What's Changed
- ci: pin GitHub Actions to commit SHAs and bump to Node 24 runtimes by @MegaManSec in #61
- fix(status_page_exposed): honor inherited allow/deny by @MegaManSec in #62
- fix(return_bypasses_allow_deny): also flag rewrite ... permanent|redi… by @MegaManSec in #63
- fix(invalid_regex): validate $N references in map values and across the whole scope; read $N as a single digit by @MegaManSec in #67
- fix(allow_without_deny): don't flag the satisfy-any + auth allowlist pattern by @MegaManSec in #66
- fix(unanchored_regex): flag any unanchored location regex, not just file extensions by @MegaManSec in #65
- fix(try_files_is_evil_too): lower severity to LOW by @MegaManSec in #64
- chore(invalid_regex): correct capture-reset wording by @MegaManSec in #69
- chore(status_page_exposed): reuse core resolve_inherited_single by @MegaManSec in #68
- tests: pin probe-verified behaviors of the recently merged plugin fixes by @MegaManSec in #70
- Release 0.5.0 by @MegaManSec in #71
Full Changelog: v0.4.0...v0.5.0