Commit graph

844 commits

Author SHA1 Message Date
Ben Brandt
616b76cd59
Update Danger to 13.0.8 (#60346)
Release Notes:

- N/A
2026-07-03 10:10:41 +00:00
Finn Evers
a91c8aa7d7
Remove more storybook leftovers (#60337)
Release Notes:

- N/A
2026-07-03 08:27:48 +00:00
Lena
b3d5ead59f
Add Guild board automation (#60266)
Automates the Guild contributor program on project board #74 so the
cohort is recognized and kept unblocked without manual babysitting.

- Move a board issue to In Progress when a Guild member self-assigns it,
and post a friendly heads-up when they are assigned an issue that is not
on the board.
- Flag when a Guild member opens a new PR while another of theirs is
still open, to help them land work before spreading thin.
- Check in on quiet assignments and, if an assignee stays silent, free
the issue back to a to-do column so others can pick it up; a "guild
hold" label lets maintainers pause check-ins after they have followed
up.
- Share a weekly digest of what the Guild shipped.
- Label PRs from Guild members and recognize a Guild contributor tier on
the community PR board.

Release Notes:

- N/A
2026-07-02 09:46:22 +00:00
Smit Barmase
d132afe9fc
Add new area labels to track mapping - 2 (#60247)
| Label | Description |
|---|---|
| `area:ai/agent thread/sandbox` | Feedback for Zed's Agent sandboxing |
| `area:text finder` | Issue about text finder |
| `area:gpui/graphics` | Related to graphics issues in GPUI |

Release Notes:

- N/A
2026-07-02 07:42:58 +00:00
Peter Tripp
e0f77d16fb
Update bundled JSON schemas (2026-04-29) (#58948)
./script/update-json-schemas 16c22767

- Improved `script/update-json-schemas`
  - Fix paths to match new locations of schemas
  - Add support for specifying an explicit commit
  - Use sed to replace `json.` links with `www.` in schemas
- Updated JSON schemas to
[SchemaStore/schemastore@16c2276](16c227677c)
(2026-04-29; last updated 2025-02-28)
-
[tsconfig.json](https://github.com/SchemaStore/schemastore/commits/master/src/schemas/json/tsconfig.json)
@
[16c2276](https://raw.githubusercontent.com/SchemaStore/schemastore/16c227677c1cb71864593f63382705e8c7390810/src/schemas/json/tsconfig.json)
-
[changes](https://github.com/SchemaStore/schemastore/commits/16c227677c1cb71864593f63382705e8c7390810/src/schemas/json/tsconfig.json)
-
[package.json](https://github.com/SchemaStore/schemastore/commits/master/src/schemas/json/package.json)
@
[16c2276](https://raw.githubusercontent.com/SchemaStore/schemastore/16c227677c1cb71864593f63382705e8c7390810/src/schemas/json/package.json)
-
[changes](https://github.com/SchemaStore/schemastore/commits/16c227677c1cb71864593f63382705e8c7390810/src/schemas/json/package.json)
- Updates tsconfig.json to support ES2025 stuff.
- Updates package.json to support `nodemonConfig`

Note, this is pinned to an old commit
(16c22767) because
anything after https://github.com/SchemaStore/schemastore/pull/5631 will
result in errors for all referenced schemas in package.json. This occurs
as they are all now relative links, which cannot be resolved for the
schema injected via config. This is also a hint that the current method
of bundling of package.json schema in practice triggers json-language
fetching 8 other nested schemas. Probably worth revisiting that.

CC: @probably-neb as someone who recently worked on the schemastore
stuff.

Self-Review Checklist:

- [Yes] I've reviewed my own diff for quality, security, and reliability
- [N/A] Unsafe blocks (if any) have justifying comments
- [N/A] The content adheres to Zed's UI standards
([UX/UI](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
and
[icon](https://github.com/zed-industries/zed/blob/main/crates/icons/README.md)
guidelines)
- [N/A] Tests cover the new/changed behavior
- [N/A] Performance impact has been considered and is acceptable

Release Notes:

- Update bundled tsconfig.json and package.json schemas

---------

Co-authored-by: Ben Kunkle <ben.kunkle@gmail.com>
2026-06-25 17:30:12 +00:00
Yara 🏳️‍⚧️
8372eb1b13
Add picker label to GitHub community PR board automation (#59905)
Release Notes:

- N/A
2026-06-25 14:18:47 +00:00
Finn Evers
e4dbdaa622
Remove cherry-pick-bot config (#59703)
Although not listed on https://killedbygoogle.com/, the Google
cherry-pick bot was killed some time ago and we now use our own bot for
this. Thus we can safely remove the config here.

Also, fixes the shebang in the cherry-pick script.

Release Notes:

- N/A
2026-06-22 13:00:51 +00:00
Yara 🏳️‍⚧️
ccf4058b7a
Add preview to pickers and make them resizable (#59604)
Overhauls Zed's pickers to make them resizable and give them a preview.

Closes #8279 

### Background
The most requested Zed feature has the last year has been a [Telescope
like search box](https://github.com/zed-industries/zed/issues/8279)
[discussion](https://github.com/zed-industries/zed/discussions/22581).
To understand why this is so popular we need to understand search can
serve thee goals:
- Navigation: fuzzy search is faster & easier then clicking in a file
tree
- Exploration: example, find a function by a word in its doc comment
- Collecting: example, getting a list of functions to change

The project search which shows results in a multibuffer is the perfect
way to operate on a list of items. Navigation and Exploration need a lot
of context around each result and offer fast navigation between them.
For both of these live searching is also critical.

The `telescope UI` is a picker with a preview to the right or below.
It's offered in various editors and IDE's most famously Neovim (through
the Telescope plugin), IntelliJ (natively), Helix (natively) and of
course VScode (plugins) and it's _many_ forks.

While having a UI like that for text search (our project search) is most
requested the UX pattern is applied widely, from `find_all_references`
to `bookmarks`. It enhances most pickers. Note that we have over 50
different picker modals!

The community has tried to build something like this for Zed:
- https://github.com/zed-industries/zed/pull/44530
- https://github.com/zed-industries/zed/pull/45307
- https://github.com/zed-industries/zed/pull/46478
- https://github.com/zed-industries/zed/pull/43790

These all became huge PR's that we could not merge for various reasons.
This is a really hard feature to integrate in Zed!
This PR got started as https://github.com/zed-industries/zed/pull/46478
and supercedes that.

### Design
- Extend pickers to support an optional preview with minimal changes to
the pickers themselves.
- Make pickers resizable.
- Complement the existing search do not replace it by having both UI's
share the underlying search and allow freely switching between them.
- Allow extending the preview to things other then files.
- Maintain a clean design on all the pickers.

### Heigh level Implementation overview
- Adds an `Option<Preview>` to `Picker`
- Gives `PickerDelegate` a method to communicate a preview to the Picker
- Overhaul the way pickers are drawn to allow for resizing them.
Implemented on the `Shape` and `SizeBouds` structs.
- Adds a high level way to draw the `footer` and `editor` so we do not
need to change much to the pickers.
- Adds a new text finder Picker
- Adds a way to take a running search from project search and hand it to
the text finder Picker and the other way round
- Give the file finder a preview

### Next steps
A more detailed list and how to help out will be added to the tracking
issue for [Pickes with
previews](https://github.com/zed-industries/zed/issues/56037)
- Add more previews to more pickers!
- Enable selectioning multiple items in pickers and performing actions
on those
- Open selected items in a multibuffer
- Add a way to restore the last picker
- Make popovers (picker attached to some menu) resizable as well

## Self-Review Checklist:

- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content adheres to Zed's UI standards
([UX/UI](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
and
[icon](https://github.com/zed-industries/zed/blob/main/crates/icons/README.md)
guidelines)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable

## Showcase
TODO (will be done post merge)

---

Release Notes:
- Added resizing via dragging to all picker modals. 
- Added a preview to the File finder, the preview can be to the right or
below.
- Added a Text finder picker with a preview as alternative project
search UI. The search is shared and allowes switch between UIs while
running.

---------

Co-authored-by: ozacod <47009516+ozacod@users.noreply.github.com>
Co-authored-by: ozacod <ozacod@users.noreply.github.com>
Co-authored-by: Danilo Leal <daniloleal09@gmail.com>
2026-06-19 17:43:07 +00:00
MartinYe1234
dfd44a45dd
Add Windows terminal sandboxing via WSL (#58971)
Summary

- Adds Windows agent terminal sandboxing by routing commands through WSL
and Bubblewrap.
- Supports native Windows and WSL project paths, including elevated
write grants for WSL paths.
- Shows a confirmation prompt to turn off sandboxing when WSL sandbox
setup is unavailable.

This builds on the work in the sandbox-linux branch.

Closes AI-376

Release Notes:

- Added Windows terminal sandboxing for agent commands when sandboxing
is enabled.

---------

Co-authored-by: cameron <cameron.studdstreet@gmail.com>
Co-authored-by: Richard Feldman <oss@rtfeldman.com>
Co-authored-by: zed-zippy[bot] <234243425+zed-zippy[bot]@users.noreply.github.com>
2026-06-17 21:07:29 +00:00
Lena
e5966915e4
Duplicate Bot: Switch to structured tool output for Claude (#59432)
Some checks are pending
Congratsbot / check-author (push) Waiting to run
Congratsbot / congrats (push) Blocked by required conditions
deploy_nightly_docs / deploy_docs (push) Waiting to run
run_tests / check_scripts (push) Blocked by required conditions
run_tests / orchestrate (push) Waiting to run
run_tests / check_style (push) Waiting to run
run_tests / clippy_windows (push) Blocked by required conditions
run_tests / clippy_linux (push) Blocked by required conditions
run_tests / clippy_mac (push) Blocked by required conditions
run_tests / clippy_mac_x86_64 (push) Blocked by required conditions
run_tests / run_tests_windows (push) Blocked by required conditions
run_tests / run_tests_linux (push) Blocked by required conditions
run_tests / run_tests_mac (push) Blocked by required conditions
run_tests / miri_scheduler (push) Blocked by required conditions
run_tests / doctests (push) Blocked by required conditions
run_tests / check_workspace_binaries (push) Blocked by required conditions
run_tests / build_visual_tests_binary (push) Blocked by required conditions
run_tests / check_wasm (push) Blocked by required conditions
run_tests / check_dependencies (push) Blocked by required conditions
run_tests / check_docs (push) Blocked by required conditions
run_tests / check_licenses (push) Blocked by required conditions
run_tests / check_postgres_and_protobuf_migrations (push) Blocked by required conditions
run_tests / extension_tests (push) Blocked by required conditions
run_tests / tests_pass (push) Blocked by required conditions
Rather than continuing to try to persuade Claude to pretty please only
output json, or to parse json out of Claude's prose, switch to forced
tool calls with a json schema and hope this works better.

