This PR makes it so we disable training data collection for Edit
Prediction based on the organization's configuration.

Closes CLO-641.

Release Notes:

- N/A

We hope this fixes an issue with permissions

Release Notes:

- N/A

This will ensure we do not post a second Slack message in case the first
check was successful. We still _run_ the second check, but do not notify

Release Notes:

- N/A

This PR adds the `correctly_deleted_chars` field and updates `kept_rate`
to account for it, not just inserted chars.

It also adds `recall_rate` to measure coverage of reference
insertions/deletions.

Finally, it renames "final" to "reference" and "prediction" to
"candidate".

Self-Review Checklist:

- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable


Release Notes:

- N/A

Self-Review Checklist:

- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable

## Details

- The [devcontainer CLI writes the `devcontainer.metadata` label as a
bare JSON object](https://github.com/devcontainers/cli/issues/1054) when
there is only one metadata entry (e.g. docker-compose devcontainer with
a Dockerfile and no features)
- Zed's `deserialize_metadata` only accepted a JSON array, causing
deserialization to fail with `invalid type: map, expected a sequence`
- This made it impossible to attach to existing docker-compose
devcontainers created by the devcontainer CLI or VS Code

The fix tries parsing as an array first, then falls back to parsing as a
single object wrapped in a vec. This mirrors how the [devcontainer CLI
itself reads the
label](https://github.com/devcontainers/cli/blob/main/src/spec-node/imageMetadata.ts#L476-L493).

An upstream fix has also been submitted:
https://github.com/devcontainers/cli/pull/1199

## Reproduction

1. Create a docker-compose devcontainer with a Dockerfile and no
features:

`.devcontainer/devcontainer.json`:
```json
{
  "name": "repro",
  "dockerComposeFile": "docker-compose.yml",
  "service": "app",
  "remoteUser": "root"
}
```

`.devcontainer/docker-compose.yml`:
```yaml
services:
  app:
    build:
      context: .
      dockerfile: Dockerfile
    command: sleep infinity
    volumes:
      - ..:/workspace
```

`.devcontainer/Dockerfile`:
```dockerfile
FROM ubuntu:24.04
```

2. `devcontainer up --workspace-folder .`
3. Open the folder in Zed, fails with metadata deserialization error

Release Notes:

- Fixed attaching to a devcontainer that has a single metadata element
which was started with `devcontainer-cli`

This PR makes it so the Collab panel can be disabled by the
organization's configuration:

<img width="239" height="191" alt="Screenshot 2026-04-09 at 2 38 35 PM"
src="https://github.com/user-attachments/assets/48216c00-85cd-441a-b613-7468db2b25bd"
/>

Depends on https://github.com/zed-industries/cloud/pull/2247.

Closes CLO-638.

Release Notes:

- N/A

## What does this PR changed

Adds footnote rendering and navigation to Zed's markdown preview.

- **Footnote references**: (`[^1]`) render inline as `[1]` with link
styling (color + underline)
- **Footnote definitions**: (`[^1]: ...`) render at the bottom with a
horizontal separator, smaller text (85% size), and a label prefix
- **Click-to-navigate**: clicking a footnote reference scrolls to its
definition


https://github.com/user-attachments/assets/a79a0136-f22d-40ac-8b53-cfefa8573d21

## OOS/ Need discussion

- **Display style**: Since currently the gpui crate does not provide a
superscript style, in this PR we publish the feature with using
[`[1]`]() instead of aligning to the GFM styled[^1]
- **Footnote definition placement**: GFM renders the footnote at the
bottom of the content no matter where the user place the footnote
definition, but the `pulldown_cmark` renders the footnote just at where
user place it, for this PR I'll keep the footnote where `pulldown_cmark`
renders it, and we may have some more discuss on if we need to move them
to the bottom of the markdown preview

[^1]: GitHub-flavoured markdown

## What to test

- [ ] Open a markdown file with footnotes (e.g. `Text[^1]\n\n[^1]:
Definition`)
- [ ] Verify reference renders as `[1]` with link color
- [ ] Verify definition renders below a separator with smaller text
- [ ] Verify pointer cursor appears on hover over `[1]`
- [ ] Verify clicking `[1]` scrolls to the definition
- [ ] Verify normal links still work as before
- [ ] `cargo test -p markdown` passes (46 tests)

Self-Review Checklist:

- [x] I've reviewed my own diff for quality, security, and reliability
- [ ] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable

Closes #13603

Release Notes:

- Added support for footnotes in Markdown Preview.

---------

Co-authored-by: Smit Barmase <heysmitbarmase@gmail.com>

Related to https://github.com/zed-industries/zed/pull/53484. 

This PR fixes a `--` file being created when staging a hunk.

Release Notes:

- N/A

Follow-up of https://github.com/zed-industries/zed/pull/53452

Release Notes:

- N/A

Release Notes:

- N/A or Added/Fixed/Improved ...

Self-Review Checklist:

- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [ ] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable

Closes #53056.

