Skip to content

[pull] main from coder:main #40

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 66 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
66 commits
Select commit Hold shift + click to select a range
dded82b
Release v4.99.3
code-asher Apr 17, 2025
47d6d3a
fix: parse part in path proxy (#7337)
kylecarbs May 2, 2025
3f2e334
Release v4.99.4
code-asher May 5, 2025
ea2caf0
Allow setting trusted domains for links at run-time
code-asher May 5, 2025
0c72b20
Place locale and abs-proxy-base-path in correct interfaces
code-asher May 5, 2025
c8257a3
Fix repeatable flags in config
code-asher May 5, 2025
e5b8d44
chore: bump @types/semver from 7.5.8 to 7.7.0
dependabot[bot] May 6, 2025
8b55b50
chore: bump eslint from 9.23.0 to 9.25.1 (#7332)
dependabot[bot] May 6, 2025
7af90ea
Mention code-server devcontainer feature (#7342)
bartekgatzcoder May 6, 2025
2c9b4e7
Update Code to 1.100.0 (#7343)
benz0li May 8, 2025
9bd3b83
Fix port parseInt error handling
code-asher May 8, 2025
d0e20d5
Update devcontainer feature link
code-asher May 8, 2025
e05219d
Release v4.100.0
code-asher May 12, 2025
1aca01f
Update Code to 1.101 (#7347)
benz0li May 13, 2025
9dd999b
Update Code to 1.100.2 (#7348)
benz0li May 15, 2025
cade03e
Release v4.100.1 and v4.100.2
code-asher May 19, 2025
35e78fe
chore: bump globals from 15.14.0 to 16.0.0 (#7333)
dependabot[bot] May 19, 2025
409c64e
Update Code to 1.100.3 (#7367)
benz0li Jun 3, 2025
9ec786b
Ask not to put "latest" in bug report
code-asher Jun 3, 2025
1face85
Sort some imports
code-asher Jun 3, 2025
1671bf1
Release v4.100.3
code-asher Jun 3, 2025
6e26dad
fix: update GitHub Actions Runner images (#7379)
jdomeracki-coder Jun 16, 2025
405eb0f
Update Code to 1.101.0 (#7376)
benz0li Jun 16, 2025
37357b0
chore: bump typescript-eslint from 8.29.0 to 8.33.0 (#7365)
dependabot[bot] Jun 16, 2025
3669c96
chore: bump @types/compression from 1.7.5 to 1.8.0 (#7364)
dependabot[bot] Jun 16, 2025
05d8904
chore: bump dawidd6/action-download-artifact from 9 to 10 (#7361)
dependabot[bot] Jun 16, 2025
a56769b
chore: bump heyhusen/archlinux-package-action from 2.2.1 to 2.4.0 (#7…
dependabot[bot] Jun 16, 2025
85ee441
chore: bump typescript from 5.6.2 to 5.8.3 (#7335)
dependabot[bot] Jun 16, 2025
74cc50d
chore: bump qs from 6.13.0 to 6.14.0 (#7363)
dependabot[bot] Jun 16, 2025
27a112c
Upgrade brace-expansion sub-dependency
code-asher Jun 17, 2025
bd34cd5
Update Code to 1.101.1 (#7383)
benz0li Jun 21, 2025
3a8fbeb
Release v4.101.0 and v4.101.1
code-asher Jun 24, 2025
c5c764d
Do not use module type for service worker
code-asher Jun 25, 2025
1b1440f
Update logo
code-asher Jun 25, 2025
53dccbb
Report if using hashed-password from config
code-asher Jun 25, 2025
aff005e
Update Code to 1.101.2
code-asher Jun 25, 2025
729456b
Release v4.101.2
code-asher Jun 25, 2025
70be9fe
Add non-maskable PWA icons
code-asher Jul 7, 2025
cdac5bf
Update Code to 1.102.0 (#7418)
benz0li Jul 15, 2025
8b3d9b9
Use native node -p to get exec path (#7420)
lemanschik Jul 15, 2025
92fca0d
Add language customization flag (#7374)
strickvl Jul 15, 2025
740a2d3
chore: bump aquasecurity/trivy-action from 0.30.0 to 0.31.0 (#7408)
dependabot[bot] Jul 15, 2025
bbe1b7f
chore: bump i18next from 23.16.4 to 25.3.0 (#7406)
dependabot[bot] Jul 15, 2025
4029c1e
Use Debian archives
code-asher Jul 15, 2025
0f9a0e8
Revert escaping for i18n strings
code-asher Jul 17, 2025
f26309a
Release v4.102.0
code-asher Jul 17, 2025
47e9d43
Update Code to 1.102.1 (#7424)
benz0li Jul 17, 2025
aaf2d91
Deleted unused and outdated afdesign file
code-asher Jul 17, 2025
84728f0
Release v4.102.1
code-asher Jul 17, 2025
fe7db49
Update values.yaml to better support dind (#7431)
SheldonTsen Jul 22, 2025
9f6d18e
Update Code to 1.102.2 (#7436)
benz0li Jul 24, 2025
b1ad6ff
Release v4.102.2
code-asher Jul 24, 2025
6f3d0a7
Update Code to 1.102.3 (#7444)
benz0li Jul 30, 2025
1805dae
chore: bump aquasecurity/trivy-action from 0.31.0 to 0.32.0 (#7450)
dependabot[bot] Aug 4, 2025
bc15fa4
chore: bump form-data in /test (#7430)
dependabot[bot] Aug 4, 2025
b5a2ce2
Use error handler in session server (#7455)
code-asher Aug 4, 2025
794def9
chore: bump on-headers and compression (#7427)
dependabot[bot] Aug 4, 2025
a7e77ce
chore: bump dawidd6/action-download-artifact from 10 to 11 (#7409)
dependabot[bot] Aug 4, 2025
8a378df
chore: bump eslint-import-resolver-typescript from 3.8.3 to 4.4.4 (#7…
dependabot[bot] Aug 4, 2025
5c0ff50
Remove direct safe-buffer dependency
code-asher Aug 4, 2025
8f738d2
Remove unused supertest dependency
code-asher Aug 4, 2025
e54467f
Run npm audit fix
code-asher Aug 4, 2025
3f23840
Remove import from express-serve-static-core
code-asher Aug 4, 2025
b27d982
chore: bump prettier from 3.4.2 to 3.6.2 (#7407)
dependabot[bot] Aug 4, 2025
f1236d8
Update Code to 1.103.0 (#7458)
benz0li Aug 9, 2025
2bbb6e8
Release v4.103.0
code-asher Aug 12, 2025
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .github/ISSUE_TEMPLATE/bug-report.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ body:
- **Remote OS**: Ubuntu
- **Remote Architecture**: amd64
- **`code-server --version`**: 4.0.1

