chore(deps): bump @github/copilot from 1.0.10 to 1.0.18

[dependabot]

Bumps @github/copilot from 1.0.10 to 1.0.18.

Release notes

Sourced from @​github/copilot's releases.

1.0.18

2026-04-04

• New Critic agent automatically reviews plans and complex implementations using a complementary model to catch errors early (available in experimental mode for Claude models)
• Session resume picker correctly groups sessions by branch and repository on first use
• preToolUse hook permissionDecision 'allow' now suppresses the tool approval prompt
• Add notification hook event that fires asynchronously on shell completion, permission prompts, elicitation dialogs, and agent completion

1.0.17

2026-04-03

• Built-in skills are now included with the CLI, starting with a guide for customizing Copilot cloud agent's environment
• MCP OAuth flows now support HTTPS redirect URIs via a self-signed certificate fallback, improving compatibility with OAuth providers that require HTTPS (e.g., Slack)
• /resume session picker loads significantly faster, especially with large session histories

1.0.16

2026-04-02

• SQL prompt tags no longer appear when sql tool is excluded via excludedTools or availableTools
• MCP tool calls display tool name and parameter summary in the timeline
• MCP server reconnects correctly with valid authentication when the working directory changes
• Add PermissionRequest hook to allow scripts to programmatically approve or deny tool permission requests
• Remove deprecated marketplaces repository setting (use extraKnownMarketplaces instead)
• MCP servers load correctly after login, user switch, and /mcp reload
• BYOK Anthropic provider now respects the configured maxOutputTokens limit
• Remove deprecated marketplaces repository setting (use extraKnownMarketplaces instead)

1.0.16-1

Pre-release 1.0.16-1

1.0.16-0

Fixed

• MCP servers load correctly after login, user switch, and /mcp reload
• BYOK Anthropic provider now respects the configured maxOutputTokens limit

Removed

• Remove deprecated marketplaces repository setting (use extraKnownMarketplaces instead)

1.0.15

2026-04-01

• Remove support for gpt-5.1-codex, gpt-5.1-codex-mini, and gpt-5.1-codex-max models
• Copilot mascot now blinks with subtle eye animations in interactive mode
• User switcher and /user list display accounts in alphabetical order
• Add mcp.config.list, mcp.config.add, mcp.config.update, and mcp.config.remove server RPCs for managing persistent MCP server configuration
• Add device code flow (RFC 8628) as a fallback for MCP OAuth in headless and CI environments
• Add /mcp auth command and re-authentication UI for MCP OAuth servers with account switching support
• Add postToolUseFailure hooks for tool errors and make postToolUse run only after successful tool calls
• Add /share html command to export sessions and research reports as self-contained interactive HTML files
• Autopilot no longer continues after pressing Escape or Ctrl+C to cancel

... (truncated)

Changelog

Sourced from @​github/copilot's changelog.

1.0.18 - 2026-04-04

• New Critic agent automatically reviews plans and complex implementations using a complementary model to catch errors early (available in experimental mode for Claude models)
• Session resume picker correctly groups sessions by branch and repository on first use
• preToolUse hook permissionDecision 'allow' now suppresses the tool approval prompt
• Add notification hook event that fires asynchronously on shell completion, permission prompts, elicitation dialogs, and agent completion

1.0.17 - 2026-04-03

• Built-in skills are now included with the CLI, starting with a guide for customizing Copilot cloud agent's environment
• MCP OAuth flows now support HTTPS redirect URIs via a self-signed certificate fallback, improving compatibility with OAuth providers that require HTTPS (e.g., Slack)
• /resume session picker loads significantly faster, especially with large session histories

1.0.16 - 2026-04-02

• SQL prompt tags no longer appear when sql tool is excluded via excludedTools or availableTools
• MCP tool calls display tool name and parameter summary in the timeline
• MCP server reconnects correctly with valid authentication when the working directory changes
• Add PermissionRequest hook to allow scripts to programmatically approve or deny tool permission requests
• Remove deprecated marketplaces repository setting (use extraKnownMarketplaces instead)
• MCP servers load correctly after login, user switch, and /mcp reload
• BYOK Anthropic provider now respects the configured maxOutputTokens limit
• Remove deprecated marketplaces repository setting (use extraKnownMarketplaces instead)

1.0.15 - 2026-04-01

• Remove support for gpt-5.1-codex, gpt-5.1-codex-mini, and gpt-5.1-codex-max models
• Copilot mascot now blinks with subtle eye animations in interactive mode
• User switcher and /user list display accounts in alphabetical order
• Add mcp.config.list, mcp.config.add, mcp.config.update, and mcp.config.remove server RPCs for managing persistent MCP server configuration
• Add device code flow (RFC 8628) as a fallback for MCP OAuth in headless and CI environments
• Add /mcp auth command and re-authentication UI for MCP OAuth servers with account switching support
• Add postToolUseFailure hooks for tool errors and make postToolUse run only after successful tool calls
• Add /share html command to export sessions and research reports as self-contained interactive HTML files
• Autopilot no longer continues after pressing Escape or Ctrl+C to cancel
• Keystrokes typed while the CLI is loading are no longer lost
• Large tool output preview shows correct character count and up to 500 characters
• Add Home/End and Page Up/Page Down navigation to the diff viewer
• CLI exits immediately after a session ends instead of waiting up to 10 seconds
• Config settings askUser, autoUpdate, storeTokenPlaintext, logLevel, skillDirectories, and disabledSkills now use camelCase names (snake_case still accepted)
• Many settings keys now prefer camelCase names (snake_case names still work)
• Ctrl+D no longer queues a message; use Ctrl+Q or Ctrl+Enter to queue
• MCP servers that are slow to connect no longer block the agent from starting
• Pasting images from the Windows clipboard now works in WSL environments

1.0.14 - 2026-03-31

• Images are correctly sent to Anthropic models when using BYOM
• Model picker selection correctly overrides the --model flag for the current session
• Terminal output no longer clears or jumps on error exit

... (truncated)

Commits

• 208f5d8 Update changelog.md for version 1.0.17
• 4247482 Update changelog.md for version 1.0.16
• c6f6670 Update changelog.md for version 1.0.15
• 65677f8 Update changelog.md for version 1.0.14
• 2ecd9e1 Update changelog.md for version 1.0.13
• 9c1a0ae Merge pull request #2381 from marcelsafin/fix/install-fish-shell-path
• a503500 Merge pull request #2380 from marcelsafin/fix/install-trap-cleanup
• 177b637 install: use EXIT trap for temp directory cleanup
• 07af0bc install: add fish shell support for PATH configuration
• b175fd8 Merge pull request #2331 from gulducat/patch-1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies, npm. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

Superseded by #54.