Sync/upstream 20260717#10
Merged
Merged
Conversation
Bumps [prettier](https://github.com/prettier/prettier) from 3.8.3 to 3.8.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/prettier/prettier/releases">prettier's releases</a>.</em></p> <blockquote> <h2>3.8.4</h2> <ul> <li>Markdown: Fix blank lines between list items and nested sub-lists being removed in Markdown/MDX (<a href="https://redirect.github.com/prettier/prettier/pull/17746">prettier/prettier#17746</a> by <a href="https://github.com/byplayer"><code>@byplayer</code></a>)</li> </ul> <p>🔗 <a href="https://github.com/prettier/prettier/blob/3.8.4/CHANGELOG.md#384">Changelog</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/prettier/prettier/blob/main/CHANGELOG.md">prettier's changelog</a>.</em></p> <blockquote> <h1>3.8.4</h1> <p><a href="https://github.com/prettier/prettier/compare/3.8.3...3.8.4">diff</a></p> <h4>Markdown: Fix blank lines between list items and nested sub-lists being removed in Markdown/MDX (<a href="https://redirect.github.com/prettier/prettier/pull/17746">#17746</a> by <a href="https://github.com/byplayer"><code>@byplayer</code></a>)</h4> <p>Prettier was removing blank lines between list items and their nested sub-lists, converting loose lists into tight lists and changing their semantic meaning.</p> <!-- raw HTML omitted --> <pre lang="markdown"><code><!-- Input --> - a <ul> <li> <p>b</p> </li> <li> <p>c</p> <ul> <li>d</li> </ul> </li> </ul> <p><!-- Prettier 3.8.3 --></p> <ul> <li>a <ul> <li>b</li> </ul> </li> <li>c <ul> <li>d</li> </ul> </li> </ul> <p><!-- Prettier 3.8.4 --></p> <ul> <li> <p>a</p> <ul> <li>b</li> </ul> </li> <li> <p>c</p> <ul> <li>d<br /> </code></pre></li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/prettier/prettier/commit/1c6ba5539141552e0e8e22d401ea620d8fdff468"><code>1c6ba55</code></a> Release 3.8.4</li> <li><a href="https://github.com/prettier/prettier/commit/4a673dc9b59ddf7296bbab9822093d2971da84a8"><code>4a673dc</code></a> Fix blank lines between list items and nested sub-lists being removed in Mark...</li> <li><a href="https://github.com/prettier/prettier/commit/074aaedbb052a288e89d15eb0a4214de37a08866"><code>074aaed</code></a> Replace <code>main</code> branch in changelog link with tags (<a href="https://redirect.github.com/prettier/prettier/issues/19054">#19054</a>)</li> <li><a href="https://github.com/prettier/prettier/commit/c22a003ae97917c5043e8685b4fdff0f93e978f9"><code>c22a003</code></a> Bump Prettier dependency to 3.8.3</li> <li><a href="https://github.com/prettier/prettier/commit/07bad1f04536e9799927007baf466e67151576f0"><code>07bad1f</code></a> Clean changelog_unreleased</li> <li>See full diff in <a href="https://github.com/prettier/prettier/compare/3.8.3...3.8.4">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ft#1362) Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) from 8.61.0 to 8.61.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/typescript-eslint/typescript-eslint/releases">typescript-eslint's releases</a>.</em></p> <blockquote> <h2>v8.61.1</h2> <h2>8.61.1 (2026-06-15)</h2> <h3>🩹 Fixes</h3> <ul> <li><strong>eslint-plugin:</strong> [consistent-indexed-object-style] do not remove comments when fixing (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12396">#12396</a>, <a href="https://redirect.github.com/typescript-eslint/typescript-eslint/issues/10577">#10577</a>)</li> <li><strong>eslint-plugin:</strong> [no-unnecessary-type-assertion] avoid false positive for template literal expressions (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12281">#12281</a>)</li> <li><strong>eslint-plugin:</strong> [no-unnecessary-type-assertion] wrap object literal in parens when removing TSTypeAssertion in arrow body (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12394">#12394</a>, <a href="https://redirect.github.com/typescript-eslint/typescript-eslint/issues/12393">#12393</a>)</li> <li><strong>eslint-plugin:</strong> [no-unnecessary-boolean-literal-compare] fix precedence bug in autofix (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12413">#12413</a>)</li> <li><strong>eslint-plugin:</strong> [no-unnecessary-template-expression] respect ECMAScript line terminators (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12388">#12388</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Anas <a href="https://github.com/anasm266"><code>@anasm266</code></a></li> <li>Deftera <a href="https://github.com/Deftera186"><code>@Deftera186</code></a></li> <li>Kirk Waiblinger <a href="https://github.com/kirkwaiblinger"><code>@kirkwaiblinger</code></a></li> <li>lumir</li> <li>Sarath Francis <a href="https://github.com/sarathfrancis90"><code>@sarathfrancis90</code></a></li> </ul> <p>See <a href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.61.1">GitHub Releases</a> for more information.</p> <p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md">typescript-eslint's changelog</a>.</em></p> <blockquote> <h2>8.61.1 (2026-06-15)</h2> <p>This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.</p> <p>See <a href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.61.1">GitHub Releases</a> for more information.</p> <p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/typescript-eslint/typescript-eslint/commit/aaad7187b529c4b6ff8088ffd7e948c69c2763b6"><code>aaad718</code></a> chore(release): publish 8.61.1</li> <li>See full diff in <a href="https://github.com/typescript-eslint/typescript-eslint/commits/v8.61.1/packages/typescript-eslint">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [hono](https://github.com/honojs/hono) from 4.12.23 to 4.12.25. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/honojs/hono/releases">hono's releases</a>.</em></p> <blockquote> <h2>v4.12.25</h2> <h2>Security fixes</h2> <p>This release includes fixes for the following security issues:</p> <h3>CORS Middleware reflects any Origin with credentials when <code>origin</code> defaults to the wildcard</h3> <p>Affects: <code>hono/cors</code>. Fixes the wildcard origin reflecting the request <code>Origin</code> and sending <code>Access-Control-Allow-Credentials: true</code> when <code>credentials: true</code> is set without an explicit <code>origin</code>, where any site a logged-in user visited could make credentialed cross-origin requests and read responses from cookie-authenticated endpoints. GHSA-88fw-hqm2-52qc</p> <h3>Body Limit Middleware can be bypassed on AWS Lambda by understating <code>Content-Length</code></h3> <p>Affects: <code>hono/body-limit</code> on AWS Lambda (<code>hono/aws-lambda</code>, <code>hono/lambda-edge</code>). Fixes the request being built with the client-declared <code>Content-Length</code> while the body is delivered fully buffered, where a client could declare a small <code>Content-Length</code> with a much larger body and slip past the configured size limit. GHSA-rv63-4mwf-qqc2</p> <h3>Path traversal in <code>serve-static</code> on Windows via encoded backslash (<code>%5C</code>)</h3> <p>Affects: <code>serveStatic</code> on Windows (Node, Bun, Deno adapters). Fixes the path guard allowing a lone backslash, where an encoded backslash (<code>%5C</code>) decoded to <code>\</code> was treated as a separator by the Windows path resolver, letting a single URL segment escape into a middleware-guarded subtree. GHSA-wwfh-h76j-fc44</p> <h3>AWS Lambda adapter merges multiple <code>Set-Cookie</code> headers into one value, dropping cookies on ALB single-header and Lattice</h3> <p>Affects: <code>hono/aws-lambda</code>. Fixes multiple <code>Set-Cookie</code> response headers being joined into one comma-separated value for ALB single-header responses and VPC Lattice v2, where the value could not be split back into individual cookies and clients silently dropped or misparsed them. GHSA-j6c9-x7qj-28xf</p> <h3>Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest</h3> <p>Affects: <code>hono/lambda-edge</code>. Fixes repeated request headers being written with overwrite instead of append, where only the last value of a header such as <code>X-Forwarded-For</code> reached the application and the remaining values were silently dropped. GHSA-wgpf-jwqj-8h8p</p> <h2>v4.12.24</h2> <h2>What's Changed</h2> <ul> <li>docs(contribution): simplifyAI Usage Policy by <a href="https://github.com/yusukebe"><code>@yusukebe</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4972">honojs/hono#4972</a></li> <li>chore: remove <code>@types/glob</code> by <a href="https://github.com/rtritto"><code>@rtritto</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4978">honojs/hono#4978</a></li> <li>fix(bearer-auth): mention verifyToken in missing-options error message by <a href="https://github.com/tan7vir"><code>@tan7vir</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4987">honojs/hono#4987</a></li> <li>refactor(language): Test/improve tests on languages middleware by <a href="https://github.com/iNeoO"><code>@iNeoO</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4980">honojs/hono#4980</a></li> <li>fix(utils/ipaddr): expand "::" to eight zero groups by <a href="https://github.com/youcefzemmar"><code>@youcefzemmar</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4973">honojs/hono#4973</a></li> <li>fix: clean up config files trailing comma, stale excludes, typesVersions gaps, jsr paths by <a