6db6f48300
chore: fix broken link in docs ( #18733 )
...
Fixes the "Helm README" link on
https://coder.com/docs/install/kubernetes so it goes to the right path.
Side note: I don't see any content in
https://coder.com/docs/about/contributing/documentation about to whom
such a PR should be assigned, if any. Edward was suggested and I see
you've worked on other PR's with the `docs` label, so going with that.
2025-07-02 22:34:29 -04:00
09c50559f3
feat: implement RFC 6750 Bearer token authentication ( #18644 )
...
# Add RFC 6750 Bearer Token Authentication Support
This PR implements RFC 6750 Bearer Token authentication as an additional authentication method for Coder's API. This allows clients to authenticate using standard OAuth 2.0 Bearer tokens in two ways:
1. Using the `Authorization: Bearer <token>` header
2. Using the `access_token` query parameter
Key changes:
- Added support for extracting tokens from both Bearer headers and access_token query parameters
- Implemented proper WWW-Authenticate headers for 401/403 responses with appropriate error descriptions
- Added comprehensive test coverage for the new authentication methods
- Updated the OAuth2 protected resource metadata endpoint to advertise Bearer token support
- Enhanced the OAuth2 testing script to verify Bearer token functionality
These authentication methods are added as fallback options, maintaining backward compatibility with Coder's existing authentication mechanisms. The existing authentication methods (cookies, session token header, etc.) still take precedence.
This implementation follows the OAuth 2.0 Bearer Token specification (RFC 6750) and improves interoperability with standard OAuth 2.0 clients.
2025-07-02 19:14:54 +02:00
eade5b019b
fix: handle null response from the template presets endpoint ( #18723 )
...
The template presets endpoint returns a null response when a template
version does not define any presets.
2025-07-02 19:08:33 +02:00
33bbf18a4b
feat: add OAuth2 protected resource metadata endpoint for RFC 9728 ( #18643 )
...
# Add OAuth2 Protected Resource Metadata Endpoint
This PR implements the OAuth2 Protected Resource Metadata endpoint according to RFC 9728. The endpoint is available at `/.well-known/oauth-protected-resource` and provides information about Coder as an OAuth2 protected resource.
Key changes:
- Added a new endpoint at `/.well-known/oauth-protected-resource` that returns metadata about Coder as an OAuth2 protected resource
- Created a new `OAuth2ProtectedResourceMetadata` struct in the SDK
- Added tests to verify the endpoint functionality
- Updated API documentation to include the new endpoint
The implementation currently returns basic metadata including the resource identifier and authorization server URL. The `scopes_supported` field is empty until a scope system based on RBAC permissions is implemented. The `bearer_methods_supported` field is omitted as Coder uses custom authentication methods rather than standard RFC 6750 bearer tokens.
A TODO has been added to implement RFC 6750 bearer token support in the future.
2025-07-02 18:58:41 +02:00
1b73b1a12f
docs: add Go LSP MCP configs and tools guide for code navigation ( #18613 )
...
# Add Code Navigation and Investigation Guide for Go LSP Tools
Added a new section to the CLAUDE.md documentation that explains how to use Go Language Server Protocol (LSP) tools when working with the Coder codebase. The guide includes:
- Commands for finding function definitions, symbol references, and getting symbol information
- Examples of LSP usage with specific commands
- Guidance on when to use LSP versus other tools like grep or bash
- A structured investigation strategy for navigating the codebase, starting with route registration and tracing through to implementations
This documentation helps developers more efficiently explore and understand the codebase structure.
2025-07-02 18:43:35 +02:00
630804ec92
chore: fix duplicate migration 000345 ( #18721 )
...
Fixes duplicate migration introduced by
https://github.com/coder/coder/pull/18575
2025-07-02 16:15:10 +00:00
f0c9c4dbcd
feat: oauth2 - add RFC 8707 resource indicators and audience validation ( #18575 )
...
This pull request implements RFC 8707, Resource Indicators for OAuth 2.0 (https://datatracker.ietf.org/doc/html/rfc8707 ), to enhance the security of our OAuth 2.0 provider.
This change enables proper audience validation and binds access tokens to their intended resource, which is crucial
for preventing token misuse in multi-tenant environments or deployments with multiple resource servers.
## Key Changes:
* Resource Parameter Support: Adds support for the resource parameter in both the authorization (`/oauth2/authorize`) and token (`/oauth2/token`) endpoints, allowing clients to specify the intended resource server.
* Audience Validation: Implements server-side validation to ensure that the resource parameter provided during the token exchange matches the one from the authorization request.
* API Middleware Enforcement: Introduces a new validation step in the API authentication middleware (`coderd/httpmw/apikey.go`) to verify that the audience of the access token matches the resource server being accessed.
* Database Schema Updates:
* Adds a `resource_uri` column to the `oauth2_provider_app_codes` table to store the resource requested during authorization.
* Adds an `audience` column to the `oauth2_provider_app_tokens` table to bind the issued token to a specific audience.
* Enhanced PKCE: Includes a minor enhancement to the PKCE implementation to protect against timing attacks.
* Comprehensive Testing: Adds extensive new tests to `coderd/oauth2_test.go` to cover various RFC 8707 scenarios, including valid flows, mismatched resources, and refresh token validation.
## How it Works:
1. An OAuth2 client specifies the target resource (e.g., https://coder.example.com ) using the resource parameter in the authorization request.
2. The authorization server stores this resource URI with the authorization code.
3. During the token exchange, the server validates that the client provides the same resource parameter.
4. The server issues an access token with an audience claim set to the validated resource URI.
5. When the client uses the access token to call an API endpoint, the middleware verifies that the token's audience matches the URL of the Coder deployment, rejecting any tokens intended for a different resource.
This ensures that a token issued for one Coder deployment cannot be used to access another, significantly strengthening our authentication security.
---
Change-Id: I3924cb2139e837e3ac0b0bd40a5aeb59637ebc1b
Signed-off-by: Thomas Kosiewski <tk@coder.com >
2025-07-02 17:49:00 +02:00
01163ea57b
feat: allow users to pause prebuilt workspace reconciliation ( #18700 )
...
This PR provides two commands:
* `coder prebuilds pause`
* `coder prebuilds resume`
These allow the suspension of all prebuilds activity, intended for use
if prebuilds are misbehaving.
2025-07-02 15:05:42 +00:00
4072d228c5
feat: support dynamic parameters on create template request ( #18636 )
...
Future work is to add this checkbox to the UI to opt into dynamic
parameters from the first template create.
2025-07-02 09:44:01 -05:00
91aa583ea4
docs: mention Windsurf module in Windsurf documentation ( #18715 )
...
Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
Co-authored-by: bpmct <22407953+bpmct@users.noreply.github.com >
2025-07-02 19:13:35 +05:00
59c8b560fa
test: add test that we close stdin on SSH session close ( #18711 )
...
closes #18519
Adds a unit test that verifies that we close the stdin to a non-TTY process when the SSH session connected to it exits.
c.f. https://github.com/coder/coder/issues/18519#issuecomment-3027609871
Validates that we match OpenSSH behavior.
2025-07-02 16:23:07 +04:00
8a69f6af17
fix(agent/agentcontainers): avoid logspam in API updaterLoop ( #18710 )
...
Fixes #18709
2025-07-02 14:29:45 +03:00
0b8ed9c2bd
docs: move the duplicate Coder Desktop install warning to Troubleshooting ( #18691 )
...
Co-authored-by: Edward Angert <EdwardAngert@users.noreply.github.com >
2025-07-02 11:22:58 +00:00
0b82f41a24
feat: allow masking workspace parameter inputs ( #18595 )
2025-07-01 16:27:43 -06:00
d22ac1cf65
chore: don't cache errors in file cache ( #18555 )
2025-07-01 13:50:37 -06:00
ab254adfb9
docs: add section about how to disable path based apps to security best practices ( #18419 )
...
add a new section specifically about how to disable path-based apps to
the security best practices doc
## todo
- [x] copy review
- [x] cross-linking
---------
Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com >
Co-authored-by: Dean Sheather <dean@deansheather.com >
2025-07-01 13:18:47 -04:00
d14e9be0fe
feat: add Coder registry links to template creation and editing ( #18680 )
...
## Summary
- Add "Browse Templates" card to starter templates page
- Add "Browse Modules" button to template editor topbar
- Both link to https://registry.coder.com as requested in #18141
<img width="1248" alt="Screenshot 2025-07-01 at 9 29 26 AM"
src="https://github.com/user-attachments/assets/2295e45c-2056-41cd-a39e-48d4379295be "
/>
<img width="943" alt="Screenshot 2025-07-01 at 9 29 45 AM"
src="https://github.com/user-attachments/assets/e0652b76-43bf-4794-825d-72b4fe7c5e5f "
/>
🤖 Generated with [Claude Code](https://claude.ai/code )
---------
Co-authored-by: Claude <noreply@anthropic.com >
2025-07-01 13:18:27 -04:00
1158ca25bf
fix(dogfood/coder): run go clean cache at workspace shutdown ( #18685 )
...
The Go build cache has a tendency to accumulate and waste space
(typically in the realm of 10-70 GB). This change automatically cleans
up the cache on shutdown to prevent accumulation.
2025-07-01 15:22:26 +01:00
6f2834f62a
feat: oauth2 - add authorization server metadata endpoint and PKCE support ( #18548 )
...
## Summary
This PR implements critical MCP OAuth2 compliance features for Coder's authorization server, adding PKCE support, resource parameter handling, and OAuth2 server metadata discovery. This brings Coder's OAuth2 implementation significantly closer to production readiness for MCP (Model Context Protocol)
integrations.
## What's Added
### OAuth2 Authorization Server Metadata (RFC 8414)
- Add `/.well-known/oauth-authorization-server` endpoint for automatic client discovery
- Returns standardized metadata including supported grant types, response types, and PKCE methods
- Essential for MCP client compatibility and OAuth2 standards compliance
### PKCE Support (RFC 7636)
- Implement Proof Key for Code Exchange with S256 challenge method
- Add `code_challenge` and `code_challenge_method` parameters to authorization flow
- Add `code_verifier` validation in token exchange
- Provides enhanced security for public clients (mobile apps, CLIs)
### Resource Parameter Support (RFC 8707)
- Add `resource` parameter to authorization and token endpoints
- Store resource URI and bind tokens to specific audiences
- Critical for MCP's resource-bound token model
### Enhanced OAuth2 Error Handling
- Add OAuth2-compliant error responses with proper error codes
- Use standard error format: `{"error": "code", "error_description": "details"}`
- Improve error consistency across OAuth2 endpoints
### Authorization UI Improvements
- Fix authorization flow to use POST-based consent instead of GET redirects
- Remove dependency on referer headers for security decisions
- Improve CSRF protection with proper state parameter validation
## Why This Matters
**For MCP Integration:** MCP requires OAuth2 authorization servers to support PKCE, resource parameters, and metadata discovery. Without these features, MCP clients cannot securely authenticate with Coder.
**For Security:** PKCE prevents authorization code interception attacks, especially critical for public clients. Resource binding ensures tokens are only valid for intended services.
**For Standards Compliance:** These are widely adopted OAuth2 extensions that improve interoperability with modern OAuth2 clients.
## Database Changes
- **Migration 000343:** Adds `code_challenge`, `code_challenge_method`, `resource_uri` to `oauth2_provider_app_codes`
- **Migration 000343:** Adds `audience` field to `oauth2_provider_app_tokens` for resource binding
- **Audit Updates:** New OAuth2 fields properly tracked in audit system
- **Backward Compatibility:** All changes maintain compatibility with existing OAuth2 flows
## Test Coverage
- Comprehensive PKCE test suite in `coderd/identityprovider/pkce_test.go`
- OAuth2 metadata endpoint tests in `coderd/oauth2_metadata_test.go`
- Integration tests covering PKCE + resource parameter combinations
- Negative tests for invalid PKCE verifiers and malformed requests
## Testing Instructions
```bash
# Run the comprehensive OAuth2 test suite
./scripts/oauth2/test-mcp-oauth2.sh
Manual Testing with Interactive Server
# Start Coder in development mode
./scripts/develop.sh
# In another terminal, set up test app and run interactive flow
eval $(./scripts/oauth2/setup-test-app.sh)
./scripts/oauth2/test-manual-flow.sh
# Opens browser with OAuth2 flow, handles callback automatically
# Clean up when done
./scripts/oauth2/cleanup-test-app.sh
Individual Component Testing
# Test metadata endpoint
curl -s http://localhost:3000/.well-known/oauth-authorization-server | jq .
# Test PKCE generation
./scripts/oauth2/generate-pkce.sh
# Run specific test suites
go test -v ./coderd/identityprovider -run TestVerifyPKCE
go test -v ./coderd -run TestOAuth2AuthorizationServerMetadata
```
### Breaking Changes
None. All changes maintain backward compatibility with existing OAuth2 flows.
---
Change-Id: Ifbd0d9a543d545f9f56ecaa77ff2238542ff954a
Signed-off-by: Thomas Kosiewski <tk@coder.com >
2025-07-01 15:39:29 +02:00
dbfbef6ecb
chore(cli): increase reconciliation interval to 1 minute ( #18690 )
...
Increase prebuilds reconciliation and backoff interval to 1 minute by
default.
2025-07-01 14:35:02 +01:00
57a6d59d8d
docs: add warning about prebuilds incompatibility with certain features ( #18689 )
...
## Description
This PR adds a warning to the prebuilds documentation about
incompatibility with Workspace schedule (autostart/autostop), dormancy,
and DevContainers. These configurations can interfere with prebuild
behavior and should be avoided for now.
Preview:
2025-07-01 13:59:07 +01:00
4e95b1d20e
fix: revert changes to GetRunningPrebuiltWorkspaces ( #18688 )
...
… (#18588 )"
This reverts commit 258a839d27
2025-07-01 10:11:43 +00:00
3d22e27f4e
fix: handle task sidebar app health check disabled correctly ( #18687 )
...
Previously, by mistake, the task sidebar would not display workspace
apps that don't have a health check configured.
2025-07-01 12:01:17 +02:00
7e372f7a35
fix(agent/agentcontainers): reset error at start of rebuild ( #18686 )
...
Reset the error associated with a devcontainer when a rebuild is requested.
2025-07-01 10:57:43 +01:00
258a839d27
chore(coderd/database): optimize GetRunningPrebuiltWorkspaces ( #18588 )
...
Fixes https://github.com/coder/internal/issues/715
After this change, the only use of the `workspace_prebuilds` view is the
`ClaimPrebuiltWorkspace` query. A subsequent PR will update the view.
Before: ~44ms https://explain.dalibo.com/plan/76cbe21d1a4c9329#plan
After: 7.3ms https://explain.dalibo.com/plan/5abbdf926315677e#plan
2025-07-01 09:42:01 +01:00
0f56f0029b
chore: add which-release script ( #18657 )
2025-07-01 08:05:44 +00:00
695de6e0c0
chore(coderd/database): optimize AuditLogs queries ( #18600 )
...
Closes #17689
This PR optimizes the audit logs query performance by extracting the
count operation into a separate query and replacing the OR-based
workspace_builds with conditional joins.
## Query changes
* Extracted count query to separate one
* Replaced single `workspace_builds` join with OR conditions with
separate conditional joins
* Added conditional joins
* `wb_build` for workspace_build audit logs (which is a direct lookup)
* `wb_workspace` for workspace create audit logs (via workspace)
Optimized AuditLogsOffset query:
https://explain.dalibo.com/plan/4g1hbedg4a564bg8
New CountAuditLogs query:
https://explain.dalibo.com/plan/ga2fbcecb9efbce3
2025-07-01 07:31:14 +02:00
74e1953619
docs: bitnami/postgresql primary prefix for persistence.size config key ( #18446 )
...
The `bitnami/postgresql`chart doesn't have a value with key
`persistence.size`. The correct value key which control the size of the
PVC is `primary.persistence.size`.
See:
-
https://github.com/bitnami/charts/blob/postgresql/16.7.12/bitnami/postgresql/values.yaml
- The JSON schema,
[`values.schema.json`](https://github.com/bitnami/charts/blob/postgresql/16.7.12/bitnami/postgresql/values.schema.json )
of the
[`values.yaml`](https://github.com/bitnami/charts/blob/postgresql/16.7.12/bitnami/postgresql/values.yaml )
included in the chart is out of sync.
https://github.com/bitnami/readme-generator-for-helm/issues/142
2025-06-30 16:55:57 -04:00
4756080eb2
feat(site): display devcontainer start error ( #18637 )
...
Fixes https://github.com/coder/internal/issues/705
Surface errors on the UI when a devcontainer agent is unable to be
injected.
2025-06-30 21:34:29 +01:00
fc7700a62f
fix: improve reliability of app statuses ( #18622 )
...
We were discarding all "working" updates from the screen watcher because
we cannot tell the difference between the agent or user changing the
screen, but it makes sense to accept it as the very first update,
because the agent could be working but neglected to report that fact, so
you would never get an initial "working" update (it would just
eventually go straight to "idle").
Also messages can start at zero, so I made a fix for that as well,
although the first message will be from the LLM and we ignore
those anyway, so this probably has no actual effect, but seems more
technically correct.
And it seems I forgot to actually update the last message ID, which
also does not actually matter for user messages (since I think the
SSE endpoint will not re-emit a user message it has already emitted),
but seems more technically correct to check.
Lastly, if we have the screen watcher, ignore the agent's self-reported
state and always use "working" since it is unreliable. The idle state will
eventually be caught by the watcher.
2025-06-30 12:12:20 -08:00
ad6773360c
fix: display error message on delete workspace error ( #18654 )
...
resolves coder/preview#155
When deleting a workspace, show an error dialog if deleting the
workspace is not possible.
2025-06-30 15:09:51 -04:00
22c5e84a7e
fix: handle health status when displaying task apps ( #18675 )
...
Previously, we displayed apps in iframes on the task page without
waiting for them to initialize. This would result in 502 errors shown to
the user. This PR makes sure that we only display the app after it
initializes.
### Before
<img width="1920" alt="Screenshot 2025-06-30 at 14 59 07 (2)"
src="https://github.com/user-attachments/assets/63564ac9-abce-4a0c-b58e-b988772fae82 "
/>
2025-06-30 20:46:28 +02:00
b7cb275d7e
fix: stop tearing down non-TTY processes on SSH session end ( #18673 )
...
(possibly temporary) fix for #18519
Matches OpenSSH for non-tty sessions, where we don't actively terminate
the process.
Adds explicit tracking to the SSH server for these processes so that if
we are shutting down we terminate them: this ensures that we can shut
down quickly to allow shutdown scripts to run. It also ensures our tests
don't leak system resources.
2025-06-30 22:06:05 +04:00
9ccaf86099
fix(agent/agentcontainers): always derive devcontainer name from workspace folder ( #18666 )
2025-06-30 20:56:39 +03:00
715c7b0c24
chore: correct RD limitation comment ( #18668 )
...
subj
2025-06-30 22:46:00 +05:00
b1e8d5d5e0
docs: remove beta label from Coder Desktop ( #18651 )
...
Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
Co-authored-by: Edward Angert <EdwardAngert@users.noreply.github.com >
2025-06-30 21:23:09 +05:00
851cda55d6
ci: bump the github-actions group with 3 updates ( #18665 )
...
Bumps the github-actions group with 3 updates:
[step-security/harden-runner](https://github.com/step-security/harden-runner ),
[fluxcd/flux2](https://github.com/fluxcd/flux2 ) and
[github/codeql-action](https://github.com/github/codeql-action ).
Updates `step-security/harden-runner` from 2.12.1 to 2.12.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/step-security/harden-runner/releases ">step-security/harden-runner's
releases</a>.</em></p>
<blockquote>
<h2>v2.12.2</h2>
<h2>What's Changed</h2>
<p>Added HTTPS Monitoring for additional destinations -
*.githubusercontent.com
Bug fixes:</p>
<ul>
<li>Implicitly allow local multicast, local unicast and broadcast IP
addresses in block mode</li>
<li>Increased policy map size for block mode</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2...v2.12.2 ">https://github.com/step-security/harden-runner/compare/v2...v2.12.2 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/step-security/harden-runner/commit/6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 "><code>6c439dc</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/562 ">#562</a>
from step-security/rc-22</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/bf5688696d0b2cf8221eadb38e4232386015763a "><code>bf56886</code></a>
update agent</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/5436dac7b5fa76a1a179168f5f4de86c00e22c84 "><code>5436dac</code></a>
update agent</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/88d305a3530acfa6d1939000baaa571e520df9c8 "><code>88d305a</code></a>
update agent</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/b976878278dbe3bc16039f7165b8faf809c50297 "><code>b976878</code></a>
update agent</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/875cc92db280a03598e7492a3e6c165c689f7af6 "><code>875cc92</code></a>
Update agent</li>
<li>See full diff in <a
href="https://github.com/step-security/harden-runner/compare/002fdce3c6a235733a90a27c80493a3241e56863...6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `fluxcd/flux2` from 2.6.2 to 2.6.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/fluxcd/flux2/releases ">fluxcd/flux2's
releases</a>.</em></p>
<blockquote>
<h2>v2.6.3</h2>
<h2>Highlights</h2>
<p>Flux v2.6.3 is a patch release that comes with various fixes. Users
are encouraged to upgrade for the best experience.</p>
<p>Fixes:</p>
<ul>
<li>Fix for <code>rsa-sha2-512</code> and <code>rsa-sha2-256</code>
algorithms not being prioritized for <code>ssh-rsa</code> host keys in
source-controller, image-automation-controller and Flux CLI
bootstrap.</li>
</ul>
<h2>Components changelog</h2>
<ul>
<li>source-controller <a
href="https://github.com/fluxcd/source-controller/blob/v1.6.2/CHANGELOG.md ">v1.6.2</a></li>
<li>image-automation-controller <a
href="https://github.com/fluxcd/image-automation-controller/blob/v0.41.2/CHANGELOG.md ">v0.41.2</a></li>
</ul>
<h2>CLI changed</h2>
<ul>
<li>[release/v2.6.x] Update toolkit components by <a
href="https://github.com/fluxcdbot "><code>@fluxcdbot</code></a> in <a
href="https://redirect.github.com/fluxcd/flux2/pull/5427 ">fluxcd/flux2#5427</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/fluxcd/flux2/compare/v2.6.2...v2.6.3 ">https://github.com/fluxcd/flux2/compare/v2.6.2...v2.6.3 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/fluxcd/flux2/commit/bda4c8187e436462be0d072e728b67afa215c593 "><code>bda4c81</code></a>
Merge pull request <a
href="https://redirect.github.com/fluxcd/flux2/issues/5427 ">#5427</a>
from fluxcd/backport-5426-to-release/v2.6.x</li>
<li><a
href="https://github.com/fluxcd/flux2/commit/3f281da7381e3984913244d78b9768e4fa5fbb65 "><code>3f281da</code></a>
Fix: Prioritize sha2-512 and sha2-256 for ssh-rsa host keys</li>
<li><a
href="https://github.com/fluxcd/flux2/commit/963e99188cb0a77dfbe70a3db7a34c0f6e159dd3 "><code>963e991</code></a>
Update toolkit components</li>
<li>See full diff in <a
href="https://github.com/fluxcd/flux2/compare/a48f81a66c4ca9fbd993233ab99dd03a7cfbe09a...bda4c8187e436462be0d072e728b67afa215c593 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `github/codeql-action` from 3.29.0 to 3.29.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases ">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.29.1</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases ">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.29.1 - 27 Jun 2025</h2>
<ul>
<li>Fix bug in PR analysis where user-provided <code>include</code>
query filter fails to exclude non-included queries. <a
href="https://redirect.github.com/github/codeql-action/pull/2938 ">#2938</a></li>
<li>Update default CodeQL bundle version to 2.22.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2950 ">#2950</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.29.1/CHANGELOG.md ">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md ">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases ">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<ul>
<li>Experimental: When the <code>quality-queries</code> input for the
<code>init</code> action is provided with an argument, separate
<code>.quality.sarif</code> files are produced and uploaded for each
language with the results of the specified queries. Do not use this in
production as it is part of an internal experiment and subject to change
at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/2935 ">#2376</a></li>
</ul>
<h2>3.29.1 - 27 Jun 2025</h2>
<ul>
<li>Fix bug in PR analysis where user-provided <code>include</code>
query filter fails to exclude non-included queries. <a
href="https://redirect.github.com/github/codeql-action/pull/2938 ">#2938</a></li>
<li>Update default CodeQL bundle version to 2.22.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2950 ">#2950</a></li>
</ul>
<h2>3.29.0 - 11 Jun 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.22.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2925 ">#2925</a></li>
<li>Bump minimum CodeQL bundle version to 2.16.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2912 ">#2912</a></li>
</ul>
<h2>3.28.19 - 03 Jun 2025</h2>
<ul>
<li>The CodeQL Action no longer includes its own copy of the extractor
for the <code>actions</code> language, which is currently in public
preview.
The <code>actions</code> extractor has been included in the CodeQL CLI
since v2.20.6. If your workflow has enabled the <code>actions</code>
language <em>and</em> you have pinned
your <code>tools:</code> property to a specific version of the CodeQL
CLI earlier than v2.20.6, you will need to update to at least CodeQL
v2.20.6 or disable
<code>actions</code> analysis.</li>
<li>Update default CodeQL bundle version to 2.21.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2910 ">#2910</a></li>
</ul>
<h2>3.28.18 - 16 May 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2893 ">#2893</a></li>
<li>Skip validating SARIF produced by CodeQL for improved performance.
<a
href="https://redirect.github.com/github/codeql-action/pull/2894 ">#2894</a></li>
<li>The number of threads and amount of RAM used by CodeQL can now be
set via the <code>CODEQL_THREADS</code> and <code>CODEQL_RAM</code>
runner environment variables. If set, these environment variables
override the <code>threads</code> and <code>ram</code> inputs
respectively. <a
href="https://redirect.github.com/github/codeql-action/pull/2891 ">#2891</a></li>
</ul>
<h2>3.28.17 - 02 May 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2872 ">#2872</a></li>
</ul>
<h2>3.28.16 - 23 Apr 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2863 ">#2863</a></li>
</ul>
<h2>3.28.15 - 07 Apr 2025</h2>
<ul>
<li>Fix bug where the action would fail if it tried to produce a debug
artifact with more than 65535 files. <a
href="https://redirect.github.com/github/codeql-action/pull/2842 ">#2842</a></li>
</ul>
<h2>3.28.14 - 07 Apr 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2838 ">#2838</a></li>
</ul>
<h2>3.28.13 - 24 Mar 2025</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/39edc492dbe16b1465b0cafca41432d857bdb31a "><code>39edc49</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2953 ">#2953</a>
from github/update-v3.29.1-428aea55f</li>
<li><a
