All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

• Allow variables to be used globally across endpoints #265

• Replace unsafe eval() with RestrictedPython to prevent arbitrary code execution in API spec evaluation. #798

• Bumped httpx to ^0.27.0, which brings in httpcore >=1.0.0 and h11 >=0.15.0. #755

• Updated h11 to 0.16.0 (via httpx upgrade) to address CVE-2025-XXXX: fixed lenient parsing of chunked encoding that could allow request smuggling. #755

• Replace pkg_resources (deprecated) with importlib.metadata as the method to retrieve package version. This change removes the dependency on setuptools at runtime. #723
• Update GitHub Actions to use commit hashes instead of tags to improve security and reliability. #723

• BREAKING CHANGE: Drop support for Python 3.9, which has reached its end of life. #723

• Gitlint dev dependency 685

• Upgrade Click dependency 681

• Change requests to httpx. #208
• Upgrade PyYAML dependecy 678

• BREAKING CHANGE: Drops support for Python 3.7 and Python 3.8 since their EOL were reached out already 678

• Enable the use of different content types #521

• python -m scanapi command #501

• Content field not rendered properly on Chrome #551

• Custom variable evaluated when defined on the path #508
• Add missing --insecure flag to cURL command on report based on request options #555

• Implement new key options to request and endpoint nodes #529

• BREAKING CHANGE: Drops support for Python 3.6 since its EOL was reached out in December last year 549

• Print test results summary in console #497

• Error when using list (or any other) comprehension in Python Code #515

• Implement new details to help users on visualize related request data. #506

• Fix the --browser flag not working on macOS #504
• Error on running ScanAPI. ImportError: cannot import name 'soft_unicode' from 'markupsafe' #534

• Summary tests location to the top of the report #479
• Add the flag --browser or -b for short [#465]

• Header table gets broken. #432

• Enable 'vars' key at endpoint node. #328
• Add --no-report flag. #325

• Request name to report. #390
• Show on report the scanapi version used to generate it. #386
• Link icon to copy anchor URL. #398

• Error making request when request has no body and there is a report::hide_request::body configuration. #393

• --version command to return current scanapi version. #372

• hide_response body. #375

• Hide sensitive information in the URL Query Params #304
• Anchor link for each request in the report to make it easily shareable. #317
• Support to HTTP methods HEAD and OPTIONS #350
• The retry key under requests to setup retry for requests. #298

• Curl command #330
• Render body according to its request content type #331

• Add a delay key option to perform a delay between each request. #266

• Changed relative path to show absolute path to the report in CLI. #277
• Considering - (dash) in variable names. #281
• Moved bandit to dev section #285
• Increased Test coverage for /scanapi/evaluators/spec_evaluator.py #291

• When there is no body specified, sending it as None instead of {}. #280
• Removed unused imports. #294

• JSON response is now properly rendered, instead of plain text. #213
• The report page now has a favicon. #223
• Bandit security audit tool. #219
• Add Sphinx auto-documentation. #230
• Add workflow to package/publish to Test PyPi. #239
• Add Github Action workflow for First-time contributors. #290
• Add button to copy data from the report page. #295

• BREAKING CHANGE: Renamed api.(yaml|json) to scanapi.yaml. #222
• BREAKING CHANGE: Remove top-level api key in scanapi.yaml. #231
• BREAKING CHANGE: Renamed project-name, hide-request and hide-response to use underscore. #228
• BREAKING CHANGE: Changed command scanapi spec-file.yaml to scanapi run spec-file.yaml. #247
• Moved Documentation from README.md to the website. #250
• Local and global configuration. #254
• Moved bandit to dev in pyproject.toml. #286

• Updated language use in README.md and CONTRIBUTING.md plus fix broken links. #220
• Removed unused sys import in scan.py and cleaned for PEP8 and spelling errors. #217
• Hide body sensitive information. #238
• Fix css issues with html template. #256
• Fix when vars is declared and used in the same request.#257
• Fix when evaluated value is not string. #257

• APIKeyMissingError. #218

• Status icons on report were not vertically centered. #195

• MANIFEST.in.

• Fix for TemplateNotFound Error. #197

• Report example images not loading on PyPI. #193

• Add new HTML template. #157
• Tests key. #152
• -h alias for --help option. #172
• Test results to report. #177
• Add test errors to the report. #187
• Hides sensitive info in URL. #185
• CLI options explanation. #189

• Unified keys validation in a single method. #151
• Default template to html. #173
• Project name color on html reporter to match ScanAPI brand #172
• Hero banner on README. #180
• Entry point to scanapi:main. #172
• --spec-path option to argument. #172
• Improve test results on report. #186
• Improve Error Message for Invalid Python code error. #187
• Handle properly exit errors. #187
• Update README.md. #191

• Duplicated status code row from report. #183
• Sensitive information render on report. #183

• Console Report. #175
• Markdown Report. #179
• --reporter option. #179

• Automated pypi deploy. #144

• PATCH HTTP method. #113
• Ability to have API spec in multiples files. #125
• CLI --config-path option. #128
• CLI --template-path option. #126
• GitHub Action checking for missing changelog entry. #134

• Make markdown report a bit better. #96
• base_url keyword to path. #116
• namespace keyword to name. #116
• method keyword is not mandatory anymore for requests. Default is get. #116
• Replaced hide key on report config by hide-request and hide-response. #116
• Moved black check from CircleCI to github actions. #136

• Cases where custom var has upper case letters. #99

• Request with no endpoints. #116

• Return params/headers None when request doesn't have params/headers. #87

• Report-example image not loading on PyPi. #86

• Added PyPI Test section to CONTRIBUTING.md.

• Templates on pypi package. #85

• Fixed No module named 'scanapi.tree'. #83

• CodeCov Setup.
• CircleCI Setup.

• Updated Documentation.
• Increased coverage.
• Used dot notation to access responses inside api spec.
• Renamed option report_path to output_path.
• Reporter option -r, --reporter [console|markdown|html].

• Fixed join of urls to keep the last slash.

• Removed requirements files and put every dependency under setup.py.
• Removed dcvars key.

• Add math, time, uuid and random libs to be used on api spec.

• Bumped version.

• Used env variables from os.

• Added Docker file.

• Add logging.
• Option to hide headers fields.

• Fix vars interpolation.