chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates

[dependabot]

Bumps the npm_and_yarn group with 2 updates in the /tests directory: @github/copilot and flatted.

Updates @github/copilot from 0.0.399 to 1.0.5

Release notes

Sourced from @​github/copilot's releases.

1.0.5

2026-03-13

• Terminal title resets to default after running /clear or /new
• Add /extensions command to view, enable, and disable CLI extensions
• @ file mentions now support paths outside the project: absolute paths (@/usr/...), home directory (@~/...), and relative parent paths (@../...)
• Toggling experimental mode with /experimental on|off automatically restarts the CLI to apply changes immediately
• Right-click paste goes to the active dialog input instead of the main conversation input
• Introducing /pr to help create and view PRs, automatically fix CI failures, address review feedback, and resolve merge conflicts
• Block network (UNC) paths to prevent credential leakage via SMB authentication
• Send follow-up messages to background agents with the write_agent tool for multi-turn conversations
• Memory storage errors now indicate when repository doesn't exist or you lack write access
• Show a clear error when a classic Personal Access Token (ghp_) is set in environment variables instead of silently exiting
• Diff view displays correctly on Windows instead of showing corrupted/overwritten text
• Fix Kitty keyboard protocol escape sequences appearing at shutdown
• Setting claude-sonnet-4.6 as the default model is now preserved correctly
• Plugin uninstall reliably removes files using the stored install path
• Add /version command to display CLI version and check for updates from within the session
• Add experimental embedding-based dynamic retrieval of MCP and skill instructions per turn
• Syntax highlighting in /diff with support for 17 programming languages
• Add preCompact hook to run commands before context compaction starts
• Request ID from the API now appears in the timeline when errors occur after retries are exhausted
• PR descriptions with backtick-formatted code render correctly on Windows/PowerShell
• Show a helpful error message when a file path is passed as a CLI command
• Session reports an authentication error instead of hanging when the token is invalid or expired
• View tool shows partial content for large single-line files (e.g. minified JS, large JSON blobs) instead of empty output
• /changelog supports last <N>, since <version>, and summarize to browse and summarize multiple release notes at once
• Hooks config files that omit the version field are now accepted by the CLI

1.0.5-0

Added

• Add /version command to display CLI version and check for updates from within the session
• Add experimental embedding-based dynamic retrieval of MCP and skill instructions per turn
• Syntax highlighting in /diff with support for 17 programming languages
• Add preCompact hook to run commands before context compaction starts

Improved

• /changelog supports last <N>, since <version>, and summarize to browse and summarize multiple release notes at once
• Hooks config files that omit the version field are now accepted by the CLI

Fixed

• Request ID from the API now appears in the timeline when errors occur after retries are exhausted
• PR descriptions with backtick-formatted code render correctly on Windows/PowerShell
• Show a helpful error message when a file path is passed as a CLI command
• Session reports an authentication error instead of hanging when the token is invalid or expired
• View tool shows partial content for large single-line files (e.g. minified JS, large JSON blobs) instead of empty output

1.0.4

2026-03-11

... (truncated)

Changelog

Sourced from @​github/copilot's changelog.

