• Update dependency to axios version 1.11.x to resolve the critical vulnerability with form-data (see https://security.snyk.io/vuln/SNYK-JS-FORMDATA-10841150)

• Fix empty cookie value sent with JS payloads when sessionByHeader option is used and document.cookie doesn't return any cookie

• Fix ProGuard configuration to correctly resolve common-proguard-rules.pro by ensuring its content is merged into the final proguard.txt
• Fix ProGuard rules to prevent obfuscation of public enum fields

• Add missing fields From, TrueClientIP, and Via to the Protection API payload
• Correct casing of SecCHDeviceMemory in the Protection API payload
• Update dependencies to address security vulnerabilities

• Collect additional signal to improve identification of sessions
• Remove transitive dependency to com.infstory:proguard-annotations and improve Proguard configuration to reduce compilation times with the SDK
• Add missing Accept-Language headers when the challenge webview reloads the page to maintain the language defined with the setResponsePageLanguage method

• Add useForwarded parameter to handle the forwarded header value with Vert.x
• Update log level to warning for closing connection to DataDome to avoid unnecessary alerts

• Fix empty cookie value sent with JS payloads when sessionByHeader option is used and document.cookie doesn't return any cookie

Breaking changes

Module import syntax

• Use ES module syntax instead of Service Worker syntax

Worker configuration settings

Renamed:

• DATADOME_IP_FILTERING → DATADOME_IP_EXCLUSION
• DATADOME_URL_REGEX → DATADOME_URL_REGEX_INCLUSION
• DATADOME_JS_URL_REGEX → DATADOME_JS_URL_REGEX_INCLUSION
• DATADOME_LOG_VALUES→ DATADOME_LOGPUSH_CONFIGURATION

Removed:

• DATADOME_URI_REGEX
• DATADOME_URI_REGEX_EXCLUSION
• DATADOME_HOSTNAME_REGEX_EXCLUSION
• DATADOME_JS_URI_REGEX_EXCLUSION
• DATADOME_JS_HOSTNAME_REGEX_EXCLUSION

DataDomeOptions interface

Renamed properties:

• timeOut → timeout?: number
• licenseKey → serverSideKey?: string

New properties:

• ipExclusion?: string[] - List of IPv4 and IPv6 addresses to exclude from DataDome protection; accepts ranges with CIDR notation
• urlPatternExclusion?: RegExp | string - Regex pattern to exclude URLs from DataDome protection
• urlPatternInclusion?: RegExp | string - Regex pattern to include URLs for DataDome protection; all URLs will match if empty
• enableDebugging?: boolean - Enable debugging mode
• enableGraphQLSupport?: boolean - Enable GraphQL support
• enableReferrerRestoration?: boolean - Enable referrer restoration
• maximumBodySize?: number - Maximum body size in bytes (default: 25KB)
• logpushConfiguration?: string[] - List of enriched headers names to log inside Logpush
• clientSideKey?: string - Client-side key for JS Tag injection
• jsURL?: string - URL of the JS Tag (default: https://js.datadome.co/tags.js)
• jsEndpoint?: string - URL for the JS data endpoint
• jsTagOptions?: Record<string, any> - Options for the JS Tag in JavaScript object format
• jsURLRegexExclusion?: RegExp | string - Regex pattern to exclude URLs where JS Tag injection must not execute
• jsURLRegexInclusion?: RegExp | string - Regex pattern to include URLs where JS Tag injection must execute; all URLs will match if empty

Logging system

• Use Cloudflare Workers' native logging system for debugging information instead of adding debug headers to requests

Enhancements

• Add CookiesList to payloads sent to Protection API
• Improve error logging and debugging capabilities:
  • Include more details in error messages
  • Change log format to be easier to parse and analyze
• Publish module as an npm package to ease installation

• Add support for React Native's New Architecture
• Remove the need for props when instantiating a DataDomeModal component
  • Before: <DataDomeModal onRef={ref => (DataDome.getInstance().setContainerViewRef(ref))} />
  • After: <DataDomeModal />

• Add support for React Native's New Architecture
• Remove the need for props when instantiating a DataDomeModal component
  • Before: <DataDomeModal onRef={ref => (DataDome.getInstance().setContainerViewRef(ref))} />
  • After: <DataDomeModal />
• Use Java's CookieManager on Android
• Remove @react-native-async-storage/async-storage from peer dependencies