[Copilot] Аналитика интеграций — 2026-03-25

[aoponomarev]

Задача для Copilot: аналитика интеграций

Цель: Провести аналитическую работу по источникам ниже. Не просто "проверить релиз", а:

1. Изучить релиз-ноты, changelog, новые фичи
2. Сопоставить с архитектурой приложения (см. Beacon, glossary, слои app/core/is)
3. Предложить конкретные улучшения — что внедрить, куда, зачем
4. Записать в docs/backlog/copilot-gh/ в формате YYYY-MM-DD-{source-id}.md на русском, доходчивым языком

Формат записи: каждая запись должна содержать:

• Конкретное предложение (что сделать)
• Обоснование (какая новая фича источника, как применима к нашему стеку)
• Ссылку на источник

---

GitHub-релизы

• Continue AI Releases 🆕 — v1.2.18-vscode: https://github.com/continuedev/continue/releases/tag/v1.2.18-vscode

  ## What's Changed
  

• fix: harden system message tools and wire toolOverrides to system message path by @shanevcantwell in fix: harden system message tools and wire toolOverrides to system message path continuedev/continue#10485
• [Snyk] Security upgrade undici from 7.18.2 to 7.24.0 by @sestinj in [Snyk] Security upgrade undici from 7.18.2 to 7.24.0 continuedev/continue#11379
• fix: terminal links open wrong URL for addresses with ports by @shanevcantwell in fix: terminal links open wrong URL for addresses with ports continuedev/continue#11369
• refactor: unify AbortError detection with isAbortError utility by ...

• Library: MCP SDK 🆕 — v1.28.0: https://github.com/modelcontextprotocol/typescript-sdk/releases/tag/v1.28.0

  ## What's Changed
  

• feat: use scopes_supported from resource metadata by default (fixes #580) by @antogyn in feat: use scopes_supported from resource metadata by default (fixes #580) modelcontextprotocol/typescript-sdk#757
• [v1.x backport] Default to client_secret_basic when server omits token_endpoint_auth_methods_supported by @pcarleton in [v1.x backport] Default to client_secret_basic when server omits token_endpoint_auth_methods_supported modelcontextprotocol/typescript-sdk#1611
• fix: reject plain JSON Schema objects passed as inputSchema by @tiluckdave in https://github.com/modelcontextprotocol/typescript-sdk/pu...

• Library: zod — v4.3.6: https://github.com/colinhacks/zod/releases/tag/v4.3.6

  ## Commits:
  
  

• 9977fb0868432461de265a773319e80a90ba3e37 Add brand.dev to sponsors
• f4b7bae3468f6188b8f004e007d722148fc91d77 Update pullfrog.yml (#5634)
• 251d7163a0ac7740fee741428d913e3c55702ace Clean up workflow_call
• edd4132466da0f5065a8e051b599d01fdd1081d8 fix: add missing User-agent to robots.txt and allow all (#5646)
• 85db85e9091d0706910d60c7eb2e9c181edd87bd fix: typo in codec.test.ts file (#5628)
• cbf77bb12bdfda2e054818e79001f5cb3798ce76 Avoid non null assertion (#5638)
• dfbbf1c1ae0c2...

• Software: Git 🆕 — v2.53.0.windows.2: https://github.com/git-for-windows/git/releases/tag/v2.53.0.windows.2

  Changes since Git for Windows v2.53.0 (February 2nd 2026)
  
  

This is a security fix release, addressing CVE-2025-66413.

• CVE-2025-66413, Git for Windows: When a user clones a repository from an attacker-controlled server, Git may attempt NTLM authentication and disclose the user's NTLMv2 hash to the remote server. Since NTLM hashing is weak, the captured hash can potentially be brute-forced to recover the user'...

• Library: better-sqlite3 🆕 — v12.8.0: https://github.com/WiseLibs/better-sqlite3/releases/tag/v12.8.0

  ## What's Changed
  

• Readme: requires Node.js v20 or later by @Prinzhorn in Readme: requires Node.js v20 or later WiseLibs/better-sqlite3#1443
• Update SQLite to version 3.51.3 in Update SQLite to version 3.51.3 WiseLibs/better-sqlite3#1460
• fix: use HolderV2() for PropertyCallbackInfo on V8 >= 12.5 by @tstone-1 in fix: use HolderV2() for PropertyCallbackInfo on V8 >= 12.5 WiseLibs/better-sqlite3#1459

New Contributors

• @tstone-1 made their first contribution in fix: use HolderV2() for PropertyCallbackInfo on V8 >= 12.5 WiseLibs/better-sqlite3#1459

Why SQLite v3.51.3 in...

- **Software: Node.js** 🆕 — v25.8.2: https://github.com/nodejs/node/releases/tag/v25.8.2

This is a security release.

Notable Changes

• (CVE-2026-21637) wrap SNICallback invocation in try/catch (Matteo Collina) - High
• (CVE-2026-21710) use null prototype for headersDistinct/trailersDistinct (Matteo Collina) - High
• (CVE-2026-21711) include permission check to pipe_wrap.cc (RafaelGSS) - Medium
• (CVE-2026-21712) handle url crash on different url formats (RafaelGSS) - Medium
• (CVE-2026-21713) use timing-safe comparison in Web Cryptography HMAC and KMAC (Filip Sk...

Остальные источники (changelog, docs)

• Cursor IDE Changelog — https://cursor.com/changelog
• Model Provider: Groq — https://console.groq.com/docs/changelog
• Model Provider: OpenRouter — https://openrouter.ai/announcements/all
• Model Provider: KiloCode — https://kilo.ai/docs/advanced-usage/free-and-budget-models
• Cloudflare Workers (Platform) — https://developers.cloudflare.com/workers/platform/changelog/
• Sentry Changelog — https://docs.sentry.io/changelog/
• PostHog Changelog — https://posthog.com/changelog
• GitHub Copilot Workspace — https://github.blog/changelog/label/copilot/
• Tether QVAC (Local AI) — https://tether.io/news/
• Model Provider: MiniMax — https://platform.minimax.io/docs/release-notes/models
• OORT AI (Decentralized Agents) — https://docs.oort.io/release-notes

---

Сгенерировано cron 2026-03-25