Register ~spam label to close issues#1880
Closed
benvillalobos wants to merge 515 commits into
Closed
Conversation
- add eslint.config.mjs (copied over eslintignore into the file as well) - fixed package.json script due to deprecation of `--ext` - few small linting issues arose as a result which I just added eslint ignores by hand
create plugin so GPDR comments that are incorrect error on linting.
- delete .eslintrc and .eslintignore files - the new config file (eslint.config.mjs) now handles both of these functionalities.
…#24903) Fixes #24904 Follow up to microsoft/vscode#243276 This is to ensure that we only show the survey feedback if VS Code's `telemetry.disableFeedback` setting isn't enabled
Hello! [According to the docs](https://docs.conda.io/projects/conda/en/stable/user-guide/configuration/settings.html#ssl-verify-ssl-verification), the ssl_verify option should support strings (for certificate paths and `truststore`)
Bumps [tar-fs](https://github.com/mafintosh/tar-fs) from 2.1.1 to 2.1.2. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/mafintosh/tar-fs/commit/d97731b0e1b8a244ab859784b514cfcf5585ad3d"><code>d97731b</code></a> 2.1.2</li> <li><a href="https://github.com/mafintosh/tar-fs/commit/fd1634e869e7c5f85948e95eabdaa8451a085de5"><code>fd1634e</code></a> symlink tweak from main</li> <li>See full diff in <a href="https://github.com/mafintosh/tar-fs/compare/v2.1.1...v2.1.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/vscode-python/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Resolves: #24359 Definitely warrants scrutiny / input as I've never written typescript before. Solved with trial and error + LLMs. --------- Co-authored-by: Anthony Kim <anthonykim@microsoft.com> Co-authored-by: Anthony Kim <62267334+anthonykim1@users.noreply.github.com>
This should've been part of #23067 Removing debris, making package.json look cleaner. /cc @cwebster-99
#24199 Co-authored-by: Danila Grobov (s4642g) <danila.grobov@seb.se>
Related to this issue: #24199 @mcobalchinisoftfocus Discovered an issue with older django versions, which didn't have the main function in the manage.py #24927 (comment) I've fixed this issue by executing the code in manage.py with __name__ set to __main__ instead of relying on main function being there. I've also adjusted the test, so that it would cover this case.
Add GDPR tags for telemetry event --------- Co-authored-by: Karthik Nadig <kanadig@microsoft.com>
Bumps [typing-extensions](https://github.com/python/typing_extensions) from 4.12.2 to 4.13.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/python/typing_extensions/releases">typing-extensions's releases</a>.</em></p> <blockquote> <h2>4.13.2</h2> <ul> <li>Fix <code>TypeError</code> when taking the union of <code>typing_extensions.TypeAliasType</code> and a <code>typing.TypeAliasType</code> on Python 3.12 and 3.13. Patch by <a href="https://github.com/jorenham">Joren Hammudoglu</a>.</li> <li>Backport from CPython PR <a href="https://redirect.github.com/python/cpython/pull/132160">#132160</a> to avoid having user arguments shadowed in generated <code>__new__</code> by <code>@typing_extensions.deprecated</code>. Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li> </ul> <h2>4.13.1</h2> <p>This is a bugfix release fixing two edge cases that appear on old bugfix releases of CPython.</p> <p>Bugfixes:</p> <ul> <li>Fix regression in 4.13.0 on Python 3.10.2 causing a <code>TypeError</code> when using <code>Concatenate</code>. Patch by <a href="https://github.com/Daraan">Daraan</a>.</li> <li>Fix <code>TypeError</code> when using <code>evaluate_forward_ref</code> on Python 3.10.1-2 and 3.9.8-10. Patch by <a href="https://github.com/Daraan">Daraan</a>.</li> </ul> <h2>4.13.0</h2> <p>New features:</p> <ul> <li>Add <code>typing_extensions.TypeForm</code> from PEP 747. Patch by Jelle Zijlstra.</li> <li>Add <code>typing_extensions.get_annotations</code>, a backport of <code>inspect.get_annotations</code> that adds features specified by PEP 649. Patches by Jelle Zijlstra and Alex Waygood.</li> <li>Backport <code>evaluate_forward_ref</code> from CPython PR <a href="https://redirect.github.com/python/cpython/pull/119891">#119891</a> to evaluate <code>ForwardRef</code>s. Patch by <a href="https://github.com/Daraan">Daraan</a>, backporting a CPython PR by Jelle Zijlstra.</li> </ul> <p>Bugfixes and changed features:</p> <ul> <li>Update PEP 728 implementation to a newer version of the PEP. Patch by Jelle Zijlstra.</li> <li>Copy the coroutine status of functions and methods wrapped with <code>@typing_extensions.deprecated</code>. Patch by Sebastian Rittau.</li> <li>Fix bug where <code>TypeAliasType</code> instances could be subscripted even where they were not generic. Patch by <a href="https://github.com/Daraan">Daraan</a>.</li> <li>Fix bug where a subscripted <code>TypeAliasType</code> instance did not have all attributes of the original <code>TypeAliasType</code> instance on older Python versions. Patch by <a href="https://github.com/Daraan">Daraan</a> and Alex Waygood.</li> <li>Fix bug where subscripted <code>TypeAliasType</code> instances (and some other subscripted objects) had wrong parameters if they were directly subscripted with an <code>Unpack</code> object. Patch by <a href="https://github.com/Daraan">Daraan</a>.</li> <li>Backport to Python 3.10 the ability to substitute <code>...</code> in generic <code>Callable</code> aliases that have a <code>Concatenate</code> special form as their argument. Patch by <a href="https://github.com/Daraan">Daraan</a>.</li> <li>Extended the <code>Concatenate</code> backport for Python 3.8-3.10 to now accept <code>Ellipsis</code> as an argument. Patch by <a href="https://github.com/Daraan">Daraan</a>.</li> <li>Fix backport of <code>get_type_hints</code> to reflect Python 3.11+ behavior which does not add</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python/typing_extensions/blob/main/CHANGELOG.md">typing-extensions's changelog</a>.</em></p> <blockquote> <h1>Release 4.13.2 (April 10, 2025)</h1> <ul> <li>Fix <code>TypeError</code> when taking the union of <code>typing_extensions.TypeAliasType</code> and a <code>typing.TypeAliasType</code> on Python 3.12 and 3.13. Patch by <a href="https://github.com/jorenham">Joren Hammudoglu</a>.</li> <li>Backport from CPython PR <a href="https://redirect.github.com/python/cpython/pull/132160">#132160</a> to avoid having user arguments shadowed in generated <code>__new__</code> by <code>@typing_extensions.deprecated</code>. Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li> </ul> <h1>Release 4.13.1 (April 3, 2025)</h1> <p>Bugfixes:</p> <ul> <li>Fix regression in 4.13.0 on Python 3.10.2 causing a <code>TypeError</code> when using <code>Concatenate</code>. Patch by <a href="https://github.com/Daraan">Daraan</a>.</li> <li>Fix <code>TypeError</code> when using <code>evaluate_forward_ref</code> on Python 3.10.1-2 and 3.9.8-10. Patch by <a href="https://github.com/Daraan">Daraan</a>.</li> </ul> <h1>Release 4.13.0 (March 25, 2025)</h1> <p>No user-facing changes since 4.13.0rc1.</p> <h1>Release 4.13.0rc1 (March 18, 2025)</h1> <p>New features:</p> <ul> <li>Add <code>typing_extensions.TypeForm</code> from PEP 747. Patch by Jelle Zijlstra.</li> <li>Add <code>typing_extensions.get_annotations</code>, a backport of <code>inspect.get_annotations</code> that adds features specified by PEP 649. Patches by Jelle Zijlstra and Alex Waygood.</li> <li>Backport <code>evaluate_forward_ref</code> from CPython PR <a href="https://redirect.github.com/python/cpython/pull/119891">#119891</a> to evaluate <code>ForwardRef</code>s. Patch by <a href="https://github.com/Daraan">Daraan</a>, backporting a CPython PR by Jelle Zijlstra.</li> </ul> <p>Bugfixes and changed features:</p> <ul> <li>Update PEP 728 implementation to a newer version of the PEP. Patch by Jelle Zijlstra.</li> <li>Copy the coroutine status of functions and methods wrapped with <code>@typing_extensions.deprecated</code>. Patch by Sebastian Rittau.</li> <li>Fix bug where <code>TypeAliasType</code> instances could be subscripted even where they were not generic. Patch by <a href="https://github.com/Daraan">Daraan</a>.</li> <li>Fix bug where a subscripted <code>TypeAliasType</code> instance did not have all attributes of the original <code>TypeAliasType</code> instance on older Python versions. Patch by <a href="https://github.com/Daraan">Daraan</a> and Alex Waygood.</li> <li>Fix bug where subscripted <code>TypeAliasType</code> instances (and some other subscripted objects) had wrong parameters if they were directly subscripted with an <code>Unpack</code> object. Patch by <a href="https://github.com/Daraan">Daraan</a>.</li> <li>Backport to Python 3.10 the ability to substitute <code>...</code> in generic <code>Callable</code></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python/typing_extensions/commit/4525e9dbbd177b4ef8a84f55ff5fe127582a071d"><code>4525e9d</code></a> Prepare release 4.13.2 (<a href="https://redirect.github.com/python/typing_extensions/issues/583">#583</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/88a0c200ceb0ccfe4329d3db8a1a863a2381e44c"><code>88a0c20</code></a> Do not shadow user arguments in generated <code>__new__</code> by <code>@deprecated</code> (<a href="https://redirect.github.com/python/typing_extensions/issues/581">#581</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/281d7b0ca6edad384e641d1066b759c280602919"><code>281d7b0</code></a> Add 3rd party tests for litestar (<a href="https://redirect.github.com/python/typing_extensions/issues/578">#578</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/8092c3996f4902ad9c74ac2d1d8dd19371ecbaa3"><code>8092c39</code></a> fix <code>TypeAliasType</code> union with <code>typing.TypeAliasType</code> (<a href="https://redirect.github.com/python/typing_extensions/issues/575">#575</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/45a8847aad979d2f1f7dff075ac52df5df7b7adb"><code>45a8847</code></a> Prepare release 4.13.1 (<a href="https://redirect.github.com/python/typing_extensions/issues/573">#573</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/f264e58146479d2d8456dd6e660d785dc07d6f26"><code>f264e58</code></a> Move CI to "ubuntu-latest" (round 2) (<a href="https://redirect.github.com/python/typing_extensions/issues/570">#570</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/5ce0e69b20992f8bf410849a31381cd656e3eb6b"><code>5ce0e69</code></a> Fix TypeError with evaluate_forward_ref on some 3.10 and 3.9 versions (<a href="https://redirect.github.com/python/typing_extensions/issues/558">#558</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/304f5cb17d709950ece3e9c84a76174bf7405b90"><code>304f5cb</code></a> Add SQLAlchemy to third-party daily tests (<a href="https://redirect.github.com/python/typing_extensions/issues/561">#561</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/ebe2b9405c493749429de6c82c8daddd1107c9e2"><code>ebe2b94</code></a> Fix duplicated keywords for typing._ConcatenateGenericAlias in 3.10.2 (<a href="https://redirect.github.com/python/typing_extensions/issues/557">#557</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/9f93d6fb752698504d80b1ed0c73b0a2a9d0cff6"><code>9f93d6f</code></a> Add intersphinx links for 3.13 typing features (<a href="https://redirect.github.com/python/typing_extensions/issues/550">#550</a>)</li> <li>Additional commits viewable in <a href="https://github.com/python/typing_extensions/compare/4.12.2...4.13.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
