[BUG] OWASP getLatest() fetches a 404

[alegarciadelrio]

Describe the bug

OWASP.getLatest() fetches the latest secure-headers definitions from https://owasp.org/www-project-secure-headers/ci/headers_add.json. Following OWASP's project migration off their CMS and onto GitHub, that URL now returns HTTP 404. Because the fetch logic in src/owasp.js treats any non-200 response as a signal to fall back to the bundled json/owasp.json, the failure is silent — the plugin keeps working but always uses the stale bundled defaults and never picks up upstream header updates.

The official OWASP notice confirms the move: the project content now lives at https://github.com/OWASP/www-project-secure-headers, and the data file is available at https://raw.githubusercontent.com/OWASP/www-project-secure-headers/master/ci/headers_add.json (returns 200).

To Reproduce

Steps to reproduce the behavior:

serverless.yml
  ...
  custom:
    documentation:
      securityHeaders:
        cacheControl: true
        xFrameOptions: true

1. Run the documentation generation command.
2. Observe (e.g. via a debugger or by adding a log) that the request to https://owasp.org/www-project-secure-headers/ci/headers_add.json returns a 404.
3. The plugin silently falls back to the bundled json/owasp.json instead of the live OWASP definitions.

Or reproduce the root cause directly:

curl -s -o /dev/null -w "%{http_code}\n" https://owasp.org/www-project-secure-headers/ci/headers_add.json
# -> 404
curl -s -o /dev/null -w "%{http_code}\n" https://raw.githubusercontent.com/OWASP/www-project-secure-headers/master/ci/headers_add.json
# -> 200

Expected behavior

getLatest() should successfully retrieve the current OWASP secure-headers definitions from the new GitHub-hosted location so the generated OpenAPI spec reflects up-to-date header values, rather than silently falling back to the bundled copy.

Desktop (please complete the following information):

• Serverless version: [e.g. 3.x — fill in your version]
• serverless-openapi-documenter version: 0.1.1

Additional context

• Root cause is the OWASP project's migration to GitHub; the old owasp.org/.../ci/headers_add.json path is gone.
• The same migration also breaks two documentation anchor links that point at owasp.org/www-project-secure-headers/#pragma and #x-permitted-cross-domain-policies (in README.md, src/owasp.js, and src/definitionGenerator.js) — the page still loads but those sections no longer exist there; the content moved to mainsite/01_headers.md in the new repo.
• I have a fix ready (update the fetch URL to the new raw GitHub location, update the affected unit-test nock mocks, and optionally add a console.warn on the fallback path so future breakage isn't silent). I'd like to request collaborator/contributor access to open a PR — or, if you'd prefer, I'm happy to submit it from a fork.

[alegarciadelrio]

I'd like to request collaborator/contributor access to open a PR if it is ok. thank u

[nicolasse]

+1

[JaredCE]

@alegarciadelrio, i'm not so keen on giving contributor access, but you're more than welcome to fork and open a PR with the required changes.

[alegarciadelrio]

@JaredCE , sure we can. Let me create it. Thank you Jared.

[JaredCE]

I have now pushed out the fix in 0.1.2

[alegarciadelrio]

Ok, just updated to the latest version and It is working. Thank you @JaredCE .