Please do not just put "latest" for the version.
value: |
- Web Browser:
- Local OS:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/publish.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ jobs:
echo "VERSION=${TAG#v}" >> $GITHUB_ENV

- name: Validate package
uses: heyhusen/archlinux-package-action@v2.2.1
uses: heyhusen/archlinux-package-action@v2.4.0
env:
VERSION: ${{ env.VERSION }}
with:
Expand Down
3 changes: 2 additions & 1 deletion .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@ jobs:

- name: Install cross-compiler and system dependencies
run: |
sed -i 's/deb\.debian\.org/archive.debian.org/g' /etc/apt/sources.list
dpkg --add-architecture $TARGET_ARCH
apt update && apt install -y --no-install-recommends \
crossbuild-essential-$TARGET_ARCH \
Expand Down Expand Up @@ -268,7 +269,7 @@ jobs:
timeout-minutes: 15
steps:
- name: Download artifacts
uses: dawidd6/action-download-artifact@v9
uses: dawidd6/action-download-artifact@v11
id: download
with:
branch: ${{ github.ref }}
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/security.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -43,15 +43,15 @@ jobs:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-20.04
runs-on: ubuntu-22.04
steps:
- name: Checkout repo
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5
uses: aquasecurity/trivy-action@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4
with:
scan-type: "fs"
scan-ref: "."
Expand All @@ -72,7 +72,7 @@ jobs:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/autobuild to send a status report
name: Analyze with CodeQL
runs-on: ubuntu-20.04
runs-on: ubuntu-22.04

steps:
- name: Checkout repository
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/trivy-docker.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -44,14 +44,14 @@ concurrency:

jobs:
trivy-scan-image:
runs-on: ubuntu-20.04
runs-on: ubuntu-22.04

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Run Trivy vulnerability scanner in image mode
uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5
uses: aquasecurity/trivy-action@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4
with:
image-ref: "docker.io/codercom/code-server:latest"
ignore-unfixed: true
Expand Down
2 changes: 1 addition & 1 deletion .node-version
Original file line number Diff line number Diff line change
@@ -1 +1 @@
20.18.3
22.17.0
137 changes: 136 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,142 @@ Code v99.99.999

## Unreleased

## [4.103.0](https://github.com/coder/code-server/releases/tag/v4.103.0) - 2025-08-12

Code v1.103.0

### Changed

- Update to Code 1.103.0.

## [4.102.2](https://github.com/coder/code-server/releases/tag/v4.102.2) - 2025-07-24

Code v1.102.2

### Changed

- Update to Code 1.102.2.

## [4.102.1](https://github.com/coder/code-server/releases/tag/v4.102.1) - 2025-07-17

Code v1.102.1

### Changed

- Update to Code 1.102.1.

## [4.102.0](https://github.com/coder/code-server/releases/tag/v4.102.0) - 2025-07-16

Code v1.102.0

### Changed

- Update to Code 1.102.0.

### Added

- Custom strings can be configured using the `--i18n` flag set to a JSON
file. This can be used for either translation (and can be used alongside
`--locale`) or for customizing the strings. See
[./src/node/i18n/locales/en.json](./src/node/i18n/locales/en.json) for the
available keys.

## [4.101.2](https://github.com/coder/code-server/releases/tag/v4.101.2) - 2025-06-25

Code v1.101.2

### Changed

- Update to Code 1.101.2.

### Fixed

- Fix web views not loading due to 401 when requesting the service worker.

## [4.101.1](https://github.com/coder/code-server/releases/tag/v4.101.1) - 2025-06-20

Code v1.101.1

### Changed

- Update to Code 1.101.1.

## [4.101.0](https://github.com/coder/code-server/releases/tag/v4.101.0) - 2025-06-20

Code v1.101.0

### Changed

- Update to Code 1.101.0.

## [4.100.3](https://github.com/coder/code-server/releases/tag/v4.100.3) - 2025-06-03

Code v1.100.3

### Changed

- Update to Code 1.100.3.

## [4.100.2](https://github.com/coder/code-server/releases/tag/v4.100.2) - 2025-05-15

Code v1.100.2

### Changed

- Update to Code 1.100.2.

## [4.100.1](https://github.com/coder/code-server/releases/tag/v4.100.1) - 2025-05-13

Code v1.100.1

### Changed

- Update to Code 1.100.1.

## [4.100.0](https://github.com/coder/code-server/releases/tag/v4.100.0) - 2025-05-12

Code v1.100.0

### Added

- Trusted domains for links can now be set at run-time by configuring
`linkProtectionTrustedDomains` in the `lib/vscode/product.json` file or via
the `--link-protection-trusted-domains` flag.

### Changed

- Update to Code 1.100.0.
- Disable extension signature verification, which previously was skipped by
default (the package used for verification is not available to OSS builds of
VS Code) but now reportedly throws hard errors making it impossible to install
extensions.

### Fixed

- Flags with repeatable options now work via the config file.

## [4.99.4](https://github.com/coder/code-server/releases/tag/v4.99.4) - 2025-05-02

Code v1.99.3

### Security

- Validate that ports in the path proxy are numbers, to prevent proxying to
arbitrary domains.

## [4.99.3](https://github.com/coder/code-server/releases/tag/v4.99.3) - 2025-04-17

Code v1.99.3

### Added

- Added `--skip-auth-preflight` flag to let preflight requests through the
proxy.

### Changed

- Update to Code 1.99.3.

## [4.99.2](https://github.com/coder/code-server/releases/tag/v4.99.2) - 2025-04-10

Code v1.99.2
Expand Down Expand Up @@ -682,7 +818,6 @@ Code v1.68.1
would be accessible at `my.domain/proxy/8000/` without any authentication.

If all of the following apply to you please update as soon as possible:

- You run code-server with the built-in password authentication.
- You run unprotected HTTP services on ports accessible by code-server.

Expand Down
2 changes: 1 addition & 1 deletion ci/build/build-standalone-release.sh
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ main() {
# Package managers may shim their own "node" wrapper into the PATH, so run
# node and ask it for its true path.
local node_path
node_path="$(node <<< 'console.info(process.execPath)')"
node_path="$(node -p process.execPath)"

mkdir -p "$RELEASE_PATH/bin"
mkdir -p "$RELEASE_PATH/lib"
Expand Down
4 changes: 3 additions & 1 deletion ci/build/build-vscode.sh
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,9 @@ EOF
# this because we have an NPM package that could be installed on any platform.
# The correct platform dependencies and scripts will be installed as part of
# the post-install during `npm install` or when building a standalone release.
npm run gulp "vscode-reh-web-linux-x64${MINIFY:+-min}"
node --max-old-space-size=16384 --optimize-for-size \
./node_modules/gulp/bin/gulp.js \
"vscode-reh-web-linux-x64${MINIFY:+-min}"

