Skip to content

chore(deps): bump @github/copilot from 1.0.10 to 1.0.40#65

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/github/copilot-1.0.40
Closed

chore(deps): bump @github/copilot from 1.0.10 to 1.0.40#65
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/github/copilot-1.0.40

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 4, 2026

Bumps @github/copilot from 1.0.10 to 1.0.40.

Release notes

Sourced from @​github/copilot's releases.

1.0.40

2026-05-01

  • PR branch decoration displays correctly in the footer regardless of model name length
  • /clear and /new reset the active custom agent selection
  • Assistant responses stream with smoother text output
  • copilot plugin list shows the correct version after running copilot plugin update
  • Add support for client_credentials OAuth grant type for MCP servers, enabling fully headless authentication without a browser
  • Subagents correctly evaluate tool search support for their own model instead of inheriting the parent session's settings
  • Switching sessions with /new or /resume no longer carries over pending messages to the new session
  • CLI no longer hangs at 100% CPU when sending a large file attachment
  • Resume session picker no longer shows duplicate entries for the same Mission Control-backed session
  • Session resume selector displays summaries on a single line, truncated to fit the column width
  • Print "Exiting…" to stderr immediately on Ctrl+C during prompt mode so shutdown progress is visible
  • /research uses an orchestrator/subagent model for more thorough and reliable deep research results
  • Autopilot mode now limits continuation messages to 5 by default (configurable with --max-autopilot-continues)
  • Automatically clean up old CLI package versions from disk during auto-update
  • Remote session statusline shows the remote working directory and branch instead of local context
  • /update no longer re-submits the original -i prompt after restarting
  • Detect Azure DevOps repositories and auto-disable the GitHub MCP server
  • Session history, file tracking, and the /chronicle command are now available to all users
  • Skills are available as slash commands in ACP clients, matching the CLI experience
  • Resuming a session no longer falsely reports it as in use after a previous CLI process exited unexpectedly
  • --config-dir now propagates correctly to plugin subcommands; --config-dir is deprecated in favor of COPILOT_HOME
  • Mouse selection works while the /ask response dialog is open, so its content can be highlighted and copied
  • Improve CLI startup speed by loading custom CA certificates asynchronously
  • Remote control link shows the full URL in the timeline instead of 'Open in browser'
  • ACP clients (e.g. Zed) now display the agent's live plan as it works through multi-step tasks
  • Add toggle for custom statusLine.command visibility in the statusline picker
  • ACP clients can now list and switch custom agents via the agent config option
  • MCP OAuth tokens cache correctly when multiple servers share the same URL but use different static OAuth client IDs
  • MCP tool names with dots or other invalid characters are now sanitized correctly
  • Ctrl+C and double-Esc remove pending queued messages one at a time instead of all at once
  • Slash command suggestions rank prefix matches above fuzzy matches
  • Prompt mode (-p) now gates repo hooks and workspace MCP behind opt-in env vars (GITHUB_COPILOT_PROMPT_MODE_REPO_HOOKS and GITHUB_COPILOT_PROMPT_MODE_WORKSPACE_MCP) for secure-by-default behavior

1.0.40-3

Added

  • Add support for client_credentials OAuth grant type for MCP servers, enabling fully headless authentication without a browser

Improved

  • Print "Exiting…" to stderr immediately on Ctrl+C during prompt mode so shutdown progress is visible
  • /research uses an orchestrator/subagent model for more thorough and reliable deep research results
  • Autopilot mode now limits continuation messages to 5 by default (configurable with --max-autopilot-continues)
  • Automatically clean up old CLI package versions from disk during auto-update
  • Remote session statusline shows the remote working directory and branch instead of local context

Fixed

  • Subagents correctly evaluate tool search support for their own model instead of inheriting the parent session's settings
  • Switching sessions with /new or /resume no longer carries over pending messages to the new session

... (truncated)

Changelog

Sourced from @​github/copilot's changelog.

1.0.40 - 2026-05-01

  • PR branch decoration displays correctly in the footer regardless of model name length
  • /clear and /new reset the active custom agent selection
  • Assistant responses stream with smoother text output
  • copilot plugin list shows the correct version after running copilot plugin update
  • Add support for client_credentials OAuth grant type for MCP servers, enabling fully headless authentication without a browser
  • Subagents correctly evaluate tool search support for their own model instead of inheriting the parent session's settings
  • Switching sessions with /new or /resume no longer carries over pending messages to the new session
  • CLI no longer hangs at 100% CPU when sending a large file attachment
  • Resume session picker no longer shows duplicate entries for the same Mission Control-backed session
  • Session resume selector displays summaries on a single line, truncated to fit the column width
  • Print "Exiting…" to stderr immediately on Ctrl+C during prompt mode so shutdown progress is visible
  • /research uses an orchestrator/subagent model for more thorough and reliable deep research results
  • Autopilot mode now limits continuation messages to 5 by default (configurable with --max-autopilot-continues)
  • Automatically clean up old CLI package versions from disk during auto-update
  • Remote session statusline shows the remote working directory and branch instead of local context
  • /update no longer re-submits the original -i prompt after restarting
  • Detect Azure DevOps repositories and auto-disable the GitHub MCP server
  • Session history, file tracking, and the /chronicle command are now available to all users
  • Skills are available as slash commands in ACP clients, matching the CLI experience
  • Resuming a session no longer falsely reports it as in use after a previous CLI process exited unexpectedly
  • --config-dir now propagates correctly to plugin subcommands; --config-dir is deprecated in favor of COPILOT_HOME
  • Mouse selection works while the /ask response dialog is open, so its content can be highlighted and copied
  • Improve CLI startup speed by loading custom CA certificates asynchronously
  • Remote control link shows the full URL in the timeline instead of 'Open in browser'
  • ACP clients (e.g. Zed) now display the agent's live plan as it works through multi-step tasks
  • Add toggle for custom statusLine.command visibility in the statusline picker
  • ACP clients can now list and switch custom agents via the agent config option
  • MCP OAuth tokens cache correctly when multiple servers share the same URL but use different static OAuth client IDs
  • MCP tool names with dots or other invalid characters are now sanitized correctly
  • Ctrl+C and double-Esc remove pending queued messages one at a time instead of all at once
  • Slash command suggestions rank prefix matches above fuzzy matches
  • Prompt mode (-p) now gates repo hooks and workspace MCP behind opt-in env vars (GITHUB_COPILOT_PROMPT_MODE_REPO_HOOKS and GITHUB_COPILOT_PROMPT_MODE_WORKSPACE_MCP) for secure-by-default behavior

1.0.39 - 2026-04-28

  • Allow ACP clients to toggle allow-all permission mode via session configuration
  • Add /compact, /context, /usage, and /env slash commands for ACP sessions
  • Press ctrl+x → b to move the current running task or shell command to the background
  • Transient pipe errors on child process stdio streams no longer cause crashes or trigger false crash reports
  • /remote status output now shows actionable hints for each connection state
  • Improve --resume session picker with better tab layout, status display, and progressive loading
  • Slash command argument picker opens immediately at exact command boundaries without requiring a trailing space

1.0.37 - 2026-04-27

  • Location-based permission persistence is now enabled by default, so approvals carry over across sessions for the same directory
  • Add copilot completion <bash|zsh|fish> subcommand to generate static shell completion scripts for subcommands, flags, and known choice values
  • Press s in the session picker to cycle sort order: relevance, last used, created, or name

... (truncated)

Commits
  • cb0ddf8 Update changelog.md for version 1.0.39
  • 4e5cb95 Update changelog.md for version 1.0.37
  • 6d1c577 Update changelog.md for version 1.0.36
  • d7a0581 Update changelog.md for version 1.0.35
  • 6594437 Update changelog.md for version 1.0.34
  • 75fbe0c Update changelog.md for version 1.0.33
  • 4e51f5a Update changelog.md for version 1.0.32
  • 3b72dea Update changelog.md for version 1.0.31
  • 2f883ed Update changelog.md for version 1.0.30
  • 709b59e Update changelog.md for version 1.0.29
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump @github/copilot from 1.0.10 to 1.0.40
9565279 
Bumps [@github/copilot](https://github.com/github/copilot-cli) from 1.0.10 to 1.0.40.
- [Release notes](https://github.com/github/copilot-cli/releases)
- [Changelog](https://github.com/github/copilot-cli/blob/main/changelog.md)
- [Commits](github/copilot-cli@v1.0.10...v1.0.40)

---
updated-dependencies:
- dependency-name: "@github/copilot"
  dependency-version: 1.0.40
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 4, 2026

Labels

The following labels could not be found: dependencies, npm. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot mentioned this pull request May 4, 2026
Closed
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 11, 2026

Superseded by #67.

@dependabot dependabot Bot closed this May 11, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/github/copilot-1.0.40 branch May 11, 2026 07:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants