New Adapter: ferio#14896
Merged
Merged
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 8b64e74213
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| }, | ||
| bidResponse(buildBidResponse, bid, context) { | ||
| if (!hasResponseMediaType(bid)) { | ||
| context.mediaType = getSingleMediaType(context.bidRequest); |
There was a problem hiding this comment.
Setting context.mediaType here leaks state across all bids that share the same impid in a single ORTB response, because fromORTB reuses the same imp context object for each bid on that impression. If the first bid lacks mtype/ext.prebid.type, this assignment persists and can force subsequent bids (even those with explicit media types) to be parsed as the wrong format, which can corrupt fields like vastXml/native parsing or cause bids to be dropped.
Useful? React with 👍 / 👎.
1 task
|
Whoa there partner! This project is migrating to typescript. Consider changing the new JS files to TS, with well-defined types for what interacts with the prebid public API (for example: bid params and configuration). Thanks!
|
patmmccann
reviewed
May 18, 2026
patmmccann
reviewed
May 18, 2026
| @@ -0,0 +1,13 @@ | |||
| import { registerBidder } from "../src/adapters/bidderFactory.js"; | |||
| import { createFerioBidderSpec } from "../libraries/ferioUtils/bidderUtils.js"; | |||
Collaborator
There was a problem hiding this comment.
why add a library if there is only one importer
Contributor
Author
There was a problem hiding this comment.
it is planned as utils for multiple upcoming adapters
patmmccann
reviewed
Jun 1, 2026
| return bid; | ||
| } | ||
|
|
||
| function addPrivacyFields<B extends BidderCode>( |
Collaborator
There was a problem hiding this comment.
The next several functions are available by using the ortb converter library
patmmccann
reviewed
Jun 1, 2026
| }, | ||
| request(buildRequest, imps, bidderRequest, context) { | ||
| const request = buildRequest(imps, bidderRequest, context); | ||
| addLegacySchain( |
Collaborator
There was a problem hiding this comment.
Why do these next three lines exist
patmmccann
approved these changes
Jun 1, 2026
DimaIntentIQ
added a commit
to DimaIntentIQ/Prebid.js
that referenced
this pull request
Jun 17, 2026
* Matterfull Bid Adapter: initial release (#14922)
* Matterfull Bid Adapter: initial release
* Matterfull Bid Adapter: fix endpoint
* Matterfull Bid Adapter: make params.env field required
* AnzuDSP Bid Adapter: initial release (#14924)
* AnzuDSP Bid Adapter: initial release
* AnzuDSP Bid Adapter: make params.env field required
* Bliink: Remove GVL_ID from bliinkBidAdapter.js (#14949)
* Remove GVL_ID from bliinkBidAdapter.js
* Delete gvlid exposure test from bliinkBidAdapter_spec
Removed test case for exposing gvlid.
* RhythmOne Adapter: remove lint exception for size parsing (#14765)
* RhythmOne Adapter: remove lint exception for size parsing
* Marsmedia Bid Adapter: remove coffee-style lint suppression (#14771)
* Core: fix typos in reducers comments (#14768)
* Marsmedia Bid Adapter: remove coffee-style lint suppression
* Update marsmediaBidAdapter.js
* Prebid 11.14.0 release
* Increment version to 11.15.0-pre
* Bump tmp from 0.2.4 to 0.2.6 (#14953)
Bumps [tmp](https://github.com/raszi/node-tmp) from 0.2.4 to 0.2.6.
- [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md)
- [Commits](https://github.com/raszi/node-tmp/compare/v0.2.4...v0.2.6)
---
updated-dependencies:
- dependency-name: tmp
dependency-version: 0.2.6
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* SSPF-3301: Kargo Adapter: use gppString for GPP consent (fix Prebid API) (#65) (#14954)
* Kargo Adapter: use gppString for GPP consent (fix Prebid API)
* remove comment
Co-authored-by: Julian Gan <juliangan07@gmail.com>
* Core: complete enforcement of accessRequestCredentials (#14935)
* Core: fix bug with accessRequestCredentials not controlling access to request credentials
* keep shallow copying in abtshieldIdSystem
* remove unused function
* lint
* Fix firefox losing keepalive flag
* Use module name in bidder's ajax
* add withCallers plumbing
* Build-time determination of moduleType/moduleName
* fix undetermined callers
* fix undetermined callers
* fix multi-gvlid that are not asking for credentials
* fix adapterManager tests
* fix adelerate tests
* fix asterio tests
* chunk 3 test fixes
* chunk 4 test fixes
* chunk 4 test fixes
* Chunk 5 test fixes
* chunk 6 fixes
* chunk 7 test fixes
* chunk 8 test fixes
* remove redundant hasDeviceAccess check
* lint
* Potential fix for pull request finding 'Semicolon insertion'
Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
* Potential fix for pull request finding 'Semicolon insertion'
Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
* Potential fix for pull request finding 'Semicolon insertion'
Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
* Improve comments
---------
Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
Co-authored-by: Patrick McCann <patmmccann@gmail.com>
* Core: fix bug where hb_cache_host is sometimes not set to the right host (#14806)
* TNE Catalyst Bid Adapter: optional params + ortb2 passthrough (#14941)
Combines the AMX-style permissive-params refactor with full ortb2.*
passthrough so the adapter integrates with a single
'{ bidder: tne_catalyst }' entry while honouring everything the
wrapper already populates.
Permissive params (AMX-style)
- All bid params optional. isBidRequestValid accepts a bid with no
params; rejects bids with wrong-typed values via a nullOrType helper.
- slot defaults to bid.adUnitCode and is mirrored into imp.tagid.
- site.publisher.id omitted when no override; exchange resolves
publisher from site.domain via sellers.json.
- New optional params.endpoint and params.testMode (the latter is
resolved per-imp so individual placements can be marked as test).
ortb2 passthrough
- ortb2.user / regs / device / app flow through to the outbound.
- bid.userIdAsEids still read and merged with ortb2.user.eids
(de-duped by source).
- Per the module rules, wrapper-set fields are authoritative;
derived signals (gdprConsent, uspConsent, gppConsent) only fill
gaps the wrapper hasn't already populated.
site / app mutex
- OpenRTB 2.6 §3.2.1: site and app are mutually exclusive. When
ortb2.app is present, site is omitted entirely; publisherId stamps
onto app.publisher.id. Site is also omitted when no site fields
would be populated.
schain
- Read from ortb2.source.ext.schain (Prebid 9.x normalized location)
with fallback to ortb2.source.schain (OpenRTB 2.6 top-level) and
finally legacy bid.schain for older wrapper builds. Outbound goes
on source.schain so modern adapters don't need to ext-fish.
101 tests passing.
Co-authored-by: thenexusengine <250033251+thenexusengine@users.noreply.github.com>
* Core: migrate from deprecated GPT getTargeting/setTargeting to getConfig/setConfig (#14816)
* Core: migrate from deprecated GPT getTargeting/setTargeting to getConfig/setConfig
* use gptUtils/setKeyValue instead of setPageTargeting when possible; fix incorrect test setup
* update types
* lint
* Add methods to fetch entire targeting map
* Update relaido to use getTargetingMap methods
* update relaido to use getTargetingMap methods
* Update src/utils/gptTargeting.ts
Co-authored-by: derdeka <derdeka@users.noreply.github.com>
* update mock data to use arrays
---------
Co-authored-by: derdeka <derdeka@users.noreply.github.com>
* Removed alias from appnexus and add it to microsoft adapter (#14965)
Co-authored-by: Andy <arezitopedia@gmail.com>
* 51Degrees RTD: enrich ORTB with IP/geo, 51DiD eids, preference/TCF/GPP consent forwarding (#14914)
* 51Degrees RTD: enrich ORTB with IP/geo, 51DiD eids, and PMP-aware id.usage
Adds device.ip/ipv6/geo from the cloud ip vendor, a 51d.es user.eids entry from fodid, and id.usage forwarding sourced from module params or PMP localStorage.