added some pylance specific telemetries
Bumps [packaging](https://github.com/pypa/packaging) from 25.0 to 26.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/packaging/releases">packaging's releases</a>.</em></p> <blockquote> <h2>26.0</h2> <p>Read about the performance improvements here: <a href="https://iscinumpy.dev/post/packaging-faster">https://iscinumpy.dev/post/packaging-faster</a>.</p> <h2>What's Changed</h2> <p>Features:</p> <ul> <li>PEP 751: support pylock by <a href="https://github.com/sbidoul"><code>@sbidoul</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/900">pypa/packaging#900</a></li> <li>PEP 794: import name metadata by <a href="https://github.com/brettcannon"><code>@brettcannon</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/948">pypa/packaging#948</a></li> <li>Support writing metadata by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/846">pypa/packaging#846</a></li> <li>Support <code>__replace__</code> for <code>Version</code> by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1003">pypa/packaging#1003</a></li> <li>Support positional pattern matching for <code>Version</code> and <code>Specifier</code> by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1004">pypa/packaging#1004</a></li> </ul> <p>Behavior adaptations:</p> <ul> <li>PEP 440 handling of prereleases for <code>Specifier.contains</code>, <code>SpecifierSet.contains</code>, and <code>SpecifierSet.filter</code> by <a href="https://github.com/notatallshaw"><code>@notatallshaw</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/897">pypa/packaging#897</a></li> <li>Handle PEP 440 edge case in <code>SpecifierSet.filter</code> by <a href="https://github.com/notatallshaw"><code>@notatallshaw</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/942">pypa/packaging#942</a></li> <li>Adjust arbitrary equality intersection preservation in <code>SpecifierSet</code> by <a href="https://github.com/notatallshaw"><code>@notatallshaw</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/951">pypa/packaging#951</a></li> <li>Return <code>False</code> instead of raising for <code>.contains</code> with invalid version by <a href="https://github.com/Liam-DeVoe"><code>@Liam-DeVoe</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/932">pypa/packaging#932</a></li> <li>Support arbitrary equality on arbitrary strings for <code>Specifier</code> and <code>SpecifierSet</code>'s <code>filter</code> and <code>contains</code> method. by <a href="https://github.com/notatallshaw"><code>@notatallshaw</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/954">pypa/packaging#954</a></li> <li>Only try to parse as <code>Version</code> on certain marker keys, return <code>False</code> on unequal ordered comparsions by <a href="https://github.com/JP-Ellis"><code>@JP-Ellis</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/939">pypa/packaging#939</a></li> </ul> <p>Fixes:</p> <ul> <li>Update <code>_hash</code> when unpickling <code>Tag()</code> by <a href="https://github.com/dholth"><code>@dholth</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/860">pypa/packaging#860</a></li> <li>Correct comment and simplify implicit prerelease handling in <code>Specifier.prereleases</code> by <a href="https://github.com/notatallshaw"><code>@notatallshaw</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/896">pypa/packaging#896</a></li> <li>Use explicit <code>_GLibCVersion</code> <code>NamedTuple</code> in <code>_manylinux</code> by <a href="https://github.com/cthoyt"><code>@cthoyt</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/868">pypa/packaging#868</a></li> <li>Detect invalid license expressions containing <code>()</code> by <a href="https://github.com/bwoodsend"><code>@bwoodsend</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/879">pypa/packaging#879</a></li> <li>Correct regex for metadata <code>'name'</code> format by <a href="https://github.com/di"><code>@di</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/925">pypa/packaging#925</a></li> <li>Improve the message around expecting a semicolon by <a href="https://github.com/pradyunsg"><code>@pradyunsg</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/833">pypa/packaging#833</a></li> <li>Support nested parens in license expressions by <a href="https://github.com/Liam-DeVoe"><code>@Liam-DeVoe</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/931">pypa/packaging#931</a></li> <li>Add space before at symbol in <code>Requirements</code> string by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/953">pypa/packaging#953</a></li> <li>A root logger use found by ruff LOG, use <code>packaging</code> logger instead by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/965">pypa/packaging#965</a></li> <li>Better support for subclassing <code>Marker</code> and <code>Requirement</code> by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1022">pypa/packaging#1022</a></li> <li>Normalize all extras, not just if it comes first by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1024">pypa/packaging#1024</a></li> <li>Don't produce a broken repr if <code>Marker</code> fails to construct by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1033">pypa/packaging#1033</a></li> </ul> <p>Performance:</p> <ul> <li>Avoid recompiling regexes in the tokenizer for a 3x speedup by <a href="https://github.com/hauntsaninja"><code>@hauntsaninja</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1019">pypa/packaging#1019</a></li> <li>Improve performance in <code>_manylinux.py</code> by <a href="https://github.com/cthoyt"><code>@cthoyt</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/869">pypa/packaging#869</a></li> <li>Minor cleanups to <code>Version</code> by <a href="https://github.com/bearomorphism"><code>@bearomorphism</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/913">pypa/packaging#913</a></li> <li>Skip redundant creation of <code>Version</code>s in specifier comparison by <a href="https://github.com/notatallshaw"><code>@notatallshaw</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/986">pypa/packaging#986</a></li> <li>Cache <code>Specifier</code>'s Version by <a href="https://github.com/notatallshaw"><code>@notatallshaw</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/985">pypa/packaging#985</a></li> <li>Make <code>Version</code> a little faster by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/987">pypa/packaging#987</a></li> <li>Minor <code>Version</code> regex cleanup by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/990">pypa/packaging#990</a></li> <li>Faster regex on Python 3.11.5+ by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/988">pypa/packaging#988</a> and <a href="https://redirect.github.com/pypa/packaging/pull/1055">pypa/packaging#1055</a></li> <li>Lazily calculate <code>_key</code> in <code>Version</code> by <a href="https://github.com/notatallshaw"><code>@notatallshaw</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/989">pypa/packaging#989</a> and regression for <code>packaging_legacy</code> fixed by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1048">pypa/packaging#1048</a></li> <li>Faster <code>canonicalize_version</code> by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/993">pypa/packaging#993</a></li> <li>Use <code>fullmatch</code> in a couple more places by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/992">pypa/packaging#992</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/packaging/blob/main/CHANGELOG.rst">packaging's changelog</a>.</em></p> <blockquote> <p>26.0 - 2026-01-20</p> <pre><code> Features: <ul> <li>PEP 751: support pylock (:pull:<code>900</code>)</li> <li>PEP 794: import name metadata (:pull:<code>948</code>)</li> <li>Support for writing metadata to a file (:pull:<code>846</code>)</li> <li>Support <code>__replace__</code> on Version (:pull:<code>1003</code>)</li> <li>Support positional pattern matching for <code>Version</code> and <code>SpecifierSet</code> (:pull:<code>1004</code>)</li> </ul> <p>Behavior adaptations:</p> <ul> <li>PEP 440 handling of prereleases for <code>Specifier.contains</code>, <code>SpecifierSet.contains</code>, and <code>SpecifierSet.filter</code> (:pull:<code>897</code>)</li> <li>Handle PEP 440 edge case in <code>SpecifierSet.filter</code> (:pull:<code>942</code>)</li> <li>Adjust arbitrary equality intersection preservation in <code>SpecifierSet</code> (:pull:<code>951</code>)</li> <li>Return <code>False</code> instead of raising for <code>.contains</code> with invalid version (:pull:<code>932</code>)</li> <li>Support arbitrary equality on arbitrary strings for <code>Specifier</code> and <code>SpecifierSet</code>'s <code>filter</code> and <code>contains</code> method. (:pull:<code>954</code>)</li> <li>Only try to parse as <code>Version</code> on certain marker keys, return <code>False</code> on unequal ordered comparisons (:pull:<code>939</code>)</li> </ul> <p>Fixes:</p> <ul> <li>Update <code>_hash</code> when unpickling <code>Tag()</code> (:pull:<code>860</code>)</li> <li>Correct comment and simplify implicit prerelease handling in <code>Specifier.prereleases</code> (:pull:<code>896</code>)</li> <li>Use explicit <code>_GLibCVersion</code> <code>NamedTuple</code> in <code>_manylinux</code> (:pull:<code>868</code>)</li> <li>Detect invalid license expressions containing <code>()</code> (:pull:<code>879</code>)</li> <li>Correct regex for metadata <code>'name'</code> format (:pull:<code>925</code>)</li> <li>Improve the message around expecting a semicolon (:pull:<code>833</code>)</li> <li>Support nested parens in license expressions (:pull:<code>931</code>)</li> <li>Add