[](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [ctor](https://togithub.com/mmastrac/rust-ctor) |
workspace.dependencies | patch | `0.2.6` -> `0.2.8` |
---
### Configuration
📅 **Schedule**: Branch creation - "after 3pm on Wednesday" in timezone
America/New_York, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
Release Notes:
- N/A
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzguMCIsInVwZGF0ZWRJblZlciI6IjM3LjQzOC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR adds a new `xtask` command for checking that packages conform to
certain standards.
Still a work-in-progress, but right now it checks:
- If `[lints] workspace = true` is set
- If packages are using non-workspace dependencies
Release Notes:
- N/A
[](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [sha2](https://togithub.com/RustCrypto/hashes) |
workspace.dependencies | patch | `0.10.7` -> `0.10.8` |
---
### Release Notes
<details>
<summary>RustCrypto/hashes (sha2)</summary>
###
[`v0.10.8`](https://togithub.com/RustCrypto/hashes/compare/sha2-v0.10.7...sha2-v0.10.8)
[Compare
Source](https://togithub.com/RustCrypto/hashes/compare/sha2-v0.10.7...sha2-v0.10.8)
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "after 3pm on Wednesday" in timezone
America/New_York, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
Release Notes:
- N/A
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzguMCIsInVwZGF0ZWRJblZlciI6IjM3LjQzOC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR upgrades `async-tungstenite` to v0.23.
This is so we can get the CVE fix in `tungstenite` v0.20.1.
Now that #15219 is done, upgrading to v0.23 no longer breaks
authentication with collab.
Release Notes:
- N/A
This PR upgrades `async-tungstenite` to v17.0.3.
We previously attempted upgrading `async-tungstenite` in #15039, but
broke authentication with collab in the process.
Upon further investigation, I determined that the root cause is due to
this change in `tungstenite` v0.17.0:
> Overhaul of the client's request generation process. Now the users are
able to pass the constructed `http::Request` "as is" to
`tungstenite-rs`, letting the library to check the correctness of the
request and specifying their own headers (including its own key if
necessary). No changes for those ones who used the client in a normal
way by connecting using a URL/URI (most common use-case).
We _were_ relying on passing an `http::Request` directly to
`tungstenite`, meaning we did not benefit from the changes to the common
path (of passing a URL/URI).
This meant that—due to changes in `tungstenite`—we were now missing the
`Sec-WebSocket-Key` header that `tungstenite` would otherwise set for
us.
Since we were only passing a custom `http::Request` to set headers, our
approach has been adjusted to construct the initial WebSocket request
using `tungstenite`'s `IntoClientRequest::into_client_request` and then
modifying the request to set our additional desired headers.
Release Notes:
- N/A
This PR upgrades the version of `wasmtime` and `wasmtime-wasi` in use to
v21.0.1.
We have to skip v20 because Tree-sitter also skipped it.
Here are the changes that had to be made:
### v19 -> v20
After upgrading the `wasmtime` packages to v20, I also had to run `cargo
update -p mach2` to pull in
[v0.4.2](https://github.com/JohnTitor/mach2/releases/tag/0.4.2) to fix
some compile errors.
There were a few minor API changes in `wasmtime-wasi` from
https://github.com/bytecodealliance/wasmtime/pull/8228 that we needed to
account for.
### v20 -> v21
Since there isn't a Tree-sitter version that depends on `wasmtime@v20`,
we're jumping straight to v21.
The published version of Tree-sitter (v0.22.6) still depends on
`wasmtime@v19`, but there was a commit
(7f4a57817d)
later that month that upgrades the `wasmtime` dependency to v21.
We're patching Tree-sitter to that commit so we can get the new
`wasmtime` version.
The main change in v21 is that imports generated by `bindgen!` are no
longer automatically trapped
(https://github.com/bytecodealliance/wasmtime/pull/8310), so we need to
add `trappable_imports: true` to our `bindgen!` calls.
Release Notes:
- N/A
[](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [any_vec](https://togithub.com/tower120/any_vec) |
workspace.dependencies | minor | `0.13` -> `0.14` |
---
### Release Notes
<details>
<summary>tower120/any_vec (any_vec)</summary>
###
[`v0.14.0`](https://togithub.com/tower120/any_vec/blob/HEAD/CHANGELOG.md#0140)
[Compare
Source](https://togithub.com/tower120/any_vec/compare/v0.13.0...v0.14.0)
##### Added
- Now library `no_std` friendly.
##### Removed
- Helpers `any_value::move_out`, `any_value::move_out_w_size` removed as
redundant.