* configure PMP in the example
* proper casing
* improve example with debug bids
* set device.geo.region
* reload PMP button
* correct shape of user.eids[].uids
* guard publisher set device.ip
* warn on legacy ext.fiftyonedegrees_deviceId write
The module writes the 51Degrees device id to both
ortb2.device.ext.fod.deviceId (canonical) and
ortb2.device.ext.fiftyonedegrees_deviceId (legacy mirror kept for
adapters that read the older path, e.g. gumgumBidAdapter).
Emit a one-shot logWarn the first time the legacy mirror is written
so adapter authors can spot the duplication and migrate. Output is
unchanged.
* populate geo if locationconfidence is high/medium
also set correct ipservice value
* 51Degrees RTD: forward TCF/GPP consent strings to the cloud as evidence
* update doc
* update doc and remove params.idUsage
* update configurator link
* fix lint errors
* migrate consumers to ext.fod.deviceId
(formerly fiftyonedegrees_deviceId)
---------
Co-authored-by: YaroslavVlasenko <yaroslavvlasenko@gmail.com>
Co-authored-by: James Rosewell <james@51degrees.com>
* Acxiom's realid userID prebid module (GCD-559) (#14948)
* Add Acxiom Real ID Submodule to User ID system
* Update Acxiom Real ID Submodule to use POST requests with JSON payload and simplify API URL handling
* Simplify Acxiom Real ID Submodule by removing unused log prefix and redundant logInfo calls
* Update Acxiom Real ID API endpoint
* Refactor Acxiom Real ID Submodule to handle stored IDs and improve decode logic
* Expand Acxiom Real ID Submodule to enforce consent-based suppression and add GPP (US privacy) handling
* Update Acxiom Real ID to delete tokens with all suffixes for better consent compliance
* Update Acxiom Real ID to handle userAgent retrieval using `getWindowSelf` for improved compatibility
* Add detailed typedefs for Acxiom Real ID configuration and parameters
* Migrate Acxiom Real ID Submodule to TypeScript for improved type safety and module clarity
---------
Co-authored-by: Rameez Israr <rameez@govassist.com>
* Ogury Bid Adapter: add instream video support (#14962)
* Vidazoo utils: Additional validation for request (#14952)
* adding devicetype value validation to prevent errors from request in bidder
* make a deep clone in order to validate value without changing device info in the initial object
---------
Co-authored-by: Anna Yablonsky <annay+perion@perion.com>
* Adnow & DistroScale Adapters: remove deleted GVL IDs (#14966)
### Motivation
- The IAB vendor list marks GVL IDs `1210` and `754` as deleted, so adapters must not advertise those vendor IDs.
- Keep adapter runtime behavior unchanged while preventing Prebid from registering deleted TCF vendors.
- Ensure module metadata and per-module disclosure entries no longer reference deleted vendor IDs or disclosure URLs.
### Description
- Remove the `GVLID` constants and the `gvlid` fields from `modules/adnowBidAdapter.js` and `modules/distroscaleBidAdapter.js` so adapters no longer expose `1210` or `754`.
- Update generated metadata files `metadata/modules.json`, `metadata/modules/adnowBidAdapter.json`, and `metadata/modules/distroscaleBidAdapter.json` to set the corresponding `gvlid` values to `null` and clear `disclosures`/`disclosureURL` entries.
- Preserve the `ds` alias for DistroScale and leave all other adapter behaviour and supported media types unchanged.
### Testing
- Ran `npx eslint modules/adnowBidAdapter.js modules/distroscaleBidAdapter.js --cache --cache-strategy content` and it completed successfully.
- Ran the adapter unit tests with `npx gulp test --nolint --file test/spec/modules/adnowBidAdapter_spec.js` and `npx gulp test --nolint --file test/spec/modules/distroscaleBidAdapter_spec.js` and both test runs passed.
- Performed metadata validation and JSON parse checks (build-time GVL/metadata checks) and they passed without errors.
* 🐛 Criteo Id System: store raw bidId values (#14973)
Co-authored-by: v.raybaud <v.raybaud@criteo.com>
* Core: add deprecated GPT targeting CodeQL check (#14967)
* UnifiedId Adapter: add typed userId mappings (#14904)
* UnifiedId Adapter: add typed userId mappings
* UnifiedId Adapter: align tdid typing with runtime shapes
* UnifiedId Adapter: require partner or url in types (#14961)
---------
Co-authored-by: Demetrio Girardi <dgirardi@prebid.org>
* Goldbach Bid Adapter: server-driven syncs and identity rework (#14925)
* Goldbach Bid Adapter: Endpoint adjustment, server-side cookie sync
* Goldbach Bid Adapter: adjusted consent check, player size tuple check
* New Adapter: ferio (#14896)
* Add ferio bid adapter
* fix: isolate fallback response media type, include types
* refactor: convert adapter and utilities to ts
* refactor: rely on ORTB converter for request signals
---------
Co-authored-by: Patrick McCann <patmmccann@gmail.com>
* fluct Bid Adapter: add device.ext.vpw/vph viewport size signals (#14957)
* add instl support
* falseの場合も明示的に送信するようにした
* fluct Bid Adapter: allow wrapper to inject its name via x-fluct-prebid-wrapper header
Read `fluct.wrapperName` from Prebid config and, when set, attach it as the
`x-fluct-prebid-wrapper` HTTP header on every bid request so the fluct bidder
can identify which wrapper the request originates from.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fluct Bid Adapter: move customHeaders construction outside _each loop
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fluct Bid Adapter: add device.ext.vpw/vph viewport size signals
Pass viewport dimensions (vpw, vph) from ortb2.device.ext to the
fluct server. Viewability prediction by DSPs uses viewport size to
differentiate between screen size (w/h) and actual visible area,
which directly affects bid prices.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: yosei-ito <ca01423@cartahd.com>
Co-authored-by: himu62 <ca00732@cartahd.com>
Co-authored-by: himu <himu62@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Patrick McCann <patmmccann@gmail.com>
* Core: Avoid keepalive for >64KiB request bodies and log warning (#14916)
* Core: warn when keepalive is skipped for oversized payload
* Potential fix for pull request finding 'Unused variable, import, function or class'
Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
* use blob() to calculate size
* Potential fix for pull request finding 'Semicolon insertion'
Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
* lint
* Fix firefox losing keepalive, not supporting body
* Safari fix
* update comment
---------
Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
Co-authored-by: Demetrio Girardi <dgirardi@prebid.org>
* ResetDigital Bid Adapter: Forward user EIDs (#14975)
* ResetDigital: Forward user EIDs
* ResetDigital: Aggregate user EIDs
* ResetDigital: Simplify EID forwarding
* acxiomRtd: fix tests (#14974)
* feat: add hubvisor analytics adapter (#14976)
* Bump actions/github-script from 8 to 9 (#14980)
Bumps [actions/github-script](https://github.com/actions/github-script) from 8 to 9.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v8...v9)
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-version: '9'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Aps Bid Adapter: map bidder metadata (#14977)
* Core: bidDesirabilityAdjustment (#14860)
* adding bidderDesirabilityAdjusments to bidderSettings
* adding bid desirability sort to bidLimit path
* adding bid desirability to reducers
* sharing bidRequest between cpm and desirability adjustments
* sortByDealAndPriceBucketOrDesirability
* fixing multibid & removing bidRequest fallback
---------
Co-authored-by: Patrick McCann <patmmccann@gmail.com>
* fluct Bid Adapter: add remaining missing bid request signals (#14958)
* add instl support
* falseの場合も明示的に送信するようにした
* fluct Bid Adapter: allow wrapper to inject its name via x-fluct-prebid-wrapper header
Read `fluct.wrapperName` from Prebid config and, when set, attach it as the
`x-fluct-prebid-wrapper` HTTP header on every bid request so the fluct bidder
can identify which wrapper the request originates from.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fluct Bid Adapter: move customHeaders construction outside _each loop