And bump the version of the bot to 4 since the model upgrade which was
shipped earlier today is evidently behaving differently enough.

Release Notes:

- N/A
2026-06-16 15:17:51 +00:00
Gaauwe Rombouts
a851320e6d
ci: Revalidate zed.dev after release (#59422)
Updates CI to use the revalidate mechanism for updating zed.dev post
release, instead of doing a full re-deploy.

Release Notes:

- N/A
2026-06-16 14:59:26 +00:00
Lena
4c0717facc
PR board: Stop touching archived items (#59428)
The GitHub workflow was sometimes failing when someone edited the
already-merged PR that had been archived on the board because archived
items can't have their fields changed. The project board fields don't
need to be updated when the PR is already merged or closed.

Release Notes:

- N/A
2026-06-16 13:05:26 +00:00
Lena
ed6e747bc5
Duplicate Bot: Update retired Claude model (#59424)
claude-sonnet-4-20250514 was retired by Anthropic on June 15, 2026,
causing the "Comment on potential duplicate bug/crash reports" workflow
to fail with a 404 from /v1/messages on the first call_claude
invocation.

Switch to the recommended replacement, claude-sonnet-4-6.

Release Notes:
- N/A
2026-06-16 12:40:07 +00:00
Finn Evers
511d197477
Enforce adding a message to extension CLI bumps (#58786)
This slightly reworks the extension CLI bump workflow - instead of
triggering on label push, it now triggers on workflow dispatch with a
message enforced to be added there.

This primarily allows us to add a message to these bumps to better
communicate what changes with that version of the CLI. Furthermore, we
can soon restrict the label to be only created by that workflow, which
has the advantage that it can only be based off of main. Also, it has
the nice side-effect that we actually only ever update the label if
everything worked properly.

Release Notes:

- N/A
2026-06-10 23:51:59 +00:00
Lena
158378fc2c
Split out Windows in community PR area-track mapping (#58671)
Release Notes:

- N/A
2026-06-05 16:00:09 +00:00
Lena
1eefc3b9e9
Add upvotes to the community PR board (#58645)
Release Notes:

- N/A
2026-06-05 11:46:17 +00:00
Lena
e83c2d94d4
Add meta signals to the community PR board (#58635)
For the ease of finding something that fits the time that reviewers have
and for making it mechanically easier to prioritize the PRs from the
community champions, surface some meta information on the PR board (and
make it updatable). Meta information here means things like size and
whether there's an issue linked to the PR (and what is its type if there
is).

Release Notes:

- N/A
2026-06-05 10:16:52 +00:00
Marshall Bowers
43ff9ec403
danger: Fix typo (#58475)
This PR fixes a small typo in the Danger message for modified database
schema files.

Release Notes:

- N/A
2026-06-03 22:10:12 +00:00
Marshall Bowers
7e42c0bb1a
danger: Require attestation that database schema migrations have been applied (#58469)
This PR updates the Danger check for touching the Collab schema files to
require attestation that the database schema migrations have been
created and applied.

If there are changes to the schema files without the attestation, Danger
will fail the status check with an error:

<img width="959" height="635" alt="Screenshot 2026-06-03 at 4 58 56 PM"
src="https://github.com/user-attachments/assets/e0857137-b351-4212-a023-13a7d53f5934"
/>

When the attestation clause is present, Danger will report it as such:

<img width="901" height="333" alt="Screenshot 2026-06-03 at 4 59 45 PM"
src="https://github.com/user-attachments/assets/098b0ce4-f86e-4d41-b6af-765bc015fe6e"
/>

Release Notes:

- N/A
2026-06-03 21:19:31 +00:00
renovate[bot]
e2e7a6769e
Update dependency requests to v2.33.0 [SECURITY] (#58093)
Some checks are pending
Congratsbot / check-author (push) Waiting to run
Congratsbot / congrats (push) Blocked by required conditions
deploy_nightly_docs / deploy_docs (push) Waiting to run
run_tests / check_scripts (push) Blocked by required conditions
run_tests / orchestrate (push) Waiting to run
run_tests / check_style (push) Waiting to run
run_tests / clippy_windows (push) Blocked by required conditions
run_tests / clippy_linux (push) Blocked by required conditions
run_tests / clippy_mac (push) Blocked by required conditions
run_tests / clippy_mac_x86_64 (push) Blocked by required conditions
run_tests / run_tests_windows (push) Blocked by required conditions
run_tests / run_tests_linux (push) Blocked by required conditions
run_tests / run_tests_mac (push) Blocked by required conditions
run_tests / miri_scheduler (push) Blocked by required conditions
run_tests / doctests (push) Blocked by required conditions
run_tests / check_workspace_binaries (push) Blocked by required conditions
run_tests / build_visual_tests_binary (push) Blocked by required conditions
run_tests / check_wasm (push) Blocked by required conditions
run_tests / check_dependencies (push) Blocked by required conditions
run_tests / check_docs (push) Blocked by required conditions
run_tests / check_licenses (push) Blocked by required conditions
run_tests / check_postgres_and_protobuf_migrations (push) Blocked by required conditions
run_tests / extension_tests (push) Blocked by required conditions
run_tests / tests_pass (push) Blocked by required conditions
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [requests](https://redirect.github.com/psf/requests)
([changelog](https://redirect.github.com/psf/requests/blob/master/HISTORY.md))
| `2.32.3` → `2.33.0` |
![age](https://developer.mend.io/api/mc/badges/age/pypi/requests/2.33.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/requests/2.32.3/2.33.0?slim=true)
|

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/15138) for more information.

---

### Requests vulnerable to .netrc credentials leak via malicious URLs
[CVE-2024-47081](https://nvd.nist.gov/vuln/detail/CVE-2024-47081) /
[GHSA-9hjg-9r4m-mvj7](https://redirect.github.com/advisories/GHSA-9hjg-9r4m-mvj7)

<details>
<summary>More information</summary>

#### Details
##### Impact

Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak
.netrc credentials to third parties for specific maliciously-crafted
URLs.

##### Workarounds
For older versions of Requests, use of the .netrc file can be disabled
with `trust_env=False` on your Requests Session
([docs](https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env)).

##### References

[https://github.com/psf/requests/pull/6965](https://redirect.github.com/psf/requests/pull/6965)
https://seclists.org/fulldisclosure/2025/Jun/2

#### Severity
- CVSS Score: 5.3 / 10 (Medium)
- Vector String: `CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N`

#### References
-
[https://github.com/psf/requests/security/advisories/GHSA-9hjg-9r4m-mvj7](https://redirect.github.com/psf/requests/security/advisories/GHSA-9hjg-9r4m-mvj7)
-
[https://nvd.nist.gov/vuln/detail/CVE-2024-47081](https://nvd.nist.gov/vuln/detail/CVE-2024-47081)
-
[https://github.com/psf/requests/pull/6965](https://redirect.github.com/psf/requests/pull/6965)
-
[96ba401c12)
-
[https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env](https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env)
-
[https://seclists.org/fulldisclosure/2025/Jun/2](https://seclists.org/fulldisclosure/2025/Jun/2)
-
[http://seclists.org/fulldisclosure/2025/Jun/2](http://seclists.org/fulldisclosure/2025/Jun/2)
-
[http://www.openwall.com/lists/oss-security/2025/06/03/11](http://www.openwall.com/lists/oss-security/2025/06/03/11)
-
[http://www.openwall.com/lists/oss-security/2025/06/03/9](http://www.openwall.com/lists/oss-security/2025/06/03/9)
-
[http://www.openwall.com/lists/oss-security/2025/06/04/1](http://www.openwall.com/lists/oss-security/2025/06/04/1)
-
[http://www.openwall.com/lists/oss-security/2025/06/04/6](http://www.openwall.com/lists/oss-security/2025/06/04/6)
-
[https://github.com/advisories/GHSA-9hjg-9r4m-mvj7](https://redirect.github.com/advisories/GHSA-9hjg-9r4m-mvj7)

This data is provided by the [GitHub Advisory
Database](https://redirect.github.com/advisories/GHSA-9hjg-9r4m-mvj7)
([CC-BY
4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### Requests has Insecure Temp File Reuse in its extract_zipped_paths()
utility function
[CVE-2026-25645](https://nvd.nist.gov/vuln/detail/CVE-2026-25645) /
[GHSA-gc5v-m9x4-r6x2](https://redirect.github.com/advisories/GHSA-gc5v-m9x4-r6x2)

<details>
<summary>More information</summary>

#### Details
##### Impact
The `requests.utils.extract_zipped_paths()` utility function uses a
predictable filename when extracting files from zip archives into the
system temporary directory. If the target file already exists, it is
reused without validation. A local attacker with write access to the
temp directory could pre-create a malicious file that would be loaded in
place of the legitimate one.

##### Affected usages
**Standard usage of the Requests library is not affected by this
vulnerability.** Only applications that call `extract_zipped_paths()`
directly are impacted.

##### Remediation
Upgrade to at least Requests 2.33.0, where the library now extracts
files to a non-deterministic location.