href="https://github.com/Mohammad-Faiz-Cloud-Engineer"><code>@Mohammad-Faiz-Cloud-Engineer</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4982">honojs/hono#4982</a></li> <li>refactor(timing): Test/add test for middleware timing by <a href="https://github.com/iNeoO"><code>@iNeoO</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4991">honojs/hono#4991</a></li> <li>fix(utils/ipaddr): render the unspecified address binary as "::" by <a href="https://github.com/sarathfrancis90"><code>@sarathfrancis90</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4998">honojs/hono#4998</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/honojs/hono/compare/v4.12.23...v4.12.24">https://github.com/honojs/hono/compare/v4.12.23...v4.12.24</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/honojs/hono/commit/fce483e11466b72d27e61d44523c7e6edeb19e50"><code>fce483e</code></a> 4.12.25</li> <li><a href="https://github.com/honojs/hono/commit/751ba41ba26dff20351a13964c07627ddcf382b6"><code>751ba41</code></a> Merge commit from fork</li> <li><a href="https://github.com/honojs/hono/commit/f0b094db8474696344d98e5665a4ac2a6d5f346e"><code>f0b094d</code></a> Merge commit from fork</li> <li><a href="https://github.com/honojs/hono/commit/fa5f9bfcc25d65e08af85211cc2e5ecd0e0ea24b"><code>fa5f9bf</code></a> Merge commit from fork</li> <li><a href="https://github.com/honojs/hono/commit/3892a6c2b54f974505de41013fcac88a71908e3d"><code>3892a6c</code></a> Merge commit from fork</li> <li><a href="https://github.com/honojs/hono/commit/74c2cf8ef4f5cc29a876380df1ba230ff7128b3f"><code>74c2cf8</code></a> test(aws-lambda): update integration tests (<a href="https://redirect.github.com/honojs/hono/issues/5012">#5012</a>)</li> <li><a href="https://github.com/honojs/hono/commit/7ae7cbae5d0ed8a40e8b9cc353e13175b9d7e3e1"><code>7ae7cba</code></a> Merge commit from fork</li> <li><a href="https://github.com/honojs/hono/commit/1b1384815485f9d6590c6966e23a06fd07166cb7"><code>1b13848</code></a> chore(ci): bump codecov-action to v7.0.0 (<a href="https://redirect.github.com/honojs/hono/issues/5011">#5011</a>)</li> <li><a href="https://github.com/honojs/hono/commit/5fdde5ab5a7d7c89eba4d1ceab76f4a7c011cd3b"><code>5fdde5a</code></a> 4.12.24</li> <li><a href="https://github.com/honojs/hono/commit/c78932d745cdf6284ae131a156479ac930da0262"><code>c78932d</code></a> fix(utils/ipaddr): render the unspecified address binary as "::" (<a href="https://redirect.github.com/honojs/hono/issues/4998">#4998</a>)</li> <li>Additional commits viewable in <a href="https://github.com/honojs/hono/compare/v4.12.23...v4.12.25">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/azure-devops-mcp/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…1367) Bumps [@azure/msal-node](https://github.com/AzureAD/microsoft-authentication-library-for-js) from 5.2.4 to 5.2.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/releases">@azure/msal-node's releases</a>.</em></p> <blockquote> <h2><code>@azure/msal-angular</code> v5.2.5</h2> <h2>5.2.5</h2> <p>Tue, 19 May 2026 19:29:14 GMT</p> <h3>Patches</h3> <ul> <li>Bump <code>@azure/msal-browser</code> to v5.11.0 (beachball)</li> </ul> <h2><code>@azure/msal-node-extensions</code> v5.2.5</h2> <h2>5.2.5</h2> <p>Tue, 16 Jun 2026 19:46:35 GMT</p> <h3>Patches</h3> <ul> <li>Bump <code>@azure/msal-common</code> to v16.9.0 (beachball)</li> </ul> <h2><code>@azure/msal-node</code> v5.2.5</h2> <h2>5.2.5</h2> <p>Tue, 16 Jun 2026 19:46:35 GMT</p> <h3>Patches</h3> <ul> <li>Bump <code>@azure/msal-common</code> to v16.9.0 (beachball)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/50542635cb0ddf6f9544114e3aed8495beb0320c"><code>5054263</code></a> Add Federated Managed Identity (FMI) and User Federated Identity Credential (...</li> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/5fbb1e5e2ecbe3a54d60db17640c2f67220bbe6c"><code>5fbb1e5</code></a> Upgrade dependencies (<a href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8630">#8630</a>)</li> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/e63bd1abc20ee54fbe391a8b2675089fcc7b94d3"><code>e63bd1a</code></a> Enforce API Extractor error/none policy and tag internal APIs (<a href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8653">#8653</a>)</li> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/f34361b77b4f0e22e09eb18c60a9ea82517288b6"><code>f34361b</code></a> Add package metadata to loggers and fix SKU name (<a href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8647">#8647</a>)</li> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/54ade28bb2230672bb28f309bee26f55008983da"><code>54ade28</code></a> Enhance logging functionality by injecting runtime variables into decoded mes...</li> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/06f9257cf7646609e6d7edcf165d2cc915d96519"><code>06f9257</code></a> Initialize <code>BrowserCacheManager</code> in <code>loadExternalTokens</code> for localStorage-bac...</li> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/1953a6fcf18150f411e05953a0a4da8147f6c5a3"><code>1953a6f</code></a> Update E2E testing sample and loadExternalTokens documentation (<a href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8639">#8639</a>)</li> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/2f340634727fba8240fe64ea7b9b50dcd8f10ac3"><code>2f34063</code></a> Post-release PR (<a href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8640">#8640</a>)</li> <li>See full diff in <a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/compare/msal-node-v5.2.4...msal-node-v5.2.5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## Summary The `wiki_get_page_content` tool accepts a full wiki page URL and previously used only the project/wiki path segments while **ignoring the organization** in the URL, silently issuing the request against the configured org. A URL pointing at a different organization would therefore return content from the configured org instead of erroring — a cross-organization boundary violation ## Changes - Add `getOrgFromUrl` helper in `src/utils.ts` that extracts the org from recognized Azure DevOps hosts only: - `https://dev.azure.com/{org}/...` -> first path segment - `https://{org}.visualstudio.com/...` -> host subdomain - any other host returns `null` (treated as a boundary violation) - result is normalized to lowercase for case-insensitive comparison - In `wiki_get_page_content`, reject any user-supplied URL whose org does not match the connected org (`connection.serverUrl`), returning an `isError` result without issuing the request. - Tests: unit tests for `getOrgFromUrl` (incl. non-ADO hosts, casing) and cross-org rejection tests for the wiki tool; updated existing same-org fixtures. ## Scope / risk The other wiki tools (`get_wiki`, `list_wikis`, `list_pages`, `get_page` metadata, `create_or_update_page`) build their URLs from `connection.serverUrl` and take only `wikiIdentifier`/`project`/`path` as input, so they cannot be redirected to another org and are unaffected. ## Validation - `npm run build` ✅ - Full test suite: 974 passing (148 in the touched utils + wiki suites) ✅ - `npm run eslint` ✅ Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…1370) This pull request updates the way comments are created in pull request threads by explicitly setting the `commentType` field to `1` when creating comments and threads. This ensures that comments are consistently recognized as standard comments by the API. Related tests have also been updated to verify the new behavior. **API integration updates:** * Added `commentType: 1` to the payload when creating comments with `gitApi.createComment` in `src/tools/repositories.ts`, ensuring the comment type is explicitly set. * Added `commentType: 1` to each comment in the payload when creating threads with `gitApi.createThread` in `src/tools/repositories.ts`. **Test updates:** * Updated all relevant tests in `test/src/tools/repositories.test.ts` to expect `commentType: 1` in the payloads for both `createComment` and `createThread` calls, ensuring tests accurately reflect the new API usage. [[1]](diffhunk://#diff-ab08119c40bb674907f4cd70e8c549daaf3bcd559398b0f2eddb463bf8eb160aL5434-R5434) [[2]](diffhunk://#diff-ab08119c40bb674907f4cd70e8c549daaf3bcd559398b0f2eddb463bf8eb160aL5505-R5505) [[3]](diffhunk://#diff-ab08119c40bb674907f4cd70e8c549daaf3bcd559398b0f2eddb463bf8eb160aL5542-R5542) [[4]](diffhunk://#diff-ab08119c40bb674907f4cd70e8c549daaf3bcd559398b0f2eddb463bf8eb160aL5579-R5579) [[5]](diffhunk://#diff-ab08119c40bb674907f4cd70e8c549daaf3bcd559398b0f2eddb463bf8eb160aL5614-R5614) [[6]](diffhunk://#diff-ab08119c40bb674907f4cd70e8c549daaf3bcd559398b0f2eddb463bf8eb160aL7048-R7048) [[7]](diffhunk://#diff-ab08119c40bb674907f4cd70e8c549daaf3bcd559398b0f2eddb463bf8eb160aL7089-R7089) ## GitHub issue number microsoft#1368 ## **Associated Risks** N/A ## ✅ **PR Checklist** - [x] **I have read the [contribution guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CONTRIBUTING.md)** - [x] **I have read the [code of conduct guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CODE_OF_CONDUCT.md)** - [x] Title of the pull request is clear and informative. - [x] 👌 Code hygiene - [x] 🔭 Telemetry added, updated, or N/A - [x] 📄 Documentation added, updated, or N/A - [x] 🛡️ Automated tests added, or N/A ## 🧪 **How did you test it?** updated automated tests, all are passing
…ft#1379) Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) from 8.61.1 to 8.62.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/typescript-eslint/typescript-eslint/releases">typescript-eslint's releases</a>.</em></p> <blockquote> <h2>v8.62.0</h2> <h2>8.62.0 (2026-06-22)</h2> <h3>🚀 Features</h3> <ul> <li>remove redundant package.json "files" (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12444">#12444</a>)</li> </ul> <h3>🩹 Fixes</h3> <ul> <li>add "files" to rule-schema-to-typescript-types (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12441">#12441</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Kirk Waiblinger <a href="https://github.com/kirkwaiblinger"><code>@kirkwaiblinger</code></a></li> </ul> <p>See <a href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.62.0">GitHub Releases</a> for more information.</p> <p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md">typescript-eslint's changelog</a>.</em></p> <blockquote> <h2>8.62.0 (2026-06-22)</h2> <h3>🚀 Features</h3> <ul> <li>remove redundant package.json "files" (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12444">#12444</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Kirk Waiblinger <a href="https://github.com/kirkwaiblinger"><code>@kirkwaiblinger</code></a></li> </ul> <p>See <a href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.62.0">GitHub Releases</a> for more information.</p> <p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/typescript-eslint/typescript-eslint/commit/54e285728e5d8cb83fadb8041189f0c3b4ab436a"><code>54e2857</code></a> chore(release): publish 8.62.0</li> <li><a href="https://github.com/typescript-eslint/typescript-eslint/commit/81e4c2654c3f4d923766a888691add2c45b5d64a"><code>81e4c26</code></a> feat: remove redundant package.json "files" (<a href="https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint/issues/12444">#12444</a>)</li> <li>See full diff in <a href="https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.0/packages/typescript-eslint">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [lint-staged](https://github.com/lint-staged/lint-staged) from 17.0.7 to 17.0.8. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lint-staged/lint-staged/releases">lint-staged's releases</a>.</em></p> <blockquote> <h2>v17.0.8</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/lint-staged/lint-staged/pull/1809">#1809</a> <a href="https://github.com/lint-staged/lint-staged/commit/179b4372b2528f6fa66f927337d238711694d0e0"><code>179b437</code></a> - Fix <em>lint-staged</em> discarding the ongoing merge conflict status (<code>.git/MERGE_HEAD</code>) when using the <code>--hide-unstaged</code> or <code>--hide-all</code> options.</p> </li> <li> <p><a href="https://redirect.github.com/lint-staged/lint-staged/pull/1811">#1811</a> <a href="https://github.com/lint-staged/lint-staged/commit/3d0b2c0709a2a39aa7b134e3741fed21250d808e"><code>3d0b2c0</code></a> - Fix issues with Git commands that are successful but also emit warnings to <code>stderr</code>, by ignoring the <code>stderr</code> output completely when the process exits with code 0. This was the behavior when using <code>nano-spawn</code> and <code>execa</code>, but when switching to <code>tinyexec</code> in 16.3.0 both <code>stdout</code> and <code>stderr</code> were used as interleaved output.</p> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md">lint-staged's changelog</a>.</em></p> <blockquote> <h2>17.0.8</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/lint-staged/lint-staged/pull/1809">#1809</a> <a href="https://github.com/lint-staged/lint-staged/commit/179b4372b2528f6fa66f927337d238711694d0e0"><code>179b437</code></a> - Fix <em>lint-staged</em> discarding the ongoing merge conflict status (<code>.git/MERGE_HEAD</code>) when using the <code>--hide-unstaged</code> or <code>--hide-all</code> options.</p> </li> <li> <p><a href="https://redirect.github.com/lint-staged/lint-staged/pull/1811">#1811</a> <a href="https://github.com/lint-staged/lint-staged/commit/3d0b2c0709a2a39aa7b134e3741fed21250d808e"><code>3d0b2c0</code></a> - Fix issues with Git commands that are successful but also emit warnings to <code>stderr</code>, by ignoring the <code>stderr</code> output completely when the process exits with code 0. This was the behavior when using <code>nano-spawn</code> and <code>execa</code>, but when switching to <code>tinyexec</code> in 16.3.0 both <code>stdout</code> and <code>stderr</code> were used as interleaved output.</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lint-staged/lint-staged/commit/5f3b8f28e895972bd5a2cdba733327b49859b91f"><code>5f3b8f2</code></a> Merge pull request <a href="https://redirect.github.com/lint-staged/lint-staged/issues/1812">#1812</a> from lint-staged/changeset-release/main</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/43a9b8d759443d3c313514b8a54af37108b19ac5"><code>43a9b8d</code></a> chore(changeset): release</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/630e2f60abc9e3964cf62f3f833594a19cdaf3cd"><code>630e2f6</code></a> Merge pull request <a href="https://redirect.github.com/lint-staged/lint-staged/issues/1809">#1809</a> from lint-staged/restore-merge-status</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/179b4372b2528f6fa66f927337d238711694d0e0"><code>179b437</code></a> fix: restore Git merge status after creating backup stash</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/6bae2e2aac7fd2981cf0b24e266631191760186c"><code>6bae2e2</code></a> Merge pull request <a href="https://redirect.github.com/lint-staged/lint-staged/issues/1811">#1811</a> from lint-staged/exec-git-ignore-stderr</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/b82a83099ddef36fccc26937761f184dfbe7c370"><code>b82a830</code></a> ci: run npm audit omitting dev, including prod dependencies</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/0b19b80233efc83b8e7c6df3f117d87fe760752c"><code>0b19b80</code></a> build(deps): update dependencies</li> <li><a href="https://github.com/lint-staged/lint-staged/commit/3d0b2c0709a2a39aa7b134e3741fed21250d808e"><code>3d0b2c0</code></a> fix: ignore stderr when doing Git operations</li> <li>See full diff in <a href="https://github.com/lint-staged/lint-staged/compare/v17.0.7...v17.0.8">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dan Hellem <dahellem@microsoft.com>
Update version for 2.8.0 release
…1382) Bumps [@azure/msal-node](https://github.com/AzureAD/microsoft-authentication-library-for-js) from 5.2.5 to 5.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/releases">@azure/msal-node's releases</a>.</em></p> <blockquote> <h2><code>@azure/msal-react</code> v5.3.0</h2> <h2>5.3.0</h2> <p>Thu, 16 Apr 2026 22:44:53 GMT</p> <h3>Minor changes</h3> <ul> <li>Bump <code>@azure/msal-browser</code> to v5.7.0 (beachball)</li> </ul> <h3>Patches</h3> <ul> <li>Fix MsalAuthenticationTemplate passing in undefined SsoSilentRequest <a href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/pull/8520">#8520</a> (<a href="mailto:lalimasharda@microsoft.com">lalimasharda@microsoft.com</a>)</li> </ul> <h2><code>@azure/msal-angular</code> v5.3.0</h2> <h2>5.3.0</h2> <p>Tue, 23 Jun 2026 22:19:29 GMT</p> <h3>Minor changes</h3> <ul> <li>Pass correlationId to errors to match the updated msal-browser error signature <a href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/pull/8609">#8609</a> (<a href="mailto:sameera.gajjarapu@microsoft.com">sameera.gajjarapu@microsoft.com</a>)</li> <li>Bump <code>@azure/msal-browser</code> to v5.15.0 (beachball)</li> </ul> <h2><code>@azure/msal-node-extensions</code> v5.3.0</h2> <h2>5.3.0</h2> <p>Tue, 23 Jun 2026 22:19:30 GMT</p> <h3>Minor changes</h3> <ul> <li>Match the updated msal-common error signatures <a href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/pull/8609">#8609</a> (<a href="mailto:sameera.gajjarapu@microsoft.com">sameera.gajjarapu@microsoft.com</a>)</li> <li>Bump <code>@azure/msal-common</code> to v16.10.0 (beachball)</li> </ul> <h2><code>@azure/msal-node</code> v5.3.0</h2> <h2>5.3.0</h2> <p>Tue, 23 Jun 2026 22:19:30 GMT</p> <h3>Minor changes</h3> <ul> <li>Add Federated Managed Identity (FMI) and User Federated Identity Credential (user_fic) grant type support. Also fixes a long-standing bug where the tokenEndpoint field on ClientAssertionConfig was incorrectly populated with resourceRequestUri during client-credential flows; it now correctly contains the AAD token endpoint. <a href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/pull/8614">#8614</a> (<a href="mailto:avdunn@microsoft.com">avdunn@microsoft.com</a>)</li> <li>Make correlationId a required parameter on NodeAuthError and ManagedIdentityError, <a href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/pull/8609">#8609</a> (<a href="mailto:sameera.gajjarapu@microsoft.com">sameera.gajjarapu@microsoft.com</a>)</li> <li>Bump <code>@azure/msal-common</code> to v16.10.0 (beachball)</li> </ul> <h2><code>@azure/msal-angular</code> v5.2.8</h2> <h2>5.2.8</h2> <p>Tue, 16 Jun 2026 19:46:36 GMT</p> <h3>Patches</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/f8cf6a4a53416945a15981b8bcee57d7e31b6aed"><code>f8cf6a4</code></a> feat: add default idToken claims (signin_state, login_hint) and kmsi on Accou...