vrr/zed
2
0
Fork 0
mirror of https://github.com/zed-industries/zed.git synced 2026-05-30 20:24:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8
original uri https://github.com/zed-industries/zed https://zed.dev
34096 commits 1514 branches 1410 tags 1 GiB
Find a file
renovate[bot] 1041381a7a
Update Rust crate aws-sdk-s3 to v1.112.0 [SECURITY] (#46402) 
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [aws-sdk-s3](https://redirect.github.com/awslabs/aws-sdk-rust) |
dependencies | minor | `1.108.0` → `1.112.0` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

### GitHub Vulnerability Alerts

####
[GHSA-g59m-gf8j-gjf5](https://redirect.github.com/awslabs/aws-sdk-rust/security/advisories/GHSA-g59m-gf8j-gjf5)

## **Summary**
This notification is related to the use of specific values for the
region input field when calling AWS services. An actor with access to
the environment in which the SDK is used could set the region input
field to an invalid value.

A defense-in-depth enhancement has been implemented in the AWS SDK for
Rust. This enhancement validates that a region used to construct an
endpoint URL is a valid host label. The change was released on November
6, 2025. This advisory is informational to help customers understand
their responsibilities regarding configuration security.

## **Impact**
Customer applications could be configured to improperly route AWS API
calls to non-existent or non-AWS hosts. While the SDK was functioning
safely within the requirements of the shared responsibility model,
additional safeguards have been added to support secure customer
implementations.

**Impacted versions**: All versions prior to [November 6, 2025
release](https://redirect.github.com/awslabs/aws-sdk-rust/releases/tag/release-2025-11-06)

## **Patches**
On November 6, 2025, an enhancement [1] was made to the AWS SDK for Rust
release, which validates the formatting of a region, providing
additional safeguards.

## **Workarounds**
No workarounds are needed, but as always developers should ensure that
their application is following security best practices:
- Implement proper input validation in your application code
- Update to the latest AWS SDK for Rust release on a regular basis
- Follow AWS security best practices [2] for SDK configuration

## **References**
Contact AWS Security via the vulnerability reporting page or email
[aws-security@amazon.com](mailto:aws-security@amazon.com).

## **Acknowledgement**
AWS Security thanks Guy Arazi for bringing these customer security
considerations to our attention through the coordinated disclosure
process.

[1]
[https://github.com/smithy-lang/smithy-rs/pull/4383](https://redirect.github.com/smithy-lang/smithy-rs/pull/4383)
[2] https://docs.aws.amazon.com/sdk-for-rust/latest/dg/security.html

---

### Configuration

📅 **Schedule**: Branch creation - "" in timezone America/New_York,
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

Release Notes:

- N/A

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi43NC41IiwidXBkYXRlZEluVmVyIjoiNDIuNzQuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-01-09 01:32:14 +02:00
.cargo ci: Update typos versions and fix new occurrences (#40784) 2025-10-21 10:43:22 +00:00
.cloudflare docs: Document context servers (#21170) 2024-11-25 11:05:14 -05:00
.config ci: Run slow tests first (#40769) 2025-10-21 09:58:26 +02:00
.factory/prompts/docs-automation docs: Automatic Documentation Github Action using Droid (#45374) 2025-12-19 11:19:12 -06:00
.github Polish the Closed Bugs GH workflow (#46271) 2026-01-07 18:28:01 +01:00
.zed worktree: Implement read_only_files worktree setting (#44376) 2026-01-04 13:18:34 +00:00
assets Add granular tool permissions settings (#46112) 2026-01-08 14:32:18 -08:00
ci Move Nightly release to gh-workflow (#41349) 2025-10-28 13:57:23 -06:00
crates gpui: Fix bug on on_hover callbacks (#46371) 2026-01-08 19:47:22 -03:00
docs Delete docs/telemetry-log-revamp-plan.md (#46398) 2026-01-08 21:34:20 +00:00
extensions extension_ci: Move shared workflows into nested folder (#45828) 2025-12-29 16:44:47 +00:00
legal Fix the markdown table (#38729) 2025-09-23 16:49:45 +00:00
nix nix: Pin cargo-about to 0.8.2 (#44901) 2025-12-16 11:00:46 -08:00
script Add fallback message when preview changelog is empty (#46260) 2026-01-07 14:24:02 +00:00
tooling Autofix run cargo machete --fix too (#46232) 2026-01-07 07:25:00 +00:00
.clinerules Initial .rules file for agent with symlinks for other rules file paths (#29014) 2025-04-17 23:41:23 +00:00
.cursorrules Initial .rules file for agent with symlinks for other rules file paths (#29014) 2025-04-17 23:41:23 +00:00
.git-blame-ignore-revs Add PR 15352 to .git-blame-ignore-revs (#30870) 2025-05-17 11:35:58 +00:00
.gitattributes windows: Make sure zed.sh using the correct line ending (#37650) 2025-09-05 16:25:55 +00:00
.gitignore Screenshot testing (#45259) 2026-01-05 16:34:36 -05:00
.mailmap Blockmap sync fix (#44743) 2025-12-17 16:14:57 +00:00
.prettierrc ci: Add check for formatting default.json (#30034) 2025-05-06 18:55:26 +00:00
.rules project: Properly set up the terminal env in remote shells (#46149) 2026-01-06 10:27:17 +00:00
.windsurfrules Initial .rules file for agent with symlinks for other rules file paths (#29014) 2025-04-17 23:41:23 +00:00
Cargo.lock Update Rust crate aws-sdk-s3 to v1.112.0 [SECURITY] (#46402) 2026-01-09 01:32:14 +02:00
Cargo.toml Update pulldown-cmark to v0.13.0 to fix crash (#46267) 2026-01-08 02:15:34 +01:00
CLAUDE.md Initial .rules file for agent with symlinks for other rules file paths (#29014) 2025-04-17 23:41:23 +00:00
clippy.toml gpui: Fix some memory leaks on macOS platform (#44639) 2025-12-15 17:37:27 +00:00
CODE_OF_CONDUCT.md Remove community content from docs and point to zed.dev (#19895) 2024-10-29 09:44:58 -04:00
compose.yml Remove PostgREST (#41299) 2025-10-27 13:27:59 -04:00
CONTRIBUTING.md Screenshot testing (#45259) 2026-01-05 16:34:36 -05:00
debug.plist WIP 2023-12-14 09:25:14 -07:00
default.nix Fix nix build (#26270) 2025-03-10 01:06:11 -07:00
docker-compose.sql collab: Setup database for LLM service (#15882) 2024-08-06 17:18:08 -04:00
Dockerfile-collab Bump Rust version to 1.92 (#44649) 2025-12-17 01:42:04 +01:00
Dockerfile-collab.dockerignore ci: Move collab to Dockerfile-collab (#18515) 2024-09-30 16:14:26 -04:00
Dockerfile-cross.dockerignore Add remote server cross compilation (#19136) 2024-10-12 23:23:56 -07:00
Dockerfile-distros Support More Linux (#18480) 2024-09-30 17:46:21 -04:00
Dockerfile-distros.dockerignore Support More Linux (#18480) 2024-09-30 17:46:21 -04:00
flake.lock Bump Rust version to 1.92 (#44649) 2025-12-17 01:42:04 +01:00
flake.nix nix: Resolve 'hostPlatform' rename warning in dev shell (#45045) 2025-12-16 15:57:26 -08:00
GEMINI.md Add missing GEMINI.md rule file for gemini-cli (#38885) 2025-10-02 09:47:29 -04:00
LICENSE-AGPL Update license year (#24191) 2025-02-04 09:02:59 -05:00
LICENSE-APACHE Update license year (#24191) 2025-02-04 09:02:59 -05:00
LICENSE-GPL Licenses: change license fields in Cargo.toml to AGPL-3.0-or-later. (#5535) 2024-01-27 13:51:16 +01:00
livekit.yaml Add LiveKit server to Docker Compose (#7907) 2024-02-16 10:49:48 -05:00
lychee.toml ci: Check for broken links (#30844) 2025-06-06 09:39:35 +00:00
Procfile Update instructions for local collaboration (#35689) 2025-08-06 11:10:28 -07:00
Procfile.all Add agent thread sharing (#46140) 2026-01-06 12:49:51 -08:00
Procfile.web Remove PostgREST (#41299) 2025-10-27 13:27:59 -04:00
README.md docs: Remove local collaboration docs (#45301) 2025-12-18 21:42:28 +00:00
renovate.json Remove workspace-hack (#40216) 2025-10-17 18:58:14 +00:00
REVIEWERS.conl Fix Yara's GitHub handle (#45095) 2025-12-17 12:06:46 +00:00
rust-toolchain.toml Bump Rust version to 1.92 (#44649) 2025-12-17 01:42:04 +01:00
shell.nix Fix nix build (#26270) 2025-03-10 01:06:11 -07:00
typos.toml Add ep split-commit command (#46067) 2026-01-05 13:13:46 +02:00

README.md

Zed

Zed CI

Welcome to Zed, a high-performance, multiplayer code editor from the creators of Atom and Tree-sitter.

Installation

On macOS, Linux, and Windows you can download Zed directly or install Zed via your local package manager (macOS/Linux/Windows).

Other platforms are not yet available:

Developing Zed

Contributing

See CONTRIBUTING.md for ways you can contribute to Zed.

Also... we're hiring! Check out our jobs page for open roles.

Licensing

License information for third party dependencies must be correctly provided for CI to pass.

We use cargo-about to automatically comply with open source licenses. If CI is failing, check the following:

  • Is it showing a no license specified error for a crate you've created? If so, add publish = false under [package] in your crate's Cargo.toml.
  • Is the error failed to satisfy license requirements for a dependency? If so, first determine what license the project has and whether this system is sufficient to comply with this license's requirements. If you're unsure, ask a lawyer. Once you've verified that this system is acceptable add the license's SPDX identifier to the accepted array in script/licenses/zed-licenses.toml.
  • Is cargo-about unable to find the license for a dependency? If so, add a clarification field at the end of script/licenses/zed-licenses.toml, as specified in the cargo-about book.