from thestruct
rule into a newnullable-type-sibling
rule for OpenAPI 3.0. This allows users to disablenullable
validation separately from other structural checks.Configured the
spec
ruleset for OpenAPI, AsyncAPI, Arazzo, and Overlay specifications. This ruleset is designed to strictly follow the specifications.Added the
no-duplicated-tag-names
rule to check for duplications in thetags
field in API descriptions.Enabled
no-required-schema-properties-undefined
,no-schema-type-mismatch
, andno-enum-type-mismatch
rules for AsyncAPI and Arazzo specifications. Adjusted the rules' severities in therecommended
andminimal
rulesets. Refer to the following table:Rule \ Ruleset recommended minimal no-required-schema-properties-undefined off
->warn
off
->warn
no-enum-type-mismatch error
warn
no-schema-type-mismatch warn
->error
off
->warn
Implemented automatic masking of sensitive fields (such as tokens and passwords) in response bodies to enhance security and prevent accidental exposure of secrets in logs and outputs.
Added new CLI options for the
respect
command to improve test execution control.
- Fixed plugins validation in config files referenced in the
extends
section. - Fixed
no-undefined-server-variable
crash when encounteringnull
values in the server list. - Refactored
@redocly/respect-core
to eliminate Node.js-specific dependencies, improving cross-platform compatibility. - Updated Redoc to v2.5.0.
- Fixed alias detection when using
--config
from a different folder than the current working directory. - Resolved an issue where
dotenv@16.6.0
injected an unintended message into the output. - Fixed Redocly CLI to correctly read
residency
from the Redocly configuration file. - Improved Respect's error handling when server URLs are missing from both OpenAPI descriptions and CLI options.
- Updated @redocly/respect-core to v2.0.0.
- Removed support for the deprecated
theme
property of Redocly config. All the properties oftheme
are now available in the config root.
- Updated @redocly/openapi-core to v2.0.0-next.10.
- Refactored
@redocly/respect-core
to eliminate Node.js-specific dependencies, improving cross-platform compatibility. - Updated @redocly/openapi-core to v2.0.0-next.9.
- Removed support for default config file names other than
redocly.yaml
.
Enabled
no-required-schema-properties-undefined
,no-schema-type-mismatch
, andno-enum-type-mismatch
rules for AsyncAPI and Arazzo specifications. Adjusted the rules' severities in therecommended
andminimal
rulesets. Refer to the following table:Rule \ Ruleset recommended minimal no-required-schema-properties-undefined off
->warn
off
->warn
no-enum-type-mismatch error
warn
no-schema-type-mismatch warn
->error
off
->warn
- Fixed plugins validation in config files referenced in the
extends
section. - Updated @redocly/openapi-core to v2.0.0-next.8.
- Updated @redocly/openapi-core to v2.0.0-next.7.
- Updated @redocly/openapi-core to v2.0.0-next.6.
- Removed the deprecated
path-excludes-patterns
andinfo-license-url
rules.
- Updated @redocly/openapi-core to v2.0.0-next.5.
- Added validation for JSON Schema format.
- Updated @redocly/openapi-core to v2.0.0-next.4.
- Configured the
spec
ruleset for OpenAPI, AsyncAPI, Arazzo, and Overlay specifications. This ruleset is designed to strictly follow the specifications.
- Updated @redocly/openapi-core to v2.0.0-next.3.
- Resolved an issue where
dotenv@16.6.0
injected an unintended message into the output. - Updated @redocly/openapi-core to v2.0.0-next.2.
- Extracted
nullable
validation from thestruct
rule into a newnullable-type-sibling
rule for OpenAPI 3.0. This allows users to disablenullable
validation separately from other structural checks. - Added the
no-duplicated-tag-names
rule to check for duplications in thetags
field in API descriptions. - Implemented automatic masking of sensitive fields (such as tokens and passwords) in response bodies to enhance security and prevent accidental exposure of secrets in logs and outputs.
- Updated @redocly/openapi-core to v2.0.0-next.1.
- Removed backward compatibility for the
spec
rule. Usestruct
instead. - Removed support for the deprecated
apiDefinitions
option in the Redocly config. Useapis
instead. Removed thelabels
field within theapis
section, which was associated with the legacy Redocly API Registry product. - Removed support for the deprecated
features.openapi
andfeatures.mockServer
configuration options. Useopenapi
andmockServer
directly instead. - Removed backward compatibility for the deprecated
lint
andstyleguide
options in the Redocly config. Userules
,decorators
and other related options on the root level instead. - Removed the deprecated
disallowAdditionalProperties
option support in rules. UseallowAdditionalProperties
instead. - Removed the deprecated
undefined
assertion. Usedefined
instead. - Removed support for the legacy Redocly API Registry in favor of the new Reunite platform. Reunite provides improved API management capabilities and better integration with Redocly's tooling ecosystem. Migrated the
login
andpush
commands to work exclusively with Reunite. Removed thepreview-docs
command as part of platform modernization. Use thepreview
command instead. - Removed support for the deprecated
referenceDocs
option, which was related to the legacy Reference docs product. - Removed support for the deprecated
assert/
prefix in configurable rules. Userule/
prefix instead. - Migrated the codebase to ES Modules from CommonJS, bringing improved code organization and better support for modern JavaScript features. Update to Node.js version 20.19.0+, 22.12.0+, or 23+.
Added
x-security
extension for Respect that enables secure handling of authentication in Arazzo workflows. Use this extension to:- Define security schemes at the step level using either predefined schemes or inline definitions
- Pass values of secrets (passwords, tokens, API keys)
- Support multiple authentication types including API Key (query, header, or cookie), Basic Authentication, Bearer Token, Digest Authentication, OAuth2, and OpenID Connect
- Automatically transform security parameters into appropriate HTTP headers or query parameters
Added environment variable support for CLI arguments using Yargs
.env()
method to parse environment variables with matching prefixes.Added new CLI options for the
respect
command to improve test execution control.
- Fixed
no-undefined-server-variable
crash when encounteringnull
values in the server list. - Updated Redoc to v2.5.0.
- Fixed alias detection when using
--config
from a different folder than the current working directory. - Fixed Redocly CLI to correctly read
residency
from the Redocly configuration file. - Improved Respect's error handling when server URLs are missing from both OpenAPI descriptions and CLI options.
- Updated @redocly/respect-core to v2.0.0-next.0.