If developers are unable to upgrade, they can set `TMPDIR` in their
environment to a directory with restricted write access.

#### Severity
- CVSS Score: 4.4 / 10 (Medium)
- Vector String: `CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N`

#### References
-
[https://github.com/psf/requests/security/advisories/GHSA-gc5v-m9x4-r6x2](https://redirect.github.com/psf/requests/security/advisories/GHSA-gc5v-m9x4-r6x2)
-
[66d21cb07b)
-
[https://github.com/psf/requests/releases/tag/v2.33.0](https://redirect.github.com/psf/requests/releases/tag/v2.33.0)
-
[https://nvd.nist.gov/vuln/detail/CVE-2026-25645](https://nvd.nist.gov/vuln/detail/CVE-2026-25645)
-
[https://github.com/advisories/GHSA-gc5v-m9x4-r6x2](https://redirect.github.com/advisories/GHSA-gc5v-m9x4-r6x2)

This data is provided by the [GitHub Advisory
Database](https://redirect.github.com/advisories/GHSA-gc5v-m9x4-r6x2)
([CC-BY
4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### Release Notes

<details>
<summary>psf/requests (requests)</summary>

###
[`v2.33.0`](https://redirect.github.com/psf/requests/blob/HEAD/HISTORY.md#2330-2026-03-25)

[Compare
Source](https://redirect.github.com/psf/requests/compare/v2.32.5...v2.33.0)

**Announcements**

- 📣 Requests is adding inline types. If you have a typed code base that
uses Requests, please take a look at
[#&#8203;7271](https://redirect.github.com/psf/requests/issues/7271).
Give it a try, and report
  any gaps or feedback you may have in the issue. 📣

**Security**

- CVE-2026-25645 `requests.utils.extract_zipped_paths` now extracts
  contents to a non-deterministic location to prevent malicious file
  replacement. This does not affect default usage of Requests, only
  applications calling the utility function directly.

**Improvements**

- Migrated to a PEP 517 build system using setuptools.
([#&#8203;7012](https://redirect.github.com/psf/requests/issues/7012))

**Bugfixes**

- Fixed an issue where an empty netrc entry could cause
  malformed authentication to be applied to Requests on
Python 3.11+.
([#&#8203;7205](https://redirect.github.com/psf/requests/issues/7205))

**Deprecations**

- Dropped support for Python 3.9 following its end of support.
([#&#8203;7196](https://redirect.github.com/psf/requests/issues/7196))

**Documentation**

- Various typo fixes and doc improvements.

###
[`v2.32.5`](https://redirect.github.com/psf/requests/blob/HEAD/HISTORY.md#2325-2025-08-18)

[Compare
Source](https://redirect.github.com/psf/requests/compare/v2.32.4...v2.32.5)

**Bugfixes**

- The SSLContext caching feature originally introduced in 2.32.0 has
created
a new class of issues in Requests that have had negative impact across a
number
of use cases. The Requests team has decided to revert this feature as
long term
maintenance of it is proving to be unsustainable in its current
iteration.

**Deprecations**

- Added support for Python 3.14.
- Dropped support for Python 3.8 following its end of support.

###
[`v2.32.4`](https://redirect.github.com/psf/requests/blob/HEAD/HISTORY.md#2324-2025-06-10)

[Compare
Source](https://redirect.github.com/psf/requests/compare/v2.32.3...v2.32.4)

**Security**

- CVE-2024-47081 Fixed an issue where a maliciously crafted URL and
trusted
environment will retrieve credentials for the wrong hostname/machine
from a
  netrc file.

**Improvements**

- Numerous documentation improvements

**Deprecations**

- Added support for pypy 3.11 for Linux and macOS.
- Dropped support for pypy 3.9 following its end of support.

</details>

---

### Configuration

📅 **Schedule**: (in timezone America/New_York)

- Branch creation
  - ""
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

Release Notes:

- N/A

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMDIuMSIsInVwZGF0ZWRJblZlciI6IjQzLjIwMi4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-29 20:29:38 +00:00
Joseph T. Lyons
06826ef10f
Bump urllib3 to v2.7.0 (#58092)
Some checks are pending
Congratsbot / check-author (push) Waiting to run
Congratsbot / congrats (push) Blocked by required conditions
deploy_nightly_docs / deploy_docs (push) Waiting to run
run_tests / clippy_linux (push) Blocked by required conditions
run_tests / extension_tests (push) Blocked by required conditions
run_tests / orchestrate (push) Waiting to run
run_tests / check_style (push) Waiting to run
run_tests / clippy_windows (push) Blocked by required conditions
run_tests / clippy_mac (push) Blocked by required conditions
run_tests / clippy_mac_x86_64 (push) Blocked by required conditions
run_tests / run_tests_windows (push) Blocked by required conditions
run_tests / run_tests_linux (push) Blocked by required conditions
run_tests / run_tests_mac (push) Blocked by required conditions
run_tests / miri_scheduler (push) Blocked by required conditions
run_tests / doctests (push) Blocked by required conditions
run_tests / check_workspace_binaries (push) Blocked by required conditions
run_tests / build_visual_tests_binary (push) Blocked by required conditions
run_tests / check_wasm (push) Blocked by required conditions
run_tests / check_dependencies (push) Blocked by required conditions
run_tests / check_docs (push) Blocked by required conditions
run_tests / check_licenses (push) Blocked by required conditions
run_tests / check_scripts (push) Blocked by required conditions
run_tests / check_postgres_and_protobuf_migrations (push) Blocked by required conditions
run_tests / tests_pass (push) Blocked by required conditions
Self-Review Checklist:

- [X] I've reviewed my own diff for quality, security, and reliability
- [ ] Unsafe blocks (if any) have justifying comments
- [ ] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [ ] Tests cover the new/changed behavior
- [ ] Performance impact has been considered and is acceptable

Release Notes:

- N/A
2026-05-29 17:55:04 +00:00
Smit Barmase
2ea99a81f1
Add new area labels to track mapping (#58083)
| Label | Description |
|---|---|
| `area:preview/csv` | Feedback for Zed's CSV support |
| `area:fs` | Related to the fs crate. |
| `area:scanning` | Worktree scanning related PRs. |
| `area:editor/bookmarks` | Feedback for the editor bookmarks |
| `area:ai/agent thread/skills` | Feedback for Zed's AI Skills feature |
| `area:ai/terminal threads` | Feedback for Zed's Terminal Threads |
| `area:crashes` | PR related to crashes crate. |
| `area:scripts` | Changes in "script" directory |


Release Notes:

- N/A
2026-05-29 16:08:53 +00:00
Lena
b7b1d1a2c7
Duplicate Bot: Reduce noise (#58074)
Release Notes:

- N/A
2026-05-29 13:28:35 +00:00
morgankrey
27c566c212
Relicense Zed source code under GPL (#57948)
## Summary

This moves the remaining first-party AGPL surface to GPL, a less
restrictive license for these components. Apache-2.0 components are
unchanged.

Changes:
- Updates the `collab` crate from `AGPL-3.0-or-later` to
`GPL-3.0-or-later`
- Removes the root AGPL license file and first-party crate AGPL symlinks
- Updates web, documentation, Flatpak, README, and terms references to
reflect the GPL/Apache licensing split
- Updates the open-source component example list in the terms and
regenerates the RTF copy; no other terms changes are intended
- Adds guardrails so first-party crates cannot declare AGPL licensing or
carry `LICENSE-AGPL` files

Release timing: preview during the week of June 1, 2026; stable during
the week of June 8, 2026.

## Residual AGPL/Affero references

- `LICENSE-GPL`: GPLv3's own compatibility clause; unchanged official
license text.
- `crates/json_schema_store/src/schemas/package.json`: generic npm
package-license schema value, not Zed licensing.
- `script/check-licenses`, `script/new-crate`,
`script/licenses/zed-licenses.toml`: guardrails that reject or warn
against reintroducing AGPL.

## Verification

- `script/check-licenses`
- `script/generate-licenses`
- `script/generate-terms-rtf`
- `script/new-crate license_probe_for_gpl`, then discarded generated
crate
- `script/new-crate license_probe_for_agpl agpl` fails as expected
- `mdbook build docs`
- `./script/clippy`
- `git grep -n -I -E "AGPL|Affero"`
- `git diff --check`

Release Notes:

- The `collab` crate, used to implement Zed's collaboration backend, is
now licensed under the GPL instead of the AGPL. The AGPL license is no
longer used in the zed repository.
2026-05-28 20:19:17 +00:00
Lena
b72e57da65
Duplicate Bot: Handle failure modes better (#57663)
- don't fail to parse json when Claude ignores the instructions and
returns fenced json
- don't fail to search for issues by area labels when Claude ignores the
instructions and returns prose instead of comma-separated list
- don't mark workflow runs as successful when json parsing blew up or
posting the comment failed

Release Notes:

- N/A
2026-05-25 16:49:51 +00:00
Lena
bb460d5f26
Duplicate Bot: Add more context for triagers (V3) (#57647)
In addition to the user-facing suggestions with potential duplicates,
the bot will now also have a separate collapsible block in the same
comment that's meant more for the triagers. This block will list the
duplicates we're less sure about as well as recently closed issues that
seem related to the issue at hand.
This commit updates the bot to V3 for the tracking-effectiveness
purposes and fixes some leftovers from the previous dupe bot change
(activating the bot for issues with no type).
It also improves the reliability of the script a bit, wrapping some
calls to the GitHub API into retries.


Release Notes:

- N/A
2026-05-25 14:29:13 +00:00
Lena
bc41407a5e
Duplicates bot: Stop skipping blank issues (#57643)
We regularly get a certain amount of 'blank' issues on github — those
created bypassing all our templates — and since a fair share of them are
bug reports, it would be helpful for the person triaging if the
duplicates bot has left suggestions on these issues too.