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fluct Bid Adapter: add remaining missing bid request signals
Forward all outstanding signals from Prebid.js to the fluct server:
Regulation/privacy:
- regs.ext.dsa (Digital Services Act) — EU DSPs skip bids without it
- regs.ext.gpc (Global Privacy Control)
User attributes:
- user.yob, user.gender, user.keywords — demographic/interest targeting
- user.ext.data (all fields, not just im_segments)
Site metadata:
- site.name, site.search, site.publisher.domain
Auction context:
- refererInfo.canonicalUrl — more reliable than raw page URL
- refererInfo.isAmp, reachedTop, numIframes — page environment signals
- timeout — lets fluct server optimize response time
- source.tid — auction-level transaction ID
Floor model metadata:
- floorData.modelVersion, location, floorProvider
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fluct Bid Adapter: fix guard inconsistencies found in code review
- yob: use != null guard (consistent with gender)
- numIframes: use != null guard so top-level pages (numIframes=0) are forwarded
- site.publisher: gate on publisher object existence instead of domain,
and forward id in addition to domain
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fluct Bid Adapter: remove floorData metadata fields
Floor model metadata (modelVersion, location, floorProvider) has unclear
server-side use. Removing to keep the PR focused; floor price itself
(bidfloor/bidfloorcur) is already forwarded by existing code.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fluct Bid Adapter: fix duplicate instl assignment after rebase
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fluct Bid Adapter: remove extra blank line (lint fix)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fluct Bid Adapter: fix padded-blocks lint error in spec
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fluct Bid Adapter: remove CORS preflight by switching to text/plain
Replace custom request headers with body fields to eliminate the ~400ms
OPTIONS preflight on every bid request:
- Remove Content-Type: application/json and custom headers
(x-fluct-app, x-fluct-version, x-openrtb-version, x-fluct-prebid-wrapper)
- Move adapter metadata to request body:
- adapterVersion (was x-fluct-version)
- wrapperName (was x-fluct-prebid-wrapper, set only when configured)
- Default content type becomes text/plain (Prebid ajax default),
which is a CORS simple request and requires no preflight
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* Revert "fluct Bid Adapter: remove CORS preflight by switching to text/plain"
This reverts commit 5c129058b1dfab4ab9fcb69aa376b474f96420df.
---------
Co-authored-by: yosei-ito <ca01423@cartahd.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* Asterio Bid Adapter: Add native support (#14929)
* Zeta Global Analytics Adapter: extra events (#14964)
* Zeta Global SSP Analytics Adapter: track extra events
* Zeta Global SSP Analytics Adapter: harden payload helpers and fallbacks
Extract shared site-context, floor, mediaType, and device helpers so analytics
events send complete fields (including auctionId on bidsReceived) with robust
page/domain fallbacks and bounded bidder error payloads.
Co-authored-by: Cursor <cursoragent@cursor.com>
* Zeta SSP Analytics Adapter: code style fixes.
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
* tcfControl: use the GVL to determine legal basis (#14979)
* fetch purposes during build
* Update metadata
* include purpose metadata in adapters
* add warning on bidders without p2 LI
* add --no-fetch option to compile-metadata
* add warning on undeclared flexible purposes
* getPublicUrl
* Update metadata
* cleanup
* Better purpose declaration warnings
* do not double include purpose metadata
* update metadata including specialFeatures
* add build time validation
* update tcfControl to check purpose declarations
* lint
* do not use intersection/difference
* New Adapter: Vuukle Bid Adapter (banner, video, native) (#14981)
* Build: remove unused @wdio/concise-reporter dev dependency (#14956)
* IntentIq ID Module & Analytical Adapter: A/B percentage passing, CMP consent improvements (#14936)
* AGT-817 Group change for module (#70)
Co-authored-by: Alex <alex@MacBook-Pro-Alex.local>
* AGT-843 Module documentation (#71)
Co-authored-by: Alex <alex@MacBook-Pro-Alex.local>
* AGT-751 AB% passing
* Merge master into 0.36 (#75)
* Remove gvlid from movingup bid adapter (#14749)
* billow_rtb25: New adapter (#14690)
* New adapter: billow_rtb25
* delete options
* add public interface
* Change the adapter type to a ts file
---------
Co-authored-by: zepeng.yin <zp.yin@foxmail.com>
* Prebid 11.7.0 release
* Increment version to 11.8.0-pre
* Showheroes Bid Adapter: rename showheroes bid adapter (#14644)
* rename showheroes bid adapter
* Showheroes: bring back old adapter
* Impactify Bid Adapter: ensure compatible mediaType mapping (#14748)
* Updated bid adapter to log errors
* Remove onBidderError function and LOGGER_JS_URI
Removed unused onBidderError function and LOGGER_JS_URI constant.
* Apply suggestion from @Copilot
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Fix mediatypes
* Add banner test
* Add mediaType fallbacks
---------
Co-authored-by: Filipe Neves <me@filipeneves.net>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* CriteoBidAdapter: Fix outstream video (#14753)
* Update: Adding Device hardware version (hwv) in the adapter (#14757)
* wurfl rtd: collect SUA via src/fpd/sua.js for high-entropy hints (#14758)
Switch the SUA source from the bid request to direct calls to
getHighEntropySUA from src/fpd/sua.js. This ensures wurfl.js and the
analytics beacon receive high-entropy User-Agent Client Hints. Falls
back to low-entropy SUA when high-entropy is unavailable (non-Chromium
browsers, restrictive Permissions Policy).
Refs prebid/Prebid.js#14574
* Msft Bid Adapter - Native request example in md updated to include eventtrackers (#14760)
* Update msftBidAdapter.md
* Minor update to the keyword format
* Minor update to the keyword format
* Update msftBidAdapter.md
---------
Co-authored-by: Jason Crane <jasoncrane@microsoft.com>
* Intenze Adapter: Europe support (#14658)
* Intenze Adapter: Europe support
* fix lint problem in intenzeBidAdapter.js
* Bid Filter Module: Add option for bidResponseFilter handling for in-banner video on multi-format (#14542)
* Add option for bidResponseFilter handling for in-banner video on multi-format
* Format code for consistency in bidResponseFilter_spec.js
---------
Co-authored-by: Patrick McCann <patmmccann@gmail.com>
Co-authored-by: Patrick McCann <pmccann@cafemedia.com>
* Core: fix typos in reducers comments (#14768)
* IntimateMerger Analytics Adapter : initial release (#14726)
* IntimateMerger Analytics Adapter : initial release
* IntimateMerger Analytics Adapter : fix event overlap
* IntimateMerger Analytics Adapter : refactoring
* IntimateMerger Analytics Adapter : Update modules/imAnalyticsAdapter.md
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* IntimateMerger Analytics Adapter : Update waitTimeout
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* IntimateMerger Analytics Adapter : Update modules/imAnalyticsAdapter.js docs
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* IntimateMerger Analytics Adapter : Update docs
* IntimateMerger Analytics Adapter : cid optional
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Adquery Bid Adapter: userID usage refactor (#14692)
* adquery_video_work9
* adquery_video_work9
* adquery_video_work9
* update onBidWon
---------
Co-authored-by: Adrian Dzida <a.dzida@openmobi.pl>
* New Bidder: PGAM Direct (#14763)
* Add PGAM Direct bid adapter
New SSP bidder (server-to-server, canonical OpenRTB 2.6) operated by
PGAM Media LLC. Distinct from pgamssp (our legacy TeqBlaze-hosted
adapter); we plan to migrate publishers from pgamssp to pgamdirect
over 2026 and will submit a deprecation PR for pgamssp once migration
completes. Both are actively maintained.
