riksdagsmonitor 0.9.6 → 0.9.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/SECURITY.md +2 -2
  2. package/package.json +2 -2
package/SECURITY.md CHANGED
@@ -187,7 +187,7 @@ Riksdagsmonitor's security practices are part of Hack23 AB's comprehensive Infor
187
187
 
188
188
  ### IMF data scope
189
189
 
190
- Riksdagsmonitor consumes **public, anonymous, unauthenticated** macro/fiscal/monetary statistics from the IMF Datamapper REST API (`www.imf.org/external/datamapper/api/v1`) and the IMF SDMX 3.0 endpoint (`sdmxcentral.imf.org`). **No personal data, no credentials, no auth tokens** are exchanged with the IMF. The IMF integration is therefore out of scope for GDPR DPIA but in scope for this security policy as a third-party dependency.
190
+ Riksdagsmonitor consumes **public** macro/fiscal/monetary statistics from the IMF Datamapper REST API (`www.imf.org/external/datamapper/api/v1`, **unauthenticated**) and the IMF SDMX 3.0 endpoint (`api.imf.org/external/sdmx/3.0`, **subscription-key authenticated** via the Azure APIM `Ocp-Apim-Subscription-Key` header / `IMF_SDMX_SUBSCRIPTION_KEY` secret). The subscription key gates throttle/quota at the gateway; the underlying payloads remain public macro statistics. **No personal data, no auth tokens** are exchanged with the IMF; the subscription key is treated as a credential per the secrets-management policy. The IMF integration is therefore out of scope for GDPR DPIA but in scope for this security policy as a third-party dependency.
191
191
 
192
192
  ### IMF-specific security posture
193
193
 
@@ -206,7 +206,7 @@ If you discover a vulnerability in our IMF integration (e.g., cache integrity by
206
206
 
207
207
  ### IMF egress allow-list
208
208
 
209
- **Egress hosts** (allow-list): `www.imf.org` (Datamapper REST · WEO/FM), `sdmxcentral.imf.org` (SDMX 3.0 REST · IFS/BOP/DOTS/GFS/PCPS/ER/MFS_IR/MFS_PR). Both HTTPS-only, anonymous, public no credentials required.
209
+ **Egress hosts** (allow-list): `www.imf.org` (Datamapper REST · WEO/FM, **unauthenticated**), `api.imf.org` (SDMX 3.0 REST · IFS/BOP/DOTS/GFS/PCPS/ER/MFS_IR/MFS_PR, **subscription-key authenticated** via the Azure APIM `Ocp-Apim-Subscription-Key` header / `IMF_SDMX_SUBSCRIPTION_KEY` secret). Both HTTPS-only; payloads are public macro statistics with no PII.
210
210
 
211
211
  **Canonical rule.** Every economic claim in a Riksdagsmonitor article cites an IMF dataflow first; World Bank citations are reserved for governance, environment and social residue (the classes IMF does not publish). SCB is the Swedish-specific ground truth layer. See `ECONOMIC_DATA_CONTRACT.md` v2.1 for the banned-phrase list and vintage discipline (>6 mo → annotation).
212
212
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "riksdagsmonitor",
3
- "version": "0.9.6",
3
+ "version": "0.9.8",
4
4
  "type": "module",
5
5
  "description": "Swedish Parliament (Riksdag) intelligence platform — TypeScript utilities for political data visualization, dashboards, and open data analysis with Chart.js and D3.js",
6
6
  "main": "dist/lib/shared/index.js",
@@ -197,7 +197,7 @@
197
197
  "remark-gfm": "^4.0.1",
198
198
  "remark-parse": "^11.0.0",
199
199
  "remark-rehype": "^11.1.2",
200
- "start-server-and-test": "3.0.2",
200
+ "start-server-and-test": "3.0.4",
201
201
  "tsx": "4.21.0",
202
202
  "typedoc": "0.28.19",
203
203
  "typedoc-plugin-mdn-links": "5.1.1",