1.0.5 - 2026-03-13

• Terminal title resets to default after running /clear or /new
• Add /extensions command to view, enable, and disable CLI extensions
• @ file mentions now support paths outside the project: absolute paths (@/usr/...), home directory (@~/...), and relative parent paths (@../...)
• Toggling experimental mode with /experimental on|off automatically restarts the CLI to apply changes immediately
• Right-click paste goes to the active dialog input instead of the main conversation input
• Introducing /pr to help create and view PRs, automatically fix CI failures, address review feedback, and resolve merge conflicts
• Block network (UNC) paths to prevent credential leakage via SMB authentication
• Send follow-up messages to background agents with the write_agent tool for multi-turn conversations
• Memory storage errors now indicate when repository doesn't exist or you lack write access
• Show a clear error when a classic Personal Access Token (ghp_) is set in environment variables instead of silently exiting
• Diff view displays correctly on Windows instead of showing corrupted/overwritten text
• Fix Kitty keyboard protocol escape sequences appearing at shutdown
• Setting claude-sonnet-4.6 as the default model is now preserved correctly
• Plugin uninstall reliably removes files using the stored install path
• Add /version command to display CLI version and check for updates from within the session
• Add experimental embedding-based dynamic retrieval of MCP and skill instructions per turn
• Syntax highlighting in /diff with support for 17 programming languages
• Add preCompact hook to run commands before context compaction starts
• Request ID from the API now appears in the timeline when errors occur after retries are exhausted
• PR descriptions with backtick-formatted code render correctly on Windows/PowerShell
• Show a helpful error message when a file path is passed as a CLI command
• Session reports an authentication error instead of hanging when the token is invalid or expired
• View tool shows partial content for large single-line files (e.g. minified JS, large JSON blobs) instead of empty output
• /changelog supports last <N>, since <version>, and summarize to browse and summarize multiple release notes at once
• Hooks config files that omit the version field are now accepted by the CLI

1.0.4 - 2026-03-11

• Add session.shell.exec and session.shell.kill RPC methods for executing shell commands with streaming stdout/stderr output
• Custom agents from --plugin-dir plugins now load correctly in ACP mode
• Adaptive color engine with dynamic color modes and interactive theme picker. Gracefully degrades on limited-color terminals and Windows
• MCP OAuth re-authentication works reliably when callback port changes or when using Microsoft Entra ID
• Replace /pr open with /pr view [local|web] to view PR status locally or open in browser
• Enables OpenTelemetry instrumentation for observability into agent sessions, LLM calls, and tool executions
• Extensions can now be written as CommonJS modules (extension.cjs)
• Show loaded extensions count in the Environment loaded startup message
• Support disableAllHooks flag to disable all hooks from a configuration file
• Support Azure DevOps repository identification in session logs
• Session export header renders each field on its own line in shared gists
• Auto-update now retries without authentication token on SAML enforcement errors
• Autopilot mode stops continuing after API errors instead of looping indefinitely
• Status line context window percentage no longer inflates across turns by using the last call's input and output tokens instead of cumulative totals
• Kitty keyboard protocol is properly disabled on suspend when using alternate screen
• Only show reasoning headers when it's the only reasoning text available.
• Terminal properly resets when CLI crashes, preventing shell corruption
• /update command automatically restarts to apply updates instead of requiring manual exit
• OAuth authentication now handles Microsoft Entra ID and other OIDC servers reliably with proper resource indicators and refresh token support
• Show individual instruction file names in /instructions picker with [external] labels for injected files

... (truncated)

Commits

• 894b48f Merge pull request #2004 from github/tpope/fix-install-shell-profile
• 10fc284 Incorporate ZDOTDIR into .zprofile path
• 33b5f9c Alter PATH for login shells, not interactive shells
• 9a0d581 Update changelog.md for version 1.0.4
• d3c1269 Merge pull request #1960 from github/install-auth
• 0160eb9 install: use GITHUB_TOKEN for authenticated GitHub requests
• 28d2487 Update changelog.md for version 1.0.3
• 6c50fd2 Update changelog.md for version 1.0.2
• 732d8b1 Update changelog.md for version 0.0.423
• 7aa08b3 Update changelog.md for version 0.0.422
• Additional commits viewable in compare view

Updates flatted from 3.3.3 to 3.4.1

Commits

• 2a02dce 3.4.1
• fba4e8f Merge pull request #89 from WebReflection/python-fix
• 5fe8648 added "when in Rome" also a test for PHP
• 53517ad some minor improvement
• b3e2a0c Fixing recursion issue in Python too
• c4b46db Add SECURITY.md for security policy and reporting
• f86d071 Create dependabot.yml for version updates
• d3418c7 3.4.0
• 7eb65d8 Merge pull request #88 from WebReflection/avoid-recusrion
• 7774aae Avoid recursion on parse due possible shenanigans
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.