This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [aws-sdk-s3](https://redirect.github.com/awslabs/aws-sdk-rust) |
dependencies | minor | `1.108.0` → `1.112.0` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

### GitHub Vulnerability Alerts

####
[GHSA-g59m-gf8j-gjf5](https://redirect.github.com/awslabs/aws-sdk-rust/security/advisories/GHSA-g59m-gf8j-gjf5)

## **Summary**
This notification is related to the use of specific values for the
region input field when calling AWS services. An actor with access to
the environment in which the SDK is used could set the region input
field to an invalid value.

A defense-in-depth enhancement has been implemented in the AWS SDK for
Rust. This enhancement validates that a region used to construct an
endpoint URL is a valid host label. The change was released on November
6, 2025. This advisory is informational to help customers understand
their responsibilities regarding configuration security.

## **Impact**
Customer applications could be configured to improperly route AWS API
calls to non-existent or non-AWS hosts. While the SDK was functioning
safely within the requirements of the shared responsibility model,
additional safeguards have been added to support secure customer
implementations.

**Impacted versions**: All versions prior to [November 6, 2025
release](https://redirect.github.com/awslabs/aws-sdk-rust/releases/tag/release-2025-11-06)

## **Patches**
On November 6, 2025, an enhancement [1] was made to the AWS SDK for Rust
release, which validates the formatting of a region, providing
additional safeguards.

## **Workarounds**
No workarounds are needed, but as always developers should ensure that
their application is following security best practices:
- Implement proper input validation in your application code
- Update to the latest AWS SDK for Rust release on a regular basis
- Follow AWS security best practices [2] for SDK configuration

## **References**
Contact AWS Security via the vulnerability reporting page or email
[aws-security@amazon.com](mailto:aws-security@amazon.com).

## **Acknowledgement**
AWS Security thanks Guy Arazi for bringing these customer security
considerations to our attention through the coordinated disclosure
process.

[1]
[https://github.com/smithy-lang/smithy-rs/pull/4383](https://redirect.github.com/smithy-lang/smithy-rs/pull/4383)
[2] https://docs.aws.amazon.com/sdk-for-rust/latest/dg/security.html

---

### Configuration

📅 **Schedule**: Branch creation - "" in timezone America/New_York,
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

Release Notes:

- N/A

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi43NC41IiwidXBkYXRlZEluVmVyIjoiNDIuNzQuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

Tackling this as I noticed a bug in the agent panel where the button to
delete a thread, which appeared only on hover, stopped showing up. PRs
#43324 and #45437 fixed stuff in applying hover styles through
`.hover()` but broke the `.on_hover()` callback. Problem was that both
methods were sharing the same `element_state.hover_state` but running at
different phases. The solution here was to add a new independent state
field for the hover listener (`hover_listener_state`) while the hover
style method keeps using `hover_state`.

Release Notes:

- Agent: Fixed a bug where the button to delete a thread stopped showing
up.

This PR removes the const generics limitation from the data table
component, enabling tables with a dynamic number of columns determined
at runtime.

**Context:**  
This is the next infrastructure step split out from the [original CSV
preview draft PR](https://github.com/zed-industries/zed/pull/44344). The
draft PR remains open as a reference and will continue to be decomposed
into smaller, reviewable pieces.

**Details:**  
- Introduces a `TableRow` newtype to enforce column count invariants at
runtime, replacing the previous const generic approach. It's api surface
is larger than is currently used, as it's planned to be used in CSV
feature itself.
- Refactors the data table and all usages (including the keymap editor)
to work with runtime column counts.
- This change is foundational for supporting CSV preview and other
features that require flexible, dynamic tables.
- Performance impact has not been formally measured, but there is no
noticeable slowdown in practice.

---

Release Notes:
- N/A (internal infrastructure change, no user impact)

---------

Co-authored-by: Anthony Eid <anthony@zed.dev>

Adds granular per-tool permission settings for the Zed agent with
regex-based rules.

Release Notes:

- N/A

---------

Co-authored-by: Amp <amp@ampcode.com>

Release Notes:

- N/A

---------

Co-authored-by: Oleksiy Syvokon <oleksiy.syvokon@gmail.com>
Co-authored-by: Agus Zubiaga <agus@zed.dev>
Co-authored-by: Ben Kunkle <ben@zed.dev>

Just some housekeeping UI clean up on the configuration instructions for
Bedrock.

Release Notes:

- N/A

Whoops

Release Notes:

- N/A

Some code got added to `workspace` that prevents us from running tests
for the `edit_prediction(cli)` crates specifically without the
`test-support` feature flag.