space before at symbol in <code>Requirements</code> string (:pull:<code>953</code>)</li> <li>A root logger use found, use a <code>packaging</code> logger instead (:pull:<code>965</code>)</li> <li>Better support for subclassing <code>Marker</code> and <code>Requirement</code> (:pull:<code>1022</code>)</li> <li>Normalize all extras, not just if it comes first (:pull:<code>1024</code>)</li> <li>Don't produce a broken repr if <code>Marker</code> fails to construct (:pull:<code>1033</code>)</li> </ul> <p>Performance:</p> <ul> <li>Avoid recompiling regexes in the tokenizer for a 3x speedup (:pull:<code>1019</code>)</li> <li>Improve performance in <code>_manylinux.py</code> (:pull:<code>869</code>)</li> <li>Minor cleanups to <code>Version</code> (:pull:<code>913</code>)</li> <li>Skip redundant creation of <code>Version</code>'s in specifier comparison (:pull:<code>986</code>)</li> <li>Cache the <code>Specifier</code>'s <code>Version</code> (:pull:<code>985</code>)</li> <li>Make <code>Version</code> a little faster (:pull:<code>987</code>)</li> <li>Minor <code>Version</code> regex cleanup (:pull:<code>990</code>)</li> <li>Faster regex on Python 3.11.5+ for <code>Version</code> (:pull:<code>988</code>, :pull:<code>1055</code>)</li> <li>Lazily calculate <code>_key</code> in <code>Version</code> (:pull:<code>989</code>, :pull:<code>1048</code>)</li> <li>Faster <code>canonicalize_version</code> (:pull:<code>993</code>)</li> <li>Use <code>re.fullmatch</code> in a couple more places (:pull:<code>992</code>, :pull:<code>1029</code>)</li> <li>Use <code>map</code> instead of generator (:pull:<code>996</code>)</li> <li>Deprecate <code>._version</code> (<code>_Version</code>, a <code>NamedTuple</code>) (:pull:<code>995</code>, :pull:<code>1062</code>)<br /> </tr></table><br /> </code></pre></li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/packaging/commit/3b77a26f5a27473ad3b08194d773f325d018a2d0"><code>3b77a26</code></a> Bump for release</li> <li><a href="https://github.com/pypa/packaging/commit/31371cce593d2bde0dd8c436ecfb7d53cb91cfb6"><code>31371cc</code></a> docs: prepare for 26.0 final (<a href="https://redirect.github.com/pypa/packaging/issues/1063">#1063</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/9627a8821f09e4c55cd6e9daadb617b67c4741c2"><code>9627a88</code></a> perf: dual replace (<a href="https://redirect.github.com/pypa/packaging/issues/1064">#1064</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/d5398b8bc19f3fad7b035ceb83023caf06d6e2da"><code>d5398b8</code></a> fix: restore ._version as a compat shim (<a href="https://redirect.github.com/pypa/packaging/issues/1062">#1062</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/3a7b600a126d237b2ad3cd7e25d2cb5c176276af"><code>3a7b600</code></a> Bump for development</li> <li><a href="https://github.com/pypa/packaging/commit/d4eefdccf992e963c48011875301d93df6a7f2cc"><code>d4eefdc</code></a> Bump for release</li> <li><a href="https://github.com/pypa/packaging/commit/46189124fb43d8989d370902c80ab156eb83a45d"><code>4618912</code></a> docs: prepare for 26.0rc3 (<a href="https://redirect.github.com/pypa/packaging/issues/1060">#1060</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/0cf1b41b4b321ae08cad7d3e49cfaff5578fe813"><code>0cf1b41</code></a> ci: test on first public release of CPythons (<a href="https://redirect.github.com/pypa/packaging/issues/1056">#1056</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/716beb1c0a5d7a398bf57fbd80bc2501811e616b"><code>716beb1</code></a> perf: 10% faster stripping zeros (<a href="https://redirect.github.com/pypa/packaging/issues/1058">#1058</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/350a2306700b738f487f251efa278f532b263dee"><code>350a230</code></a> fix: support CPython 3.11.0-3.11.4 and older PyPy3.11 (<a href="https://redirect.github.com/pypa/packaging/issues/1055">#1055</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pypa/packaging/compare/25.0...26.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [qs](https://github.com/ljharb/qs) from 6.14.1 to 6.14.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ljharb/qs/blob/main/CHANGELOG.md">qs's changelog</a>.</em></p> <blockquote> <h2><strong>6.14.2</strong></h2> <ul> <li>[Fix] <code>parse</code>: mark overflow objects for indexed notation exceeding <code>arrayLimit</code> (<a href="https://redirect.github.com/ljharb/qs/issues/546">#546</a>)</li> <li>[Fix] <code>arrayLimit</code> means max count, not max index, in <code>combine</code>/<code>merge</code>/<code>parseArrayValue</code></li> <li>[Fix] <code>parse</code>: throw on <code>arrayLimit</code> exceeded with indexed notation when <code>throwOnLimitExceeded</code> is true (<a href="https://redirect.github.com/ljharb/qs/issues/529">#529</a>)</li> <li>[Fix] <code>parse</code>: enforce <code>arrayLimit</code> on <code>comma</code>-parsed values</li> <li>[Fix] <code>parse</code>: fix error message to reflect arrayLimit as max index; remove extraneous comments (<a href="https://redirect.github.com/ljharb/qs/issues/545">#545</a>)</li> <li>[Robustness] avoid <code>.push</code>, use <code>void</code></li> <li>[readme] document that <code>addQueryPrefix</code> does not add <code>?</code> to empty output (<a href="https://redirect.github.com/ljharb/qs/issues/418">#418</a>)</li> <li>[readme] clarify <code>parseArrays</code> and <code>arrayLimit</code> documentation (<a href="https://redirect.github.com/ljharb/qs/issues/543">#543</a>)</li> <li>[readme] replace runkit CI badge with shields.io check-runs badge</li> <li>[meta] fix changelog typo (<code>arrayLength</code> → <code>arrayLimit</code>)</li> <li>[actions] fix rebase workflow permissions</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ljharb/qs/commit/bdcf0c7f82387c18ac8fabfccd2f440645cef47b"><code>bdcf0c7</code></a> v6.14.2</li> <li><a href="https://github.com/ljharb/qs/commit/294db90c812ddbe7d7a35d5687c505fd21a2d6a2"><code>294db90</code></a> [readme] document that <code>addQueryPrefix</code> does not add <code>?</code> to empty output</li> <li><a href="https://github.com/ljharb/qs/commit/5c308e5516c270a78caa6f278465914090f91ec6"><code>5c308e5</code></a> [readme] clarify <code>parseArrays</code> and <code>arrayLimit</code> documentation</li> <li><a href="https://github.com/ljharb/qs/commit/6addf8cf738d529c54d91f6f3ffb6c1be91bbfdc"><code>6addf8c</code></a> [Fix] <code>parse</code>: mark overflow objects for indexed notation exceeding <code>arrayLimit</code></li> <li><a href="https://github.com/ljharb/qs/commit/cfc108f662326d6ab540f3545ef0b832baf83cdf"><code>cfc108f</code></a> [Fix] <code>arrayLimit</code> means max count, not max index, in <code>combine</code>/<code>merge</code>/`pars...</li> <li><a href="https://github.com/ljharb/qs/commit/febb64442a80e49200211fa38d3c96b58024ac77"><code>febb644</code></a> [Fix] <code>parse</code>: throw on <code>arrayLimit</code> exceeded with indexed notation when `thr...</li> <li><a href="https://github.com/ljharb/qs/commit/f6a7abff1f13d644db9b05fe4f2c98ada6bf8482"><code>f6a7abf</code></a> [Fix] <code>parse</code>: enforce <code>arrayLimit</code> on <code>comma</code>-parsed values</li> <li><a href="https://github.com/ljharb/qs/commit/fbc5206c25b4d1851cea683f02c10756c521d15a"><code>fbc5206</code></a> [Fix] <code>parse</code>: fix error message to reflect arrayLimit as max index; remove e...</li> <li><a href="https://github.com/ljharb/qs/commit/1b9a8b4e78c6aff4c22fa559107227f02fd0216a"><code>1b9a8b4</code></a> [actions] fix rebase workflow permissions</li> <li><a href="https://github.com/ljharb/qs/commit/2a35775614e0fb46ac8a3060201a32a7c23a7fda"><code>2a35775</code></a> [meta] fix changelog typo (<code>arrayLength</code> → <code>arrayLimit</code>)</li> <li>Additional commits viewable in <a href="https://github.com/ljharb/qs/compare/v6.14.1...v6.14.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/vscode-python/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ronments extension (#25830) should help users find that the python environments extension is installed and may be the item causing problems for those who don't know we are moving to the envs extension for handling discovery
Applies `npm audit fix` (no `--force`) to resolve 5 of 26 reported vulnerabilities. Only `package-lock.json` is modified — semver ranges in `package.json` are unchanged. ## Packages updated | Package | Before | After | CVE/Advisory | |---|---|---|---| | `cipher-base` | 1.0.4 | 1.0.7 | [GHSA-cpq7-6gpm-g9rc](GHSA-cpq7-6gpm-g9rc) — **critical**, missing type checks | | `ajv` | 6.12.6 / 8.17.1 | 6.14.0 / 8.18.0 | [GHSA-2g4f-4pwh-qvx6](GHSA-2g4f-4pwh-qvx6) — ReDoS via `$data` | | `bn.js` | 4.11.8 / 5.2.1 | 4.12.3 / 5.2.3 | [GHSA-378v-28hj-76wf](GHSA-378v-28hj-76wf) — infinite loop | | `glob` | 10.4.5 | 10.5.0 | [GHSA-5j98-mcp5-4vw2](GHSA-5j98-mcp5-4vw2) — CLI command injection | | `minimatch` (3.x / 9.x) | 3.1.2 / 9.0.x | 3.1.5 / 9.0.9 | [GHSA-3ppc-4f35-3m26](GHSA-3ppc-4f35-3m26) — ReDoS | ## Remaining vulnerabilities (21) All require `--force` and involve breaking changes (e.g. mocha downgrade, `copy-webpack-plugin` major bump, `node-polyfill-webpack-plugin` major bump). Not addressed here per the constraint of no forced updates. <!-- START COPILOT ORIGINAL PROMPT --> <details> <summary>Original prompt</summary> > Run npm audit fix. Do not use force flag. </details> <!-- START COPILOT CODING AGENT SUFFIX --> Created from [VS Code](https://code.visualstudio.com/docs/copilot/copilot-coding-agent). <!-- START COPILOT CODING AGENT TIPS --> --- 💬 We'd love your input! Share your thoughts on Copilot coding agent in our [2 minute survey](https://gh.io/copilot-coding-agent-survey). --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: rzhao271 <7199958+rzhao271@users.noreply.github.com>
Resolves: microsoft/vscode-python-environments#1325 Cause: The Python extension only backed off if the user explicitly opted into the envs extension (useEnvironmentsExtension: true). But the envs extension activates by default whenever it's installed — it only backs off if the setting is explicitly false. So in this case, (extension installed, setting not touched), both fired. Added shouldEnvExtHandleActivation() — a function that mirrors the envs extension's own logic: "am I installed and not explicitly disabled?" Used it in all 3 places the Python extension triggers terminal activation to bail out when the envs extension will handle it. This covers global, workspace, and folder-level settings. We want exactly one extension activates the terminal, never both, never neither.