GVL ID: 1353
Endpoint: https://rtb.pgammedia.com/rtb/v1/auction
Media types: banner, video, native
Supports: schain, TCF v2, USP, GPP, COPPA, EIDs, GPID, floors module,
deals, first-party data
37 spec cases covering isBidRequestValid, buildRequests across banner
video and native, multi-imp, consent forwarding for GDPR/USP/GPP/COPPA,
EIDs and schain passthrough, interpretResponse across all media types
including VAST XML/URL variants and native JSON parsing, malformed-
input rejection, ext.meta merge, and metadata assertions. Coverage:
100% functions, 100% lines, 82% branches.
* pgamdirect: address Codex review
Three P1s from the Codex automated review:
1. Floors module integration — imp.bidfloor now comes from bid.getFloor()
when the Floors module is enabled, falling back to params.bidfloor and
then 0. Currency is carried from the Floors-returned currency, not
hard-coded to USD. Resolves the regression where publishers on floor
rules were silently sending their static params.bidfloor.
2. schain lookup precedence — buildSource() now reads
ortb2.source.ext.schain first (the modern FPD path), falling back to
the legacy bid.schain. Resolves the drop for publishers who configure
schain through FPD rather than per-bidder params.
3. CORS preflight — removed the x-openrtb-version custom header. The
request is now CORS-simple enough to avoid a browser preflight on
every auction, reducing perceived auction latency by one RTT.
Server accepts OpenRTB 2.6 as default regardless.
Tests updated: 6 new cases covering the two P1 behaviour changes
(getFloor used, fallback to params, fallback when getFloor throws,
fallback to 0, currency preserved, ortb2 schain wins over bid.schain,
bid.schain fallback when ortb2 empty). The removed "forwards schain
from first bid" test is covered by the new "falls back to bid.schain"
case. Existing CORS assertion updated to expect absent customHeaders.
43/43 tests green in Karma/ChromeHeadless. Lint clean.
* pgamdirect: convert to TypeScript, use ortbConverter
Addresses patmmccann review on #14763:
- Convert pgamdirectBidAdapter.js → .ts with typed public interface.
- Replace the hand-rolled imp/device/user/source builders with
libraries/ortbConverter, keeping only the pgam-specific fields
(imp.ext.pgam.orgId, imp.tagid from params.placementId,
meta.networkName from seatbid.seat) as converter hooks.
- Drop the contentType: 'application/json' header entirely — JSON
is NOT a CORS-simple content-type, so setting it forces a
browser preflight on every auction. Omitting it keeps the POST
preflight-free (saves one RTT per request).
The converter inherits Prebid's standard handling of:
- priceFloors module (imp.bidfloor / bidfloorcur via bid.getFloor)
- schain via FPD normalisation (source.ext.schain)
- source.tid, user.eids, site/device/regs (GDPR, USP, GPP, COPPA)
- media types (banner sizes → format[], video player size passthrough,
native request serialisation)
- bidResponse cpm/currency/ttl/netRevenue/mediaType/advertiserDomains
So this change:
- Removes ~200 lines of custom plumbing.
- Means future ORTB spec updates (2.7, new privacy fields) flow
through automatically when Prebid updates the converter.
Also:
- Register GVL ID 1353 on spec (PGAM Media LLC, registered with IAB).
- Keep params.bidfloor as a legacy fallback when the priceFloors
module has not populated imp.bidfloor.
- Force at=1 (first-price) and cur=['USD'] via a request hook.
Spec tests: trimmed to cover only the adapter-owned behaviour
(isBidRequestValid, CORS-simple options, imp hook custom fields,
request hook, bidResponse.meta.networkName, onBidWon). Library-owned
behaviour (floors / schain / GDPR / media types / VAST parsing) is
not re-asserted here; those are covered by ortbConverter's own specs
and by every other adapter that uses it. 26/26 pass locally.
* Core: remove deprecated wretry usage (#14772)
* CI: replace wretry artifact flow with cache save/restore
* CI: use artifact handoff without deprecated retry wrapper
* Core: reduce allocations in metrics.getMetrics (#14769)
* Core: cleanup adloader callback/listener references (#14767)
* Core: tighten apntag shim typing (#14766)
* Core: tighten apntag shim typing
* Core: tighten apntag shim typing
### Motivation
- TypeScript compilation failed when core code accessed `window.apntag.getTag().keywords` because `window.apntag` was typed as `any` and `getTag` returned `unknown` properties.
- Provide a focused, maintainable shim for the `apntag` global so core targeting logic can rely on well-typed properties without losing runtime extensibility.
### Description
- Added an `ApnTag` interface in `src/types/local/shim.d.ts` with explicit method signatures for `getTag`, `modifyTag`, `setKeywords`, `anq`, and `onEvent` and preserved an index signature for extra runtime fields (see `src/types/local/shim.d.ts` 【F:src/types/local/shim.d.ts†L7-L18】).
- Typed `getTag` to return an object that may include `keywords` (`{ keywords?: Record<string,string> } | undefined`) so property access like `.keywords` is accepted by the TypeScript compiler.
- Made the global `Window.apntag` optional (`apntag?: ApnTag`) to reflect pages where the integration is absent.
### Testing
- Ran `npx eslint src/types/local/shim.d.ts --cache --cache-strategy content` which completed successfully.
- Ran `npx gulp test --nolint --file test/spec/unit/core/targeting_spec.js` which completed successfully (all relevant tests passed).
- Ran `npx tsc --noEmit` which completed successfully with no type errors.
* Core: use window crypto reference for UUID random data (#14764)
* Permutive RTD: iterate bidders configured via params.bidders (#14774)
* Permutive RTD: iterate bidders configured via params.bidders
Previously setBidderRtb only wrote ortb2 for the union of acBidders and
Permutive's SSP list. A bidder declared under params.bidders with a
customCohorts mapping was iterated only if it was also present in one of
those lists, leaving publishers' configuration silently inert.
Include Object.keys(params.bidders) in the iterated set so an explicit
per-bidder customCohorts mapping is always honored.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* Permutive RTD: type the public params interface
Add a `.d.ts` declaring `PermutiveRtdProviderParams` / `PermutiveRtdProviderConfig`
and wire them into the module via JSDoc typedef imports (follows the pattern
from prebid/Prebid.js#14773).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* 51Degrees RTD: use highEntropySUAAccessor for HEV retrieval (#14746)
* CI: add manual retry for artifact downloads (#14776)
* Prebid 11.8.0 release
* Increment version to 11.9.0-pre
* Bump @xmldom/xmldom from 0.8.12 to 0.8.13 (#14779)
Bumps [@xmldom/xmldom](https://github.com/xmldom/xmldom) from 0.8.12 to 0.8.13.
- [Release notes](https://github.com/xmldom/xmldom/releases)
- [Changelog](https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md)
- [Commits](https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13)
---
updated-dependencies:
- dependency-name: "@xmldom/xmldom"
dependency-version: 0.8.13
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump fast-xml-parser from 5.5.7 to 5.7.1 (#14780)
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.5.7 to 5.7.1.
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.7...v5.7.1)
---
updated-dependencies:
- dependency-name: fast-xml-parser
dependency-version: 5.7.1
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* aceex and yandex bidders: type the public interface (#14773)
* Aceex Adapter: type public params via d.ts
* Aceex/Yandex Adapter: refine bidder params typing
* GPP control modules: add option to restrict more activities (#14762)
* Core: add TCF 2.3 tcData coverage to consent tests (#14788)
* New Bid Adapter: tne_catalyst (#14738)
* New Bid Adapter: tne_catalyst
* tne_catalyst: normalize video playerSize to handle flat [w,h] and nested [[w,h]] forms
* tne_catalyst: use getFloor() for dynamic floors with currency passthrough, fallback to params.bidfloor
* tne_catalystBidAdapter: convert to TypeScript and switch request to text/plain
- Migrate adapter from JS to TS with typed BidderParams (per repo TS migration guidance).
