chore(deps-dev): bump @vscode/vsce from 2.21.1 to 3.4.2

[dependabot]

Bumps @vscode/vsce from 2.21.1 to 3.4.2.

Release notes

Sourced from @​vscode/vsce's releases.

v3.4.2

Changes:

• #1152: Only scan secrets when .env is ignored and vice versa
• #1155: Fix npm token scanning false positives
• #1151: Do not scan node modules and improve error messages for secret scanning

This list of changes was auto generated.

v3.4.2-2

Changes:

• #1152: Only scan secrets when .env is ignored and vice versa

This list of changes was auto generated.

v3.4.2-1

Changes:

• #1155: Fix npm token scanning false positives

This list of changes was auto generated.

v3.4.2-0

Changes:

• #1151: Do not scan node modules and improve error messages for secret scanning

This list of changes was auto generated.

v3.4.1

Changes:

• #1149: Fix false positives in private key scanning
• #1148: Clarify unpublish command description

This list of changes was auto generated.

v3.4.1-1

... (truncated)

Commits

• 0789737 Merge pull request #1152 from microsoft/benibenj/handsome-stoat
• 80fdafe Merge remote-tracking branch 'origin/main' into benibenj/handsome-stoat
• 18221d1 Merge pull request #1155 from microsoft/benibenj/visible-slug
• 2ec3bb2 fix npm token scanning false positives
• 2bc74a9 Merge pull request #1151 from microsoft/benibenj/aggressive-parrotfish
• 5f6ed82 only scan secrets when dot env is ignored and vice versa
• 1e77be9 Do not scan node modules and better error message for secret scanning
• 5e2323f Merge pull request #1149 from microsoft/benibenj/latin-junglefowl
• 649ca03 To many false positives for private key scanning
• efd9d4e Merge pull request #1148 from microsoft/benibenj/fellow-xerinae
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by microsoft1es, a new releaser for @​vscode/vsce since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[code-asher]

Looks like this is blocked on updating to Node 20. I opened #521

[matifali]

@dependabot rebase

[matifali]

@code-asher Node is updated now.

[matifali]

@dependabot rebase

[code-asher]

Did we update the engine reference in the package.json as well?

[code-asher]

Wait it is not in there, why does the error complain about it? Oh it is the package.json of vsce, not ours. Hmm seems like this should work then. 🤔

Looking at the CI logs, it seems to still be installing v18. Edit: nvm, I see the update was reverted.

[matifali]

Yeah, I reverted the PR as the fix was more involved than the time I could spend.

[dependabot]

Superseded by #530.