Updates the Python Environment Tools (PET) artifact source branch in the stable release pipeline. - Changed `branchName` from `refs/heads/release/2026.0` to `refs/heads/release/2026.4` in `build/azure-pipeline.stable.yml` <!-- START COPILOT CODING AGENT TIPS --> --- 💬 We'd love your input! Share your thoughts on Copilot coding agent in our [2 minute survey](https://gh.io/copilot-coding-agent-survey). --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: eleanorjboyd <26030610+eleanorjboyd@users.noreply.github.com>
Bumps [mheap/github-action-required-labels](https://github.com/mheap/github-action-required-labels) from 5.5.1 to 5.5.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/mheap/github-action-required-labels/releases">mheap/github-action-required-labels's releases</a>.</em></p> <blockquote> <h2>v5.5.2</h2> <h2>What's Changed</h2> <ul> <li>Update dependencies with npm audit fix by <a href="https://github.com/mheap"><code>@mheap</code></a> in <a href="https://redirect.github.com/mheap/github-action-required-labels/pull/94">mheap/github-action-required-labels#94</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/mheap/github-action-required-labels/compare/v5.5.1...v5.5.2">https://github.com/mheap/github-action-required-labels/compare/v5.5.1...v5.5.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/mheap/github-action-required-labels/commit/0ac283b4e65c1fb28ce6079dea5546ceca98ccbe"><code>0ac283b</code></a> Automatic compilation</li> <li><a href="https://github.com/mheap/github-action-required-labels/commit/61727adf774dff0ccec675a021960ed53f3cf67f"><code>61727ad</code></a> Update dependencies with npm audit fix (<a href="https://redirect.github.com/mheap/github-action-required-labels/issues/94">#94</a>)</li> <li>See full diff in <a href="https://github.com/mheap/github-action-required-labels/compare/8afbe8ae6ab7647d0c9f0cfa7c2f939650d22509...0ac283b4e65c1fb28ce6079dea5546ceca98ccbe">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [flatted](https://github.com/WebReflection/flatted) from 3.2.4 to 3.4.2. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7"><code>3bf0909</code></a> 3.4.2</li> <li><a href="https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802"><code>885ddcc</code></a> fix CWE-1321</li> <li><a href="https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3"><code>0bdba70</code></a> added flatted-view to the benchmark</li> <li><a href="https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20"><code>2a02dce</code></a> 3.4.1</li> <li><a href="https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416"><code>fba4e8f</code></a> Merge pull request <a href="https://redirect.github.com/WebReflection/flatted/issues/89">#89</a> from WebReflection/python-fix</li> <li><a href="https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7"><code>5fe8648</code></a> added "when in Rome" also a test for PHP</li> <li><a href="https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0"><code>53517ad</code></a> some minor improvement</li> <li><a href="https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f"><code>b3e2a0c</code></a> Fixing recursion issue in Python too</li> <li><a href="https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad"><code>c4b46db</code></a> Add SECURITY.md for security policy and reporting</li> <li><a href="https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988"><code>f86d071</code></a> Create dependabot.yml for version updates</li> <li>Additional commits viewable in <a href="https://github.com/WebReflection/flatted/compare/v3.2.4...v3.4.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/vscode-python/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
`PROJECT_ROOT_PATH is set, using /... as cwd for execution payload` is printed to stdout during unittest discovery and execution, leaking into the Test Results panel. - Remove `print()` in `python_files/unittestadapter/execution.py` (execution path) - Remove `print()` in `python_files/unittestadapter/discovery.py` (discovery path) All functional logic (reading the env var, setting `top_level_dir`, updating the global) is unchanged. <!-- START COPILOT CODING AGENT TIPS --> --- 💬 We'd love your input! Share your thoughts on Copilot coding agent in our [2 minute survey](https://gh.io/copilot-coding-agent-survey). --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: eleanorjboyd <26030610+eleanorjboyd@users.noreply.github.com>
Bumps [picomatch](https://github.com/micromatch/picomatch) from 2.3.1 to 2.3.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micromatch/picomatch/releases">picomatch's releases</a>.</em></p> <blockquote> <h2>2.3.2</h2> <p>This is a security release fixing several security relevant issues.</p> <h2>What's Changed</h2> <ul> <li>fix: exception when glob pattern contains constructor by <a href="https://github.com/Jason3S"><code>@Jason3S</code></a> in <a href="https://redirect.github.com/micromatch/picomatch/pull/144">micromatch/picomatch#144</a></li> <li>Fix for <a href="https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj">CVE-2026-33671</a></li> <li>Fix for <a href="https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p">CVE-2026-33672</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2">https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md">picomatch's changelog</a>.</em></p> <blockquote> <h1>Release history</h1> <p><strong>All notable changes to this project will be documented in this file.</strong></p> <p>The format is based on <a href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a> and this project adheres to <a href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p> <!-- raw HTML omitted --> <ul> <li>Changelogs are for humans, not machines.</li> <li>There should be an entry for every single version.</li> <li>The same types of changes should be grouped.</li> <li>Versions and sections should be linkable.</li> <li>The latest version comes first.</li> <li>The release date of each versions is displayed.</li> <li>Mention whether you follow Semantic Versioning.</li> </ul> <!-- raw HTML omitted --> <!-- raw HTML omitted --> <p>Changelog entries are classified using the following labels <em>(from <a href="http://keepachangelog.com/">keep-a-changelog</a></em>):</p> <ul> <li><code>Added</code> for new features.</li> <li><code>Changed</code> for changes in existing functionality.</li> <li><code>Deprecated</code> for soon-to-be removed features.</li> <li><code>Removed</code> for now removed features.</li> <li><code>Fixed</code> for any bug fixes.</li> <li><code>Security</code> in case of vulnerabilities.</li> </ul> <!-- raw HTML omitted --> <h2>4.0.0 (2024-02-07)</h2> <h3>Fixes</h3> <ul> <li>Fix bad text values in parse <a href="https://redirect.github.com/micromatch/picomatch/issues/126">#126</a>, thanks to <a href="https://github.com/connor4312"><code>@connor4312</code></a></li> </ul> <h3>Changed</h3> <ul> <li>Remove process global to work outside of node <a href="https://redirect.github.com/micromatch/picomatch/issues/129">#129</a>, thanks to <a href="https://github.com/styfle"><code>@styfle</code></a></li> <li>Add sideEffects to package.json <a href="https://redirect.github.com/micromatch/picomatch/issues/128">#128</a>, thanks to <a href="https://github.com/frandiox"><code>@frandiox</code></a></li> <li>Removed <code>os</code>, make compatible browser environment. See <a href="https://redirect.github.com/micromatch/picomatch/issues/124">#124</a>, thanks to <a href="https://github.com/gwsbhqt"><code>@gwsbhqt</code></a></li> </ul> <h2>3.0.1</h2> <h3>Fixes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2"><code>81cba8d</code></a> Publish 2.3.2</li> <li><a href="https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce"><code>fc1f6b6</code></a> Merge commit from fork</li> <li><a href="https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b"><code>eec17ae</code></a> Merge commit from fork</li> <li><a href="https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed"><code>78f8ca4</code></a> Merge pull request <a href="https://redirect.github.com/micromatch/picomatch/issues/156">#156</a> from micromatch/backport-144</li> <li><a href="https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b"><code>3f4f10e</code></a> Merge pull request <a href="https://redirect.github.com/micromatch/picomatch/issues/144">#144</a> from Jason3S/jdent-object-properties</li> <li>See full diff in <a href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/vscode-python/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [tomli](https://github.com/hukkin/tomli) from 2.4.0 to 2.4.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/hukkin/tomli/blob/master/CHANGELOG.md">tomli's changelog</a>.</em></p> <blockquote> <h2>2.4.1</h2> <ul> <li>Fixed <ul> <li>Limit number of parts of a TOML key to address quadratic time complexity</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/hukkin/tomli/commit/c5f44690c68c5ed29534faa8f9df18882113728c"><code>c5f4469</code></a> Bump version: 2.4.0 → 2.4.1</li> <li><a href="https://github.com/hukkin/tomli/commit/2bcd2627d5fcc262f734eaa730b62c0915d1e0d3"><code>2bcd262</code></a> Add change log for 2.4.1 and 2.3.1</li> <li><a href="https://github.com/hukkin/tomli/commit/e1fdb94bc998377f1c2545c7cd4f70ff2a3fb4e4"><code>e1fdb94</code></a> Limit number of parts of a key (<a href="https://redirect.github.com/hukkin/tomli/issues/286">#286</a>)</li> <li><a href="https://github.com/hukkin/tomli/commit/c20c49113890c226ffb27a67befe20d14fcf0c73"><code>c20c491</code></a> pre-commit autoupdate</li> <li><a href="https://github.com/hukkin/tomli/commit/920e20b1cf495b63f6d4a6aa3cd5e4ff25f5f5a7"><code>920e20b</code></a> Update performance benchmark and results</li> <li><a href="https://github.com/hukkin/tomli/commit/064e492919b2338def788753b8c981c9131334c0"><code>064e492</code></a> Merge pull request <a href="https://redirect.github.com/hukkin/tomli/issues/280">#280</a> from hukkin/version-2.4.0</li> <li>See full diff in <a href="https://github.com/hukkin/tomli/compare/2.4.0...2.4.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [importlib-metadata](https://github.com/python/importlib_metadata) from 8.7.1 to 9.0.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python/importlib_metadata/blob/main/NEWS.rst">importlib-metadata's changelog</a>.</em></p> <blockquote> <h1>v9.0.0</h1> <h2>Deprecations and Removals</h2> <ul> <li>Added <code>MetadataNotFound</code> (subclass of <code>FileNotFoundError</code>) and updated <code>Distribution.metadata</code>/<code>metadata()</code> to raise it when the metadata files are missing instead of returning <code>None</code><code>python/cpython#143387</code><a href="https://redirect.github.com/python/importlib_metadata/issues/532">#532</a>)</li> </ul> <h1>v8.9.0</h1> <h2>Features</h2> <ul> <li><code>python/cpython#110937</code><a href="https://redirect.github.com/python/cpython/issues/140141">python/cpython#140141</a>, <a href="https://redirect.github.com/python/cpython/issues/143658">python/cpython#143658</a>)</li> </ul> <h1>v8.8.0</h1> <h2>Features</h2> <ul> <li>Removed Python 3.9 compatibility.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python/importlib_metadata/commit/a9f883fef337c667a81a987bc0cbc0dbb43b2bfe"><code>a9f883f</code></a> Finalize</li> <li><a href="https://github.com/python/importlib_metadata/commit/9b0dfdfe2e187dca6644007570189aadc6c97a34"><code>9b0dfdf</code></a> Raise an exception when no metadata file is found (<a href="https://redirect.github.com/python/importlib_metadata/issues/532">#532</a>)</li> <li><a href="https://github.com/python/importlib_metadata/commit/0f2229ca84f20be2ceaaa4c62a276fa9b003f5bc"><code>0f2229c</code></a> Merge branch 'main' into feature/no-metadata-exception</li> <li><a href="https://github.com/python/importlib_metadata/commit/2f4088e490a73ac7f39b86214d2da16d2eb1ff39"><code>2f4088e</code></a> Remove news fragments about internal details.</li> <li><a href="https://github.com/python/importlib_metadata/commit/0ac27203f8044daf634c22f385838122a0707449"><code>0ac2720</code></a> Add news fragment.</li> <li><a href="https://github.com/python/importlib_metadata/commit/a5c2154835facb4a9d0a6f5b3aac1f3d1ff86170"><code>a5c2154</code></a> Finalize</li> <li><a href="https://github.com/python/importlib_metadata/commit/e66e22634f7522e7778b66e8a8b19782a11d4943"><code>e66e226</code></a> Drop support for EOL Python 3.9 (<a href="https://redirect.github.com/python/importlib_metadata/issues/530">#530</a>)</li> <li><a href="https://github.com/python/importlib_metadata/commit/6027933ae96c9e51dd0b7ce392cb30f6fcae1940"><code>6027933</code></a> Add news fragment.</li> <li><a href="https://github.com/python/importlib_metadata/commit/b89388a53bf857127e0a6860dfcfe2cd69a79ab8"><code>b89388a</code></a> Import os_helper directly.</li> <li><a href="https://github.com/python/importlib_metadata/commit/2dcb761d940b0115b786ab3b6f336af7d94630f4"><code>2dcb761</code></a> Add uniform exclusions for test.support.</li> <li>Additional commits viewable in <a href="https://github.com/python/importlib_metadata/compare/v8.7.1...v9.0.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: rzhao271 <7199958+rzhao271@users.noreply.github.com>