</li> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/906f4d887f1ec592a546ccbe01a46937c44d0f62"><code>906f4d8</code></a> Migrate region discovery to IMDS /compute JSON endpoint (<a href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8660">#8660</a>)</li> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/6d53ace26af88554bb7fa862b72c58594e67ec73"><code>6d53ace</code></a> Deprecate the max_age request parameter and stop validating tokens (<a href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8664">#8664</a>)</li> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/27c074b67bfb808738785b78b1fa68a4b2ed17bb"><code>27c074b</code></a> [correlationId] Make correlationId a required parameter on AuthError construc...</li> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/e5eb6fdd21721d43ea68057a11347700be1aee9c"><code>e5eb6fd</code></a> Add Native Account Id to TenantProfile (<a href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8649">#8649</a>)</li> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/f06838b72c39b8ce635baf2ec8f370bafe9e04bb"><code>f06838b</code></a> Post-release PR (<a href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8657">#8657</a>)</li> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/994150124684ac71e75b7dd190179307cc88986a"><code>9941501</code></a> docs: warn that events should not be used for telemetry (<a href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8641">#8641</a>)</li> <li>See full diff in <a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/compare/msal-node-v5.2.5...msal-node-v5.3.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dan Hellem <dahellem@microsoft.com>
Bumps [prettier](https://github.com/prettier/prettier) from 3.8.4 to 3.9.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/prettier/prettier/releases">prettier's releases</a>.</em></p> <blockquote> <h2>3.9.4</h2> <ul> <li>Angular: Format <code>@content(name)</code> -> <code>@content (name)</code> to align with other block syntax (<a href="https://redirect.github.com/prettier/prettier/pull/19499">#19499</a> by <a href="https://github.com/fisker"><code>@fisker</code></a>)</li> </ul> <p>🔗 <a href="https://github.com/prettier/prettier/blob/3.9.4/CHANGELOG.md#394">Changelog</a></p> <h2>3.9.3</h2> <ul> <li>Markdown: Fix unexpected removal of characters in liquid syntax (<a href="https://redirect.github.com/prettier/prettier/pull/19489">prettier/prettier#19489</a> by <a href="https://github.com/seiyab"><code>@seiyab</code></a>)</li> <li>TypeScript: Allow decorators to be used with declare on class fields (<a href="https://redirect.github.com/prettier/prettier/pull/19492">prettier/prettier#19492</a> by <a href="https://github.com/evoactivity"><code>@evoactivity</code></a>)</li> </ul> <p>🔗 <a href="https://github.com/prettier/prettier/blob/3.9.3/CHANGELOG.md#393">Changelog</a></p> <h2>3.9.1</h2> <ul> <li>CLI: Fix ignored file has been cached incorrectly (<a href="https://redirect.github.com/prettier/prettier/pull/19483">#19483</a> by <a href="https://github.com/kovsu"><code>@kovsu</code></a>)</li> </ul> <p>🔗 <a href="https://github.com/prettier/prettier/blob/3.9.1/CHANGELOG.md#391">Changelog</a></p> <h2>3.9.0</h2> <p><a href="https://github.com/prettier/prettier/compare/3.8.5...3.9.0">diff</a></p> <p>🔗 <a href="https://prettier.io/blog/2026/06/27/3.9.0">Prettier 3.9: Major parser upgrades and Formatting improvements</a></p> <h2>3.8.5</h2> <ul> <li>Fix Flow variance annotation print (<a href="https://redirect.github.com/prettier/prettier/pull/19022">#19022</a> by <a href="https://github.com/marcoww6"><code>@marcoww6</code></a>)</li> </ul> <p>🔗 <a href="https://github.com/prettier/prettier/blob/3.8.5/CHANGELOG.md#385">Changelog</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/prettier/prettier/blob/main/CHANGELOG.md">prettier's changelog</a>.</em></p> <blockquote> <h1>3.9.4</h1> <p><a href="https://github.com/prettier/prettier/compare/3.9.3...3.9.4">diff</a></p> <h4>Angular: Format <code>@content(name)</code> -> <code>@content (name)</code> to align with other block syntax (<a href="https://redirect.github.com/prettier/prettier/pull/19499">#19499</a> by <a href="https://github.com/fisker"><code>@fisker</code></a>)</h4> <!-- raw HTML omitted --> <pre lang="html"><code><!-- Input --> <FancyButton [label]="title"> @content (icon) { <span>Icon!</span> } @content (description) { <span>Description text</span> } <span>Other children</span> </FancyButton> <p><!-- Prettier 3.9.3 --> <FancyButton [label]="title"> <a href="https://github.com/content"><code>@content</code></a>(icon) { <span>Icon!</span> } <a href="https://github.com/content"><code>@content</code></a>(description) { <span>Description text</span> } <span>Other children</span> </FancyButton></p> <p><!-- Prettier 3.9.4 --> <FancyButton [label]="title"> <a href="https://github.com/content"><code>@content</code></a> (icon) { <span>Icon!</span> } <a href="https://github.com/content"><code>@content</code></a> (description) { <span>Description text</span> } <span>Other children</span> </FancyButton> </code></pre></p> <h1>3.9.3</h1> <p><a href="https://github.com/prettier/prettier/compare/3.9.1...3.9.3">diff</a></p> <h4>Markdown: Fix unexpected removal of characters in liquid syntax (<a href="https://redirect.github.com/prettier/prettier/pull/19489">#19489</a> by <a href="https://github.com/seiyab"><code>@seiyab</code></a>)</h4> <!-- raw HTML omitted --> <pre lang="md"><code></tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/prettier/prettier/commit/b693cb22b412b759784bc2298fc86880e351cd3a"><code>b693cb2</code></a> Release 3.9.4</li> <li><a href="https://github.com/prettier/prettier/commit/2e92ac0ee29fb83b7ce32277cb914c2eee192955"><code>2e92ac0</code></a> Angular: Format <code>@content(name)</code> -> <code>@content (name)</code> to align with other blo...</li> <li><a href="https://github.com/prettier/prettier/commit/abed2c22db3cb61e922b7284c3b6c65424353ac2"><code>abed2c2</code></a> Bump Prettier dependency to 3.9.3</li> <li><a href="https://github.com/prettier/prettier/commit/6cfbc00921de451e918b18bb5ab6b80e80f5cd34"><code>6cfbc00</code></a> Clean changelog_unreleased</li> <li><a href="https://github.com/prettier/prettier/commit/3732e1dee6a36bdb2e77a722d206a79ac7e67aa3"><code>3732e1d</code></a> Release 3.9.3</li> <li><a href="https://github.com/prettier/prettier/commit/a74a7b05dee7fbef39a6aeff378c3741e1a8ee15"><code>a74a7b0</code></a> Allow decorators to be used with <code>declare</code> on class fields (<a href="https://redirect.github.com/prettier/prettier/issues/19492">#19492</a>)</li> <li><a href="https://github.com/prettier/prettier/commit/bd9e11ab41e17a4f61f363a981c1ec24d2a4167a"><code>bd9e11a</code></a> Correct text identification in liquid syntax (<a href="https://redirect.github.com/prettier/prettier/issues/19489">#19489</a>)</li> <li><a href="https://github.com/prettier/prettier/commit/269eee3faa1f82b1de07bb7e4d15e1cee70f80d4"><code>269eee3</code></a> Bump Prettier dependency to 3.9.1</li> <li><a href="https://github.com/prettier/prettier/commit/ec7ccd1ea47c965bda3c958239899737e899603d"><code>ec7ccd1</code></a> Clean changelog_unreleased</li> <li><a href="https://github.com/prettier/prettier/commit/c47654c003fe525572e10d5cc1ea64d7b9c0ee55"><code>c47654c</code></a> Release 3.9.1</li> <li>Additional commits viewable in <a href="https://github.com/prettier/prettier/compare/3.8.4...3.9.4">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ft#1392) Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) from 8.62.0 to 8.62.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/typescript-eslint/typescript-eslint/releases">typescript-eslint's releases</a>.</em></p> <blockquote> <h2>v8.62.1</h2> <h2>8.62.1 (2026-06-29)</h2> <h3>🩹 Fixes</h3> <ul> <li><strong>eslint-plugin:</strong> [prefer-optional-chain] use suggestion instead of autofix for trailing binary operator (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12328">#12328</a>)</li> <li><strong>eslint-plugin:</strong> [no-unnecessary-boolean-literal-compare] preserve boolean result in fixer for nullable true comparisons (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12365">#12365</a>)</li> <li><strong>eslint-plugin:</strong> [no-unnecessary-type-assertion] parenthesize object literal at left edge of expression statement (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12443">#12443</a>, <a href="https://redirect.github.com/typescript-eslint/typescript-eslint/issues/12418">#12418</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Kirk Waiblinger <a href="https://github.com/kirkwaiblinger"><code>@kirkwaiblinger</code></a></li> <li>mdm317</li> <li>Patrick Aleite</li> <li>송재욱</li> </ul> <p>See <a href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.62.1">GitHub Releases</a> for more information.</p> <p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md">typescript-eslint's changelog</a>.</em></p> <blockquote> <h2>8.62.1 (2026-06-29)</h2> <p>This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.</p> <p>See <a href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.62.1">GitHub Releases</a> for more information.</p> <p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/typescript-eslint/typescript-eslint/commit/3ea32f4ba5e196c08c6da1095619d7f65ba4905e"><code>3ea32f4</code></a> chore(release): publish 8.62.1</li> <li>See full diff in <a href="https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.1/packages/typescript-eslint">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dan Hellem <dahellem@microsoft.com>