Release Notes:

- N/A
2026-05-25 12:20:10 +00:00
Jakub Konka
7b6be29669
linux: Bundle libstdc++.so for release (#57132)
Self-Review Checklist:

- [ ] I've reviewed my own diff for quality, security, and reliability
- [ ] Unsafe blocks (if any) have justifying comments
- [ ] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [ ] Tests cover the new/changed behavior
- [ ] Performance impact has been considered and is acceptable

Closes https://github.com/zed-industries/zed/issues/57073

Release Notes:

- Fixed running Zed on Ubuntu 20.04 installed via the installer by
bundling the required `libstdc++.so`.
2026-05-19 21:43:35 +00:00
Ben Kunkle
342580531c
script: Trigger docs release (#56953)
Self-Review Checklist:

- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable

Closes #ISSUE

Release Notes:

- N/A or Added/Fixed/Improved ...
2026-05-18 15:35:35 +00:00
Finn Evers
4714220df3
ci: Build nightly more frequently (#53800)
Some checks are pending
Congratsbot / check-author (push) Waiting to run
Congratsbot / congrats (push) Blocked by required conditions
deploy_nightly_docs / deploy_docs (push) Waiting to run
run_tests / orchestrate (push) Waiting to run
run_tests / check_style (push) Waiting to run
run_tests / clippy_windows (push) Blocked by required conditions
run_tests / clippy_linux (push) Blocked by required conditions
run_tests / clippy_mac (push) Blocked by required conditions
run_tests / clippy_mac_x86_64 (push) Blocked by required conditions
run_tests / run_tests_windows (push) Blocked by required conditions
run_tests / run_tests_linux (push) Blocked by required conditions
run_tests / run_tests_mac (push) Blocked by required conditions
run_tests / doctests (push) Blocked by required conditions
run_tests / check_workspace_binaries (push) Blocked by required conditions
run_tests / build_visual_tests_binary (push) Blocked by required conditions
run_tests / check_wasm (push) Blocked by required conditions
run_tests / check_dependencies (push) Blocked by required conditions
run_tests / check_docs (push) Blocked by required conditions
run_tests / check_licenses (push) Blocked by required conditions
run_tests / check_scripts (push) Blocked by required conditions
run_tests / check_postgres_and_protobuf_migrations (push) Blocked by required conditions
run_tests / extension_tests (push) Blocked by required conditions
run_tests / tests_pass (push) Blocked by required conditions
This updates the nightly workflow to run hourly as opposed to once
daily.

Notably, it also 
- changes the poll duration for the auto updater - we now poll 4 times
an hour on the Nightly channel and continue with the old rate for all
other channels
- moves the pre-checks to the linux runners, since we have more
resources available there
- only ever allow one concurrent nightly run

Release Notes:

- N/A
2026-05-15 09:08:55 +00:00
Lena
c19eaab7fa
GitHub board automation: fix query (union selection error) (#56453)
Release Notes:

- N/A
2026-05-11 17:49:38 +00:00
Lena
a3781513ba
GitHub board automation: remove redundant event handling (#56429)
We shouldn't trigger this workflow on pull_request_review.submitted
because (1) two out of three possible cases here are already handled by
the build-in workflow automation of the project board itself, and (2)
this takes us into the territory of workflow runs that require approval.

Release Notes:

- N/A
2026-05-11 15:12:37 +00:00
Lena
78135730f9
GitHub board automation: Retry on GitHub server errors (#56426)
adding retries for the transient API errors that shouldn't interfere
with us changing a status of a PR on the project board.

Release Notes:

- N/A
2026-05-11 14:50:26 +00:00
Lena
533a6b8802
Automate community PRs board with review tracks (#56399)
Release Notes:

- N/A
2026-05-11 10:36:58 +00:00
Lucas White
538151a55e
Rework GH Project status logic to reflect triage runbook (#55845)
Self-Review Checklist:

- [ x] I've reviewed my own diff for quality, security, and reliability
- [ x] Unsafe blocks (if any) have justifying comments
- [ n/a] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [ n/a] Tests cover the new/changed behavior
- [ n/a] Performance impact has been considered and is acceptable

Closes #ISSUE

Release Notes:

- N/A
2026-05-06 15:22:50 +00:00
Lucas White
c34dd17435
Add issue triage project sync workflow (#55796)
Auto-syncs derived fields on a private GitHub Project (#84) from issue
labels and comment activity. Goal is to more effectively track issue
states and make sure we're triaging, closing the loop when
possible/relevant.

Self-Review Checklist:

- [ x] I've reviewed my own diff for quality, security, and reliability
- [ x] Unsafe blocks (if any) have justifying comments
- [ n/a] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [ n/a] Tests cover the new/changed behavior
- [ n/a] Performance impact has been considered and is acceptable

Closes #ISSUE

Release Notes:

- N/A
2026-05-05 17:57:43 +00:00
Ben Brandt
36cafe093c
Update danger deps for CI (#55615)
Release Notes:

- N/A
2026-05-04 10:31:07 +00:00
Joseph T. Lyons
9beeed084b
Add gh auth token fallback to top ranking issues script (#55028)
This just allows me to switch from using tokens to `gh` when running
this script locally.

