[pull] main from microsoft:main#1455
Merged
Merged
Conversation
…ton-manage-models Restrict 'Configure...' action to non-default vendors
…l-node in /build (#317843) * build(deps): bump uuid, @azure/cosmos, @azure/identity and @azure/msal-node Removes [uuid](https://github.com/uuidjs/uuid). It's no longer used after updating ancestor dependencies [uuid](https://github.com/uuidjs/uuid), [@azure/cosmos](https://github.com/Azure/azure-sdk-for-js), [@azure/identity](https://github.com/Azure/azure-sdk-for-js) and [@azure/msal-node](https://github.com/AzureAD/microsoft-authentication-library-for-js). These dependencies need to be updated together. Removes `uuid` Updates `@azure/cosmos` from 3.17.3 to 4.9.3 - [Release notes](https://github.com/Azure/azure-sdk-for-js/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-js/blob/main/documentation/Changelog-for-next-generation.md) - [Commits](https://github.com/Azure/azure-sdk-for-js/compare/@azure/cosmos_3.17.3...@azure/cosmos_4.9.3) Updates `@azure/identity` from 4.2.1 to 4.13.1 - [Release notes](https://github.com/Azure/azure-sdk-for-js/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-js/blob/main/documentation/Changelog-for-next-generation.md) - [Commits](https://github.com/Azure/azure-sdk-for-js/compare/@azure/identity_4.2.1...@azure/identity_4.13.1) Updates `@azure/msal-node` from 2.16.1 to 5.2.2 - [Release notes](https://github.com/AzureAD/microsoft-authentication-library-for-js/releases) - [Commits](AzureAD/microsoft-authentication-library-for-js@msal-node-v2.16.1...msal-node-v5.2.2) --- updated-dependencies: - dependency-name: uuid dependency-version: dependency-type: indirect - dependency-name: "@azure/cosmos" dependency-version: 4.9.3 dependency-type: direct:development - dependency-name: "@azure/identity" dependency-version: 4.13.1 dependency-type: direct:development - dependency-name: "@azure/msal-node" dependency-version: 5.2.2 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> * fix: cast AZDO JSON response to generic type in publish helper Agent-Logs-Url: https://github.com/microsoft/vscode/sessions/281c0c8f-fd7e-49b9-99f3-eb9522cd6cee Co-authored-by: rzhao271 <7199958+rzhao271@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: rzhao271 <7199958+rzhao271@users.noreply.github.com>
…nt-provider Enable custom endpoint provider in package.json
Bumps [qs](https://github.com/ljharb/qs) from 6.14.2 to 6.15.2. - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.2...v6.15.2) --- updated-dependencies: - dependency-name: qs dependency-version: 6.15.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Mark node_module pipeline artifacts as production
…18033) * Chat sessions: add legacyResource for one-way URI state migration Adds a backwards-compat field on ChatSessionItem so providers can declare that an item was previously known by a different URI. The host adopts archived/pinned/read state stored under the legacy URI forward on first read, then removes the legacy entry — letting providers change their URI shape without losing user state. - vscode.proposed.chatSessionsProvider.d.ts: new `legacyResource?: Uri` field. - IChatSessionItem: matching field. - extHostTypeConverters.ts: propagate through ChatSessionItem.from. - MainThreadChatSessionItem: revive and include in isEqual. - AgentSessionsModel: new private resolveStateEntry helper that consults the legacy URI as a fallback and adopts the entry forward. isArchived and isPinned use it. Cross-scheme and self-referential mappings are rejected. Cache serialization carries legacyResource through restarts. - agentSessionViewModel.test.ts: 7 focused tests covering migration semantics. * Address review: route all state accessors through resolveStateEntry isMarkedUnread and setRead were reading/writing sessionStates directly under the current resource, so an explicit unread marker on the legacy URI could be missed and setArchived's pre-call to setRead could establish an own entry under the new URI before isArchived triggered the migration — orphaning the legacy entry. - isMarkedUnread: route through resolveStateEntry. - isRead: read storedReadDate via resolveStateEntry. - setRead: adopt legacy state forward before composing the new entry. - setArchived/setPinned: read prior state via resolveStateEntry for consistency. - New test: migrates unread marker forward (covers the full per-resource state contract claimed in the docs).
Some MCP OAuth flows require a client secret in addition to the public client_id. Storing the secret in plain-text mcp.json is unacceptable, so this change moves the secret out of config and into the workbench secret storage service. Changes: - A new "Set/Replace Client Secret" codelens is shown above the oauth.clientId property in mcp.json. The label flips between Set and Replace based on whether a secret is already stored. The codelens is only shown when the server has a url (OAuth requires HTTP). - The codelens opens a QuickInput. When a secret is already stored the input is pre-seeded with the existing value (select-all so it can be replaced or cleared with Backspace), a trash titlebar button deletes the stored secret, and an eye/eye-closed toggle reveals/hides the password masking. - Secrets are keyed by the MCP server URL plus the clientId, so two servers with the same name in different configs (workspace vs user mcp.json) don't collide. - The stored secret is threaded through createDynamicAuthenticationProvider -> IAuthenticationProviderHostDelegate.create -> $registerDynamicAuthProvider so that DynamicAuthProvider is constructed with the resolved secret and uses it in the token exchange. The lookup happens before provider creation in mainThreadMcp.$getTokenFromServerMetadata. - If an MCP auth provider was already registered with a different client secret than the one currently stored (e.g. the user just replaced or deleted it via the QuickInput), the provider is unregistered and re-created so the next token exchange uses the freshly resolved secret. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- fileTreeParser: reject node names that are empty, '.', '..', or contain '/' or '\\'; throw on unsafe project root names. Filters unsafe child node names from the parsed tree. - newWorkspaceFollowup: replace the platform-aware path.relative destination computation (which resolved a relative projectRoot against process.cwd() on Windows) with a posix prefix-strip helper, resolveProjectFileUri. Add a runtime isUriContained guard before writeFile so any traversal that slips past the parser cannot escape the generated workspace folder. - Tests: cover unsafe node names, the PoC tree, isUriContained edge cases (prefix collision, scheme/authority, trailing slash), and resolveProjectFileUri for both copilot and GitHub repo-template path shapes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
10 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )