Merge main into release/stable#1548
Merged
amitjoshi438 merged 183 commits intorelease/stablefrom Apr 9, 2026
Merged
Conversation
* Enhance CodeQL screening with detailed telemetry logging and error handling * Add telemetry logging for SARIF viewer installation and activation events * Remove test for handling null or undefined inputs in CodeQLAction tests * Enhance CodeQL analysis with issue tracking and improved telemetry logging --------- Co-authored-by: Amit Joshi <amitjoshi@microsoft.com>
… properties (#1285) Refactor completion item handling to simplify namespace and property insertions Co-authored-by: Amit Joshi <amitjoshi@microsoft.com>
…ndition for virtual workspaces (#1286) * Update actionsHub visibility condition to use virtualWorkspace
* Update node version * Add manual trigger for localization update workflow - ✨ Added `workflow_dispatch` to allow manual testing of the localization update workflow. -Priyanshu
- 🔧 Added token configuration for checkout step - 🔒 Ensured GITHUB_TOKEN is set for commit and push step -Priyanshu
- 🗑️ Deleted paths-ignore section to allow all changes to trigger the workflow. - 🔄 Ensured that localization files are now included in the CI process. -Priyanshu
…6: Build ID 2223259 (#1276) * Localized file check-in by OneLocBuild Task: Build definition ID 12756: Build ID 2223259 * Automated localization update from CI * Dummy commit --------- Co-authored-by: Priyanshu Agrawal <priyanshuag@microsoft.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…6: Build ID 2227356 (#1292) * Localized file check-in by OneLocBuild Task: Build definition ID 12756: Build ID 2227356 * Automated localization update from CI --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: PAC Auto Update Bot <pac-auto-update@microsoft.com>
* Enhance PAC CLI process management with error handling and reset logic in exit and download operations * Refactor handleOpenPowerPages to include progress notifications and improve error handling for URI processing * Refactor URI handling to improve parameter parsing, telemetry data construction, and error handling * Remove duplicate error message displays for missing parameters and download failures in URI handling * Add PowerPagesNavigationConstants for improved code organization and maintainability * Refactor handleOpenPowerPages to directly use selected folder and remove prepareDownloadFolder utility * Refactor URI handler error messages and download progress notifications for clarity and consistency * Add feature flag for 'Open in Desktop' functionality in VSCode Web * Update URI parameters to include WEBSITE_NAME and WEBSITE_PREVIEW_URL for improved flexibility in URI handling * Remove obsolete translation entries related to Power Pages and VS Code Desktop for cleaner localization files * Add localization strings and improve error handling for Power Pages and VS Code Desktop integration * Fix null reference error when killing process in PacInterop --------- Co-authored-by: Amit Joshi <amitjoshi@microsoft.com>
…format (#1295) Enhance website data retrieval by adding fallback for website name and supporting new Git ALM format in website ID extraction Co-authored-by: Amit Joshi <amitjoshi@microsoft.com>
* Refactor CodeQL screening to check for .powerpages-site folder existence and clean up dispose method * Clarify comment for .powerpages-site folder existence check in runCodeQLScreening function --------- Co-authored-by: Amit Joshi <amitjoshi@microsoft.com>
Update CHANGELOG for pac CLI 1.48.2 release with bug fixes and new features Co-authored-by: Amit Joshi <amitjoshi@microsoft.com>
* Update CHANGELOG for pac CLI 1.48.2 release and version bump to 2.1.0 * Update CHANGELOG for pac CLI 1.48.2 release and version bump to 2.0.100 --------- Co-authored-by: Amit Joshi <amitjoshi@microsoft.com>
…6: Build ID 2230060 (#1296) * Localized file check-in by OneLocBuild Task: Build definition ID 12756: Build ID 2230060 * Automated localization update from CI --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…6: Build ID 2236210 (#1303) * Localized file check-in by OneLocBuild Task: Build definition ID 12756: Build ID 2236210 * Automated localization update from CI --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* Refactor HTTP method names to include 'Async' for clarity and update descriptions * Update Server API autocomplete tests and examples to use 'Async' methods for HTTP client --------- Co-authored-by: Amit Joshi <amitjoshi@microsoft.com>
Bumps [axios](https://github.com/axios/axios) from 1.11.0 to 1.12.1. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.11.0...v1.12.1) --- updated-dependencies: - dependency-name: axios dependency-version: 1.12.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Refactor CodeQL command execution to handle paths with spaces and add tests for escapePath method * Refactor CodeQL command execution to handle paths with spaces and remove escapePath method and related tests --------- Co-authored-by: Amit Joshi <amitjoshi@microsoft.com>
Co-authored-by: Amit Joshi <amitjoshi@microsoft.com>
…#1310) * Preserve insertion order of root webpage IDs in processDataAndCreateFile function * Add feature flag for duplicate file handling in webpage folders --------- Co-authored-by: Amit Joshi <amitjoshi@microsoft.com>
…es (#1311) Co-authored-by: Amit Joshi <amitjoshi@microsoft.com>
📝 Created initial Memory Bank structure and core files. 📄 Documented project overview, architecture, and workflows. 🔧 Included detailed descriptions of features and user scenarios. 📊 Established progress tracking and technical context. -Priyanshu
Add telemetry events for desktop opening actions and feature flag handling Co-authored-by: Amit Joshi <amitjoshi@microsoft.com>
Bumps [tar-fs](https://github.com/mafintosh/tar-fs) from 3.1.0 to 3.1.1. - [Commits](mafintosh/tar-fs@v3.1.0...v3.1.1) --- updated-dependencies: - dependency-name: tar-fs dependency-version: 3.1.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
suppress codeql
#1317) * Add automated workflows for release synchronization and manual syncing * Potential fix for code scanning alert no. 55: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Potential fix for code scanning alert no. 56: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Potential fix for code scanning alert no. 57: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --------- Co-authored-by: Amit Joshi <amitjoshi@microsoft.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
update codeql suppression rule id
* Add mermaid code block for memory bank instructions * Refactor memory bank instructions for clarity - ✏️ Cleaned up mermaid flowchart formatting - 📄 Improved organization of core files section - 🔄 Enhanced documentation updates section for better understanding -Priyanshu
Co-authored-by: Amit Joshi <amitjoshi@microsoft.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Delete memory-bank/ directory and all its files - Remove memory bank reference from Agents.md Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add bug report issue template with extension version, VS Code version, and VS Code channel fields - Add feature request issue template - Add SUPPORT.md with links to GitHub Issues and docs Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Updated liquidjs from 10.24.0 to 10.25.0 - Addresses path traversal fallback vulnerability (high severity) - Bumped minimum version constraint from ^10.2.0 to ^10.25.0 Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Update title to match marketplace display name - Replace outdated VS Code 1.73 / .NET 4.8 requirements with current ones - Remove stale pac CLI output and YouTube promo section - Document Power Pages features: Actions Hub, site comparison, file creation wizards, server logic debugging, CodeQL screening - Add Copilot for Power Pages and PCF debugging sections - Add language server support and VS Code for Web sections - Add extension pack, configuration settings table - Update contributing section to reflect open contributions Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add dropdown to identify Code Apps related bugs - Redirect users to PowerAppsCodeApps repo for Code Apps issues Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Added npm overrides for undici to resolve 6 open alerts - undici@7.22.0 -> ^7.24.0 (via @vscode/vsce -> cheerio) - undici@6.23.0 -> ^6.24.0 (via release-it) - Addresses WebSocket overflow (high), HTTP smuggling (medium), and CRLF injection (medium) vulnerabilities Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Added picomatch@2 override to resolve to ^2.3.2 - Addresses ReDoS vulnerability via extglob quantifiers (high) - Addresses Method Injection in POSIX Character Classes (medium) Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Rename server-logics to server-logic in web extension Remove trailing 's' from the server-logics folder name and related constants/enums to use singular form (server-logic) consistently. Only VS Code-side naming is affected; Dataverse entity names remain unchanged. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Revert "Rename server-logics to server-logic in web extension" This reverts commit db26a8b. * Rename server-logics folder to server-logic in web extension Only change the folder display name (_foldername) and the corresponding constant value. Entity names and enum values are unchanged to preserve the fetch pipeline. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Amit Joshi <amitjoshi@microsoft.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Pin axios to 1.13.5 to avoid compromised version - Remove caret from axios override to pin exactly to 1.13.5 - Prevents npm from resolving to axios@1.14.1 which was found to contain a Remote Access Trojan via hijacked npm credentials - axios is a transitive dep via @fluidframework/server-services-client Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Update package-lock.json with pinned axios 1.13.5 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Priyanshu Agrawal <priyanshuag@Priyanshus-MacBook-Pro.local> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Suppress blocking CES survey auth failures so extension integration and feedback paths continue when CES service principal is disabled. Co-authored-by: Amit Joshi <amitjoshi@microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Amit Joshi <amitjoshi@microsoft.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Updated @xmldom/xmldom from 0.8.11 to 0.8.12 - Addresses CVE-2026-34601 (high) - Keeps the fix scoped to the first patched release for the direct dependency Co-authored-by: Priyanshu Agrawal <priyanshuag@Priyanshus-MacBook-Pro.local> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Add Playwright E2E sanity tests for VS Code Web extension Automates manual web sanity test suite with Playwright tests that run against a real Power Platform environment. Includes tests for extension activation, site tree loading, file operations, file save/revert, and navigation. Adds a nightly GitHub Actions workflow (E2ESanity.yml). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs(.squad): log Hockney e2e Playwright review session - Orchestration log: e2e test infrastructure review findings - Session log: Critical (13 hardcoded waits), major (POM, URL mismatch), minor issues - Decision inbox merged into decisions.md - Recommendations for test maintainability and CI integration Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * docs(.squad): log Keaton review of e2e test findings - Orchestration log: Keaton approved Hockney's e2e review with adjustments - Session log: Summary of verdict and P0/P1/P2 priority plan - Decision merge: Inbox entry consolidated into decisions.md with full action plan - Hockney history: Append Keaton lead decision and severity adjustments - Adjusted POM severity to Minor (premature for 5 specs) - Dismissed serial marker finding (config already enforces serial execution) - Elevated URL casing issue: test sends camelCase, enum is lowercase, production query failures likely Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * docs(.squad): log McManus P0 e2e fixes session Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * docs(.squad): log Fenster P1 e2e fixes session - Orchestration log: 2026-04-02T07:35:00Z Fenster P1 leaf-node detection + storageState caching - Session log: Brief summary of both fixes - Merged decision inbox: fenster-e2e-auth-caching.md → decisions.md - Updated hockney/history.md: P1 completion note - Updated mcmanus/history.md: storageState caching details Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(e2e): improve Playwright test reliability and correctness - Replace all 13 waitForTimeout() calls with condition-based waits - Fix URL builder param casing to match queryParameters enum (case-sensitive) - Fix vacuous assertion (toBeGreaterThanOrEqual(0) -> toBeGreaterThan(0)) - Improve auth error handling: swallow timeouts, propagate real errors - Replace brittle aria-expanded leaf-node detection with .monaco-tl-twistie.collapsible - Add storageState caching for auth reuse across test runs Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * chore: remove .squad from git tracking and update .gitignore Keep squad team state local-only — not committed to repo. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * chore: remove squad-related entries from .gitignore Moved squad exclusions to .git/info/exclude (machine-local) to keep .gitignore clean of non-project entries. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * feat(e2e): simplify config to use direct VS Code Web URL - Replace individual env vars (org URL, site IDs, tenant) with single PP_TEST_VSCODE_URL containing the full VS Code Web URL - Remove TestSiteConfig interface and buildVSCodeWebUrl helper - Simplify .env.example to 3 vars: URL, username, password - Trim E2ESanity.yml to 3 secrets, bump actions to v4 - Add --with-deps to Playwright install for CI runners - Add 'node' to e2e tsconfig types to fix process reference Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * chore(ci): set E2E sanity to weekly, remove from PR workflow - Change E2ESanity.yml schedule from nightly to weekly (Monday 2AM UTC) - Remove e2e-sanity job from PullRequest.yml - E2E tests run via E2ESanity.yml (weekly + manual dispatch only) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * chore: remove .omc from .gitignore * Update src/e2e/fixtures/vscode-web.fixture.ts Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * chore(e2e): restructure tests folder and add power-pages grouping Rename tests/ to test/power-pages/ to follow project conventions (singular test/) and group Power Pages-specific e2e tests under their own folder. Rename workflow to E2EWebSanity to reflect web scope. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(e2e): handle account picker quick pick in auth flow When cached storage state exists, VS Code may show a "Select an account" quick pick instead of the Allow dialog. Select the first account to unblock the auth flow. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Amit Joshi <amitjoshi@microsoft.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: PAC Auto Update Bot <pac-auto-update@microsoft.com>
- Update lodash override from ^4.17.23 to ^4.18.0 to fix prototype pollution (GHSA #159) and code injection (GHSA #160) - Add defu override ^6.1.5 to fix prototype pollution via __proto__ key (GHSA #161) - Regenerate package-lock.json Co-authored-by: Priyanshu Agrawal <priyanshuag@Priyanshus-MacBook-Pro.local> Co-authored-by: Claude Opus 4.6 (1M context)(Internal only) <noreply@anthropic.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…1535) * fix(e2e): use auto-retrying assertion for file explorer visibility Replace instant count() check with toBeVisible() so Playwright retries until the Power Pages file explorer element appears in the DOM. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(e2e): improve test reliability for navigation and file-save - Replace unreliable simpleFileExplorer ID check with tree row visibility - Simplify fixture wait to use treeRow instead of powerPagesFileExplorer - Handle already-expanded web-pages folder in file-save test - Use force clicks to bypass tree row intercept issues Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore(ci): run E2E web sanity tests daily instead of weekly Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Amit Joshi <amitjoshi@microsoft.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Amit Joshi <amitjoshi@microsoft.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Amit Joshi <amitjoshi@microsoft.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Add E2E web sanity tests for PR checks on release/stable - Add Playwright E2E test that runs against real vscode.dev - Install locally-built extension via Developer: Install Extension from Location - Serve extension files via http-server on localhost:5050 - Bypass Chrome Local Network Access prompt with Chromium flags - Test flow: auth, site load, install local ext, reload, re-auth, edit/save/revert - Add web-sanity job to PullRequest.yml (release/stable PRs only, Ubuntu) - Add http-server devDependency - Add .squad/ to .gitignore Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: use github.event.pull_request.base.ref for web-sanity condition Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * temp: enable web-sanity on main PRs for CI verification Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * revert: restore web-sanity to release/stable only Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Amit Joshi <amitjoshi@microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
These workflows (auto-sync-release, manual-sync-stable, release-automation) are no longer used. The release process is handled through local tooling. Co-authored-by: Amit Joshi <amitjoshi@microsoft.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…main-to-stable # Conflicts: # .github/workflows/PullRequest.yml # .gitignore # package-lock.json # package.json
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
priyanshu92
approved these changes
Apr 9, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
mainintorelease/stableTest plan
npm run test-web-integrationfor web extension changesnpm run test-desktop-intfor desktop extension changes🤖 Generated with Claude Code