Release Notes:

- Fixed terminal tabs losing keyboard focus after switching tabs on Linux X11

Re-building the tool on CI every time is pointless when can just install
the binary itself

Release Notes:

- N/A or Added/Fixed/Improved ...

Follow-up of https://github.com/zed-industries/zed/pull/53452

* disables mouse wheel zooming in agent, debugger, keymap editor, dev
inspector and repl-related editors
* adjusts the code to call for theme changes directly instead of sending
the events, so that agent following does not capture the events and
changes its font size

Release Notes:

- N/A

Self-Review Checklist:

- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable

Release Notes:

- N/A

## Summary

- Fix crash on startup when the X11 server supports XInput < 2.4 (e.g.
XInput 2.3)
- Gesture event mask bits (pinch begin/update/end) are now only
requested when the server advertises XInput >= 2.4
- Zed previously failed to open any window on affected systems, printing
`Zed failed to open a window: X11 XiSelectEvents failed`

## Self-Review Checklist:

- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable









## Problem

On X11 systems where the XInput extension version is older than 2.4, Zed
crashes immediately on startup with:

```
Zed failed to open a window: X11 XiSelectEvents failed.

Caused by:
    X11 error X11Error { error_kind: Value, error_code: 2, sequence: 277,
    bad_value: 27, minor_opcode: 46, major_opcode: 131,
    extension_name: Some("XInputExtension"),
    request_name: Some("XISelectEvents") }
```

This makes Zed completely unusable on any X11 display server that only
supports XInput 2.3 or earlier, which includes many current Ubuntu
20.04/22.04 systems, remote X11 sessions, and VNC/Xvfb setups.

### Root cause

During window creation, `X11WindowState::new` calls `XISelectEvents`
with an event mask that unconditionally includes gesture event bits
(`GESTURE_PINCH_BEGIN`, `GESTURE_PINCH_UPDATE`, `GESTURE_PINCH_END`).
These gesture events were introduced in **XInput 2.4**.

When the X server only supports XInput 2.3 (or older), it does not
recognize these mask bits and rejects the entire `XISelectEvents`
request with a `BadValue` error. This is fatal because the error is
propagated up and prevents the window from being created.

A comment in the original code stated:

> If the server only supports an older version, gesture events simply
won't be delivered.

This is incorrect. The X11 protocol does **not** silently ignore unknown
mask bits in `XISelectEvents` — it rejects the whole request.

### How XInput version negotiation works

The client calls `XIQueryVersion(2, 4)` to announce the highest version
it supports. The server responds with the highest version **it**
supports (e.g. `2.3`). The client is then responsible for not using
features beyond the negotiated version. The existing code ignored the
server's response and used 2.4 features unconditionally.

## Fix

### Approach

Check the XInput version returned by the server. Only include gesture
event mask bits in `XISelectEvents` when the negotiated version is >=
2.4. On older servers, basic input events (motion, button press/release,
enter, leave) still work normally — only touchpad pinch gestures are
unavailable.

### Changed files

**`crates/gpui_linux/src/linux/x11/client.rs`**

1. Added `supports_xinput_gestures: bool` field to `X11ClientState`.
2. After the existing `xinput_xi_query_version(2, 4)` call, compute
whether the server version is >= 2.4:
   ```rust
   let supports_xinput_gestures = xinput_version.major_version > 2
|| (xinput_version.major_version == 2 && xinput_version.minor_version >=
4);
   ```
3. Added an `info!` log line reporting the detected XInput version and
gesture support status.
4. Pass `supports_xinput_gestures` through `open_window` into
`X11Window::new`.

**`crates/gpui_linux/src/linux/x11/window.rs`**

1. Added `supports_xinput_gestures: bool` parameter to both
`X11Window::new` and `X11WindowState::new`.
2. The `XISelectEvents` call now builds the event mask conditionally:
- Always includes: `MOTION`, `BUTTON_PRESS`, `BUTTON_RELEASE`, `ENTER`,
`LEAVE`
- Only when `supports_xinput_gestures` is true: `GESTURE_PINCH_BEGIN`,
`GESTURE_PINCH_UPDATE`, `GESTURE_PINCH_END`

### What is NOT changed

- The gesture event **handlers** in `client.rs`
(`XinputGesturePinchBegin`, `XinputGesturePinchUpdate`,
`XinputGesturePinchEnd`) are left as-is. They simply won't be triggered
on servers without gesture support, since the events are never
registered.
- No behavioral change on systems with XInput >= 2.4 — gesture events
continue to work exactly as before.

## Testing

| Test | Before fix | After fix |
|------|-----------|-----------|
| `./target/release/zed .` on XInput 2.3 | Immediate crash (exit code 1)
| Window opens successfully (runs until killed) |
| XInput version detection | Version queried but response ignored |
Version checked and logged |

Verified on an X11 system with XInput 2.3 (X.Org 1.20.13, Ubuntu 20.04).

## Test plan

- [x] Build succeeds (`cargo build --release`)
- [x] Zed launches and opens a window on XInput 2.3 system
- [x] No regression on the basic input event path (motion, clicks,
enter/leave still registered)
- [ ] Verify gesture pinch events still work on a system with XInput >=
2.4

Release Notes:

- Fixed Zed failing to start on X11 systems with XInput version older
than 2.4, which includes many Linux distributions and remote desktop
setups.

Self-Review Checklist:

- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [ ] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable

Release Notes:

- N/A or Added/Fixed/Improved ...

Continuation of https://github.com/zed-industries/zed/pull/53566, now
with proper thread root mutation.

Self-Review Checklist:

- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable

Release Notes:

- N/A

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [wasmtime](https://redirect.github.com/bytecodealliance/wasmtime) |
workspace.dependencies | patch | `36.0.6` → `36.0.7` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/15138) for more information.

### GitHub Vulnerability Alerts

####
[CVE-2026-34941](https://redirect.github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hx6p-xpx3-jvvv)

### Summary

Wasmtime contains a vulnerability where when transcoding a UTF-16 string
to the latin1+utf16 component-model encoding it would incorrectly
validate the byte length of the input string when performing a bounds
check. Specifically the number of code units were checked instead of the
byte length, which is twice the size of the code units.

This vulnerability can cause the host to read beyond the end of a
WebAssembly's linear memory in an attempt to transcode nonexistent
bytes. In Wasmtime's default configuration this will read unmapped
memory on a guard page, terminating the process with a segfault.
Wasmtime can be configured, however, without guard pages which would
mean that host memory beyond the end of linear memory may be read and
interpreted as UTF-16.

A host segfault is a denial-of-service vulnerability in Wasmtime, and
possibly being able to read beyond the end of linear memory is
additionally a vulnerability. Note that reading beyond the end of linear
memory requires nonstandard configuration of Wasmtime, specifically with
guard pages disabled.

### Impact

This is an out-of-bounds memory access. Any user running untrusted wasm
components that use cross-component string passing (with UTF-16 source
and latin1+utf16 destination encodings) is affected.

- With guard pages: Denial of service. The host process crashes with
SIGBUS/SIGSEGV.
- Without guard pages: Potential information disclosure. The guest can
read host memory beyond its linear memory allocation.

Patches

Wasmtime 24.0.7, 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this
bug. Users are recommended to update to these patched versions of
Wasmtime.
Workarounds

There is no workaround for this bug. Hosts are recommended to updated to
a patched version of Wasmtime.

####
[CVE-2026-34942](https://redirect.github.com/bytecodealliance/wasmtime/security/advisories/GHSA-jxhv-7h78-9775)

### Impact

Wasmtime's implementation of transcoding strings into the Component
Model's `utf16` or `latin1+utf16` encodings improperly verified the
alignment of reallocated strings. This meant that unaligned pointers
could be passed to the host for transcoding which would trigger a host
panic. This panic is possible to trigger from malicious guests which
transfer very specific strings across components with specific
addresses.

Host panics are considered a DoS vector in Wasmtime as the panic
conditions are controlled by the guest in this situation.

### Patches

Wasmtime 24.0.7, 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this
bug. Users are recommended to update to these patched versions of
Wasmtime.

### Workarounds

There is no workaround for this bug. Hosts are recommended to updated to
a patched version of Wasmtime.

####
[CVE-2026-34943](https://redirect.github.com/bytecodealliance/wasmtime/security/advisories/GHSA-m758-wjhj-p3jq)

### Impact

Wasmtime contains a possible panic which can happen when a `flags`-typed
component model value is lifted with the `Val` type. If bits are set
outside of the set of flags the component model specifies that these
bits should be ignored but Wasmtime will panic when this value is
lifted. This panic only affects wasmtime's implementation of lifting
into `Val`, not when using the `flags!` macro. This additionally only
affects `flags`-typed values which are part of a WIT interface.

This has the risk of being a guest-controlled panic within the host
which Wasmtime considers a DoS vector.

### Patches

Wasmtime 24.0.7, 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this
bug. Users are recommended to update to these patched versions of
Wasmtime.

### Workarounds

There is no workaround for this bug if a host meets the criteria to be
affected. To be affected a host must be using `wasmtime::component::Val`
and possibly work with a `flags` type in the component model.

####
[CVE-2026-34944](https://redirect.github.com/bytecodealliance/wasmtime/security/advisories/GHSA-qqfj-4vcm-26hv)

On x86-64 platforms with SSE3 disabled Wasmtime's compilation of the
`f64x2.splat` WebAssembly instruction with Cranelift may load 8 more
bytes than is necessary. When
[signals-based-traps](https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.signals_based_traps)
are disabled this can result in a uncaught segfault due to loading from
unmapped guard pages. With guard pages disabled it's possible for
out-of-sandbox data to be loaded, but this data is not visible to
WebAssembly guests.