- Change request contentType from application/json to text/plain to avoid the
CORS preflight that was flagged by CodeQL and noted in review.
---------
Co-authored-by: StreetsDigital <45595449+StreetsDigital@users.noreply.github.com>
Co-authored-by: Patrick McCann <patmmccann@gmail.com>
* pgamdirect: add getUserSyncs for cookie-sync pixel support (#14777)
* pgamdirect: add getUserSyncs for cookie-based retargeting DSPs
Follow-up to #14763. Our bid adapter previously declared no user-
sync pixels, which blocked cookie-based retargeting DSPs from
matching our users to their own — they need the browser-side sync
step to correlate, and without it their bids come back heavily
suppressed for "user not matched."
Implementation routes sync URLs through the OpenRTB response from
our bidder at `response.ext.cookies[]`. Each entry carries:
{ type: 'image' | 'iframe', url: string }
The per-DSP sync URL list lives server-side (one entry per
downstream DSP we integrate), so this adapter stays stable even as
we add / rotate DSPs.
Behaviour:
- Empty serverResponses or no ext.cookies → return []
- Respects syncOptions.iframeEnabled / pixelEnabled (publisher-
controlled — some publishers disallow iframe syncs)
- Drops malformed entries (missing url or unknown type)
- Caps at 5 pixels per response to avoid cookie floods
Consent note: Prebid passes parsed GDPR / USP / GPP state, but we
don't filter server-side. Each DSP's sync URL already encodes its
own consent handling (appending ?gdpr=1&gdpr_consent=... as each
requires). Future revision can add per-DSP consent framework
declarations + server-side suppression if a DSP fails to register
handling for the caller's framework.
Tests: +6 spec cases covering empty, malformed, caps, and consent-
driven filtering. 32/32 pass (was 26).
* pgamdirect: remove in-adapter sync cap (address Codex review)
Codex pointed out on #14777 that the hard-cap at 5 pixels bypassed
Prebid's `userSync.syncsPerBidder` control in src/userSync.ts. Core
already enforces the per-bidder sync limit based on publisher
configuration; an additional cap inside the adapter silently drops
valid sync URLs when a publisher raises the limit (or sets 0 =
unlimited), reducing match coverage for downstream DSPs.
Fix: remove the break on length >= 5 so getUserSyncs returns the
full filtered list. Prebid core does the right thing from here.
Updated the corresponding test to assert the full list comes back
with a comment pointing to where the authoritative cap lives.
32/32 tests still pass.
---------
Co-authored-by: Patrick McCann <patmmccann@gmail.com>
* Nexx360 Utils Library: add shared getGzipSetting helper (#14781)
* Nexx360 Utils Library: add shared getGzipSetting helper
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---------
Co-authored-by: Gabriel Chicoye <gabriel@macbookrogab24g.lan>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Rename agenticAudienceAdapter to agenticAudienceRtdProvider (#14729)
* Core: fix additional typo occurrences (#14770)
* new alias nuclion (#14783)
Co-authored-by: mderevyanko <mderevyanko24@gmail.com>
* enable compression and remove callbacks (#14643)
* Add pgamdirect Analytics Adapter (#14778)
* Add pgamdirect Analytics Adapter
Companion to modules/pgamdirectBidAdapter.ts (merged #14763).
Publishers install this alongside the bid adapter to forward auction
telemetry to the PGAM Direct SSP backend.
Forwards four Prebid events, deliberately narrow:
AUCTION_END — competitor CPMs seen in the auction
BID_WON — Prebid-layer winner + price
AD_RENDER_SUCCEEDED — client-confirmed impression
AD_RENDER_FAILED — with reason (exception / timeout / etc)
The value add over a server-side-only ledger: client-confirmed render
vs. "RTB said we won", plus visibility into what other bidders priced
the same auction at (we own server-side data for our own DSP calls,
but not for the ones other SSPs made through the same Prebid wrapper).
Payload is normalised into a small fixed shape before POST — we
deliberately drop the raw Prebid event args, which carry full FPD /
user.eids / custom bidder params that we don't need and shouldn't
exfiltrate. Sink: https://app.pgammedia.com/api/analytics-events (one
POST per event; content-type text/plain to keep CORS simple).
Config:
pbjs.enableAnalytics({
provider: 'pgamdirect',
options: {
orgId: '<pgam org id>', // required
endpoint: 'https://...' // optional override
}
});
GVL ID 1353 (PGAM Media LLC, same as the bid adapter).
Tests: 12 covering registration, orgId validation, and the pure
normalise transform across all 4 forwarded event types (including
the 20-entry bidders_seen cap and filter-out of bidders with no
code). Event-emission path is not covered in this spec because the
sinon mock + AnalyticsAdapter async queue interact oddly in the
test harness — we export normalise() directly so the transform is
verifiable without the full event pipeline. The ajax call itself is
covered by upstream AnalyticsAdapter base-class tests.
* pgamdirectAnalytics: address Codex review on #14778
Two P1s flagged by Codex on the initial commit:
1. ad_unit_code semantic inconsistency
Original code pulled ad_unit_code from args.adUnitCode on BID_WON
but from args.adId on AD_RENDER_*, so the same field represented
different identifiers across event types. In auctions with multiple
ad units (or repeated wins from the same bidder), this prevented
reliable win → render reconciliation and could misattribute render
outcomes.
Fix: render events now read ad_unit_code from args.bid.adUnitCode
(stable across the BID_WON ↔ AD_RENDER_* join for the same slot).
adId moves to its own field `ad_id` so per-bid traceability is
preserved. Type definition updated with a comment explaining the
split so future contributors don't re-conflate them.
2. Missing fetch keepalive
Prebid AGENTS.md §71 requires low-priority telemetry calls to set
fetch keepalive. Without it, BID_WON + AD_RENDER_* events emitted
near page unload get dropped before reaching the endpoint — and
those are exactly the events that fire in that window.
Added `keepalive: true` to the ajax call. Prebid's ajax helper
already supports the flag (src/ajax.ts option); no adapter-side
polyfill needed.
Tests: +1 spec case covering "missing bid object on AD_RENDER_*
still captures ad_id cleanly." Existing render-event assertions
updated to verify the ad_unit_code-vs-ad_id split explicitly.
13/13 pass (was 12).
* fix: add upstream_partner KV to GAM (#14743)
Co-authored-by: Shashank <=>
* Vidazoo adapter: support host bidder param (#14784)
* align spec on all adapters that we manage; add coverage to libraries/vidazooUtils/bidderUtils.js; changes are backward-compatible
* more coverage
* more coverage for vidazoo bidder utilities
* more coverage; utils function full coverage
* remove comments
* fix tests after the code removal in new master code: check of bidderRequest.paapi.enabled
* fixing get headers
* fixing single request
* adding burl to createInterpretResponseFn
* adding more tests for coverage
* fixing latest changes to support the right data
* fixing tests
* fix missing map of a host param
* fix missing map of a host param
* adding test for the new data params map
* adding type files for adapter to define params in bid object
* code imp
---------
Co-authored-by: Anna Yablonsky <annay+perion@perion.com>
* Build System: replace source-map-loader with webpack native source-map loading (#14797)
* Mtc Bid Adapter: initial release (#14782)
* Nexx360 Utils Library: add shared getGzipSetting helper
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* Mtc Bid Adapter: initial release
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* Update mtcBidAdapter.ts
Bid Params guard fix
* Update mtcBidAdapter.md
* Nexx360 Bid Adapter: make requestCounter assertion order-independent
The shared module-level requestCounter in libraries/nexx360Utils is
incremented by every consuming adapter, so when mtcBidAdapter tests run
in the same chunk before nexx360 tests, the counter is no longer 0.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Gabriel Chicoye <gabriel@macbookrogab24g.lan>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* New Bid Adapter - goadserver (#14701)
* New Bid Adapter - goadserver
Multi-tenant Prebid.js adapter for the goadserver platform. One bidder
code ("goadserver") serves every deployment — publishers pass the
deployment-specific host + SSP campaign token per ad unit via params.host
and params.token. The adapter POSTs to https://{host}/openrtb2/auction
(goadserver's Prebid Server-compatible endpoint) and supports banner,
video, and native via ortbConverter.