# Reset so if you develop after building you will not be stuck with the wrong
# commit (the dev client will use `oss-dev` but the dev server will still use
Expand Down
4 changes: 2 additions & 2 deletions ci/build/npm-postinstall.sh
Original file line number Diff line number Diff line change
Expand Up @@ -76,8 +76,8 @@ main() {
echo "USE AT YOUR OWN RISK!"
fi

if [ "$major_node_version" -ne "${FORCE_NODE_VERSION:-20}" ]; then
echo "ERROR: code-server currently requires node v20."
if [ "$major_node_version" -ne "${FORCE_NODE_VERSION:-22}" ]; then
echo "ERROR: code-server currently requires node v22."
if [ -n "$FORCE_NODE_VERSION" ]; then
echo "However, you have overrided the version check to use v$FORCE_NODE_VERSION."
fi
Expand Down
64 changes: 35 additions & 29 deletions ci/dev/gen_icons.sh
Original file line number Diff line number Diff line change
@@ -1,44 +1,50 @@
#!/bin/sh
set -eu

# Generate icons from a single favicon.svg. favicon.svg should have no fill
# colors set.
main() {
cd src/browser/media

# We need .ico for backwards compatibility.
# The other two are the only icon sizes required by Chrome and
# we use them for stuff like apple-touch-icon as well.
# https://web.dev/add-manifest/
# We need .ico for backwards compatibility. The other two are the only icon
# sizes required by Chrome and we use them for stuff like apple-touch-icon as
# well. https://web.dev/add-manifest/
#
# This should be enough and we can always add more if there are problems.

#
# -quiet to avoid https://github.com/ImageMagick/ImageMagick/issues/884
# -background defaults to white but we want it transparent.
# -density somehow makes the image both sharper and smaller in file size.
#
# https://imagemagick.org/script/command-line-options.php#background
convert -quiet -background transparent -resize 256x256 favicon.svg favicon.ico
# We do not generate the pwa-icon from the favicon as they are slightly different
# designs and sizes.
# See favicon.afdesign and #2401 for details on the differences.
convert -quiet -background transparent -resize 192x192 pwa-icon.png pwa-icon-192.png
convert -quiet -background transparent -resize 512x512 pwa-icon.png pwa-icon-512.png
convert -quiet -background transparent \
-resize 256x256 -density 256x256 \
favicon.svg favicon.ico

# We use -quiet above to avoid https://github.com/ImageMagick/ImageMagick/issues/884
# Generate PWA icons. There should be enough padding to support masking.
convert -quiet -border 60x60 -bordercolor white -background white \
-resize 192x192 -density 192x192 \
favicon.svg pwa-icon-maskable-192.png
convert -quiet -border 160x160 -bordercolor white -background white \
-resize 512x512 -density 512x512 \
favicon.svg pwa-icon-maskable-512.png

# The following adds dark mode support for the favicon as favicon-dark-support.svg
# There is no similar capability for pwas or .ico so we can only add support to the svg.
favicon_dark_style="<style>
@media (prefers-color-scheme: dark) {
* {
fill: white;
}
}
</style>"
# See https://stackoverflow.com/a/22901380/4283659
# This escapes all newlines so that sed will accept them.
favicon_dark_style="$(printf "%s\n" "$favicon_dark_style" | sed -e ':a' -e 'N' -e '$!ba' -e 's/\n/\\n/g')"
sed "$(
cat -n << EOF
s%<rect id="favicon"%$favicon_dark_style<rect id="favicon"%
EOF
)" favicon.svg > favicon-dark-support.svg
# Generate non-maskable PWA icons.
magick pwa-icon-maskable-192.png \
\( +clone -threshold 101% -fill white -draw "roundRectangle 0,0 %[fx:int(w)],%[fx:int(h)] 50,50" \) \
-channel-fx "| gray=>alpha" \
pwa-icon-192.png
magick pwa-icon-maskable-512.png \
\( +clone -threshold 101% -fill white -draw "roundRectangle 0,0 %[fx:int(w)],%[fx:int(h)] 100,100" \) \
-channel-fx "| gray=>alpha" \
pwa-icon-512.png

# The following adds dark mode support for the favicon as
# favicon-dark-support.svg There is no similar capability for pwas or .ico so
# we can only add support to the svg.
favicon_dark_style="<style>@media (prefers-color-scheme: dark) {* { fill: white; }}</style>"
cp favicon.svg favicon-dark-support.svg
sed "s%<path%$favicon_dark_style\n <path%" favicon.svg > favicon-dark-support.svg
}

main "$@"
4 changes: 2 additions & 2 deletions ci/helm-chart/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,9 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 3.26.2
version: 3.30.0

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
appVersion: 4.99.2
appVersion: 4.103.0
Loading