chore(deps): update dependency @vscode/vsce to v3

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@vscode/vsce (source)	^2.18.0 -> ^3.0.0

---

Release Notes

Microsoft/vsce (@​vscode/vsce)

v3.6.0

Compare Source

Changes:

• #​1175: Allow dots in tags and update extension tag handling
• #​1173: Exclude image files from scanning for secrets
• #​1174: Update secretlint dependency
• #​1170: Improve error message for missing entrypoints
• #​1169: Sanitize tags to remove special characters
• #​1166: Add language-models tag for extensions with languageModels contribution
• #​1167: chore: npm audit fix

This list of changes was auto generated.

v3.5.0

Compare Source

Changes:

• #​1162: Update secretlint dependencies
• #​1161: Bump tar-fs from 2.1.2 to 2.1.3
• #​1159: Update chalk version to 4.1.2
• #​1128: fix: improve error messages for vsce publish validation
• #​1130: Make the [Content_Types].xml file deterministic
• #​1158: remove codeql and cg from OSS build
• #​1157: Add OSS pipeline

This list of changes was auto generated.

v3.4.2

Compare Source

Changes:

• #​1152: Only scan secrets when .env is ignored and vice versa
• #​1155: Fix npm token scanning false positives
• #​1151: Do not scan node modules and improve error messages for secret scanning

This list of changes was auto generated.

v3.4.1

Compare Source

Changes:

• #​1149: Fix false positives in private key scanning
• #​1148: Clarify unpublish command description

This list of changes was auto generated.

v3.4.0

Compare Source

Changes:

• #​1145: Allow packaging .env and secrets using command line flags
• #​1144: Scan for secrets and disallow .env files
• #​1141: Add language-model-tools tag for MCP extensions
• #​1138: Proper entry point validation
• #​1137: Add 'mcp' tag support in TagsProcessor
• #​1131: Remove deprecated SVG sources from TrustedSVGSources array
• #​1127: Improve error message for Personal Access Token verification

This list of changes was auto generated.

v3.3.2

Compare Source

Changes:

• #​1126: Bump tar-fs from 2.1.1 to 2.1.2

This list of changes was auto generated.

v3.3.1

Compare Source

Changes:

• #​1124: Add 'copilot-tools' to languageModelTools contributions

This list of changes was auto generated.

v3.3.0

Compare Source

Changes:

• #​1122: Remove unused 'github-copilot' tag
• #​1120: Add tools tag for languageModelTools contribution
• #​1116: add VSCE_DEBUG to spit out error
• #​1114: Bump serialize-javascript and mocha

This list of changes was auto generated.

v3.2.2

Compare Source

Changes:

Feature Requests:

• #​719: Update command line parameters to be in a consistent style and specify which override parameter can be used to override an error in the error message.
• #​1074: The tree, after packing the extension, does not take the out option into account

Others:

• #​1103: Update command line parameters for consistency
• #​1100: Allow for reproducible .vsix packages
• #​906: Reproducible builds
• #​1078: Updated the semver comparison
• #​1101: Fix tree printing to respect the out option
• #​1080: allow manual prerelease

See More

• #​1075: Fix issue with file inclusion patterns
• #​1073: The following include patterns in the...

This list of changes was auto generated.

v3.2.1

Compare Source

Changes:

• #​1070: copilot should be github-copilot tag

This list of changes was auto generated.

v3.2.0

Compare Source

Changes:

Feature Requests:

• #​1061: Added unpublish to api.ts
• #​1064: vsce not up to date should be a WARNING not INFO

Bugs:

• #​1048: --readme-path is ignored by the marketplace

Others:

• #​1069: add copilot tag
• #​1065: Change vsce update notification from INFO to WARNING
• #​1053: Fix regression with workdir symlinks
• #​1062: Fix readme-path handling

This list of changes was auto generated.

v3.1.1

Compare Source

Changes:

• #​1058: Auto Assign Chat Participant Tag
• #​1060: Quote filename value in Content-Disposition header

This list of changes was auto generated.

v3.1.0

Compare Source

Changes:

Feature Requests:

• #​1044: Enable verifying the signed package

Others:

• #​1050: Fix unused-files-patterns check and add tests
• #​1046: Fix typo in option hint
• #​1045: add verify-signature command. Fixes #​1044
• #​1037: Fix punycode deprecation warning
• #​1040: Allow packaging extension without a publisher

This list of changes was auto generated.

v3.0.0

Compare Source

Changes:

• #​1035: Update deprecated dependencies and move to Node 20

This list of changes was auto generated.

v2.32.0

Compare Source

Changes:

• #​1034: Revert "Update deprecated dependencies"
• #​1032: fix: probabilistic trigger v8 crash
• #​1028: Remove need-more-info-closer workflow

This list of changes was auto generated.

v2.31.1

Compare Source

Changes:

• #​1027: Update deprecated dependencies
• #​1025: Don't package default readme if a path is provided and default is ignored
• #​1024: add executes code property

This list of changes was auto generated.

v2.31.0

Compare Source

Changes:

• #​1022: Throw error if provided readmePath or provided changelogPath could not be found
• #​1020: Throw when unused files pattern in package.json
• #​1015: Support "ls --tree"

This list of changes was auto generated.

v2.30.0

Compare Source

Changes:

Feature Requests:

• #​1009: Azure - create a custom chained token credential to place the AzureCLICredential prior to the ManagedIdentityCredential

Others:

• #​1011: Validate publisher on package
• #​1013: Print packaged files/folders

This list of changes was auto generated.

v2.29.0

Compare Source

Changes:

Feature Requests:

• #​1006: Expose enabledApiProposals as a property

Others:

• #​1007: fix #​1006

This list of changes was auto generated.

v2.28.0

Compare Source

Changes:

Feature Requests:

• #​993: Support signing related features

Others:

• #​1003: Update Dockerfile to use node:18-alpine
• #​997: Dockerfile is out of date with respect to system requirements
• #​1002: fix generate-manifest
• #​1001: Bump braces from 3.0.2 to 3.0.3
• #​998: Bump @​azure/identity from 4.1.0 to 4.2.1
• #​994: Support signing related features

This list of changes was auto generated.

v2.27.0

Compare Source

Changes:

Bugs:

• #​981: ERROR No translation found for %abc%

Others:

• #​991: set pipeline name
• #​990: fix: paths with spaces
• #​988: fix executing sign tool
• #​987: fix sign tool arg
• #​986: enable signing in vsce using script
• #​983: Fix "No translation found" error when executing vsce package

This list of changes was auto generated.

v2.26.1

Compare Source

Changes:

Feature Requests:

• #​971: Validate nls strings on publish

Others:

• #​974: Validate NLS strings
• #​973: Fix nodejs breaking change CVE-2024-27980

This list of changes was auto generated.

v2.26.0

Compare Source

Changes:

Feature Requests:

• #​964: Add --azure-credential option to "publish", "unpublish" and "verify-pat" commands
• #​943: feat: ignore .git generated by git worktree add
• #​966: allow verifyPat to use extension's publisher name

Others:

• #​965: missing package-lock.json change

v2.25.0

Compare Source

Full Changelog: microsoft/vscode-vsce@v2.25.0...v2.25.0

What's Changed

• Use NodeApi by @​sbanni in microsoft/vscode-vsce#942
• Support publishing signed extensions by @​sandy081 in microsoft/vscode-vsce#946
• Add support for "files" property in package.json by @​benibenj in microsoft/vscode-vsce#948
• Fix pre-release version validation by @​benibenj in microsoft/vscode-vsce#949
• Retry on API request timeout by @​benibenj in microsoft/vscode-vsce#950

⚠️ Node engine version has been bumped up from >=14 to >=16

New Contributors

• @​sbanni made their first contribution in microsoft/vscode-vsce#942

Full Changelog: microsoft/vscode-vsce@v2.24.0...v2.25.0

v2.24.0

Compare Source

v2.23.0

Compare Source

v2.22.0

Compare Source

v2.21.1

Compare Source

v2.21.0

Compare Source

v2.20.1

Compare Source

v2.20.0

Compare Source

v2.19.0

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - Between 12:00 AM and 03:59 AM, on day 1 of the month ( * 0-3 1 * * ) (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

The package.json file has been updated to reflect a change in the version of the @vscode/vsce package, moving from ^2.18.0 to ^3.0.0. This upgrade indicates a transition to a newer major version, which may introduce new features, improvements, or breaking changes that could affect the overall functionality of the project.

Changes

File	Change Summary
package.json	Updated @vscode/vsce version from ^2.18.0 to ^3.0.0

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Application
    participant VSCE

    User->>Application: Initiate package update
    Application->>VSCE: Request new version
    VSCE-->>Application: Return version 3.0.0
    Application-->>User: Confirm update successful

Loading

Poem

🐇
In the garden, changes bloom,
A version leap, we make room.
From two to three, we hop along,
New features sing a joyful song.
With every change, we dance and play,
In our code, we find a way!
🌼

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Join our Discord community for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 524162b and 5a7f693.

Files ignored due to path filters (2)

• package-lock.json is excluded by !**/package-lock.json
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

Files selected for processing (1)

• package.json (1 hunks)

Additional comments not posted (1)

package.json (1)

155-155: Dependency update looks good, but verify compatibility and functionality.

Updating the @vscode/vsce package to version ^3.0.0 aligns with the goal of keeping dependencies up to date and resolving issues related to deprecated dependencies. The changes in the new version, such as the migration to Node 20 and removal of deprecated dependencies, are relevant and beneficial to the project.

However, since this is a major version update, it may introduce breaking changes that could affect the project's functionality. Therefore, it is crucial to thoroughly test the project with the new version to ensure compatibility and identify any potential issues.

To verify the compatibility and functionality of the project with the updated @vscode/vsce package, consider the following steps:

1. Update the package version in your local development environment.
2. Run the project's test suite to identify any failing tests that may indicate breaking changes or incompatibilities.
3. Manually test the project's critical functionalities and user flows to ensure they work as expected with the new version.
4. If any issues are found, investigate the @vscode/vsce package's release notes and documentation to determine if there are any known breaking changes or migration steps required.
5. Make necessary adjustments to the project's codebase to address any incompatibilities or breaking changes introduced by the new version.

By thoroughly testing the project and verifying its compatibility and functionality with the updated @vscode/vsce package, you can ensure a smooth transition to the new version and minimize the risk of introducing bugs or issues.