Release Notes:

- N/A
2026-04-30 14:19:13 +00:00
Lena
53498357e8
Add a broken POC for guild auto-assignment (#55205)
This is mostly to enable testing the github action with the right
secrets — the code is atrocious for now.

Release notes:

- N/A
2026-04-29 13:59:31 +00:00
Finn Evers
0f95845eea
ci: Remove release retagging support (#55199)
From now on, we will instead just make another patch version bump. That
has the advantage that tags will actually always only be applied to the
version bump and not some random change as well as us being able to
prohibit updates of tag refs for the Zed Zippy identity as well.

Release Notes:

- N/A
2026-04-29 13:13:37 +00:00
Finn Evers
8d53ebc70e
ci: Add workflow for bumping Zed versions (#54485)
Release Notes:

- N/A
2026-04-23 00:56:18 +02:00
Kirill Bulatov
d0c8109536
Add more harness to the CI scripts (#53816)
Fixes 
<img width="1238" height="520" alt="image"
src="https://github.com/user-attachments/assets/5e6c0d93-660f-4d1a-ab8c-c9c269292eaa"
/>


If a parent script with `-euo pipefail` invokes a script, that does not
inherit the `-euo pipefail` option. Fix that by adding the flags to the
scripts needed and adjust the curl command to fail too.

Release Notes:

- N/A
2026-04-13 22:28:20 +03:00
Piotr Osiewicz
c69a91baf8
ci: Clean workspace members more eagerly (#53427)
This relies on 1.94s --workspace option we've added to cargo

Self-Review Checklist:

- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable

Closes #ISSUE

Release Notes:

- N/A
2026-04-09 00:21:02 +02:00
Nitin K. M.
64b93202f8
Removal of mold/wild scripts and mentions in docs (#53078)
Self-Review Checklist:

- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [ ] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [ ] Tests cover the new/changed behavior
- [ ] Performance impact has been considered and is acceptable


Release Notes:

- N/A

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-08 21:20:02 +03:00
Anthony Eid
7892b93279
git_graph: Remove feature flag (#52972)
After #52953 gets merged the git graph will be ready for it's preview
release, so we can finally remove the feature flag! AKA this PR releases
the git graph

Self-Review Checklist:

- [ ] I've reviewed my own diff for quality, security, and reliability
- [ ] Unsafe blocks (if any) have justifying comments
- [ ] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [ ] Tests cover the new/changed behavior
- [ ] Performance impact has been considered and is acceptable

Closes #ISSUE

Release Notes:

- Add Git Graph. Can be accessed through the button on the bottom of the
git panel or the `git graph: Open` action
2026-04-02 15:26:37 +00:00
Vincenzo Palazzo
3d5ec540f3
Add .tar.bz2 archive support for ACP agent server downloads (#52188)
## Summary

- Added `TarBz2` variant to `AssetKind` enum for `.tar.bz2` / `.tbz2`
archives
- Implemented `extract_tar_bz2` using the `bzip2` feature of
`async-compression` (already a workspace dependency, just enabled the
feature flag)
- Wired up both streaming and file-based extraction paths in
`github_download.rs`
- Added `.tar.bz2` / `.tbz2` URL detection in both
`LocalExtensionArchiveAgent` and `LocalRegistryArchiveAgent`

This unblocks ACP registry entries (like Goose) that only ship
`.tar.bz2` archives.

Reference: https://github.com/block/goose/issues/8047

## Test plan

- [ ] Verify `cargo check` and `clippy` pass (confirmed locally)
- [ ] Test downloading an ACP agent that ships a `.tar.bz2` archive
(e.g., Goose)
- [ ] Verify existing `.tar.gz` and `.zip` agent downloads still work

Release Notes:

- Added support for `.tar.bz2` archives in ACP agent server downloads,
unblocking registry entries like Goose that only ship bzip2-compressed
tarballs.

---------

Co-authored-by: Ben Brandt <benjamin.j.brandt@gmail.com>
2026-03-25 07:54:23 +00:00
Conrad Irwin
9dd588a7a9
Allow PRs to not have a newline before the first release note (#52336)
Release Notes:

- N/A
2026-03-24 16:54:05 -04:00
Jakub Konka
01fe4f694e
Add screen-sharing support on Wayland/Linux (#51957)
Release Notes:

- Added screen-sharing support on Wayland/Linux.

---------

Co-authored-by: Neel Chotai <neel@zed.dev>
2026-03-19 22:10:42 +01:00
Finn Evers
eb10b8def5
Remove language-extension-version script (#51838)
This PR removes the `language-extension-version` script and cleans up
some of the related documentation around updating extensions, as this is
no longer needed and at this point fully automated.


Release Notes:

- N/A
2026-03-18 14:47:43 +00:00
Jakub Konka
be4d38a56e
livekit: Use our build of libwebrtc.a (#51433)
Closes #51339

This should address issues with too new libstdc++.so on older/more
conservative distros such as RHEL9.

Release Notes:

- Relaxed requirement for libstdc++.so available on Linux distros.
2026-03-16 10:47:36 +01:00