### Details

The `f64x2.splat` operator, when operating on a value loaded from a
memory (for example with f64.load), compiles with Cranelift to code on
x86-64 without SSE3 that loads 128 bits (16 bytes) rather than the
expected 64 bits (8 bytes) from memory. When the address is in-bounds
for a (correct) 8-byte load but not an (incorrect) 16-byte load, this
can load beyond memory by up to 8 bytes. This can result in three
different behaviors depending on Wasmtime's configuration:

1. If guard pages are disabled then this extra data will be loaded. The
extra data is present in the upper bits of a register, but the upper
bits are not visible to WebAssembly guests. Actually witnessing this
data would require a different bug in Cranelift, of which none are
known. Thus in this situation while it's something we're patching in
Cranelift it's not a security issue.
2. If guard pages are enabled, and
[signals-based-traps](https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.signals_based_traps)
are enabled, then this operation will result in a safe WebAssembly trap.
The trap is incorrect because the load is not out-of-bounds as defined
by WebAssembly, but this mistakenly widened load will load bytes from an
unmapped guard page, causing a segfault which is caught and handled as a
Wasm trap. In this situation this is not a security issue, but we're
patching Cranelift to fix the WebAssembly behavior.
3. If guard pages are enabled, and
[signals-based-traps](https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.signals_based_traps)
are disabled, then this operation results in an uncaught segfault. Like
the previous case with guard pages enabled this will load from an
unmapped guard page. Unlike before, however, signals-based-traps are
disabled meaning that signal handlers aren't configured. The resulting
segfault will, by default, terminate the process. This is a security
issue from a DoS perspective, but does not represent an arbitrary read
or write from WebAssembly, for example.

Wasmtime's default configuration is case (2) in this case. That means
that Wasmtime, by default, incorrectly executes this
WebAssembly instruction but does not have insecure behavior.

### Impact

If
[signals-based-traps](https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.signals_based_traps)
are disabled and guard pages are enabled then guests can trigger an
uncaught segfault in the host, likely aborting the host process. This
represents, for example, a DoS vector for WebAssembly guests.

This bug does not affect Wasmtime's default configuration and requires
[signals-based-traps](https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.signals_based_traps)
to be disabled. This bug only affects the x86-64 target with the SSE3
feature disabled and the Cranelift backend (Wasmtime's default backend).

### Patches

Wasmtime 24.0.7, 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this
bug. Users are recommended to update to these patched versions of
Wasmtime.

### Workarounds

This bug only affects x86-64 hosts where SSE3 is disabled. If SSE3 is
enabled or if a non-x86-64 host is used then hosts are not affect.
Otherwise there are no known workarounds to this issue.

####
[CVE-2026-34945](https://redirect.github.com/bytecodealliance/wasmtime/security/advisories/GHSA-m9w2-8782-2946)

### Impact

Wasmtime's Winch compiler contains a bug where a 64-bit table, part of
the memory64 proposal of WebAssembly, incorrectly translated the
`table.size` instruction. This bug could lead to disclosing data on the
host's stack to WebAssembly guests. The host's stack can possibly
contain sensitive data related to other host-originating operations
which is not intended to be disclosed to guests.

This bug specifically arose from a mistake where the return value of
`table.size` was statically typed as a 32-bit integer, as opposed to
consulting the table's index type to see how large the returned register
could be. When combined with details about Wnich's ABI, such as
multi-value returns, this can be combined to read stack data from the
host, within a guest. This information disclosure should not be possible
in WebAssembly, violates spec semantics, and is a vulnerability in
Wasmtime.

### Patches

Wasmtime 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this bug.
Users are recommended to update to these patched versions of Wasmtime.

### Workarounds

Users of Cranelift are not affected by this issue, but users of Winch
have no workarounds other than disabling the `Config::wasm_memory64`
proposal.

####
[CVE-2026-34946](https://redirect.github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q49f-xg75-m9xw)

### Impact

Wasmtime's Winch compiler contains a vulnerability where the compilation
of the `table.fill` instruction can result in a host panic. This means
that a valid guest can be compiled with Winch, on any architecture, and
cause the host to panic. This represents a denial-of-service
vulnerability in Wasmtime due to guests being able to trigger a panic.

The specific issue is that a historical refactoring, #​11254,
changed how compiled code referenced tables within the `table.*`
instructions. This refactoring forgot to update the Winch code paths
associated as well, meaning that Winch was using the wrong indexing
scheme. Due to the feature support of Winch the only problem that can
result is tables being mixed up or nonexistent tables being used,
meaning that the guest is limited to panicking the host (using a
nonexistent table), or executing spec-incorrect behavior and modifying
the wrong table.

### Patches

Wasmtime 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this bug.
Users are recommended to update to these patched versions of Wasmtime.

### Workarounds

Users of Cranelift are not affected by this issue, but for users of
Winch there is no workaround for this bug. Hosts are recommended to
updated to a patched version of Wasmtime.

####
[CVE-2026-34971](https://redirect.github.com/bytecodealliance/wasmtime/security/advisories/GHSA-jhxm-h53p-jm7w)

### Impact

Wasmtime's Cranelift compilation backend contains a bug on aarch64 when
performing a certain shape of heap accesses which means that the wrong
address is accessed. When combined with explicit bounds checks a guest
WebAssembly module this can create a situation where there are two
diverging computations for the same address: one for the address to
bounds-check and one for the address to load. This difference in address
being operated on means that a guest module can pass a bounds check but
then load a different address. Combined together this enables an
arbitrary read/write primitive for guest WebAssembly when accesssing
host memory. This is a sandbox escape as guests are able to read/write
arbitrary host memory.

This vulnerability has a few ingredients, all of which must be met, for
this situation to occur and bypass the sandbox restrictions:

* This miscompiled shape of load only occurs on 64-bit WebAssembly
linear memories, or when `Config::wasm_memory64` is enabled. 32-bit
WebAssembly is not affected.
* Spectre mitigations or signals-based-traps must be disabled. When
spectre mitigations are enabled then the offending shape of load is not
generated. When signals-based-traps are disabled then spectre
mitigations are also automatically disabled.

The specific bug in Cranelift is a miscompile of a load of the shape
`load(iadd(base, ishl(index, amt)))` where `amt` is a constant. The
`amt` value is masked incorrectly to test if it's a certain value, and
this incorrect mask means that Cranelift can pattern-match this lowering
rule during instruction selection erroneously, diverging from
WebAssembly's and Cranelift's semantics. This incorrect lowering would,
for example, load an address much further away than intended as the
correct address's computation would have wrapped around to a smaller
value insetad.

### Patches

Wasmtime 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this bug.
Users are recommended to update to these patched versions of Wasmtime.

### Workarounds

This bug only affects users of Cranelift on aarch64. Cranelift on other
platforms is not affected. Additionally this only affects 64-bit
WebAssembly linear memories, so if `Config::wasm_memory64` is disabled
then hosts are not affected. Note that `Config::wasm_memory64` is
enabled by default. If spectre mitigations are enabled, which are
enabled by default, then hosts are not affected by this issue.

####
[CVE-2026-34988](https://redirect.github.com/bytecodealliance/wasmtime/security/advisories/GHSA-6wgr-89rj-399p)

### Impact

Wasmtime's implementation of its pooling allocator contains a bug where
in certain configurations the contents of linear memory can be leaked
from one instance to the next. The implementation of resetting the
virtual memory permissions for linear memory used the wrong predicate to
determine if resetting was necessary, where the compilation process used
a different predicate. This divergence meant that the pooling allocator
incorrectly deduced at runtime that resetting virtual memory permissions
was not necessary while compile-time determine that virtual memory could
be relied upon.

Exposing this bug requires specific configuration values to be used. If
any of these configurations are not applicable then this bug does not
happen:

* The pooling allocator must be in use.
* The `Config::memory_guard_size` configuration option must be 0.
* The `Config::memory_reservation` configuration must be less than 4GiB.
* The pooling allocator must be configured with `max_memory_size` the
same as the `memory_reservation` value.

If all of these conditions are applicable then when a linear memory is
reused the VM permissions of the previous iteration are not reset. This
means that the compiled code, which is assuming out-of-bounds loads will
segfault, will not actually segfault and can read the previous contents
of linear memory if it was previously mapped.

This represents a data leakage vulnerability between guest WebAssembly
instances which breaks WebAssembly's semantics and additionally breaks
the sandbox that Wasmtime provides. Wasmtime is not vulnerable to this
issue with its default settings, nor with the default settings of the
pooling allocator, but embeddings are still allowed to configure these
values to cause this vulnerability.

### Patches

Wasmtime 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this bug.
Users are recommended to update to these patched versions of Wasmtime.

### Workarounds

All four conditions above must be met to be vulnerable to this bug, and
users can work around this bug by adjusting any of the above conditions.
For example it is strongly recommended that guard pages are configured
for linear memories which would make this bug not applicable.

####
[CVE-2026-35195](https://redirect.github.com/bytecodealliance/wasmtime/security/advisories/GHSA-394w-hwhg-8vgm)

### Impact

Wasmtime's implementation of transcoding strings between components
contains a bug where the return value of a guest component's `realloc`
is not validated before the host attempts to write through the pointer.
This enables a guest to cause the host to write arbitrary transcoded
string bytes to an arbitrary location up to 4GiB away from the base of
linear memory. These writes on the host could hit unmapped memory or
could corrupt host data structures depending on Wasmtime's
configuration.

Wasmtime by default reserves 4GiB of virtual memory for a guest's linear
memory meaning that this bug will by default on hosts cause the host to
hit unmapped memory and abort the process due to an unhandled fault.
Wasmtime can be configured, however, to reserve less memory for a guest
and to remove all guard pages, so some configurations of Wasmtime may
lead to corruption of data outside of a guest's linear memory, such as
host data structures or other guests's linear memories.

### Patches

Wasmtime 24.0.7, 36.0.7, 42.0.2, and 43.0.1 have been issued to fix this
bug. Users are recommended to update to these patched versions of
Wasmtime.

### Workarounds

There is no known workaround for this issue and affected
hosts/embeddings are recommended to upgrade.

---

### Release Notes

<details>
<summary>bytecodealliance/wasmtime (wasmtime)</summary>

###
[`v36.0.7`](https://redirect.github.com/bytecodealliance/wasmtime/releases/tag/v36.0.7)

[Compare
Source](https://redirect.github.com/bytecodealliance/wasmtime/compare/v36.0.6...v36.0.7)

#### 36.0.7

Released 2026-04-09.

##### Fixed

- Miscompiled guest heap access enables sandbox escape on aarch64
Cranelift.

[GHSA-jhxm-h53p-jm7w](https://redirect.github.com/bytecodealliance/wasmtime/security/advisories/GHSA-jhxm-h53p-jm7w)

- Wasmtime with Winch compiler backend may allow a sandbox-escaping
memory
  access.

[GHSA-xx5w-cvp6-jv83](https://redirect.github.com/bytecodealliance/wasmtime/security/advisories/GHSA-xx5w-cvp6-jv83)

- Out-of-bounds write or crash when transcoding component model strings.

[GHSA-394w-hwhg-8vgm](https://redirect.github.com/bytecodealliance/wasmtime/security/advisories/GHSA-394w-hwhg-8vgm)

- Host panic when Winch compiler executes `table.fill`.

[GHSA-q49f-xg75-m9xw](https://redirect.github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q49f-xg75-m9xw)

- Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat`
operator
  on x86-64.

[GHSA-qqfj-4vcm-26hv](https://redirect.github.com/bytecodealliance/wasmtime/security/advisories/GHSA-qqfj-4vcm-26hv)

- Improperly masked return value from `table.grow` with Winch compiler
backend.

[GHSA-f984-pcp8-v2p7](https://redirect.github.com/bytecodealliance/wasmtime/security/advisories/GHSA-f984-pcp8-v2p7)

- Panic when transcoding misaligned utf-16 strings.

[GHSA-jxhv-7h78-9775](https://redirect.github.com/bytecodealliance/wasmtime/security/advisories/GHSA-jxhv-7h78-9775)

- Panic when lifting `flags` component value.

[GHSA-m758-wjhj-p3jq](https://redirect.github.com/bytecodealliance/wasmtime/security/advisories/GHSA-m758-wjhj-p3jq)

- Heap OOB read in component model UTF-16 to latin1+utf16 string
transcoding.

[GHSA-hx6p-xpx3-jvvv](https://redirect.github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hx6p-xpx3-jvvv)

- Data leakage between pooling allocator instances.

[GHSA-6wgr-89rj-399p](https://redirect.github.com/bytecodealliance/wasmtime/security/advisories/GHSA-6wgr-89rj-399p)

- Host data leakage with 64-bit tables and Winch.

[GHSA-m9w2-8782-2946](https://redirect.github.com/bytecodealliance/wasmtime/security/advisories/GHSA-m9w2-8782-2946)

</details>

---

### Configuration

📅 **Schedule**: (in timezone America/New_York)

- Branch creation
  - ""
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

Release Notes:

- N/A

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTAuMiIsInVwZGF0ZWRJblZlciI6IjQzLjExMC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

Fixes a UI regression introduced in
https://github.com/zed-industries/zed/pull/48467, which prevented
automatic update statuses from being shown in the title bar unless the
update was checked for manually by the user, causing some users to
unknowingly cancel updates in progress by closing the application, since
there was no indication.


https://github.com/user-attachments/assets/ea16a600-3db4-49dc-bca5-11c8fcfff619

Self-Review Checklist:
- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable

Closes https://github.com/zed-industries/zed/issues/50162

Release Notes:

- Fixed missing indication that an update was currently being downloaded
or installed in the title bar

Removed 'Text Threads' option from the mode dropdown for AI issues,
since #52757 removed the feature

Self-Review Checklist:

- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable

Release Notes:

- N/A

This PR adds remote connection data to the threads metadata database.
This fixes an issue where threads ran on separate projects with the same
remote/local path list would show up in the sidebar in both workspaces,
instead of only the workspace they were originally created in.

I added a migrator that uses the workspace persistence database to add
remote connection argument to threads that only have path list matches
with a remote project. If a path list matches with both local/remote
workspaces, we default to setting it as local.

Self-Review Checklist:

- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable

Release Notes:

- N/A or Added/Fixed/Improved ...

---------

Co-authored-by: Eric Holk <eric@zed.dev>

Thanks to Dario Weißer for the suggestion

Release Notes:

- Fixed some potential edge cases when paths in a project started
  with `-`.

When the sidebar opens a remote SSH project, it shows a
`RemoteConnectionModal` on the currently active (local) workspace. After
the connection succeeds and a new remote workspace is created and
activated, the modal on the local workspace was never dismissed.
Switching back to the local workspace (e.g. by activating a thread)
would re-render the local workspace's modal layer, revealing the stale
"Starting proxy..." modal.

Other code paths that show this modal (`recent_projects`, `git_ui`)
already call `modal.finished(cx)` after the connection completes. The
sidebar and agent panel paths were missing this cleanup.

## Changes

- **`remote_connection`**: Added `dismiss_connection_modal()`, a public
utility that finds and dismisses any active `RemoteConnectionModal` on a
given workspace.
- **`sidebar`**: Fixed two call sites (`open_workspace_for_group` and
`open_workspace_and_activate_thread`) to dismiss the modal after the
connection task completes, regardless of success or failure.
- **`agent_ui`**: Fixed `open_worktree_workspace_and_start_thread` to
dismiss the modal after workspace creation completes.

Release Notes:

- (Preview only) Fixed a spurious "Starting proxy..." modal appearing
and hanging when switching back to a local project after opening a
remote SSH project in a multi-project workspace.

Reverts zed-industries/zed#53566

Self-Review Checklist:

- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable

Closes #ISSUE

Release Notes:

- N/A

---------

Co-authored-by: Eric Holk <eric@zed.dev>

Self-Review Checklist:

- [ ] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable

Release Notes:

- N/A

Also indicates if the multiworkspace and the worspace disagree on the
right key.

Self-Review Checklist:

- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable

Release Notes:

- N/A

Self-Review Checklist:

- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable

Closes #52928

Release Notes:

- Fixed handling of multi-stage and stage-specified dockerfiles in dev
container manifests
- Fixed the way we find the base image in a dev container when build
args need expansion

The "Creating Worktree…" spinner, error banner, and disabled selector
state were stored as panel-wide state. This meant switching to a
different thread while a worktree was being created would still show the
spinner on the new thread.

Release Notes:

- N/A

Disambiguate project names in the sidebar (and project picker) so that
we don't show e.g. `zed, zed` but rather `foo/zed, bar/zed` if the last
path component is the same but they are different absolute paths.

Release Notes:

- N/A

Now you can cancel the Unarchive operation if it's taking too long.

(No release notes because this unarchive behavior isn't even on Preview
yet.)

Release Notes:

- N/A

Self-Review Checklist:

- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [ ] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable

Release Notes:

- The "Fix with Assistant" code action for diagnostics has been removed.
The inline assistant remains available and can be deployed with the
`assistant: inline assist` action.

Update `await_and_rollback_on_failure` in `agent_panel.rs` to
comprehensively clean up both git metadata and filesystem artifacts when
worktree creation fails.

Release Notes:

- Clean up files and git metadata when worktree creation fails during
new agent thread setup.

- Introduce `project_panel::Redo` action
- Update all platform keymaps in order to map
`redo`/`ctrl-shift-z`/`cmd-shift-z` to the `project_panel::Redo` action

### Restore Entry Support

- Update both `Project::delete_entry` and `Worktree::delete_entry` to
return the resulting `fs::TrashedEntry`
- Introduce both `Project::restore_entry` and `Worktree::restore_entry`
to allow restoring an entry in a worktree, given the `fs::TrashedEntry`
- Worth pointing out that support for restoring is not yet implemented
for remote worktrees, as that will be dealt with in a separate pull
request
  
### Undo Manager

- Split `ProjectPanelOperation` into two different enums, `Change` and
`Operation`
- While thinking through this, we noticed that simply recording the
operation that user was performing was not enough, specifically in the
case where undoing would restore the file, as in that specific case, we
needed the `trash::TrashedEntry` in order to be able to restore, so we
actually needed the result of executing the operation.
- Having that in mind, we decided to separate the operation (intent)
from the change (result), and record the change instead. With the change
being recorded, we can easily building the operation that needs to be
executed in order to invert that change.
- For example, if an user creates a new file, we record the
`ProjectPath` where the file was created, so that undoing can be a
matter of trashing that file. When undoing, we keep track of the
`trash::TrashedEntry` resulting from trashing the originally created
file, such that, redoing is a matter of restoring the
`trash::TrashedEntry`.
- Refer to the documentation in the `project_panel::undo` module for a
better breakdown on how this is implemented/handled.

- Introduce a task queue for dealing with recording changes, as well as
undo and redo requests in a sequential manner
- This meant moving some of the details in `UndoManager` to a
`project_panel::undo::Inner` implementation, and `UndoManager` now
serves as a simple wrapper/client around the inner implementation,
simply communicating with it to record changes and handle undo/redo
requests
- Callers that depend on the `UndoManager` now simply record which
changes they wish to track, which are then sent to the undo manager's
inner implementation
- Same for the undo and redo requests, those are simply sent to the undo
manager's inner implementation, which then deals with picking the
correct change from the history and executing its inverse operation
- Introduce support for tracking restore changes and operations
- `project_panel::undo::Change::Restored` – Keeps track that the
file/directory associated with the `ProjectPath` was a result of
restoring a trashed entry, for which we now that reverting is simply a
matter of trashing the path again
- `project_panel::undo::Operation::Restore` – Keeps track of both the
worktree id and the `TrashedEntry`, from which we can build the original
`ProjectPath` where the trashed entry needs to be restored
- Move project panel's undo tests to a separate module
`project_panel::tests::undo` to avoid growing the
`project::project_panel_tests` module into a monolithic test module
- Some of the functions in `project::project_panel_tests` were made
`pub(crate)` in order for us to be able to call those from
`project_panel::tests::undo`
  