GVL ID is not yet registered with IAB Europe and is commented out in
the adapter for now; will be populated once the TCF registration lands.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* goadserverBidAdapter: use real maintainer email
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* goadserverBidAdapter: support params.subid
Emits an optional per-impression subid in imp.ext.goadserver.subid
so goadserver can attribute bids to a sub-identifier (page section,
article bucket, A/B test group, etc.) without requiring a separate
HB campaign per variation. Server-side normalization strips unsafe
characters and caps the length at 1024.
Test coverage: 22 → 24 tests (adds "emits params.subid" and "omits
imp.ext.goadserver.subid when no subid is set" cases).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* goadserverBidAdapter: getUserSyncs from ext.goadserver.usersync
Implements the getUserSyncs hook so publishers using this adapter
drop the goadserver persistent cookie after each auction. The sync
URL is published per-deployment at response.body.ext.goadserver.usersync
by the server (/openrtb2/auction), so the same adapter picks up the
right pixel for every goadserver system without hardcoding hosts.
Returns image or iframe syncs per syncOptions; falls back to empty
when either the response has no sync entry or the publisher has
disabled sync types globally.
Test coverage: 24 → 29 tests (5 new getUserSyncs cases covering
empty responses, missing ext, type filtering, and iframe path).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* goadserverBidAdapter: params.deals[] + outstream video docs
Two Tier 2 additions:
1. params.deals[] support. Publishers can now attach private
marketplace deal objects per ad unit; the adapter's ortbConverter
imp hook translates them into imp.pmp.deals[] in the outgoing
BidRequest. Each deal object accepts id (required), bidfloor,
bidfloorcur, at, wseat[], wadomain[] — matching the OpenRTB 2.5
imp.pmp.deals spec.
2. Outstream video documentation. The adapter already forwards video
imps untouched via ortbConverter (including context='outstream')
so no code change is needed on the request side. Added an .md
section showing the standard Prebid.js ad-unit-level renderer
pattern for publishers who want outstream.
Test coverage: 29 → 32 tests (emits deals, omits when unset,
outstream video imp shape preserved).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* goadserverBidAdapter: outstream video renderer + cached VAST URL
Attaches a Prebid.js Renderer for video bids whose ad unit requested
mediaTypes.video.context = 'outstream'. The renderer loads the
deployment-hosted player at https://{params.host}/prebid-outstream.js
which parses the VAST XML and injects a muted autoplay <video> element
into the slot with impression + click tracking. Publishers can override
the hosted script via params.outstreamRendererUrl, or fall back to a
standard ad-unit-level renderer which takes precedence.
Also prefers the Prebid Cache URL (exposed via ext.prebid.targeting
.hb_cache_url) over inline VAST XML when both are present, so large
VAST blobs don't have to live in Prebid's in-memory targeting store.
The bidRequests array is now stashed on the ServerRequest so
interpretResponse can correlate bids back to their originating ad
unit (needed to detect outstream context).
All 32 existing unit tests still pass.
* goadserverBidAdapter: split per (host, token); plain-text POST
Addresses codex-connector review on PR #14701:
- buildRequests now groups bids by (host, token) and emits one
ServerRequest per group, so pages mixing multiple goadserver
deployments route each ad unit to the correct endpoint + token.
- POST uses contentType 'text/plain' instead of 'application/json'
so the browser skips the CORS preflight (same JSON body, one
round-trip instead of two).
- getUserSyncs JSDoc @returns {UserSync[]} -> {Object[]} to clear
the lint warning from an undefined type reference.
New specs cover multi-tenant splitting, same-tenant bundling, and
the text/plain content-type assertion.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* goadserverBidAdapter: migrate to TypeScript
Per the prebid/Prebid.js TS migration guidance from the bot review on
PR #14701: convert the adapter to .ts with typed BidderSpec and a
GoadserverBidParams type registered via `declare module
'../src/adUnits'`. Runtime behavior unchanged — spec passes 33/33.
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Blazo <blazo@goadserver.com>
Co-authored-by: Patrick McCann <patmmccann@gmail.com>
* Build system: Switch to native Gulp v5 sourcemap handling and remove `gulp-sourcemaps` (#14805)
* Build System: remove gulp-sourcemaps dependency
* Build System: preserve bundle sourcemaps through header/footer injection
* fix warning on creative renderers source map
---------
Co-authored-by: Demetrio Girardi <dgirardi@prebid.org>
* Core: disable user syncs in Firefox and Webkit Chrome (#14803)
* Core: disable user syncs in Firefox
* Core: block user syncs for Chrome iOS
* Livewrapped Adapter: align cookieSupport browser gating
* Livewrapped Adapter: stabilize cookieSupport tests across browsers
* ADTS-661-send-video-pos-value-from-Prebid-JS-adapter (#14808)
* CI: use app password for notification emails (#14817)
* CI: use app password for notification emails
* update workflow file; fix validation
* Core: limit mergeConfig notifications to updated topics (#14741)
* mergeConfig trigger only merged topic listeners & write test
* Avoid prototype inheritance in merged config
* Encypher RTD Provider: C2PA content provenance signals (#14807)
* feat: add Encypher RTD provider for C2PA content provenance
Injects C2PA content provenance signals into OpenRTB bid requests at
site.ext.data.c2pa, enabling DSPs to factor verified publisher identity
and content integrity into bidding decisions.
Three execution paths in strict priority:
- Path A (Manifest shortcut): reads <meta name="c2pa-manifest-url">
- Path B (Cache): serves from localStorage, no network call
- Path C (API): extracts text, sends to Encypher API which detects
existing embedded provenance markers or signs fresh content
Content signed at CMS/CDN level carries invisible C2PA markers that
survive DOM rendering. The API detects and verifies these server-side,
returning the publisher's authenticated signer tier. This differentiates
publisher-signed inventory from third-party-attested inventory in bids.
Extracts JSON-LD metadata (author, dates, section, keywords, publisher,
language) for analytics when structured data is available.
No external scripts loaded. Every code path calls callback(). The module
never blocks an auction. GDPR-compliant via Prebid storageManager.
Free tier: 1,000 unique content signatures per domain per month.
Verification of already-signed content does not count against quota.
Deduped by content hash. Quota exceeded fails open gracefully.
* fix(encypherRtd): add security guards from code review
- Add callback-once guard to prevent double-invocation
- Add 2s safety timeout so module never blocks auction
- Add GDPR consent gate before transmitting page content
- Add API host allowlist (api.encypher.com, staging-api.encypher.com)
- Add tests for consent, allowlist, and HTTP-rejection scenarios
- Update test apiBase to use allowed host
* docs(encypherRtd): note security guards in module README
* fix(encypherRtd): address review feedback, migrate to TypeScript
- Extract getCanonicalUrl/hashUrl to libraries/encypherUtils
- Remove application/json content type to avoid CORS preflight
- Broaden consent gate to check COPPA, USP/CCPA opt-out, and GDPR
- Migrate module to TypeScript with typed public interface
(EncypherRtdParams, C2paPayload, RtdProviderSpec<'encypher'>)
- Enforce HTTPS on Path A manifest URLs
- Add 8 new tests (39 total, all passing)
Addresses review feedback from patmmccann on #14807.