Bumps and [brace-expansion](https://github.com/juliangruber/brace-expansion). These dependencies needed to be updated together. Updates `brace-expansion` from 1.1.12 to 1.1.13 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898"><code>6c353ca</code></a> 1.1.13</li> <li><a href="https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2"><code>7fd684f</code></a> Backport fix for GHSA-f886-m6hf-6m8v (<a href="https://redirect.github.com/juliangruber/brace-expansion/issues/95">#95</a>)</li> <li>See full diff in <a href="https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.13">compare view</a></li> </ul> </details> <br /> Updates `brace-expansion` from 2.0.2 to 2.0.3 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898"><code>6c353ca</code></a> 1.1.13</li> <li><a href="https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2"><code>7fd684f</code></a> Backport fix for GHSA-f886-m6hf-6m8v (<a href="https://redirect.github.com/juliangruber/brace-expansion/issues/95">#95</a>)</li> <li>See full diff in <a href="https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.13">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/vscode-python/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/github-script](https://github.com/actions/github-script) from 8 to 9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/github-script/releases">actions/github-script's releases</a>.</em></p> <blockquote> <h2>v9.0.0</h2> <p><strong>New features:</strong></p> <ul> <li><strong><code>getOctokit</code> factory function</strong> — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See <a href="https://github.com/actions/github-script#creating-additional-clients-with-getoctokit">Creating additional clients with <code>getOctokit</code></a> for details and examples.</li> <li><strong>Orchestration ID in user-agent</strong> — The <code>ACTIONS_ORCHESTRATION_ID</code> environment variable is automatically appended to the user-agent string for request tracing.</li> </ul> <p><strong>Breaking changes:</strong></p> <ul> <li><strong><code>require('@actions/github')</code> no longer works in scripts.</strong> The upgrade to <code>@actions/github</code> v9 (ESM-only) means <code>require('@actions/github')</code> will fail at runtime. If you previously used patterns like <code>const { getOctokit } = require('@actions/github')</code> to create secondary clients, use the new injected <code>getOctokit</code> function instead — it's available directly in the script context with no imports needed.</li> <li><code>getOctokit</code> is now an injected function parameter. Scripts that declare <code>const getOctokit = ...</code> or <code>let getOctokit = ...</code> will get a <code>SyntaxError</code> because JavaScript does not allow <code>const</code>/<code>let</code> redeclaration of function parameters. Use the injected <code>getOctokit</code> directly, or use <code>var getOctokit = ...</code> if you need to redeclare it.</li> <li>If your script accesses other <code>@actions/github</code> internals beyond the standard <code>github</code>/<code>octokit</code> client, you may need to update those references for v9 compatibility.</li> </ul> <h2>What's Changed</h2> <ul> <li>Add ACTIONS_ORCHESTRATION_ID to user-agent string by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/695">actions/github-script#695</a></li> <li>ci: use deployment: false for integration test environments by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/712">actions/github-script#712</a></li> <li>feat!: add getOctokit to script context, upgrade <code>@actions/github</code> v9, <code>@octokit/core</code> v7, and related packages by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/700">actions/github-script#700</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Copilot"><code>@Copilot</code></a> made their first contribution in <a href="https://redirect.github.com/actions/github-script/pull/695">actions/github-script#695</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/github-script/compare/v8.0.0...v9.0.0">https://github.com/actions/github-script/compare/v8.0.0...v9.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3"><code>3a2844b</code></a> Merge pull request <a href="https://redirect.github.com/actions/github-script/issues/700">#700</a> from actions/salmanmkc/expose-getoctokit + prepare re...</li> <li><a href="https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079"><code>ca10bbd</code></a> fix: use <code>@octokit/core/</code>types import for v7 compatibility</li> <li><a href="https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b"><code>86e48e2</code></a> merge: incorporate main branch changes</li> <li><a href="https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9"><code>c108472</code></a> chore: rebuild dist for v9 upgrade and getOctokit factory</li> <li><a href="https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d"><code>afff112</code></a> Merge pull request <a href="https://redirect.github.com/actions/github-script/issues/712">#712</a> from actions/salmanmkc/deployment-false + fix user-ag...</li> <li><a href="https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817"><code>ff8117e</code></a> ci: fix user-agent test to handle orchestration ID</li> <li><a href="https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d"><code>81c6b78</code></a> ci: use deployment: false to suppress deployment noise from integration tests</li> <li><a href="https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7"><code>3953caf</code></a> docs: update README examples from <a href="https://github.com/v8"><code>@v8</code></a> to <a href="https://github.com/v9"><code>@v9</code></a>, add getOctokit docs and v9 brea...</li> <li><a href="https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78"><code>c17d55b</code></a> ci: add getOctokit integration test job</li> <li><a href="https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408"><code>a047196</code></a> test: add getOctokit integration tests via callAsyncFunction</li> <li>Additional commits viewable in <a href="https://github.com/actions/github-script/compare/v8...v9">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.23 to 4.18.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lodash/lodash/releases">lodash's releases</a>.</em></p> <blockquote> <h2>4.18.1</h2> <h2>Bugs</h2> <p>Fixes a <code>ReferenceError</code> issue in <code>lodash</code> <code>lodash-es</code> <code>lodash-amd</code> and <code>lodash.template</code> when using the <code>template</code> and <code>fromPairs</code> functions from the modular builds. See <a href="https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769">lodash/lodash#6167</a></p> <p>These defects were related to how lodash distributions are built from the main branch using <a href="https://github.com/lodash-archive/lodash-cli">https://github.com/lodash-archive/lodash-cli</a>. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.</p> <p>There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:</p> <ul> <li><code>lodash</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm">https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm</a></li> <li><code>lodash-es</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es">https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es</a></li> <li><code>lodash-amd</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd">https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd</a></li> <li><code>lodash.template</code><a href="https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages">https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages</a></li> </ul> <h2>4.18.0</h2> <h2>v4.18.0</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/lodash/lodash/compare/4.17.23...4.18.0">https://github.com/lodash/lodash/compare/4.17.23...4.18.0</a></p> <h3>Security</h3> <p><strong><code>_.unset</code> / <code>_.omit</code></strong>: Fixed prototype pollution via <code>constructor</code>/<code>prototype</code> path traversal (<a href="https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh">GHSA-f23m-r3pf-42rh</a>, <a href="https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b">fe8d32e</a>). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now <code>constructor</code> and <code>prototype</code> are blocked unconditionally as non-terminal path keys, matching <code>baseSet</code>. Calls that previously returned <code>true</code> and deleted the property now return <code>false</code> and leave the target untouched.</p> <p><strong><code>_.template</code></strong>: Fixed code injection via <code>imports</code> keys (<a href="https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc">GHSA-r5fr-rjxr-66jc</a>, CVE-2026-4800, <a href="https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6">879aaa9</a>). Fixes an incomplete patch for CVE-2021-23337. The <code>variable</code> option was validated against <code>reForbiddenIdentifierChars</code> but <code>importsKeys</code> was left unguarded, allowing code injection via the same <code>Function()</code> constructor sink. <code>imports</code> keys containing forbidden identifier characters now throw <code>"Invalid imports option passed into _.template"</code>.</p> <h3>Docs</h3> <ul> <li>Add security notice for <code>_.template</code> in threat model and API docs (<a href="https://redirect.github.com/lodash/lodash/pull/6099">#6099</a>)</li> <li>Document <code>lower > upper</code> behavior in <code>_.random</code> (<a href="https://redirect.github.com/lodash/lodash/pull/6115">#6115</a>)</li> <li>Fix quotes in <code>_.compact</code> jsdoc (<a href="https://redirect.github.com/lodash/lodash/pull/6090">#6090</a>)</li> </ul> <h3><code>lodash.*</code> modular packages</h3> <p><a href="https://redirect.github.com/lodash/lodash/pull/6157">Diff</a></p> <p>We have also regenerated and published a select number of the <code>lodash.*</code> modular packages.</p> <p>These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:</p> <ul> <li><a href="https://www.npmjs.com/package/lodash.orderby">lodash.orderby</a></li> <li><a href="https://www.npmjs.com/package/lodash.tonumber">lodash.tonumber</a></li> <li><a href="https://www.npmjs.com/package/lodash.trim">lodash.trim</a></li> <li><a href="https://www.npmjs.com/package/lodash.trimend">lodash.trimend</a></li> <li><a href="https://www.npmjs.com/package/lodash.sortedindexby">lodash.sortedindexby</a></li> <li><a href="https://www.npmjs.com/package/lodash.zipobjectdeep">lodash.zipobjectdeep</a></li> <li><a href="https://www.npmjs.com/package/lodash.unset">lodash.unset</a></li> <li><a href="https://www.npmjs.com/package/lodash.omit">lodash.omit</a></li> <li><a href="https://www.npmjs.com/package/lodash.template">lodash.template</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e"><code>cb0b9b9</code></a> release(patch): bump main to 4.18.1 (<a href="https://redirect.github.com/lodash/lodash/issues/6177">#6177</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51"><code>75535f5</code></a> chore: prune stale advisory refs (<a href="https://redirect.github.com/lodash/lodash/issues/6170">#6170</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4"><code>62e91bc</code></a> docs: remove n_ Node.js < 6 REPL note from README (<a href="https://redirect.github.com/lodash/lodash/issues/6165">#6165</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4"><code>59be2de</code></a> release(minor): bump to 4.18.0 (<a href="https://redirect.github.com/lodash/lodash/issues/6161">#6161</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d"><code>af63457</code></a> fix: broken tests for _.template 879aaa9</li> <li><a href="https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0"><code>1073a76</code></a> fix: linting issues</li> <li><a href="https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6"><code>879aaa9</code></a> fix: validate imports keys in _.template</li> <li><a href="https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b"><code>fe8d32e</code></a> fix: block prototype pollution in baseUnset via constructor/prototype traversal</li> <li><a href="https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d"><code>18ba0a3</code></a> refactor(fromPairs): use baseAssignValue for consistent assignment (<a href="https://redirect.github.com/lodash/lodash/issues/6153">#6153</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2"><code>b819080</code></a> ci: add dist sync validation workflow (<a href="https://redirect.github.com/lodash/lodash/issues/6137">#6137</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.23...4.18.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/vscode-python/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [packaging](https://github.com/pypa/packaging) from 26.0 to 26.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/packaging/releases">packaging's releases</a>.</em></p> <blockquote> <h2>26.1</h2> <p>Features:</p> <ul> <li><del>PEP 783: add handling for Emscripten wheel tags by <a href="https://github.com/hoodmane"><code>@hoodmane</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/804">pypa/packaging#804</a></del> (old name used in implementation, will be fixed in next release)</li> <li>PEP 803: add handling for the <code>abi3.abi3t</code> free-threading tag by <a href="https://github.com/ngoldbaum"><code>@ngoldbaum</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1099">pypa/packaging#1099</a></li> <li>PEP 723: add <code>packaging.dependency_groups</code> module, based on the <code>dependency-groups</code> package by <a href="https://github.com/sirosen"><code>@sirosen</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1065">pypa/packaging#1065</a></li> <li>Add the <code>packaging.direct_url</code> module by <a href="https://github.com/sbidoul"><code>@sbidoul</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/944">pypa/packaging#944</a></li> <li>Add the <code>packaging.errors</code> module by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1071">pypa/packaging#1071</a></li> <li>Add <code>SpecifierSet.is_unsatisfiable</code> using ranges (new internals that will be expanded in future versions) by <a href="https://github.com/notatallshaw"><code>@notatallshaw</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1119">pypa/packaging#1119</a></li> <li>Add <code>create_compatible_tags_selector</code> to select compatible tags by <a href="https://github.com/sbidoul"><code>@sbidoul</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1110">pypa/packaging#1110</a></li> <li>Add a <code>key</code> argument to <code>SpecifierSet.filter()</code> by <a href="https://github.com/frostming"><code>@frostming</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1068">pypa/packaging#1068</a></li> <li>Support <code>&</code> and <code>|</code> for <code>Marker</code>'s by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1146">pypa/packaging#1146</a></li> <li>Normalize <code>Version.