### FS Changes

- Refactored the `Fs::trash_file` and `Fs::trash_dir` methods into a
single `Fs::trash` method
- This can now be done because `RealFs::trash_dir` and
`RealFs::trash_file` were simply calling `trash::delete_with_info`, so
we can simplify the trait
- Tests have also been simplified to reflect this new change, so we no
longer need a separate test for trashing a file and trashing a directory
- Update `Fs::trash` and `Fs::restore` to be async
- On the `RealFs` implementation we're now spawning a thread to perform
the trash/restore operation

Self-Review Checklist:

- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable

Relates to #5039

Release Notes:

- N/A

---------

Co-authored-by: Yara <git@yara.blue>
Co-authored-by: Miguel Raz Guzmán Macedo <miguel@zed.dev>
Co-authored-by: Marshall Bowers <git@maxdeviant.com>

Introduce a new `fs::Fs::restore` method which, given a
`fs::TrashedEntry` should attempt to restore the file or directory back
to its original path.

Update both `Fs::trash_dir` and `Fs::trash_file` to now return the
location of the trashed directory or file, as well as adding the
`trash-rs` create dependency and updating the `RealFs` implementation
for these methods to simply leverage `trash::delete_with_info`.

* Add `fs::Fs::TrashedEntry` struct, which allows us to track the
  original file path and the new path in the OS' trash
* Update the `fs::Fs::trash_dir` and `fs::Fs::trash_file` signatures to
  now return `Result<TrashedEntry>` instead of `Result<()>`
* The `options` argument was removed because it was never used by
  implementations other than the default one, and with this change to
  the signature type, we no longer have a default implementation, so the
  `options` argument would no longer make sense
* Update `fs::RealFs::trash_dir` and `fs::RealFs::trash_file`
  implementations to simply delegate to `trash-rs` and convert the
  result to a `TrashedEntry`
* Add `fs::FakeFs::trash` so we can simulate the OS' trash during tests
  that touch the filesystem
* Add `fs::FakeFs::trash_file` implementation to leverage
  `fs::FakeFs::trash`
* Add `fs::FakeFs::trash_dir` implementation to leverage
  `fs::FakeFs::trash`

This panic was caused because we incorrectly assumed that each character
was one byte when converting character indices to highlight range byte
indices.

Self-Review Checklist:

- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable

Closes #53479

Release Notes:

- Fix a panic that could occur in the project symbol search picker

---------

Co-authored-by: Lukas Wirth <lukas@zed.dev>

Release Notes:

- N/A or Added/Fixed/Improved ...

## What does this PR did

- Generate [GitHub-flavored heading
slugs](https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#section-links)
for markdown headings
- Handle `[label](#heading)` same-document anchor links that scroll the
preview and editor to the target heading
- Handle `[label](./file.md#heading)` cross-file anchor links that open
the file, scroll the preview, and move the editor cursor to the heading


https://github.com/user-attachments/assets/ecc468bf-bed0-4543-a988-703025a61bf8

## What to test

- [ ] Create a markdown file with `[Go to section](#section-name)`
links, verify clicking scrolls preview and editor
- [ ] Create two markdown files with cross-file links like `[See
other](./other.md#heading)`, verify file opens and preview scrolls to
heading
- [ ] Verify duplicate headings produce correct slugs (`heading`,
`heading-1`)
- [ ] Verify external URLs (`https://...`) are unaffected

Self-Review Checklist:

- [x] I've reviewed my own diff for quality, security, and reliability
- [ ] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [ ] Performance impact has been considered and is acceptable

Closes #18699

Release Notes:

- Added support for anchor links for headings in Markdown Preview.

---------

Co-authored-by: Smit Barmase <heysmitbarmase@gmail.com>

This PR updates the agent thread UI to disable the thread feedback
controls based on the organization's configuration.

Closes CLO-629.

Release Notes:

- N/A

This PR updates the `UserStore` to store the configuration for each
organization.

We'll be reading from this in subsequent PRs.

Closes CLO-628.

Release Notes:

- N/A

Self-Review Checklist:

- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [ ] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable

Release Notes:

- N/A

We don't use this terminology anymore; now it's "agent panel".

Release Notes:

- N/A

Release Notes:

- N/A

Remove the standalone storybook binary and the story crate, as component
previews are now handled by the component_preview crate.

Also removes the stories features from the ui and title_bar crates.

Release Notes:

- N/A or Added/Fixed/Improved ...

This should reduce energy consumption when having agents running in
background windows, as the spinner that is being animated won't refresh
at the display framerate anymore.

Release Notes:

- N/A or Added/Fixed/Improved ...

Release Notes:

- N/A

Closes https://github.com/zed-industries/zed/pull/53452

Release Notes:

- Add event handling on editor to increase/decrease font-size when using
the scroll-wheel and holding the secondary modifier (Ctrl on
Linux/Windows, and Cmd on macOS)

Screen Capture:


https://github.com/user-attachments/assets/bf298be4-e2c9-470c-afef-b7e79c2d3ae6

---------

Co-authored-by: Dmitry Soluyanov <dimitri.soluyanov@yandex.ru>