Release Notes:

- N/A

Co-authored-by: Ben Kunkle <ben@zed.dev>

One _character_ change to fix the dividing border in the agent panel's
profile tooltip. 😬

Release Notes:

- N/A

This PR fixes visual tests to use the actual Zed fonts (IBM Plex Sans /
Lilex) instead of Courier.

Release Notes:

- N/A

Closes #45776

It didn't enable multiline mode before `¯\_(ツ)_/¯`. If there is a reason
this fix won't work please let me know but it seems like this one was
just an easy fix.

Release Notes:
- Improved multiline regex behavior

Release Notes:

- N/A

---------

Co-authored-by: Yara <yara@zed.dev>

Follow-up of https://github.com/zed-industries/zed/pull/45365

* Stops printing backtraces for server diagnostics pulls on error

<img width="1728" height="1084" alt="backtrace"
src="https://github.com/user-attachments/assets/b2e75e73-611a-428b-8056-f0757e51adf2"
/>

* Reduce one `.detach` codepath into `.await`

Release Notes:

- N/A

Release Notes:
- Improved docs regarding podman compatibility with dev containers

Before this we failed to parse some file:/// links the agent would
generate causing it to open in the system default app and not zed.

Release Notes:

- N/A

This PR fixes the symlink for the license in the `component_preview`
crate, as it was referencing itself after
https://github.com/zed-industries/zed/pull/45382.

Release Notes:

- N/A

If I apply

```diff
diff --git a/crates/action_log/src/action_log.rs b/crates/action_log/src/action_log.rs
index 404fb3616d..ece063c34f 100644
--- a/crates/action_log/src/action_log.rs
+++ b/crates/action_log/src/action_log.rs
@@ -223,6 +223,7 @@ impl ActionLog {
             futures::select_biased! {
                 buffer_update = buffer_updates.next() => {
                     if let Some((author, buffer_snapshot)) = buffer_update {
+                        dbg!(&author);
                         Self::track_edits(&this, &buffer, author, buffer_snapshot, cx).await?;
                     } else {
                         break;
```

on top of `main`, `User` and `Agent` will always interleave.

This happens because `action_log` does updates on `Entity<Buffer>` which
is a current editor's buffer, tracked, and updated by agent output (acp
or regular threads) — those updates come back as `BufferEvent::Edited`
event after each agent's edit and forces unnecessary computations.

Instead, update tracked buffer's version after each agent update report
to only react on one, `Agent`-authored, edit events.

Release Notes:

- N/A

Release Notes:

- N/A

When a recorded action moves focus away from the editor (e.g.,
`buffer_search::Deploy`), the `EndRepeat` action handler is not invoked
because is node is no longer on the dispatch path. This left
`dot_replaying` set to `true`, causing subsequent repeats to malfunction
and the `VimGlobals.pre_count` value to never be reset.

Reset `dot_replaying` as a fail-safe when the replayer exhausts its
action queue, ensuring the state is always cleaned up regardless of
whether `EndRepeat` was handled.

Release Notes:

- Fixed vim repeat (`.`) breaking when the recorded action moves focus
away from the editor

Co-authored-by: neel <neel@chot.ai>

Closes #25435

Release Notes:

- Improved vim's '%' motion to always fall back to text-based bracket
matching when language-aware matching fails

Greatly increases max width of the message we show, but truncates the
message to only ever show the first line

| LSP | OLD | NEW |
|-|-|-|
| JSON | <img width="720" height="199" alt="image"
src="https://github.com/user-attachments/assets/77c2299a-0fd7-4210-9e50-b99c60b07f54"
/> | <img width="1219" height="205" alt="Screenshot 2026-01-08 at 11 13
07 AM"
src="https://github.com/user-attachments/assets/dfdb53a6-56e4-483a-8abc-25d99f0a5ae6"
/> |
| PS1 | <img width="743" height="205" alt="image"
src="https://github.com/user-attachments/assets/378d5d41-a005-4205-b3fc-956e227321c5"
/> | <img width="1219" height="205" alt="Screenshot 2026-01-08 at 11 19
13 AM"
src="https://github.com/user-attachments/assets/b8d05fb1-20f8-4983-be94-cb5735d84faf"
/> |


Release Notes:

- N/A

This primarily frees up, for example, `cmd-n` to create a new untitled
file if you're in the agent diff tab.

Release Notes:

- N/A

The `vim` crate's tests depend on `git_ui`, which transitively depends
on `recent_projects` with `test-support` enabled. This causes
`recent_projects` to include RemoteConnectionOptions::Mock` variant
handling. However, `git_ui` was not enabling its `test-support` feature,
causing compilation failures when the Mock variant was expected but not
available.

This commit enables the `test-support` feature for both `git_ui` and
`title_bar` dev-dependencies in the `vim` crate, ensuring the Mock
variant is consistently available during testing.

Release Notes:

- N/A

<img width="707" height="778" alt="Screenshot 2026-01-07 at 8 34 00 PM"
src="https://github.com/user-attachments/assets/59842820-079b-4d47-9bdd-f77300f8a60e"
/>

When the user presses Esc or the Stop button to interrupt a thread,
terminal tools now capture their output and include it in the tool
result. This allows the model to see what was happening in the terminal
when the user interrupted, so it can answer questions about the output.

## Changes

- `Thread::cancel()` now returns a `Task` that waits for tools to
respond to cancellation before flushing pending messages
- Terminal tool uses `select!` to detect cancellation signal and
immediately kills the terminal and captures output
- `run_turn_internal` uses `select!` to break out of event loop on
cancel
- Added test for terminal tool cancellation output capture

This is a follow-up to #46218 which added similar functionality for the
"Stop" button on individual terminal tool cards.

Release Notes:

- Interrupting the agent now captures terminal output so the model can
see what was running when you stopped it

Release Notes:

- The inline assistant now has the ability to display messages and will
be less likely to insert non-code text.

Adds a new `ep split` command that splits JSONL datasets into multiple
output files with stratification by `repository_url` when present.

Example usage:

  ep split input.jsonl train.jsonl=80% valid.jsonl=rest

Release Notes:

- N/A

If the LSP version label ends up being super long, we now truncate it
and add a tooltip so you can see the whole thing. This avoids the
submenu width from being extremely big:

<img width="500" height="310" alt="Screenshot 2026-01-08 at 9  10@2x"
src="https://github.com/user-attachments/assets/4729b3f8-000d-4bb5-8908-dc243a2d6e7b"
/>

Release Notes:

- Fixed a visual bug where long LSP version labels would increase the
LSP submenu width too much.

Release Notes:

- N/A *or* Added/Fixed/Improved ...

A proper fix would be to add `\No trailing newline` marker and handle
it. For now, we do a simpler workaround

Release Notes:

- N/A

## Description
When trying to setup the OpenCode external agent the other day, I was
having trouble setting the keybinding using the docs. The issue was that
it said to use the same name as the one written in the UI. While this
works when the external agent is defined using the `settings.json` file,
it didn't work when setting up the keybinding after installing the
extension through the extension marketplace.

Since the solution I found was to define the agent name as 'opencode'
instead of 'OpenCode' (which is the name that shows up in the UI) I
thought it would be appropiate to indicate that sometimes you might need
to set it up using a different name.

Release Notes:

- N/A

Part of https://github.com/zed-industries/zed/issues/46182

One caveat of this fix is that already downloaded clangd versions will
error with the old, "cannot start binary" error.
The new ones will be getting

<img width="1728" height="1084" alt="image"
src="https://github.com/user-attachments/assets/d2fdafed-6e60-4bc6-9eb2-b785fff65f3a"
/>

though.

Release Notes:

- N/A

Also, save all requests in a single sqlite transaction -- much faster.

Release Notes:

- N/A

Closes #44038

BM25 results were fully replacing fuzzy results, which caused some items
to disappear from search. For example, "Show Menus" wouldn’t show up
when searching for "menu". This happened due to limitations in the
Porter stemmer used by the library. Fuzzy search matched correctly, but
its results were getting overwritten. We now merge both result sets
instead.

Release Notes:

- Fixed an issue where settings search missed some results, like "Show
Menus" when searching for "menu".

Un-preview the active tab when closing other tabs. 

In my mind the intent when clicking `Close Others` is to keep the
current tab around, so it should no longer be treated as a preview.
This also matches the VSCode behavior.


Release Notes:

- Make preview tab permanent after closing all other tabs

Fixes #33958

## Problem

PR #44835 attempted to fix SHLVL starting at 2 by removing it from the
`env` HashMap passed to alacritty. However, that HashMap is only an
**overlay** — alacritty uses the parent process environment as a base
and applies the overlay on top. Since alacritty never calls
`env_remove("SHLVL")`, the terminal shell still inherits `SHLVL` from
Zed's process environment.

## Root Cause

The real issue is in `load_login_shell_environment()`:

1. `shell_env::capture()` spawns a login shell to capture environment
variables
2. That login shell increments `SHLVL` (from 0→1 or n→n+1)
3. The captured env (including the incremented `SHLVL`) is written to
Zed's **process environment** via `env::set_var`
4. When you open a terminal, the shell inherits Zed's `SHLVL` and
increments it again → starts at 2
5. On reload, `shell_env::capture()` runs again with the
already-elevated `SHLVL`, incrementing it further → +2 per reload

## Fix

Skip `SHLVL` when setting Zed's process environment in
`load_login_shell_environment()`. This prevents the login-shell capture
from polluting Zed's env, so terminals start fresh with the correct
`SHLVL`.

Release Notes:

- Improved Display the actual Windows error message when writing
credentials to Credential Manager fails, instead of the generic "Failed
to write API key to keychain" message. This helps users diagnose issues
like permission problems.

Signed-off-by: Xiaobo Liu <cppcoffee@gmail.com>

Release Notes:

- N/A

Also improves the commit view to use the same status-based buffer header
visual overrides as the project diff as a driveby.

Fixes https://github.com/zed-industries/zed/issues/45735

Release Notes:

- git: Binary files are no longer shown in garbled form when viewing an
old commit.

Hi Zed team thank you for the awesome editor!

I recently stumbled upon a markdown sequence that seems to cause a crash

```md
-	[	] -
\
-
```

*easier to read escape characters below

```rust
let crash_input = "-\t[\t] -\r\\\n-"
println!("{}", crash_input)
```

## how to reproduce

1. copy the markdown above
2. save the file
3. `[shift]` + `[cmd]` + `p` to open the command palette
4. select `markdown: open preview`
5. crash

I've confirmed that the issue is a bug in pulldown-cmark version 12, and
has been resolved in version
[v0.13.0](https://github.com/pulldown-cmark/pulldown-cmark/releases/tag/v0.13.0)
and specifically fixed in
https://github.com/pulldown-cmark/pulldown-cmark/pull/1017

this PR simply bumps the pulldown-cmark version in zed which resolves
the crash on my local machine.


## recording 



https://github.com/user-attachments/assets/dc77132f-0d43-40f3-9841-0bf34fe714fb


Release Notes:

- Fixes crash due to markdown parsing via bumping pulldown-cmark

Release Notes:

- N/A

---------

Co-authored-by: Max Brunsfeld <maxbrunsfeld@gmail.com>

Release Notes:

- Fixed deleted portions of hunks in the branch diff and text diff views
not being syntax-highlighted.

## Add variable row height mode to data table infrastructure

This PR introduces support for variable row heights in the data table
component, laying the groundwork for more flexible tabular data
rendering in Zed.

**Context:**  
This is the first in a series of infrastructure-focused PRs split out
from the [original CSV preview draft
PR](https://github.com/zed-industries/zed/pull/44344). The draft PR
remains open as a reference and will be incrementally decomposed into
smaller, reviewable pieces like this one.

**Details:**  
- Adds a variable row height mode to the data table, enabling future
features that require rows of differing heights (such as CSV preview
and, eventually, database table views).
- No user-facing changes; this is an internal refactor to support
upcoming functionality.

**Thanks:**  
Big thanks to @Anthony-Eid for pairing sessions and guidance on how to
best structure and land these changes incrementally.

---

Release Notes:

- N/A (internal infrastructure change, no user impact)

Now that https://github.com/zed-industries/zed/pull/45352 is in preview,
this updates the docs at https://zed.dev/docs/languages/tailwindcss with
instructions similar to
https://github.com/tailwindlabs/tailwindcss-intellisense?tab=readme-ov-file#filesassociations

Release Notes:

- N/A

Closes #ISSUE

Organizes the giant list of settings UI items in `page_data.rs` a bit so
that sections are split out in sub functions that (for the most part)
return constant size arrays. Page items is also converted to a
`Box<[...]>` instead of a Vec.

The goal here is to have working breadcrumbs when in the settings UI
file (e.g. `fn general_page() > fn general_section()`), and to escape
the `vec![]` macro so that `rust-analyzer` works more consistently.

This should help both humans and LLMs know where they are in the file
and use the outline to navigate it instead of having to read the whole
thing to have an idea of what is going on.

Release Notes:

- N/A *or* Added/Fixed/Improved ...

Closes #ISSUE

Release Notes:

- N/A *or* Added/Fixed/Improved ...

Depends on: https://github.com/zed-industries/zed/pull/45768

Refactor plan:
https://gist.github.com/mikayla-maki/6c4bf263fd80050715ba01f45478796e
Overall plan:
https://gist.github.com/mikayla-maki/7bb5078e4385a2e683e1e1eb40d17d38

This is the big one.

Release Notes:

- N/A

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

The tree view effectively always sorts by status, not by path.

Release Notes:

- Fixed incorrect ordering of paths in the project diff when using the
git panel's tree view.

https://github.com/zed-industries/zed/pull/45423 changed the Blade
renderer to use a white clear color for "opaque" windows. This interacts
poorly with our client-side decorations, causing the shadows around the
window to be drawn over a white background.

Release Notes:

- N/A