…pabilities of the tool (microsoft#1360) Migrates the `repo_search_commits` tool from the Git REST API (`GET _apis/git/repositories/{repo}/commits`) to the Azure DevOps Search API (`POST almsearch.dev.azure.com/_apis/search/commitSearchResults`). ## GitHub issue number Closes microsoft#1327 ## **Associated Risks** None ## ✅ **PR Checklist** - [X] **I have read the [contribution guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CONTRIBUTING.md)** - [X] **I have read the [code of conduct guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CODE_OF_CONDUCT.md)** - [X] Title of the pull request is clear and informative. - [X] 👌 Code hygiene - [ ] 🔭 Telemetry added, updated, or N/A - [X] 📄 Documentation added, updated, or N/A - [X] 🛡️ Automated tests added, or N/A ## 🧪 **How did you test it?** Tested the updated unit tests. 1. Test Suites: 18 passed, 18 total 2. Tests: 987 passed, 987 total Manually tested the tool. <img width="1296" height="771" alt="image" src="https://github.com/user-attachments/assets/7dacebaa-3476-4f0e-9e73-5ca227f4e315" /> <img width="1270" height="759" alt="image" src="https://github.com/user-attachments/assets/10241137-866f-4d75-9c18-1babebbbbca8" /> --------- Co-authored-by: Krishna Prasath D <krid@microsoft.com>
…1396) Bumps [@azure/msal-node](https://github.com/AzureAD/microsoft-authentication-library-for-js) from 5.3.0 to 5.3.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/releases">@azure/msal-node's releases</a>.</em></p> <blockquote> <h2><code>@azure/msal-react</code> v5.3.1</h2> <h2>5.3.1</h2> <p>Tue, 21 Apr 2026 22:41:19 GMT</p> <h3>Patches</h3> <ul> <li>Bump <code>@azure/msal-browser</code> to v5.8.0 (beachball)</li> </ul> <h2><code>@azure/msal-angular</code> v5.3.1</h2> <h2>5.3.1</h2> <p>Tue, 30 Jun 2026 21:04:20 GMT</p> <h3>Patches</h3> <ul> <li>Bump <code>@azure/msal-browser</code> to v5.16.0 (beachball)</li> </ul> <h2><code>@azure/msal-node-extensions</code> v5.3.1</h2> <h2>5.3.1</h2> <p>Tue, 30 Jun 2026 21:04:20 GMT</p> <h3>Patches</h3> <ul> <li>Bump <code>@azure/msal-common</code> to v16.11.0 (beachball)</li> </ul> <h2><code>@azure/msal-node</code> v5.3.1</h2> <h2>5.3.1</h2> <p>Tue, 30 Jun 2026 21:04:20 GMT</p> <h3>Patches</h3> <ul> <li>Bump <code>@azure/msal-common</code> to v16.11.0 (beachball)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/8bb8acbc03c6bf968b8577e7d9e8b0a9b20ca65f"><code>8bb8acb</code></a> feat: add previousLibraryVersion to all telemetry events (<a href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8688">#8688</a>)</li> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/22bc4e36dd2b1a54d8a5ca4dfa86641d7ba54439"><code>22bc4e3</code></a> Fix: include resource in silent request thumbprint to prevent MCP cross-resou...</li> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/abb257a8b7b95b22947864cb2bf007ed70515330"><code>abb257a</code></a> Post-release PR (<a href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8675">#8675</a>)</li> <li>See full diff in <a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/compare/msal-node-v5.3.0...msal-node-v5.3.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dan Hellem <dahellem@microsoft.com>
…ft#1403) Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) from 8.62.1 to 8.63.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/typescript-eslint/typescript-eslint/releases">typescript-eslint's releases</a>.</em></p> <blockquote> <h2>v8.63.0</h2> <h2>8.63.0 (2026-07-06)</h2> <h3>🚀 Features</h3> <ul> <li><strong>eslint-plugin:</strong> [no-misused-promises] detect async usage of a sync dispose usage (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12426">#12426</a>)</li> </ul> <h3>🩹 Fixes</h3> <ul> <li><strong>eslint-plugin:</strong> [method-signature-style] suggest converting readonly function properties instead of emitting invalid syntax (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12447">#12447</a>, <a href="https://redirect.github.com/typescript-eslint/typescript-eslint/issues/12446">#12446</a>)</li> <li><strong>eslint-plugin:</strong> [no-unnecessary-type-assertion] handle optional-chained calls to overloaded functions (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12491">#12491</a>, <a href="https://redirect.github.com/typescript-eslint/typescript-eslint/issues/12485">#12485</a>)</li> <li><strong>eslint-plugin:</strong> [no-base-to-string] don't flag a shadowed String() call (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12492">#12492</a>)</li> <li><strong>scope-manager:</strong> export ClassStaticBlockScope (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12460">#12460</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Evyatar Daud <a href="https://github.com/StyleShit"><code>@StyleShit</code></a></li> <li>Kristjan <a href="https://github.com/KristjanTammekivi"><code>@KristjanTammekivi</code></a></li> <li>Michael Naumov <a href="https://github.com/mnaoumov"><code>@mnaoumov</code></a></li> <li>Serhii Leniv <a href="https://github.com/Serhii-Leniv"><code>@Serhii-Leniv</code></a></li> <li>송재욱</li> </ul> <p>See <a href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.63.0">GitHub Releases</a> for more information.</p> <p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md">typescript-eslint's changelog</a>.</em></p> <blockquote> <h2>8.63.0 (2026-07-06)</h2> <p>This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.</p> <p>See <a href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.63.0">GitHub Releases</a> for more information.</p> <p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/typescript-eslint/typescript-eslint/commit/290cf6cdcc5ffb00c5b8f3e1e0e9f2fd8cc96374"><code>290cf6c</code></a> chore(release): publish 8.63.0</li> <li>See full diff in <a href="https://github.com/typescript-eslint/typescript-eslint/commits/v8.63.0/packages/typescript-eslint">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
….0 (microsoft#1400) Bumps [azure-devops-extension-api](https://github.com/Microsoft/azure-devops-extension-api) from 5.273.0 to 5.274.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/microsoft/azure-devops-extension-api/commit/3fbf94bbcc8dba679b6872dac8ae9d80c68f7475"><code>3fbf94b</code></a> All files have been added to the repo</li> <li><a href="https://github.com/microsoft/azure-devops-extension-api/commit/697b34459a9d88f749633c4f81c57b35d9565725"><code>697b344</code></a> All files have been added to the repo (<a href="https://redirect.github.com/Microsoft/azure-devops-extension-api/issues/204">#204</a>)</li> <li>See full diff in <a href="https://github.com/Microsoft/azure-devops-extension-api/compare/5.273.0...5.274.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dan Hellem <dahellem@microsoft.com>
…icrosoft#1402) This pull request enhances the formatting of test case steps in Azure DevOps by supporting Markdown-to-HTML conversion and ensuring proper XML-escaping for safe storage. It introduces a new helper function to handle the formatting and updates both the implementation and tests to verify correct behavior for various Markdown features and HTML escaping. **Formatting and Conversion Enhancements:** - Added `formatStepContent` function in `src/tools/test-plans.ts` to convert Markdown markers (bold, italic, inline code, and links) to corresponding HTML tags, wrap the result in the ADO rich text envelope, and XML-escape the final string for storage. - Updated `convertStepsToXml` to use `formatStepContent` for both step and expected result content, ensuring all step content is consistently formatted and escaped. **Testing Improvements:** - Added comprehensive tests in `test/src/tools/test-plan.test.ts` to verify that: - HTML tags in step content are properly XML-escaped. - Markdown bold and italic are converted to XML-escaped HTML. - Markdown inline code is converted to XML-escaped `<CODE>` tags. - Non-whitelisted HTML tags (e.g., `<script>`) are escaped and not rendered. - Markdown links are converted to XML-escaped anchor tags. ## GitHub issue number microsoft#1399 1398 ## **Associated Risks** N/A ## ✅ **PR Checklist** - [x] **I have read the [contribution guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CONTRIBUTING.md)** - [x] **I have read the [code of conduct guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CODE_OF_CONDUCT.md)** - [x] Title of the pull request is clear and informative. - [x] 👌 Code hygiene - [x] 🔭 Telemetry added, updated, or N/A - [x] 📄 Documentation added, updated, or N/A - [x] 🛡️ Automated tests added, or N/A ## 🧪 **How did you test it?** Updated tests and tested manually with success
