@checkly/playwright-reporter 1.6.1 → 1.7.1

package/CHANGELOG.md

@@ -4,6 +4,18 @@ All notable changes to `@checkly/playwright-reporter` will be documented in this
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
+## 1.7.1 (2026-03-01)
+
+### Added
+
+- **Reporter version tracking** - The reporter version is now embedded in every report, making it visible in the Checkly UI alongside your check results.
+
+## 1.7.0 (2026-02-27)
+
+### Added
+
+- **Sensitive header scrubbing** - HTTP headers like `Authorization`, `Cookie`, `Set-Cookie`, `Proxy-Authorization`, `X-API-Key`, and `X-Auth-Token` are now automatically redacted from reports and traces when scrubbing is enabled — no configuration needed. This prevents tokens and session cookies from leaking through network request data, even if their values aren't registered as secrets. Disable with `scrubbing: { sensitiveHeaders: false }` or pass a custom list of header names to control which headers are redacted.
+
 ## 1.6.1 (2026-02-27)
 
 ### Fixed

package/dist/index.d.ts

@@ -49,6 +49,7 @@ interface JSONReport extends Omit<JSONReport$1, 'config' | 'stats'> {
         systemMetrics: SystemMetrics;
     };
     _checkly?: {
+        reporterVersion?: string;
         sourceFiles?: Record<string, string>;
     };
 }
@@ -128,6 +129,12 @@ interface ScrubbingOptions {
      * Custom replacement string for scrubbed values.
      */
     replacement?: string;
+    /**
+     * HTTP header names whose values should always be redacted, regardless of secret matching.
+     * Defaults to well-known sensitive headers (Authorization, Cookie, Set-Cookie, etc.).
+     * Pass `false` to disable header-name-based scrubbing entirely.
+     */
+    sensitiveHeaders?: string[] | false;
 }
 
 /**