__replace__</code> and add <code>Version.from_parts</code> by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1078">pypa/packaging#1078</a></li> <li>Add an option to validate compressed tag set sort order in <code>parse_wheel_filename</code> by <a href="https://github.com/r266-tech"><code>@r266-tech</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1150">pypa/packaging#1150</a></li> </ul> <p>Behavior adaptations:</p> <ul> <li>Narrow exclusion of pre-releases for <code><V.postN</code> to match spec by <a href="https://github.com/notatallshaw"><code>@notatallshaw</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1140">pypa/packaging#1140</a></li> <li>Narrow exclusion of post-releases for <code>>V</code> to match spec by <a href="https://github.com/notatallshaw"><code>@notatallshaw</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1141">pypa/packaging#1141</a></li> <li>Rename <code>format_full_version</code> to <code>_format_full_version</code> to make it visibly private by <a href="https://github.com/r266-tech"><code>@r266-tech</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1125">pypa/packaging#1125</a></li> <li>Restrict local version to ASCII by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1102">pypa/packaging#1102</a></li> </ul> <p>Pylock (PEP 751) updates:</p> <ul> <li>Add pylock <code>select</code> function by <a href="https://github.com/sbidoul"><code>@sbidoul</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1092">pypa/packaging#1092</a></li> <li>Document pylock <code>select()</code> method and <code>PylockSelectError</code> by <a href="https://github.com/r266-tech"><code>@r266-tech</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1153">pypa/packaging#1153</a></li> <li>Add <code>filename</code> property to <code>PackageSdist</code> and <code>PackageWheel</code>, more validation by <a href="https://github.com/sbidoul"><code>@sbidoul</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1095">pypa/packaging#1095</a></li> <li>Give preference to path over url by <a href="https://github.com/sbidoul"><code>@sbidoul</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1128">pypa/packaging#1128</a></li> <li>Validate name/version consistency in file names by <a href="https://github.com/sbidoul"><code>@sbidoul</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1114">pypa/packaging#1114</a></li> </ul> <p>Fixes:</p> <ul> <li>Fix <code>></code> comparison for versions with dev+local segments by <a href="https://github.com/veeceey"><code>@veeceey</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1097">pypa/packaging#1097</a></li> <li>Fix incorrect self-comparison for <code>InfinityType</code> and <code>NegativeInfinityType</code> by <a href="https://github.com/bysiber"><code>@bysiber</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1093">pypa/packaging#1093</a></li> <li>Canonicalize when deduplicating specifiers in <code>SpecifierSet</code> by <a href="https://github.com/notatallshaw"><code>@notatallshaw</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1109">pypa/packaging#1109</a></li> <li>Fix charset error message formatting by <a href="https://github.com/notatallshaw"><code>@notatallshaw</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1121">pypa/packaging#1121</a></li> <li>Handle the <code>key</code> parameter in <code>SpecifierSet.filter</code> when specifiers are empty and prerelease is <code>False</code> by <a href="https://github.com/notatallshaw"><code>@notatallshaw</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1096">pypa/packaging#1096</a></li> <li>Standardize inner components of <code>repr</code> output by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1090">pypa/packaging#1090</a></li> <li><code>Specifier</code>'s <code>===</code> uses original string, not normalized, when available by <a href="https://github.com/notatallshaw"><code>@notatallshaw</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1124">pypa/packaging#1124</a></li> <li>Propagate int-max-str-digits <code>ValueError</code> by <a href="https://github.com/notatallshaw"><code>@notatallshaw</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1155">pypa/packaging#1155</a></li> </ul> <p>Performance:</p> <ul> <li>Add fast path for parsing simple versions (digits and dots only) by <a href="https://github.com/notatallshaw"><code>@notatallshaw</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1082">pypa/packaging#1082</a></li> <li>Add fast path for <code>Version</code> to <code>Version</code> comparison by skipping <code>_key</code> property by <a href="https://github.com/notatallshaw"><code>@notatallshaw</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1083">pypa/packaging#1083</a></li> <li>Cache <code>Version</code> hash value in dedicated slot by <a href="https://github.com/notatallshaw"><code>@notatallshaw</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1118">pypa/packaging#1118</a></li> <li>Overhaul <code>_cmpkey</code> to remove use of custom objects by <a href="https://github.com/notatallshaw"><code>@notatallshaw</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1116">pypa/packaging#1116</a></li> <li>Skip <code>__replace__</code> in Specifier comparison if not needed by <a href="https://github.com/notatallshaw"><code>@notatallshaw</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1081">pypa/packaging#1081</a></li> <li><code>SpecifierSet</code> use <code>tuple</code> instead of <code>frozenset</code> for <code>_specs</code> by <a href="https://github.com/notatallshaw"><code>@notatallshaw</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1108">pypa/packaging#1108</a></li> <li>Speed up complex <code>SpecifierSet</code> filtering by implementing cost-based ordering by <a href="https://github.com/notatallshaw"><code>@notatallshaw</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1105">pypa/packaging#1105</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/packaging/blob/main/CHANGELOG.rst">packaging's changelog</a>.</em></p> <blockquote> <p>26.1 - 2026-04-14</p> <pre><code> Features: <ul> <li>PEP 783: add handling for Emscripten wheel tags in (:pull:<code>804</code>)</li> <li>PEP 803: add handling for the <code>abi3.abi3t</code> free-threading tag in (:pull:<code>1099</code>)</li> <li>PEP 723: add <code>packaging.dependency_groups</code> module, based on the <code>dependency-groups</code> package in (:pull:<code>1065</code>)</li> <li>Add the <code>packaging.direct_url</code> module in (:pull:<code>944</code>)</li> <li>Add the <code>packaging.errors</code> module in (:pull:<code>1071</code>)</li> <li>Add <code>SpecifierSet.is_unsatisfiable</code> using ranges (new internals that will be expanded in future versions) in (:pull:<code>1119</code>)</li> <li>Add <code>create_compatible_tags_selector</code> to select compatible tags in (:pull:<code>1110</code>)</li> <li>Add a <code>key</code> argument to <code>SpecifierSet.filter()</code> in (:pull:<code>1068</code>)</li> <li>Support <code>&amp;</code> and <code>|</code> for <code>Marker</code>'s in (:pull:<code>1146</code>)</li> <li>Normalize <code>Version.__replace__</code> and add <code>Version.from_parts</code> in (:pull:<code>1078</code>)</li> <li>Add an option to validate compressed tag set sort order in <code>parse_wheel_filename</code> in (:pull:<code>1150</code>)</li> </ul> <p>Behavior adaptations:</p> <ul> <li>Narrow exclusion of pre-releases for <code>&lt;V.postN</code> to match spec in (:pull:<code>1140</code>)</li> <li>Narrow exclusion of post-releases for <code>&gt;V</code> to match spec in (:pull:<code>1141</code>)</li> <li>Rename <code>format_full_version</code> to <code>_format_full_version</code> to make it visibly private in (:pull:<code>1125</code>)</li> <li>Restrict local version to ASCII in (:pull:<code>1102</code>)</li> </ul> <p>Pylock (PEP 751) updates:</p> <ul> <li>Add pylock <code>select</code> function in (:pull:<code>1092</code>)</li> <li>Document pylock <code>select()</code> method and <code>PylockSelectError</code> in (:pull:<code>1153</code>)</li> <li>Add <code>filename</code> property to <code>PackageSdist</code> and <code>PackageWheel</code>, more validation in (:pull:<code>1095</code>)</li> <li>Give preference to path over url in (:pull:<code>1128</code>)</li> <li>Validate name/version consistency in file names in (:pull:<code>1114</code>)</li> </ul> <p>Fixes:</p> <ul> <li>Fix <code>&gt;</code> comparison for versions with dev+local segments in (:pull:<code>1097</code>)</li> <li>Fix incorrect self-comparison for <code>InfinityType</code> and <code>NegativeInfinityType</code> in (:pull:<code>1093</code>)</li> <li>Canonicalize when deduplicating specifiers in <code>SpecifierSet</code> in (:pull:<code>1109</code>)</li> <li>Fix charset error message formatting in (:pull:<code>1121</code>)</li> <li>Handle the <code>key</code> parameter in <code>SpecifierSet.filter</code> when specifiers are empty and prerelease is <code>False</code> in (:pull:<code>1096</code>)</li> <li>Standardize inner components of <code>repr</code> output in (:pull:<code>1090</code>)</li> <li><code>Specifier</code>'s <code>===</code> uses original string, not normalized, when available in (:pull:<code>1124</code>)</li> <li>Propagate int-max-str-digits <code>ValueError</code> in (:pull:<code>1155</code>)</li> </ul> <p>Performance:</p> <ul> <li>Add fast path for parsing simple versions (digits and dots only) in (:pull:<code>1082</code>)</li> <li>Add fast path for <code>Version</code> to <code>Version</code> comparison by skipping <code>_key</code> property in (:pull:<code>1083</code>)</li> <li>Cache <code>Version</code> hash value in dedicated slot in (:pull:<code>1118</code>)</li> <li>Overhaul <code>_cmpkey</code> to remove use of custom objects in (:pull:<code>1116</code>)</li> <li>Skip <code>__replace__</code> in Specifier comparison if not needed in (:pull:<code>1081</code>)<br /> </tr></table><br /> </code></pre></li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/packaging/commit/c1a88a3e035e8bfe47dbc957f4a2493e8a7b4f3c"><code>c1a88a3</code></a> Bump for release</li> <li><a href="https://github.com/pypa/packaging/commit/702c25ecc297054f9597acda987a75dd6833acf5"><code>702c25e</code></a> docs: update changelog for 26.1 (<a href="https://redirect.github.com/pypa/packaging/issues/1156">#1156</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/3f4f5d46808f51709aba8341d4121f20752b3235"><code>3f4f5d4</code></a> Implement <code>is_unsatisfiable</code> on <code>SpecifierSet</code> using ranges (<a href="https://redirect.github.com/pypa/packaging/issues/1119">#1119</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/06c6555f44f0f7b84459c876375c5b1d52ee7fef"><code>06c6555</code></a> Propagate int-max-str-digits ValueError (<a href="https://redirect.github.com/pypa/packaging/issues/1155">#1155</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/905c90c1eb8c77dede11899194ca4b0f5eaf188d"><code>905c90c</code></a> feat: option to validate compressed tag set sort order in `parse_wheel_filena...</li> <li><a href="https://github.com/pypa/packaging/commit/af0026cff97a8f28d165d6ac4afb58b2cdc8ffc5"><code>af0026c</code></a> docs(pylock): document select() method and PylockSelectError (<a href="https://redirect.github.com/pypa/packaging/issues/1153">#1153</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/668da8662a112036e4850b68980790cb2d10dae9"><code>668da86</code></a> Rename format_full_version to _format_full_version to make it visibly private...</li> <li><a href="https://github.com/pypa/packaging/commit/f294d529e2634798a98fd9cee6708307a5c1792c"><code>f294d52</code></a> tests: do not reload the tags module (<a href="https://redirect.github.com/pypa/packaging/issues/1152">#1152</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/2c6c7dfa2d406e44b91f3f8d26eeed72437c9435"><code>2c6c7df</code></a> feat: add handling for Emscripten wheels tags per PEP 783 (<a href="https://redirect.github.com/pypa/packaging/issues/804">#804</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/6762eea4de40da02c119d02cc77c907c6b446b86"><code>6762eea</code></a> docs(markers): document & and | operators for combining Marker objects (<a href="https://redirect.github.com/pypa/packaging/issues/1151">#1151</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pypa/packaging/compare/26.0...26.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…andleActivation function (#25895) Problem Fixes #1284 When the Python Environments extension (ms-python.vscode-python-envs) is installed but python.useEnvironmentsExtension is not explicitly set, users see two interpreter status bar items — one from each extension. Root Cause The interpreter display in InterpreterDisplay used useEnvExtension() to decide whether to create/show its status bar. That function requires python.useEnvironmentsExtension to be explicitly true (defaults to false). Meanwhile, the envs extension activates whenever the setting is not explicitly false — treating unset/undefined as enabled.
…om unittestadapter (#25928) goal to resolve CI issues Keeps coverage of the testscenarios-based dynamic test-ID pattern (which was the whole point of this fixture). Declaring testtools explicitly replaces the fragile transitive dependency that was causing the CI import failure described in test-scenarios-ci-failure.md. --------- Co-authored-by: Copilot <copilot@github.com>
…llation (#25927) Co-authored-by: Copilot <copilot@github.com> 1. Add `duration` to `INVOKE_TOOL` 2. Add `resolveOutcome` to `configure_python_environment` 3. Add `envType` to all tools that resolve an environment 4. Add `packageCount` and `installerType` to `install_python_packages` 5. Add `responsePackageCount` to `get_python_environment_details` --------- Co-authored-by: Copilot <copilot@github.com>
Bumps [uuid](https://github.com/uuidjs/uuid) from 8.3.2 to 14.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/uuidjs/uuid/releases">uuid's releases</a>.</em></p> <blockquote> <h2>v14.0.0</h2> <h2><a href="https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0">14.0.0</a> (2026-04-19)</h2> <h3>⚠ BREAKING CHANGES</h3> <ul> <li>expect <code>crypto</code> to be global everywhere (requires node@20+) (<a href="https://redirect.github.com/uuidjs/uuid/issues/935">#935</a>)</li> <li>drop node@18 support (<a href="https://redirect.github.com/uuidjs/uuid/issues/934">#934</a>)</li> </ul> <h3>Features</h3> <ul> <li>drop node@18 support (<a href="https://redirect.github.com/uuidjs/uuid/issues/934">#934</a>) (<a href="https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3">dc4ddb8</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li>expect <code>crypto</code> to be global everywhere (requires node@20+) (<a href="https://redirect.github.com/uuidjs/uuid/issues/935">#935</a>) (<a href="https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4">f2c235f</a>)</li> <li>Use GITHUB_TOKEN for release-please and enable npm provenance (<a href="https://redirect.github.com/uuidjs/uuid/issues/925">#925</a>) (<a href="https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c">ffa3138</a>)</li> </ul> <h2>v13.0.0</h2> <h2><a href="https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0">13.0.0</a> (2025-09-08)</h2> <h3>⚠ BREAKING CHANGES</h3> <ul> <li>make browser exports the default (<a href="https://redirect.github.com/uuidjs/uuid/issues/901">#901</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li>make browser exports the default (<a href="https://redirect.github.com/uuidjs/uuid/issues/901">#901</a>) (<a href="https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a">bce9d72</a>)</li> </ul> <h2>v12.0.0</h2> <h2><a href="https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0">12.0.0</a> (2025-09-05)</h2> <h3>⚠ BREAKING CHANGES</h3> <ul> <li>update to typescript@5.2 (<a href="https://redirect.github.com/uuidjs/uuid/issues/887">#887</a>)</li> <li>remove CommonJS support (<a href="https://redirect.github.com/uuidjs/uuid/issues/886">#886</a>)</li> <li>drop node@16 support (<a href="https://redirect.github.com/uuidjs/uuid/issues/883">#883</a>)</li> </ul> <h3>Features</h3> <ul> <li>add node@24 to ci matrix (<a href="https://redirect.github.com/uuidjs/uuid/issues/879">#879</a>) (<a href="https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92">42b6178</a>)</li> <li>drop node@16 support (<a href="https://redirect.github.com/uuidjs/uuid/issues/883">#883</a>) (<a href="https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530">0f38cf1</a>)</li> <li>remove CommonJS support (<a href="https://redirect.github.com/uuidjs/uuid/issues/886">#886</a>) (<a href="https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f">ae786e2</a>)</li> <li>update to typescript@5.2 (<a href="https://redirect.github.com/uuidjs/uuid/issues/887">#887</a>) (<a href="https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01">c7ee405</a>)</li> </ul> <h3>Bug Fixes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md">uuid's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0">14.0.0</a> (2026-04-19)</h2> <h3>Security</h3> <ul> <li>Fixes <a href="https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq">GHSA-w5hq-g745-h8pq</a>: <code>v3()</code>, <code>v5()</code>, and <code>v6()</code> did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid <code>offset</code> was provided. A <code>RangeError</code> is now thrown if <code>offset < 0</code> or <code>offset + 16 > buf.length</code>.</li> </ul> <h3>⚠ BREAKING CHANGES</h3> <ul> <li><code>crypto</code> is now expected to be globally defined (requires node@20+) (<a href="https://redirect.github.com/uuidjs/uuid/issues/935">#935</a>)</li> <li>drop node@18 support (<a href="https://redirect.github.com/uuidjs/uuid/issues/934">#934</a>)</li> <li>upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years</li> </ul> <h2><a href="https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0">13.0.0</a> (2025-09-08)</h2> <h3>⚠ BREAKING CHANGES</h3> <ul> <li>make browser exports the default (<a href="https://redirect.github.com/uuidjs/uuid/issues/901">#901</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li>make browser exports the default (<a href="https://redirect.github.com/uuidjs/uuid/issues/901">#901</a>) (<a href="https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a">bce9d72</a>)</li> </ul> <h2><a href="https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0">12.0.0</a> (2025-09-05)</h2> <h3>⚠ BREAKING CHANGES</h3> <ul> <li>update to typescript@5.2 (<a href="https://redirect.github.com/uuidjs/uuid/issues/887">#887</a>)</li> <li>remove CommonJS support (<a href="https://redirect.github.com/uuidjs/uuid/issues/886">#886</a>)</li> <li>drop node@16 support (<a href="https://redirect.github.com/uuidjs/uuid/issues/883">#883</a>)</li> </ul> <h3>Features</h3> <ul> <li>add node@24 to ci matrix (<a href="https://redirect.github.com/uuidjs/uuid/issues/879">#879</a>) (<a href="https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92">42b6178</a>)</li> <li>drop node@16 support (<a href="https://redirect.github.com/uuidjs/uuid/issues/883">#883</a>) (<a href="https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530">0f38cf1</a>)</li> <li>remove CommonJS support (<a href="https://redirect.github.com/uuidjs/uuid/issues/886">#886</a>) (<a href="https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f">ae786e2</a>)</li> <li>update to typescript@5.2 (<a href="https://redirect.github.com/uuidjs/uuid/issues/887">#887</a>) (<a href="https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01">c7ee405</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li>improve v4() performance (<a href="https://redirect.github.com/uuidjs/uuid/issues/894">#894</a>) (<a href="https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197">5fd974c</a>)</li> <li>restore node: prefix (<a href="https://redirect.github.com/uuidjs/uuid/issues/889">#889</a>) (<a href="https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507">e1f42a3</a>)</li> </ul> <h2><a href="https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0">11.1.0</a> (2025-02-19)</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b"><code>7c1ea08</code></a> chore(main): release 14.0.0 (<a href="https://redirect.github.com/uuidjs/uuid/issues/926">#926</a>)</li> <li><a href="https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34"><code>3d2c5b0</code></a> Merge commit from fork</li> <li><a href="https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4"><code>f2c235f</code></a> fix!: expect <code>crypto</code> to be global everywhere (requires node@20+) (<a href="https://redirect.github.com/uuidjs/uuid/issues/935">#935</a>)</li> <li><a href="https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212"><code>529ef08</code></a> chore: upgrade TypeScript and fixup types (<a href="https://redirect.github.com/uuidjs/uuid/issues/927">#927</a>)</li> <li><a href="https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087"><code>086fd79</code></a> chore: update dependencies (<a href="https://redirect.github.com/uuidjs/uuid/issues/933">#933</a>)</li> <li><a href="https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3"><code>dc4ddb8</code></a> feat!: drop node@18 support (<a href="https://redirect.github.com/uuidjs/uuid/issues/934">#934</a>)</li> <li><a href="https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404"><code>0f1f9c9</code></a> chore: switch to Biome for parsing and linting (<a href="https://redirect.github.com/uuidjs/uuid/issues/932">#932</a>)</li> <li><a href="https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013"><code>e2879e6</code></a> chore: use maintained version of npm-run-all (<a href="https://redirect.github.com/uuidjs/uuid/issues/930">#930</a>)</li> <li><a href="https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c"><code>ffa3138</code></a> fix: Use GITHUB_TOKEN for release-please and enable npm provenance (<a href="https://redirect.github.com/uuidjs/uuid/issues/925">#925</a>)</li> <li><a href="https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4"><code>0423d49</code></a> docs: remove obsolete v1 option notes (<a href="https://redirect.github.com/uuidjs/uuid/issues/915">#915</a>)</li> <li>Additional commits viewable in <a href="https://github.com/uuidjs/uuid/compare/v8.3.2...v14.0.0">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new releaser for uuid since your current version.</p> </details> <details> <summary>Install script changes</summary> <p>This version adds <code>prepare</code> script that runs during installation. Review the package contents before updating.</p> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/vscode-python/network/alerts). </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: rzhao271 <7199958+rzhao271@users.noreply.github.com> Co-authored-by: Eleanor Boyd <26030610+eleanorjboyd@users.noreply.github.com>
…ent configurations (#25933)
Adds guards when calling RecommendedEnvironmentService::activate per folder on a multiroot workspace to avoid registering the command several times. Fixes #25949
