v3.4.1
Changes:
#1149: Fix false positives in private key scanning
#1148: Clarify unpublish command description
This list of changes wasauto generated.
v3.4.1-1
Changes:
#1149: Fix false positives in private key scanning
This list of changes wasauto generated.
v3.4.1-0
Changes:
#1148: Clarify unpublish command description
This list of changes wasauto generated.
v3.4.0
Changes:
#1145: Allow packaging .env and secrets using command line flags
#1144: Scan for secrets and disallow .env files
#1141: Addlanguage-model-tools tag for MCP extensions
#1138: Proper entry point validation
#1137: Add 'mcp' tag support in TagsProcessor
#1131: Remove deprecated SVG sources from TrustedSVGSources array
#1127: Improve error message for Personal Access Token verification
This list of changes wasauto generated.
v3.3.3-6
Changes:
#1145: Allow packaging .env and secrets using command line flags

... (truncated)

Commits

5e2323f Merge pull request#1149 from microsoft/benibenj/latin-junglefowl
649ca03 To many false positives for private key scanning
efd9d4e Merge pull request#1148 from microsoft/benibenj/fellow-xerinae
ff17ac0 💄
5a44afc Be more clear that unpublish removes the extension
039a33a Merge pull request#1145 from microsoft/benibenj/cultural-elephant
1e78223 Allow packaging .env and secrets using command line flags
468122d Merge pull request#1144 from microsoft/benibenj/fragile-horse
d897fe5 💄
0ab8a83 Scan for secrets and do not allow .env files
Additional commits viewable incompare view

Maintainer changes

This version was pushed to npm bymicrosoft1es, a new releaser for@vscode/vsce since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting@dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

chore(deps-dev): bump @vscode/vsce from 2.21.1 to 3.4.1

3868399

Bumps [@vscode/vsce](https://github.com/Microsoft/vsce) from 2.21.1 to 3.4.1.- [Release notes](https://github.com/Microsoft/vsce/releases)- [Commits](microsoft/vscode-vsce@v2.21.1...v3.4.1)---updated-dependencies:- dependency-name: "@vscode/vsce"  dependency-version: 3.4.1  dependency-type: direct:development  update-type: version-update:semver-major...Signed-off-by: dependabot[bot] <support@github.com>

dependabotbot added dependencies

Pull requests that update a dependency file

javascriptPull requests that update Javascript code labels

May 19, 2025