Fix avatar fetch crashes and return generic user icon for TLS certificate issues

[Copilot]

This PR fixes a critical issue where the VS Code GitHub Pull Request extension would break PR views when trying to fetch user avatars on networks with edge devices that rewrite TLS certificate chains.

Problem

Users on corporate networks with edge devices (proxies, firewalls, etc.) that rewrite TLS certificates were experiencing broken PR views with errors like:

request to https://avatars.githubusercontent.com/u/11698892?v=4 failed, reason: self signed certificate in certificate chain

The root cause was in the avatar fetching retry logic in src/common/uri.ts. When the first fetch attempt failed, the code would retry once, but the second attempt was not wrapped in a try-catch block:

try {
    await doFetch();
} catch (e) {
    // We retry once.
    await doFetch(); // ❌ Unhandled exception breaks PR views
}

Solution

The fix implements proper error handling for the retry attempt and returns a generic user icon instead of leaving empty spaces:

try {
    await doFetch();
} catch (e) {
    // We retry once.
    try {
        await doFetch();
    } catch (retryError) {
        // Log error and return generic user icon gracefully
        const userIdentifier = isTeam(user) ? `${user.org}/${user.slug}` : user.login || 'unknown';
        Logger.error(`Failed to fetch avatar after retry for user ${userIdentifier}: ${retryError}`, 'avatarCirclesAsImageDataUris');
        return genericUserIconAsImageDataURI(width, height);
    }
}

Changes Made

1. Fixed unhandled exception: Wrapped the retry doFetch() call in proper try-catch
2. Graceful degradation: Return a generic user icon for failed avatar fetches instead of empty spaces
3. Better error logging: Log errors with proper user identification for both accounts and teams
4. Added test coverage: Created test case to verify TLS certificate error handling

Impact

• Before: PR views break completely on networks with TLS certificate issues
• After: Extension continues to work normally, logging avatar fetch failures and displaying generic user icons

This ensures users on corporate networks can continue using the extension for all its core functionality (viewing PRs, commenting, reviewing, etc.) even when avatar fetching fails due to network security policies.

Fixes #6196.

---

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

[alexr00]

This PR fixes a critical issue where the VS Code GitHub Pull Request extension would crash when trying to fetch user avatars on networks with edge devices that rewrite TLS certificate chains.

@copilot this is incorrect, the extension doesn't crash the extension, just busts the PR views.

The issue is that if the second try fails, then we return undefined. Instead, we should return a generic user icon.

[Copilot]

This PR fixes a critical issue where the VS Code GitHub Pull Request extension would crash when trying to fetch user avatars on networks with edge devices that rewrite TLS certificate chains.

@Copi...

Fixed in 9119f70. You're correct - instead of returning undefined when avatar fetch fails, the code now returns a generic user icon based on the VS Code codicons account icon. This provides better visual feedback in the UI rather than showing empty spaces when avatars can't be loaded due to TLS certificate issues.

Warning

Firewall rules blocked me from connecting to one or more addresses

I tried to connect to the following addresses, but was blocked by firewall rules:

• update.code.visualstudio.com
  • Triggering command: node ./out/src/test/runTests.js --grep should handle TLS certificate errors gracefully (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)