---------
Co-authored-by: Developer <developer@example.com>
* Prebid 11.9.0 release
* Increment version to 11.10.0-pre
* New adapter: cortex (#14811)
* New adapter: cortex
* fix(md-docs): add info about bid params
* fix(types): update types for BidParams
---------
Co-authored-by: Cortex Dev <dev@cortexch.it>
* Module Fix: `mergeConfig` failing to apply custom `priceGranularity` (and fix `mediaTypePriceGranularity` setter) (#14815)
* fix: allow mergeConfig to overwrite primitives with objects and fix mediaTypePriceGranularity setter
* test: add regression test for mergeConfig with custom priceGranularity
* Refactor mergeConfig regression test for clarity
Removed unnecessary blank line and updated comment formatting.
---------
Co-authored-by: Patrick McCann <pmccann@cafemedia.com>
* BrainX Adapter: simplify test adm and crid fixtures (#14822)
* Bid Adapters: simplify discovery and bliink test adm fixtures (#14823)
* Pigeoon bid adapter: initial release (#14786)
* Add Pigeoon bid adapter
* Fix GDPR flag, replace cookie with StorageManager, remove native support, use text/plain content-type
* Fix GDPR flag, replace cookie with StorageManager, remove native support, use text/plain content-type
* Fix linting: use 2 space indentation
* Trigger CI
* Simplify documentation to match Prebid standard format
* Add JSDoc types and simplify documentation
---------
Co-authored-by: OSMAN YAVUZ PİŞKİN <osman.piskin01@outlook.com>
Co-authored-by: Patrick McCann <patmmccann@gmail.com>
* Intenze Adapter: stabilize endpoint URL assertions in tests (#14790)
* Lotame Id module: reset Lotame storage config between getId calls in tests (#14824)
* Core: reset Lotame storage config per getId call
* Core: use per-request Lotame storage config in async callback
* Core: replace body-parser usage with express parsers (#14825)
* ReVantage Bid Adapter: add gvlid (#14829)
* Create revantageBidAdapter.js
* Create revantageBidAdapter.md
* Update revantageBidAdapter.js
* Update revantageBidAdapter.js
* Update revantageBidAdapter.js
* Update revantageBidAdapter.js
Fixed trailing slash Error on Line 123
* Create revantageBidAdapter_spec.js
* Update revantageBidAdapter_spec.js
Fixed Trailing slashes (again)
* Update revantageBidAdapter_spec.js
* Update revantageBidAdapter_spec.js
same thing again
* Refactor Revantage Bid Adapter for media types and bids
Refactor Revantage Bid Adapter to use media type constants and improve bid response handling.
* Refactor RevantageBidAdapter tests for GPP consent
* Update modules/revantageBidAdapter.md
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Update modules/revantageBidAdapter.md
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Validate feedId consistency in batch bid requests
Added validation to ensure all bid requests in a batch have the same feedId, logging a warning if they do not.
* Add test for rejecting batch with different feedIds
* Update syncOptions for image sync URL parameters
* Update sync URL to use 'tag=img' instead of 'type=img'
* Update print statement from 'Hello' to 'Goodbye'
* fixed
* Enhance video bid handling and add utility functions
Added functions to handle video size extraction and VAST detection.
* Add gvlid to revantageBidAdapter
---------
Co-authored-by: Patrick McCann <pmccann@cafemedia.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Percent in view library: guard viewability observer against non-elements (#14709)
* Build system: do not run Intersection.observe of mock elements during tests
* fix stub not always active
---------
Co-authored-by: Demetrio Girardi <dgirardi@prebid.org>
* Viously Adapter: normalize nurl test URLs to avoid chunk noise (#14801)
* Asterio Bid Adapter: add initial bidder adapter (#14691)
* Asterio Bid Adapter: add initial bid adapter
* Asterio Bid Adapter: corrected documentation
* Asterio Bid Adapter: review fixes
* Asterio Bid Adapter: migrating to typescript
---------
Co-authored-by: Denis Anoykin <aden@asteriosoft.com>
* relayBidAdapter.js: remove gvl id (#14830)
* Remove GVLID constant from relayBidAdapter.js
Removed the GVLID constant from relayBidAdapter.js
* Update relayBidAdapter.js
* MSFT Bid Adapter - support video.placement and video.plcmt (#14832)
* Prebid 11.10.0 release
* Increment version to 11.11.0-pre
* Bump actions/github-script from 8 to 9 (#14834)
Bumps [actions/github-script](https://github.com/actions/github-script) from 8 to 9.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v8...v9)
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-version: '9'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Core: allow async event handlers (#14828)
* Core: allow async event handlers
* lint
* Remove isA function from objects.ts
Removed isA function that checks object type.
* Remove isA tests from utils_spec.js
Removed tests for the isA function from utils_spec.js.
* Clean up documentation for isFn function
Removed unnecessary parameter documentation from isFn function.
---------
Co-authored-by: Patrick McCann <patmmccann@gmail.com>
* stub out more storagemanager methods (#14836)
* SeedingAlliance Bid Adapter: handle eventtrackers correctly (#14800)
* seedingAlliance: handle eventtrackers correctly
* fix unit test
* increase test coverage
* New Adapter: TeqBlaze Demo (#14837)
* added ts for teqblaze utils and some fixes
* New Adapter: TeqBlaze Demo
* update readme
* Fix formatting in TeqBlaze Demo Bid Adapter documentation
---------
Co-authored-by: Patrick McCann <pmccann@cafemedia.com>
* Github Actions: Auto-label PRs touching core modules in PR-assignment-deps workflow (#14820)
* CI: fix GPP control module names for core labeling
* CI: skip core labeling when token is read-only
* move label assignment to PR assignment job
---------
Co-authored-by: Demetrio Girardi <dgirardi@prebid.org>
* Core: add release drafter category for core-tagged PRs (#14821)
* Core: add release drafter category for core-tagged PRs
* Core: move core release-drafter section above features
* Bump axios from 1.15.0 to 1.16.0 (#14842)
Bumps [axios](https://github.com/axios/axios) from 1.15.0 to 1.16.0.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v1.15.0...v1.16.0)
---
updated-dependencies:
- dependency-name: axios
dependency-version: 1.16.0
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* NaveggIdSystem: fix spurious test failures (#14841)
* NaveggIdSystem: fix spurious test failures
* Fix extra directory
* Conceptx Bid Adapter: Update site property values (#14831)
* New adapter: concepx
* Syntax change
* Revert syntax change
* Defensive check for response from bidder server
* Add better validation for the request
* Merge branch 'master' of https://github.com/prebid/Prebid.js
* Don't append url on every buildrequest
* Add gvlId to conceptX
* Change conceptx adapter, to directly request our PBS
* Add empty getUserSync, as the syncing will be delegated (runPbsCookieSync)
* Update conceptx bid adapter with modified site params sent
* add params type + tests
---------
Co-authored-by: Patrick McCann <patmmccann@gmail.com>
* MGID Bid Adapter: migrate to ortbConverter (#14761)
Co-authored-by: Erik Poul <erik.poul@mgid.com>
* Fix github token; exclude top-level file changes from being considered core (#14843)
* Attekmi: add regions (#14833)
* Attekmi: add region to Markapp
* syntax fix
* Markapp uses only http protocol
* endpoints update to https
* Attekmi: add regions
* fixes on review
* eslint fixes
* tests extended and fixed
---------
Co-authored-by: Victor <victor.banudz@smart-hub.io>
Co-authored-by: Patrick McCann <patmmccann@gmail.com>
* Core: map teqBlaze demo adapter to metadata component (#14844)
* ssp_geniee Adapter: use request-scoped client hints (#14747)
* ssp_geniee Adapter: use request client hints
* Update ssp_genieeBidAdapter.js
* Prebid 11.11.0 release
* Increment version to 11.12.0-pre
* Bump ip-address and socks (#14845)
Bumps [ip-address](https://github.com/beaugunderson/ip-address) and [socks](https://github.com/JoshGlazebrook/socks). These dependencies needed to be updated together.