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "after 3pm on Wednesday" in timezone
America/New_York, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
Release Notes:
- N/A
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzguMCIsInVwZGF0ZWRJblZlciI6IjM3LjQzOC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
[](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [async-broadcast](https://togithub.com/smol-rs/async-broadcast) |
dependencies | patch | `0.7.0` -> `0.7.1` |
---
### Release Notes
<details>
<summary>smol-rs/async-broadcast (async-broadcast)</summary>
###
[`v0.7.1`](https://togithub.com/smol-rs/async-broadcast/blob/HEAD/CHANGELOG.md#Version-071)
[Compare
Source](https://togithub.com/smol-rs/async-broadcast/compare/0.7.0...v0.7.1)
- Add a `poll_recv()` method to the `Receiver` type. This allows for
`Receiver`
to be used in `poll`-based contexts.
([#​56](https://togithub.com/smol-rs/async-broadcast/issues/56))
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "after 3pm on Wednesday" in timezone
America/New_York, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
Release Notes:
- N/A
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzguMCIsInVwZGF0ZWRJblZlciI6IjM3LjQzOC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
[](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [derive_more](https://togithub.com/JelteF/derive_more) |
workspace.dependencies | patch | `0.99.17` -> `0.99.18` |
---
### Release Notes
<details>
<summary>JelteF/derive_more (derive_more)</summary>
###
[`v0.99.18`](https://togithub.com/JelteF/derive_more/compare/v0.99.17...v0.99.18)
[Compare
Source](https://togithub.com/JelteF/derive_more/compare/v0.99.17...v0.99.18)
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "after 3pm on Wednesday" in timezone
America/New_York, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
Release Notes:
- N/A
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzguMCIsInVwZGF0ZWRJblZlciI6IjM3LjQzOC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Closes https://github.com/zed-industries/zed/issues/4565
To fix issues with code blocks' parsing in Markdown, a
tree-sitter-markdown library update is needed.
But `tree_sitter::language` is used in many places within core Zed,
which forced more library updates.
Release Notes:
- Updated tree-sitter parsers for core languages
---------
Co-authored-by: Max Brunsfeld <max@zed.dev>
Co-authored-by: Piotr Osiewicz <piotr@zed.dev>
This PR adds settings controls for the UI and buffer font weight
settings.
It also does some work around grouping the settings into related
sections.
Release Notes:
- N/A
This adds support for detecting line comments in the
[Jupytext](https://jupytext.readthedocs.io/) format. When line comments
such as `# %%` is present, invoking `repl: run` will evaluate the code
between these line comments as a unit.
/cc @rgbkrk
```py
# %%
# This is my first block
print(1)
print(2)
# %%
# This is my second block
print(3)
```
Release Notes:
- N/A
---------
Co-authored-by: Antonio Scandurra <me@as-cii.com>
Co-authored-by: Antonio <antonio@zed.dev>
Co-authored-by: Thorsten <thorsten@zed.dev>
Co-authored-by: Thorsten Ball <mrnugget@gmail.com>
This PR adds support for a new encryption format for exchanging access
tokens during the authentication flow.
The new format uses Optimal Asymmetric Encryption Padding (OAEP) instead
of PKCS#1 v1.5, which is known to be vulnerable to side-channel attacks.
**Note: We are not yet encrypting access tokens using the new format, as
this is a breaking change between the client and the server. This PR
only adds support for it, and makes it so the client and server can
decrypt either format moving forward.**
This required bumping the RSA key size from 1024 bits to 2048 bits. This
is necessary to be able to encode the access token into the ciphertext
when using OAEP.
This also follows OWASP recommendations:
> If ECC is not available and RSA must be used, then ensure that the key
is at least 2048 bits.
>
> —
[source](https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#algorithms)
Release Notes:
- N/A
This PR upgrades the `rsa` crate to v0.9.6.
The version we were using was rather old, and for something
security-sensitive we should be using a recent version.
No behavioral changes have been made, just updates to account for
changes in the crate's API.
Release Notes:
- N/A
cbindgen pulled that in, but we don't really need it (Plus it pulls in a
dep with an advisory)
Release Notes:
- N/A
---------
Co-authored-by: Marshall Bowers <elliott.codes@gmail.com>
This pulls in https://github.com/kvark/blade#144 to see if it results in
fewer bad GPU configurations selected
Release Notes:
- linux: Improved graphics card detection
<img width="624" alt="image"
src="https://github.com/user-attachments/assets/f492b0bd-14c3-49e2-b2ff-dc78e52b0815">
- [x] Correctly set custom model token count
- [x] How to count tokens for Gemini models?
- [x] Feature flag zed.dev provider
- [x] Figure out how to configure custom models
- [ ] Update docs
Release Notes:
- Added support for quickly switching between multiple language model
providers in the assistant panel
---------
Co-authored-by: Antonio <antonio@zed.dev>
This PR adds a placeholder view for the settings UI. It does not contain
any functionality, as of yet.
This view is staff-shipped behind a feature flag.
Release Notes:
- N/A
Release Notes:
- linux: Added GPU information to `editor: Copy System Specs to
Clipboard`
- linux: Show a prominant warning before running under llvmpipe and
similar.