Bumps [packaging](https://github.com/pypa/packaging) from 26.1 to 26.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/packaging/releases">packaging's releases</a>.</em></p> <blockquote> <h2>26.2</h2> <h2>What's Changed</h2> <p>Fixes:</p> <ul> <li>Fix incorrect sysconfig var name for pyemscripten by <a href="https://github.com/ryanking13"><code>@ryanking13</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1160">pypa/packaging#1160</a></li> <li>Make <code>Version</code>, <code>Specifier</code>, <code>SpecifierSet</code>, <code>Tag</code>, <code>Marker</code>, and <code>Requirement</code> pickle-safe and backward-compatible with pickles created in 25.0-26.1 (including references to the removed <code>packaging._structures</code> module) by <a href="https://github.com/eachimei"><code>@eachimei</code></a> and <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1163">pypa/packaging#1163</a>, <a href="https://redirect.github.com/pypa/packaging/pull/1168">pypa/packaging#1168</a>, <a href="https://redirect.github.com/pypa/packaging/pull/1170">pypa/packaging#1170</a>, and <a href="https://redirect.github.com/pypa/packaging/pull/1171">pypa/packaging#1171</a></li> <li>fix: re-export ExceptionGroup for now by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1164">pypa/packaging#1164</a></li> </ul> <p>Documentation:</p> <ul> <li>docs: add errors section and fix missing details by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1159">pypa/packaging#1159</a></li> <li>docs(dev): document property-based test suite by <a href="https://github.com/r266-tech"><code>@r266-tech</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1167">pypa/packaging#1167</a></li> <li>Fix typo in DirectUrl documentation by <a href="https://github.com/sbidoul"><code>@sbidoul</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1169">pypa/packaging#1169</a></li> <li>docs(specifiers): add is_unsatisfiable() usage example by <a href="https://github.com/r266-tech"><code>@r266-tech</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1166">pypa/packaging#1166</a></li> </ul> <p>Internal:</p> <ul> <li>Enable the auditor persona on zizmor by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1158">pypa/packaging#1158</a></li> <li>Test new pickle guarantees by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1174">pypa/packaging#1174</a></li> <li>Use native uv integration in rtd by <a href="https://github.com/henryiii"><code>@henryiii</code></a> in <a href="https://redirect.github.com/pypa/packaging/pull/1175">pypa/packaging#1175</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/ryanking13"><code>@ryanking13</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/packaging/pull/1160">pypa/packaging#1160</a></li> <li><a href="https://github.com/eachimei"><code>@eachimei</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/packaging/pull/1163">pypa/packaging#1163</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pypa/packaging/compare/26.1...26.2">https://github.com/pypa/packaging/compare/26.1...26.2</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/packaging/blob/main/CHANGELOG.rst">packaging's changelog</a>.</em></p> <blockquote> <p>26.2 - 2026-04-24</p> <pre><code> Fixes: <ul> <li>Fix incorrect sysconfig var name for pyemscripten in (:pull:<code>1160</code>)</li> <li>Make <code>Version</code>, <code>Specifier</code>, <code>SpecifierSet</code>, <code>Tag</code>, <code>Marker</code>, and <code>Requirement</code> pickle-safe<br /> and backward-compatible with pickles created in 25.0-26.1 (including references to the removed<br /> <code>packaging._structures</code> module) (:pull:<code>1163</code>, :pull:<code>1168</code>, :pull:<code>1170</code>, :pull:<code>1171</code>)</li> <li>Re-export <code>ExceptionGroup</code> in metadata for now in (:pull:<code>1164</code>)</li> </ul> <p>Documentation:</p> <ul> <li>Add errors section and fix missing details in (:pull:<code>1159</code>)</li> <li>Document our property-based test suite in (:pull:<code>1167</code>)</li> <li>Fix a <code>DirectUrl</code> typo in (:pull:<code>1167</code>)</li> <li>Add example of <code>is_unsatisfiable</code> in (:pull:<code>1166</code>)</li> </ul> <p>Internal:</p> <ul> <li>Enable the auditor persona on zizmor in (:pull:<code>1158</code>)</li> <li>Test new pickle guarantees in (:pull:<code>1174</code>)</li> <li>Use new native ReadTheDocs uv integration in (:pull:<code>1175</code>)<br /> </code></pre></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/packaging/commit/84a87ee42483d7352f9502d78a9553da8859aa7a"><code>84a87ee</code></a> Bump for release</li> <li><a href="https://github.com/pypa/packaging/commit/4a616b65bed23c8c6d58e6b0fc1a4434d4ff1f14"><code>4a616b6</code></a> docs: a few more updates to prepare for 26.2 (<a href="https://redirect.github.com/pypa/packaging/issues/1176">#1176</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/9de6f44f1e82d4595edf3aad1c4f6f98c85935a0"><code>9de6f44</code></a> ci: use native uv integration in rtd (<a href="https://redirect.github.com/pypa/packaging/issues/1175">#1175</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/bc76e14debd1a2799d1ca8f9d9c9823f35bfa466"><code>bc76e14</code></a> chore: update changelog for 26.2 (<a href="https://redirect.github.com/pypa/packaging/issues/1161">#1161</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/3f00091c08f0aa830e33ed7db00f16f11c8ac97f"><code>3f00091</code></a> tests: add a pickle check (<a href="https://redirect.github.com/pypa/packaging/issues/1174">#1174</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/48a8a069805291186522de3eff73ea80a8ca96ad"><code>48a8a06</code></a> fix: make Requirements/Markers pickle-safe (<a href="https://redirect.github.com/pypa/packaging/issues/1171">#1171</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/823b44ed1f904084a77ae3adf0ef130af6365f84"><code>823b44e</code></a> fix: make Tags pickle-safe (<a href="https://redirect.github.com/pypa/packaging/issues/1170">#1170</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/4bed32d920ca7211dd65fdf0a1ee06376e9c4733"><code>4bed32d</code></a> fix: make Specifier / SpecifierSet pickle-safe (<a href="https://redirect.github.com/pypa/packaging/issues/1168">#1168</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/963118e37caae97bc8b72f72956c7fb4ca9857ec"><code>963118e</code></a> fix: re-export ExceptionGroup for now (<a href="https://redirect.github.com/pypa/packaging/issues/1164">#1164</a>)</li> <li><a href="https://github.com/pypa/packaging/commit/66e34a80256c96dea11da143682950c84b8133bb"><code>66e34a8</code></a> docs(specifiers): add is_unsatisfiable() usage example (<a href="https://redirect.github.com/pypa/packaging/issues/1166">#1166</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pypa/packaging/compare/26.1...26.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [fast-uri](https://github.com/fastify/fast-uri) from 3.1.0 to 3.1.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/fastify/fast-uri/releases">fast-uri's releases</a>.</em></p> <blockquote> <h2>v3.1.2</h2> <h2>⚠️ Security Release</h2> <ul> <li>Fix for <a href="https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc">https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc</a></li> </ul> <h2>What's Changed</h2> <ul> <li>Handle malformed fragment decoding as a parse error by <a href="https://github.com/mcollina"><code>@mcollina</code></a> in <a href="https://redirect.github.com/fastify/fast-uri/pull/171">fastify/fast-uri#171</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2">https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2</a></p> <h2>v3.1.1</h2> <h2>⚠️ Security Release</h2> <ul> <li>Fix for <a href="https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6">https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6</a></li> </ul> <h2>What's Changed</h2> <ul> <li>build(deps-dev): bump tsd from 0.32.0 to 0.33.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fast-uri/pull/148">fastify/fast-uri#148</a></li> <li>build(deps): bump actions/checkout from 4 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fast-uri/pull/149">fastify/fast-uri#149</a></li> <li>chore(.npmrc): ignore scripts by <a href="https://github.com/Fdawgs"><code>@Fdawgs</code></a> in <a href="https://redirect.github.com/fastify/fast-uri/pull/150">fastify/fast-uri#150</a></li> <li>build(deps-dev): remove <code>@fastify/pre-commit</code> by <a href="https://github.com/Fdawgs"><code>@Fdawgs</code></a> in <a href="https://redirect.github.com/fastify/fast-uri/pull/151">fastify/fast-uri#151</a></li> <li>build(deps): bump actions/setup-node from 4 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fast-uri/pull/152">fastify/fast-uri#152</a></li> <li>ci(ci): add concurrency config by <a href="https://github.com/Fdawgs"><code>@Fdawgs</code></a> in <a href="https://redirect.github.com/fastify/fast-uri/pull/153">fastify/fast-uri#153</a></li> <li>build(deps): bump actions/setup-node from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fast-uri/pull/154">fastify/fast-uri#154</a></li> <li>build(deps): bump actions/checkout from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fast-uri/pull/156">fastify/fast-uri#156</a></li> <li>chore(license): standardise license notice by <a href="https://github.com/Fdawgs"><code>@Fdawgs</code></a> in <a href="https://redirect.github.com/fastify/fast-uri/pull/159">fastify/fast-uri#159</a></li> <li>style: remove trailing whitespace by <a href="https://github.com/Fdawgs"><code>@Fdawgs</code></a> in <a href="https://redirect.github.com/fastify/fast-uri/pull/161">fastify/fast-uri#161</a></li> <li>ci: remove unused github files by <a href="https://github.com/Tony133"><code>@Tony133</code></a> in <a href="https://redirect.github.com/fastify/fast-uri/pull/162">fastify/fast-uri#162</a></li> <li>chore: update readme by <a href="https://github.com/Tony133"><code>@Tony133</code></a> in <a href="https://redirect.github.com/fastify/fast-uri/pull/164">fastify/fast-uri#164</a></li> <li>build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fast-uri/pull/165">fastify/fast-uri#165</a></li> <li>build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fast-uri/pull/166">fastify/fast-uri#166</a></li> <li>build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fast-uri/pull/167">fastify/fast-uri#167</a></li> <li>ci: add lock-threads workflow by <a href="https://github.com/Fdawgs"><code>@Fdawgs</code></a> in <a href="https://redirect.github.com/fastify/fast-uri/pull/169">fastify/fast-uri#169</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Tony133"><code>@Tony133</code></a> made their first contribution in <a href="https://redirect.github.com/fastify/fast-uri/pull/162">fastify/fast-uri#162</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1">https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9"><code>919dd8e</code></a> Bumped v3.1.2</li> <li><a href="https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07"><code>c65ba57</code></a> fixup: linting</li> <li><a href="https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293"><code>6c86c17</code></a> Merge commit from fork</li> <li><a href="https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796"><code>a95158a</code></a> Handle malformed fragment decoding without throwing (<a href="https://redirect.github.com/fastify/fast-uri/issues/171">#171</a>)</li> <li><a href="https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d"><code>cea547c</code></a> Bumped v3.1.1</li> <li><a href="https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35"><code>876ce79</code></a> Merge commit from fork</li> <li><a href="https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0"><code>dcdf690</code></a> ci: add lock-threads workflow (<a href="https://redirect.github.com/fastify/fast-uri/issues/169">#169</a>)</li> <li><a href="https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c"><code>c860e65</code></a> build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (<a href="https://redirect.github.com/fastify/fast-uri/issues/167">#167</a>)</li> <li><a href="https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f"><code>9b4c6dc</code></a> build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (<a href="https://redirect.github.com/fastify/fast-uri/issues/166">#166</a>)</li> <li><a href="https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24"><code>85d09a9</code></a> build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...</li> <li>Additional commits viewable in <a href="https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/vscode-python/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.