In July 2021, Apple updated their password-manager-resources repo and added a new format for handling websites that share credentials on the backend. The new format, introduced in this PR introduces some new syntax and behaviors to make the shared relationships between websites more granular and more clear.

Previously, all relationships established in websites-with-shared-credentials.json were two-way relationships. The new behavior introduces one-way credential mapping via this kind of object:

{
    "fromDomainsAreObsoleted": true,
    "from": [
        "website.com",
        "website.net"
    ],
    "to": [
      "otherwebsite.org"
    ]
},

More details about this new format and its definitions can be found in this RFC PR.

This new format also introduces a historical shared credential file that can be used for password reuse warnings and other helpful password manager operations. We wouldn't want to use this historical data to fill in logins, but could be useful.

We should update our code to take advantage of this new behavior