Updates `ip-address` from 9.0.5 to 10.2.0
- [Commits](https://github.com/beaugunderson/ip-address/commits)
Updates `socks` from 2.8.4 to 2.8.8
- [Release notes](https://github.com/JoshGlazebrook/socks/releases)
- [Commits](https://github.com/JoshGlazebrook/socks/compare/2.8.4...2.8.8)
---
updated-dependencies:
- dependency-name: ip-address
dependency-version: 10.2.0
dependency-type: indirect
- dependency-name: socks
dependency-version: 2.8.8
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump basic-ftp from 5.3.0 to 5.3.1 (#14847)
Bumps [basic-ftp](https://github.com/patrickjuchli/basic-ftp) from 5.3.0 to 5.3.1.
- [Release notes](https://github.com/patrickjuchli/basic-ftp/releases)
- [Changelog](https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md)
- [Commits](https://github.com/patrickjuchli/basic-ftp/compare/v5.3.0...v5.3.1)
---
updated-dependencies:
- dependency-name: basic-ftp
dependency-version: 5.3.1
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Remove gulp-wrap dependency and clean up package files (#14846)
* Build: remove gulp-wrap dependency to eliminate consolidate
* Build: remove gulp-wrap usage from precompilation
* pass in imp.displaymanager and img.displaymanagerver (#14857)
Co-authored-by: Shuhao <shuhao.qgg.zhang@gmail.com>
* CI: fix coveralls base comparison for PR branches (#14813)
* CI: compute coveralls base commit from merge-base
* CI: fetch full base branch history for merge-base
* CI: isolate coveralls upload to dedicated coverage run
* remove additional test run
* Fix source maps
* remove unused variable
---------
Co-authored-by: Demetrio Girardi <dgirardi@prebid.org>
* Bump fast-xml-builder from 1.1.5 to 1.2.0 (#14862)
Bumps [fast-xml-builder](https://github.com/NaturalIntelligence/fast-xml-builder) from 1.1.5 to 1.2.0.
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-builder/blob/main/CHANGELOG.md)
- [Commits](https://github.com/NaturalIntelligence/fast-xml-builder/compare/v1.1.5...v1.2.0)
---
updated-dependencies:
- dependency-name: fast-xml-builder
dependency-version: 1.2.0
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump fast-uri from 3.1.0 to 3.1.2 (#14864)
Bumps [fast-uri](https://github.com/fastify/fast-uri) from 3.1.0 to 3.1.2.
- [Release notes](https://github.com/fastify/fast-uri/releases)
- [Commits](https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2)
---
updated-dependencies:
- dependency-name: fast-uri
dependency-version: 3.1.2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump @babel/plugin-transform-modules-systemjs from 7.28.5 to 7.29.4 (#14865)
Bumps [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) from 7.28.5 to 7.29.4.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs)
---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-modules-systemjs"
dependency-version: 7.29.4
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bliink Adapter: replace long VAST event token fixture (#14848)
* mileRtdProvider initial commit (#14636)
* mileRtdProvider initial commit
* removing the isFlooringEnforcedForAuction gate
* converted to typescript and removed the flooringEnforcedCheck inside the RTD module
* using adUnit.adserverTargeting
---------
Co-authored-by: JP Mohan <jpmohan@MacBook-Pro-9.local>
* Core Typescript types: Add bidCacheFilterFunction to types (#14869)
* Add bidCacheFilterFunction to types
* Fix linting errors
* Native Agents Bid Adapter: add new adapter (#14755)
* New adapter: Native Agents
* NativeAgents Bid Adapter: add TypeScript BidderParams type augmentation
* NativeAgents Bid Adapter: rename bider code to ntvagents
* Abtshield id system prebid (#14861)
* ABTShield User ID Adapter: add ID system
* ABT Shield ID System: add SIVT segment
* ABT Shield ID System: scope credentialed requests
* Require storage config with 1-day minimum TTL in abtshieldIdSystem
Add validation to reject missing or incomplete storage configuration and enforce a 1-day minimum for `storage.expires` to bound MCR request volume. Update TypeScript definitions to make storage fields required with documentation. Add comprehensive test coverage for validation logic.
* Bump @wdio/browserstack-service from 9.19.1 to 9.23.3 (#14871)
Bumps [@wdio/browserstack-service](https://github.com/webdriverio/webdriverio/tree/HEAD/packages/wdio-browserstack-service) from 9.19.1 to 9.23.3.
- [Release notes](https://github.com/webdriverio/webdriverio/releases)
- [Changelog](https://github.com/webdriverio/webdriverio/blob/main/CHANGELOG.md)
- [Commits](https://github.com/webdriverio/webdriverio/commits/v9.23.3/packages/wdio-browserstack-service)
---
updated-dependencies:
- dependency-name: "@wdio/browserstack-service"
dependency-version: 9.23.3
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fluct Bid Adapter: add ortb2Imp.ext.data and rwdd signals (#14872)
* add instl support
* falseの場合も明示的に送信するようにした
* fluct Bid Adapter: add ortb2Imp.ext.data and rwdd signals
Pass impression-level custom targeting data (ortb2Imp.ext.data) and
rewarded ad flag (ortb2Imp.rwdd) to the fluct server to improve
signal coverage and enable rewarded inventory differentiation.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: yosei-ito <ca01423@cartahd.com>
Co-authored-by: himu62 <ca00732@cartahd.com>
Co-authored-by: himu <himu62@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* Clear Livewrapped analytics cache when pbjs.clearAllAuctions is called (#14870)
* feat(hypelabBidAdapter): migrate to OpenRTB 2.6 endpoint (#14863)
Migrate HypeLab bid adapter from custom /v1/prebid_requests format to
OpenRTB 2.6-compliant /v1/rtb_requests endpoint using Prebid's built-in
ortbConverter. Remove legacy event reporting callbacks (onTimeout,
onSetTargeting, onBidderError); keep onBidWon to fire burl pixel.
* Currency: fix bug where conversion rates are sometimes reset to defaultRates (#14878)
* Currency: fix bug where conversion rates are sometimes reset to defaultRates
* allow for multiple settings of defaultRates
* CI: do not auto-assign reviewers o…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Type of change
Description of change
Adds the initial Ferio (
ferio) bidder adapter for Prebid.js.Included functionality:
https://ferio.bid/pbjs/bidusing Prebid'sortbConverterandpbsExtensions.publisherId,adUnitId, andtenantIdbidder params.FerioBidParamsTypeScript declarations for the public params interface.Maintainer contact:
Test parameters:
Other information
Docs PR: (prebid/prebid.github.io#6568)
Company: Ferio Flow
This PR includes:
modules/ferioBidAdapter.jslibraries/ferioUtils/bidderUtils.jsmodules/ferioBidAdapter.mdmodules/ferioBidAdapterTypes.d.tstest/spec/modules/ferioBidAdapter_spec.jsUnit coverage covers bid validation, OpenRTB request construction, banner/video/native impression generation, response parsing, media type inference, privacy fields, EIDs, user sync URL generation, and the shared Ferio helper's alias configuration path.
Coverage: 100% source functions, 94.6% source lines, 85.0% source branches.
Local checks:
npx eslint modules/ferioBidAdapter.js libraries/ferioUtils/bidderUtils.js test/spec/modules/ferioBidAdapter_spec.js --cache --cache-strategy contentnpx gulp test-coverage --file test/spec/modules/ferioBidAdapter_spec.js- 25 tests completed