…rosoft#1411) This pull request updates the `formatStepContent` function in `src/tools/test-plans.ts` to improve the HTML output generated from Markdown content. The main change is to use standard lowercase HTML tags instead of uppercase tags for formatting, ensuring better compatibility and adherence to HTML standards. Formatting improvements: * Changed the Markdown-to-HTML conversion to use lowercase tags (`<b>`, `<i>`, `<u>`, `<code>`, `<a>`) instead of uppercase tags (`<B>`, `<I>`, `<U>`, `<CODE>`, `<A>`), which aligns with HTML best practices and improves rendering consistency. ## GitHub issue number N/A ## **Associated Risks** None ## ✅ **PR Checklist** - [x] **I have read the [contribution guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CONTRIBUTING.md)** - [x] **I have read the [code of conduct guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CODE_OF_CONDUCT.md)** - [x] Title of the pull request is clear and informative. - [x] 👌 Code hygiene - [x] 🔭 Telemetry added, updated, or N/A - [x] 📄 Documentation added, updated, or N/A - [x] 🛡️ Automated tests added, or N/A ## 🧪 **How did you test it?** manual testing
…icrosoft#1415) This pull request adds support for linking Azure DevOps work items to Wiki pages via artifact links. It introduces new parameters for specifying Wiki page information, handles URI construction for Wiki links, and updates tests to cover these scenarios. **Wiki link support:** * Added new parameters (`wikiId`, `pageId`, `pagePath`) to the `wit_add_artifact_link` tool for specifying Wiki page information. The handler now resolves the full Wiki page path from either `pageId` (via API lookup) or `pagePath`, and constructs the correct `vstfs` URI for Wiki pages. [[1]](diffhunk://#diff-ceebe3f2554b2fdf7c02d32394ee2293ac80b4c51ee0f3bd05f5f633ec4d0311R1309-R1322) [[2]](diffhunk://#diff-ceebe3f2554b2fdf7c02d32394ee2293ac80b4c51ee0f3bd05f5f633ec4d0311R1408-R1451) * Introduced the helper function `getArtifactLinkAttributeName` to ensure the attribute name for Wiki links is set to `"Wiki Page"` instead of just `"Wiki"`. [[1]](diffhunk://#diff-ceebe3f2554b2fdf7c02d32394ee2293ac80b4c51ee0f3bd05f5f633ec4d0311R72-R80) [[2]](diffhunk://#diff-ceebe3f2554b2fdf7c02d32394ee2293ac80b4c51ee0f3bd05f5f633ec4d0311L1402-R1469) **Validation and error handling:** * Added validation to require `projectId`, `wikiId`, and either `pagePath` or `pageId` for Wiki links, with clear error messages if any are missing. **Testing:** * Added and updated tests in `work-items.test.ts` to verify Wiki link creation, including correct URI encoding, attribute naming, and error handling for missing parameters. ## GitHub issue number microsoft#1412 ## **Associated Risks** N/A ## ✅ **PR Checklist** - [x] **I have read the [contribution guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CONTRIBUTING.md)** - [x] **I have read the [code of conduct guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CODE_OF_CONDUCT.md)** - [x] Title of the pull request is clear and informative. - [x] 👌 Code hygiene - [x] 🔭 Telemetry added, updated, or N/A - [x] 📄 Documentation added, updated, or N/A - [x] 🛡️ Automated tests added, or N/A ## 🧪 **How did you test it?** manually tested and updated auto tests
…1409) Bumps [@azure/msal-node](https://github.com/AzureAD/microsoft-authentication-library-for-js) from 5.3.1 to 5.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/releases">@azure/msal-node's releases</a>.</em></p> <blockquote> <h2><code>@azure/msal-react</code> v5.4.0</h2> <h2>5.4.0</h2> <p>Thu, 07 May 2026 19:01:04 GMT</p> <h3>Minor changes</h3> <ul> <li>Remove duplicate typings in the build output <a href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/pull/8557">#8557</a> (<a href="mailto:thomas.norling@microsoft.com">thomas.norling@microsoft.com</a>)</li> <li>Bump <code>@azure/msal-browser</code> to v5.10.0 (beachball)</li> </ul> <h2><code>@azure/msal-node</code> v5.4.0</h2> <h2>5.4.0</h2> <p>Tue, 07 Jul 2026 22:16:01 GMT</p> <h3>Minor changes</h3> <ul> <li>Add form_post response mode support, preferredPort option, and deprecate custom loopbackClient <a href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/pull/8694">#8694</a> (<a href="mailto:joarroyo@microsoft.com">joarroyo@microsoft.com</a>)</li> <li>Bump <code>@azure/msal-common</code> to v16.11.1 (beachball)</li> </ul> <h2><code>@azure/msal-react</code> v5.3.2</h2> <h2>5.3.2</h2> <p>Tue, 28 Apr 2026 21:30:33 GMT</p> <h3>Patches</h3> <ul> <li>Bump <code>@azure/msal-browser</code> to v5.9.0 (beachball)</li> </ul> <h2><code>@azure/msal-node-extensions</code> v5.3.2</h2> <h2>5.3.2</h2> <p>Tue, 07 Jul 2026 22:16:01 GMT</p> <h3>Patches</h3> <ul> <li>Bump <code>@azure/msal-common</code> to v16.11.1 (beachball)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/aa48c36402b908a4a7ef36a1b254d73fc66e4b3f"><code>aa48c36</code></a> msal-angular v6 (<a href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8646">#8646</a>)</li> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/8faf80d98b949cc98040a66039efddeb4e478cd1"><code>8faf80d</code></a> Fix decode logs script for the standalone mode (<a href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8697">#8697</a>)</li> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/63f4ca4cb6b2e7d79e4cc6e5a63838c2cbf2b3e3"><code>63f4ca4</code></a> feat(msal-node): add form_post response mode support for interactive auth (<a href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8">#8</a>...</li> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/20d6e76ef1e6ae9d6d2a981150cbbd0f0903138e"><code>20d6e76</code></a> Implement nested popup broker for acquiring tokens in untrusted cross-origin ...</li> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/2151dd40ace0a50c9def3173e13a52954ccee060"><code>2151dd4</code></a> Post-release PR (<a href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8692">#8692</a>)</li> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/995d93c7c662e5f83fc0444a96f8a03faf3d4658"><code>995d93c</code></a> Remove coop sample (<a href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8691">#8691</a>)</li> <li>See full diff in <a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/compare/msal-node-v5.3.1...msal-node-v5.4.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dan Hellem <dahellem@microsoft.com>
Bumps [prettier](https://github.com/prettier/prettier) from 3.9.4 to 3.9.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/prettier/prettier/releases">prettier's releases</a>.</em></p> <blockquote> <h2>3.9.5</h2> <p>🔗 <a href="https://github.com/prettier/prettier/blob/3.9.5/CHANGELOG.md#395">Changelog</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/prettier/prettier/blob/main/CHANGELOG.md">prettier's changelog</a>.</em></p> <blockquote> <h1>3.9.5</h1> <p><a href="https://github.com/prettier/prettier/compare/3.9.4...3.9.5">diff</a></p> <h4>Markdown: Cap ordered list mark at 999,999,999 (<a href="https://redirect.github.com/prettier/prettier/pull/19351">#19351</a> by <a href="https://github.com/tats-u"><code>@tats-u</code></a>)</h4> <p>CommonMark parsers only support ordered list item numbers up to 999,999,999.</p> <p>With this change, Prettier now caps the ordered list item number at 999,999,999 to ensure that the output is correctly parsed as an ordered list by CommonMark parsers. Numbers larger than 999,999,999 are not parsed as list item numbers and are left unchanged in the output:</p> <!-- raw HTML omitted --> <pre lang="markdown"><code><!-- Input --> 999999998. text 999999998. text 999999998. text 999999998. text <p>1234567890123456789012) text</p> <p><!-- Prettier 3.9.4 --> 999999998. text 999999999. text 1000000000. text 1000000001. text</p> <p>1234567890123456789012) text</p> <p><!-- Prettier 3.9.5 --> 999999998. text 999999999. text 999999999. text 999999999. text</p> <p>1234567890123456789012) text </code></pre></p> <h4>Markdown: Avoid corrupting empty link with title (<a href="https://redirect.github.com/prettier/prettier/pull/19487">#19487</a> by <a href="https://github.com/andersk"><code>@andersk</code></a>)</h4> <p>Do not remove <code><></code> from an inline link or image with an empty URL and a title, as this removal would change its interpretation.</p> <!-- raw HTML omitted --> <pre lang="md"><code><!-- Input --> [link](https://github.com/prettier/prettier/blob/main/<> "title") <p><!-- Prettier 3.9.4 --> [link](<a href="https://github.com/prettier/prettier/blob/main/">https://github.com/prettier/prettier/blob/main/</a> "title")</p> <p><!-- Prettier 3.9.5 --> </tr></table> </code></pre></p> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/prettier/prettier/commit/b6c7d1806807162658fd5694d002b54b778c3756"><code>b6c7d18</code></a> Release 3.9.5</li> <li><a href="https://github.com/prettier/prettier/commit/cd54ccc7288f2a4585ba5bf96883e2ed3b18e781"><code>cd54ccc</code></a> Avoid corrupting empty Markdown link with title (<a href="https://redirect.github.com/prettier/prettier/issues/19487">#19487</a>)</li> <li><a href="https://github.com/prettier/prettier/commit/2bb67ce8cd326dbaccbdec97e7578985f6009a14"><code>2bb67ce</code></a> Preserving comments' <code>placement</code> property (<a href="https://redirect.github.com/prettier/prettier/issues/19567">#19567</a>)</li> <li><a href="https://github.com/prettier/prettier/commit/91bcac88ec1d784767ebbf5ec4686a5dbf37c3c1"><code>91bcac8</code></a> Add more tests for comment-only object type (<a href="https://redirect.github.com/prettier/prettier/issues/19587">#19587</a>)</li> <li><a href="https://github.com/prettier/prettier/commit/cbee7377a1875686558bfc9416b789d66771d9e7"><code>cbee737</code></a> Remove space in empty object type (<a href="https://redirect.github.com/prettier/prettier/issues/19583">#19583</a>)</li> <li><a href="https://github.com/prettier/prettier/commit/6394c732090efdf7798e0c8dc44c46583b4131c3"><code>6394c73</code></a> Align empty module declaration with TS (<a href="https://redirect.github.com/prettier/prettier/issues/19568">#19568</a>)</li> <li><a href="https://github.com/prettier/prettier/commit/a4e6f7a0264bad45f3c153773111f60a5d406d55"><code>a4e6f7a</code></a> Prevent the addition of space in <code>type()</code> with <code>+</code> (<a href="https://redirect.github.com/prettier/prettier/issues/19516">#19516</a>)</li> <li><a href="https://github.com/prettier/prettier/commit/3d063b57b1a2fdc660341b6e1c719e09997cc72c"><code>3d063b5</code></a> Ignore dangling comments when checking type parameter comments (<a href="https://redirect.github.com/prettier/prettier/issues/19572">#19572</a>)</li> <li><a href="https://github.com/prettier/prettier/commit/908503e9ee02718ef0ec21a023f2c0fd5fb00603"><code>908503e</code></a> Handle dangling comments in <code>SwitchStatement</code> (<a href="https://redirect.github.com/prettier/prettier/issues/19581">#19581</a>)</li> <li><a href="https://github.com/prettier/prettier/commit/943a475c3592149aad6062ad235338da548365ea"><code>943a475</code></a> Angular: Support expression for exhaustive typechecking (<a href="https://redirect.github.com/prettier/prettier/issues/19571">#19571</a>)</li> <li>Additional commits viewable in <a href="https://github.com/prettier/prettier/compare/3.9.4...3.9.5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Remove script that maybe in conflict with enterprise or engineering team settings/env As a backup there is mention of that step in troubleshooting guide: https://github.com/microsoft/azure-devops-mcp/blob/544f445599e22862dc4af2a8c39f8f0b9db9070b/docs/TROUBLESHOOTING.md?plain=1#L63 ## ✅ **PR Checklist** - [ ] **I have read the [contribution guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CONTRIBUTING.md)** - [ ] **I have read the [code of conduct guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CODE_OF_CONDUCT.md)** - [ ] Title of the pull request is clear and informative. - [ ] 👌 Code hygiene - [ ] 🔭 Telemetry added, updated, or N/A - [ ] 📄 Documentation added, updated, or N/A - [ ] 🛡️ Automated tests added, or N/A ## 🧪 **How did you test it?** _Replace_ with use cases tested and models used
…icrosoft#1418) This pull request updates the tests for the `configureWorkTools` function to reflect recent changes in tool registration and handler invocation. The main focus is on consolidating tool names and ensuring the correct action parameters are passed in test cases. **Test suite alignment with new tool registration:** * Updated all test cases to look for the `"work"` tool instead of the previous `"work_list_team_iterations"` and `"work_list_iterations"` tool names, ensuring consistency with the refactored tool registration logic. [[1]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL86-R87) [[2]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL135-R144) [[3]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL158-R167) [[4]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL180-R190) [[5]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL202-R207) [[6]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL225-R238) [[7]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL243-R248) [[8]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL262-R267) [[9]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL285-R290) [[10]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL394-R400) [[11]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL438-R445) [[12]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL494-R502) [[13]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL526-R541) [[14]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL547-R563) [[15]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL568-R579) [[16]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL612-R631) [[17]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL634-R653) **Parameterization improvements:** * Added the appropriate `action` field (e.g., `"list_team_iterations"` or `"list_iterations"`) to the parameters passed to tool handlers in all relevant test cases, ensuring that the handler receives the correct context for each action. [[1]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caR103) [[2]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL214-R218) [[3]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL253-R257) [[4]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL272-R276) [[5]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caR344) [[6]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caR417) [[7]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caR472) [[8]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caR519) [[9]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caR596) [[10]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL634-R653) These changes keep the test suite in sync with the updated implementation and improve clarity and maintainability. ## GitHub issue number N/A ## **Associated Risks** Changing signatures of tools and consolidating. Starting with smaller toolsets to make sure this goes well. ## ✅ **PR Checklist** - [x] **I have read the [contribution guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CONTRIBUTING.md)** - [x] **I have read the [code of conduct guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CODE_OF_CONDUCT.md)** - [x] Title of the pull request is clear and informative. - [x] 👌 Code hygiene - [x] 🔭 Telemetry added, updated, or N/A - [x] 📄 Documentation added, updated, or N/A - [x] 🛡️ Automated tests added, or N/A ## 🧪 **How did you test it?** Ran several manual tests. Updated the automated tests
…ft#1421) Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) from 8.63.0 to 8.64.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/typescript-eslint/typescript-eslint/releases">typescript-eslint's releases</a>.</em></p> <blockquote> <h2>v8.64.0</h2> <h2>8.64.0 (2026-07-13)</h2> <h3>🚀 Features</h3> <ul> <li>support parsing <code>import defer</code> (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12513">#12513</a>)</li> <li><strong>eslint-plugin:</strong> [no-loop-func] support <code>using</code> / <code>await using</code> declarations and deprecate the rule (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12500">#12500</a>)</li> <li><strong>typescript-estree:</strong> throw for invalid definite assignment in class properties (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12543">#12543</a>)</li> </ul> <h3>🩹 Fixes</h3> <ul> <li><strong>eslint-plugin:</strong> [require-array-sort-compare] handle constrained arrays (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12512">#12512</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Evyatar Daud <a href="https://github.com/StyleShit"><code>@StyleShit</code></a></li> <li>송재욱</li> </ul> <p>See <a href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.64.0">GitHub Releases</a> for more information.</p> <p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md">typescript-eslint's changelog</a>.</em></p> <blockquote> <h2>8.64.0 (2026-07-13)</h2> <p>This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.</p> <p>See <a href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.64.0">GitHub Releases</a> for more information.</p> <p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/typescript-eslint/typescript-eslint/commit/414d9abbf66f77796ab12ec7e75b07722e592832"><code>414d9ab</code></a> chore(release): publish 8.64.0</li> <li>See full diff in <a href="https://github.com/typescript-eslint/typescript-eslint/commits/v8.64.0/packages/typescript-eslint">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dan Hellem <dahellem@microsoft.com>
This pull request refactors and consolidates the Azure DevOps wiki toolset to align with the remote MCP server's structure. It replaces multiple specialized wiki tools with a single dispatcher tool using an `action` parameter, updates documentation for clarity, and improves error handling and parameter validation. **Wiki tool consolidation and refactoring:** - Consolidated all read-only wiki operations into a single `wiki` tool that uses an `action` parameter to select between listing wikis, getting wiki details, listing pages, getting page metadata, and retrieving page content. The previous individual tools (e.g., `mcp_ado_wiki_list_wikis`, `mcp_ado_wiki_get_wiki`, etc.) are removed. (`src/tools/wiki.ts`, `docs/TOOLSET.md`) [[1]](diffhunk://#diff-b17fb169ab8df3740ad297819df82b07c47565474ef0a50c23d3f63c42ed2da0L12-L96) [[2]](diffhunk://#diff-b17fb169ab8df3740ad297819df82b07c47565474ef0a50c23d3f63c42ed2da0L112-L142) [[3]](diffhunk://#diff-b17fb169ab8df3740ad297819df82b07c47565474ef0a50c23d3f63c42ed2da0L155-R132) [[4]](diffhunk://#diff-b17fb169ab8df3740ad297819df82b07c47565474ef0a50c23d3f63c42ed2da0L174-R151) [[5]](diffhunk://#diff-b17fb169ab8df3740ad297819df82b07c47565474ef0a50c23d3f63c42ed2da0L211) [[6]](diffhunk://#diff-b17fb169ab8df3740ad297819df82b07c47565474ef0a50c23d3f63c42ed2da0R248-R271) [[7]](diffhunk://#diff-63809bcf7da46bf515d3deeb8551a8a5cd63b3fff00ee8dd3517e46bb2bd6025L90-R99) [[8]](diffhunk://#diff-63809bcf7da46bf515d3deeb8551a8a5cd63b3fff00ee8dd3517e46bb2bd6025L539-R552) **Documentation updates:** - Updated the `docs/TOOLSET.md` to reflect the new tool grouping, parameter structure, and to note alignment with the Azure DevOps remote MCP server. The documentation now describes the new `action`-based dispatcher and clarifies which parameters are required for each operation. [[1]](diffhunk://#diff-63809bcf7da46bf515d3deeb8551a8a5cd63b3fff00ee8dd3517e46bb2bd6025L90-R99) [[2]](diffhunk://#diff-63809bcf7da46bf515d3deeb8551a8a5cd63b3fff00ee8dd3517e46bb2bd6025L539-R552) **Error handling improvements:** - Centralized and clarified error messages for each wiki action, ensuring consistent and informative feedback for failed operations. **Parameter validation and flexibility:** - Improved validation for required parameters based on the chosen action, and added support for optional parameters such as `url` for page content retrieval. [[1]](diffhunk://#diff-b17fb169ab8df3740ad297819df82b07c47565474ef0a50c23d3f63c42ed2da0L12-L96) [[2]](diffhunk://#diff-b17fb169ab8df3740ad297819df82b07c47565474ef0a50c23d3f63c42ed2da0L112-L142) [[3]](diffhunk://#diff-b17fb169ab8df3740ad297819df82b07c47565474ef0a50c23d3f63c42ed2da0L174-R151) **Write operation tool renaming:** - Renamed the create/update wiki page tool to `wiki_upsert_page` for consistency with the new naming scheme. [[1]](diffhunk://#diff-b17fb169ab8df3740ad297819df82b07c47565474ef0a50c23d3f63c42ed2da0L12-L96) [[2]](diffhunk://#diff-b17fb169ab8df3740ad297819df82b07c47565474ef0a50c23d3f63c42ed2da0R248-R271) These changes simplify the codebase, make the API more intuitive, and ensure the toolset is consistent with Azure DevOps standards. ## GitHub issue number N/A ## **Associated Risks** Changing the signature of tools in wiki ## ✅ **PR Checklist** - [x] **I have read the [contribution guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CONTRIBUTING.md)** - [x] **I have read the [code of conduct guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CODE_OF_CONDUCT.md)** - [x] Title of the pull request is clear and informative. - [x] 👌 Code hygiene - [x] 🔭 Telemetry added, updated, or N/A - [x] 📄 Documentation added, updated, or N/A - [x] 🛡️ Automated tests added, or N/A ## 🧪 **How did you test it?** manually testing all of the wiki tools and made sure automated tests are updated
…1427) Bumps [@azure/msal-node](https://github.com/AzureAD/microsoft-authentication-library-for-js) from 5.4.0 to 5.4.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/releases">@azure/msal-node's releases</a>.</em></p> <blockquote> <h2><code>@azure/msal-react</code> v5.4.1</h2> <h2>5.4.1</h2> <p>Mon, 11 May 2026 21:48:15 GMT</p> <h3>Patches</h3> <ul> <li>Bump <code>@azure/msal-browser</code> to v5.10.1 (beachball)</li> </ul> <h2><code>@azure/msal-node</code> v5.4.1</h2> <h2>5.4.1</h2> <p>Wed, 15 Jul 2026 22:35:35 GMT</p> <h3>Patches</h3> <ul> <li>Bump <code>@azure/msal-common</code> to v16.11.2 (beachball)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/5d1a16e9103853601886375dbcb15f06a02bc545"><code>5d1a16e</code></a> feat(msal-common/msal-browser): Add internal DPoP proof seams (RFC 9449) — in...</li> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/a6cd101f9bb2fdd93fd52a87bcafba139c8306cd"><code>a6cd101</code></a> ci: grant pull-requests:write to client-credential benchmark workflow (<a href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8706">#8706</a>)</li> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/2b2de141bc28799cfe8073ebc9299724e8f3990c"><code>2b2de14</code></a> Disallow major changes in MSAL Angular (<a href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8702">#8702</a>)</li> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/1be16ad9be8180ed763d98075813f31c30af4407"><code>1be16ad</code></a> Bump nightly-build pipeline to Node 22 for Angular 22 (<a href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8703">#8703</a>)</li> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/48f4b3b0a6c26585afb7bb79437f7bc06f0c8e79"><code>48f4b3b</code></a> Post-release PR (<a href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8701">#8701</a>)</li> <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/462b2ff048fed0f875f354329aeeb1e85eb62f3d"><code>462b2ff</code></a> Bump dependencies in msal-react samples (<a href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8695">#8695</a>)</li> <li>See full diff in <a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/compare/msal-node-v5.4.0...msal-node-v5.4.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…evels default (microsoft#1395) (microsoft#1420) Fixes microsoft#1395 ## Summary `advsec_get_alerts` returned an empty array for secret alerts that exist (and are visible in the Advanced Security UI). The root cause is the tool's `confidenceLevels` handling: the schema **force-defaulted** it to all levels (`[High, Other]`), and the `azure-devops-node-api` SDK serializes a multi-value confidence filter as `criteria.confidenceLevels=0,1` — a form the Alerts service rejects by returning **zero** alerts. So every secret query silently sent a filter that guaranteed an empty result. This PR removes that default, forwards `confidenceLevels` only when it narrows to a single level, and corrects the related secret-alert request construction. Verified end-to-end against a live org. ## Root cause — `confidenceLevels` multi-value filter - The Alerts service does **not** accept the multi-value (comma-serialized) confidence filter the SDK emits. `criteria.confidenceLevels=0,1` (both `High` and `Other`) returns **0** alerts; a single value (`=0`) works. - The schema force-defaulted `confidenceLevels` to every level, so *every* secret query — even one that intended no confidence filter — sent the broken `0,1` and got `[]`. This is the actual cause of the "secret alerts return empty" reports in microsoft#1395. - **Fix:** removed the forced default; the tool now forwards `confidenceLevels` only when it narrows the result to a proper subset (a single level), and omits it when all — or no — levels are selected (all levels = no filter anyway). ## Other changes - **Secret branch filters:** `onlyDefaultBranch` and `ref` are "Not applicable for secret alerts" per the REST API (secrets carry `gitRef: null`). For an explicit `alertType: "Secret"` query the tool no longer sends them. Live testing confirmed these filters are a no-op for secrets (they neither include nor exclude), so this is a correctness/clarity change rather than the root-cause fix. - **Zod default crash (found while fixing this):** the original default was lowercase `["high","other"]` while the schema enum keys are PascalCase, so Zod threw `invalid_enum_value` whenever `confidenceLevels` was omitted. Removing the default eliminates this class of bug entirely. - **Descriptions updated:** the tool and parameter descriptions now state that branch filters apply only to code/dependency/license alerts, and that a single `confidenceLevels` value narrows secrets while selecting every level is treated as no filter. ## Verification (live org) Ran directly against a live Advanced Security repository with 4 open secret alerts: | criteria | result | | --- | --- | | `{ alertType: Secret }` | 4 secrets | | `{ alertType: Secret, confidenceLevels: [High, Other] }` | **0** (multi-value rejected by service) | | `{ alertType: Secret, confidenceLevels: [High] }` | 4 | | `{ alertType: Secret, confidenceLevels: [Other] }` | 0 (all 4 are High confidence) | | `{ alertType: Secret, onlyDefaultBranch: false }` | 4 (branch flag ignored for secrets) | Through the fixed tool, an `alertType: "Secret"` query — including one that selects both confidence levels — now returns the alerts instead of `[]`. ## Tests - Schema-driven tests that parse through the real Zod schema; updated to assert that no `confidenceLevels` default is sent, that a single level is forwarded, and that an all-levels selection is omitted. - `npx jest`: **1021 passed / 18 suites**. `tsc --noEmit`: clean. `node scripts/build-validate-tools.js`: clean. --------- Co-authored-by: David Mavrodiev <dmavrodiev@microsoft.com> Co-authored-by: Dan Hellem <dahellem@microsoft.com>
Consolidation of pipeline tools and updated tests ## GitHub issue number N/A ## **Associated Risks** Signatures have changed ## ✅ **PR Checklist** - [x] **I have read the [contribution guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CONTRIBUTING.md)** - [x] **I have read the [code of conduct guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CODE_OF_CONDUCT.md)** - [x] Title of the pull request is clear and informative. - [x] 👌 Code hygiene - [x] 🔭 Telemetry added, updated, or N/A - [x] 📄 Documentation added, updated, or N/A - [x] 🛡️ Automated tests added, or N/A ## 🧪 **How did you test it?** Manually tested all tools and updated all automated tests
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.OpenSSF ScorecardScorecard details
Scanned Files
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Merge upstream
maininto fork sync branchsync/upstream-20260717.Preconditions
READY_FOR_SYNC_BRANCH_MERGEmainnot usedMerge Result
d6cc77bFocus Capability Validation
Pending manual verification for:
wit_get_work_itemwit_work_item_write_createwit_add_work_item_commentwit_update_work_item_commentrepo_create_branchwit_add_artifact_linkrepo_create_pull_requestNotes
src/tools/*and tests.