Modernizes extension: native fetch, ESM, and dependency cleanup

[eamodio]

Closes #4994

Summary

• Updates VS Code engine to v1.101.0
• Migrates from node-fetch to native fetch, replacing https-proxy-agent with VS Code's built-in proxy support and removing the custom gitlens.proxy configuration
• Removes unused shim patches (debug.js, tr46.js, whatwg-url.js)
• Removes iconv-lite dependency, replacing it with a delegated decoding mechanism using the workspace's native decoding capabilities
• Switches extension (node) to ESM

Test plan

• Verify extension activates and runs correctly in desktop VS Code
• Verify proxy configuration works through VS Code's built-in proxy settings
• Verify git operations with non-UTF-8 encoding still decode correctly
• Verify all fetch-based operations (AI providers, integrations, telemetry) work
• Verify extension builds and bundles successfully

[augmentcode]

🤖 Augment PR Summary

Summary: Modernizes the GitLens extension runtime by moving the Node build to ESM, adopting native fetch, and trimming legacy proxy/encoding dependencies.

Changes:

• Bumped VS Code engine/types to ^1.101.0
• Switched the extension entrypoint to dist/gitlens.mjs and updated build outputs to emit .mjs for Node targets
• Replaced node-fetch-based networking with native globalThis.fetch and simplified request call sites
• Removed the custom gitlens.proxy setting and dropped https-proxy-agent plumbing
• Removed iconv-lite and delegated non-UTF8 decoding of git output to workspace.decode
• Updated various integrations/providers to use explicit JSON casts and refreshed TreeItem icon paths to use Uri

Technical Notes: Node-side SSL-ignore behavior is now implemented by temporarily toggling NODE_TLS_REJECT_UNAUTHORIZED within a wrapper.

_{🤖 Was this summary useful? React with 👍 or 👎}

[augmentcode]

Review completed. 4 suggestions posted.

Comment augment review to trigger a new review at any time.

[augmentcode]

esbuild.mjs still aliases debug/tr46/whatwg-url to files under patches/, but those patch files are removed in this PR, so this script will fail to resolve them if it’s used. Consider either keeping the patch shims or removing/updating these aliases consistently.

Severity: medium

Other Locations

• scripts/esbuild.tests.mjs:43

_{🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.}

[augmentcode]

wrapForForcedInsecureSSL toggles NODE_TLS_REJECT_UNAUTHORIZED globally for both ignoreSSLErrors === true and 'force', and then forces it back to '1' rather than restoring the prior value. This can leak TLS-verification state outside the wrapped request if it was previously unset or intentionally '0'.

Severity: medium

_{🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.}

[augmentcode]

getEncoding() now returns whatever files.encoding is set to without checking it’s a supported encoding; downstream workspace.decode(..., { encoding }) may throw for invalid values. Previously this fell back to 'utf8', so it may be worth keeping a guard to avoid breaking git operations on misconfigured settings.

Severity: medium

_{🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.}

[augmentcode]

EmptyTextDocument sets encoding = 'utf-8', but other code paths treat 'utf8' as the canonical value (and VS Code’s setting value is typically 'utf8'). If callers compare encodings or feed this into decoding logic, the hyphenated form could be treated as non-standard unexpectedly.

Severity: low

_{🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.}

[gitkraken-services]

⚠️ Rebase Warning

Skipped — rebase produced zero commits, push aborted to protect PR

Summary

Metric	Value
Status	All commits were dropped during rebase
Target	main
Source	debt/fetch

What happened? Git determined that all commits in this PR are already included in the target branch (e.g. due to rename detection). The push was skipped to prevent GitHub from auto-closing this PR.

---

Generated by Merge Mate at 2026-03-09 17:05:52 UTC

[d13]

Converted to draft as this is not ready yet.