href="https://github.com/github/codeql-action/commit/27c4fb1eef772029c0bbeed96d8538a2af79e541 "><code>27c4fb1</code></a>
Update changelog for v3.29.1</li>
<li><a
href="https://github.com/github/codeql-action/commit/428aea55f52aac0db14530fe4e5c97462c533f7d "><code>428aea5</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2952 ">#2952</a>
from github/redsun82/fix-swift-test</li>
<li><a
href="https://github.com/github/codeql-action/commit/973250f3d233f50890a597fef853ae3b2a538a31 "><code>973250f</code></a>
Swift: recreate a default Swift package to fix test</li>
<li><a
href="https://github.com/github/codeql-action/commit/8ef17824cfb2a3f40cbc7f41bac7e055e53b8164 "><code>8ef1782</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2950 ">#2950</a>
from github/update-bundle/codeql-bundle-v2.22.1</li>
<li><a
href="https://github.com/github/codeql-action/commit/f3bfb9860305f6e80e048f4785d6bee33bf77356 "><code>f3bfb98</code></a>
Add changelog note</li>
<li><a
href="https://github.com/github/codeql-action/commit/2b4afc20b636de8884609ee2a501a68a67766f26 "><code>2b4afc2</code></a>
Update default bundle to codeql-bundle-v2.22.1</li>
<li><a
href="https://github.com/github/codeql-action/commit/9b02dc2f60288b463e7a66e39c78829b62780db7 "><code>9b02dc2</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2928 ">#2928</a>
from github/update-supported-enterprise-server-versions</li>
<li><a
href="https://github.com/github/codeql-action/commit/7ab92d0295a9b09eb653169acdb2c24f7c43614a "><code>7ab92d0</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2948 ">#2948</a>
from github/mbg/copilot-instructions</li>
<li><a
href="https://github.com/github/codeql-action/commit/2cae828745579fc9309404e09440d23bba2f7b79 "><code>2cae828</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2947 ">#2947</a>
from github/dependency-proxy/codeql-bundle-v2.22.0</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/ce28f5bb42b7a9f2c824e633a3f6ee835bab6858...39edc492dbe16b1465b0cafca41432d857bdb31a ">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-30 15:37:51 +00:00
7f23be3874
chore: bump github.com/andybalholm/brotli from 1.1.1 to 1.2.0 ( #18661 )
...
Bumps
[github.com/andybalholm/brotli](https://github.com/andybalholm/brotli )
from 1.1.1 to 1.2.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/andybalholm/brotli/commit/676a02057d90cd1e75ede54cdfa79d4cdb574dae "><code>676a020</code></a>
Pathfinder: improve cost calculation, and use it in NewWriterV2</li>
<li><a
href="https://github.com/andybalholm/brotli/commit/fc701daacf9eec30cae7a5cec6e5e38827894d4c "><code>fc701da</code></a>
Pathfinder: change how literals are represented in arrivals.</li>
<li><a
href="https://github.com/andybalholm/brotli/commit/10cf712196eeb5358c7c2dddf1f53c08b6500f38 "><code>10cf712</code></a>
Pathfinder: enable starting in the middle of a match</li>
<li><a
href="https://github.com/andybalholm/brotli/commit/d6b3fe07ed7eb3cfe0c42ab708781034a326d7fa "><code>d6b3fe0</code></a>
Pathfinder: separate searching and parsing</li>
<li><a
href="https://github.com/andybalholm/brotli/commit/199839b04846152833e2446e39cf6234712163a2 "><code>199839b</code></a>
Pathfinder: pre-compute hash chain (and use 32 bits)</li>
<li><a
href="https://github.com/andybalholm/brotli/commit/e819531509efd8c7d5e79efd9fcabc655c7fbebc "><code>e819531</code></a>
Start experimenting with an optimizing MatchFinder</li>
<li><a
href="https://github.com/andybalholm/brotli/commit/18ac46a8c3d6664cd158ad14ca2fb6ba29752377 "><code>18ac46a</code></a>
M4: use 32-bit hash chain</li>
<li><a
href="https://github.com/andybalholm/brotli/commit/1383db2f0e5a87e62c33bb5adf22351ee2acf50a "><code>1383db2</code></a>
M4: When shortening a match, look for a closer option</li>
<li><a
href="https://github.com/andybalholm/brotli/commit/c036c35cb06f667df542773635b0972cd794d2ea "><code>c036c35</code></a>
M4: look for repeat matches</li>
<li><a
href="https://github.com/andybalholm/brotli/commit/6a1a95ec91781f0eedba50cd865eb822ba7e90c7 "><code>6a1a95e</code></a>
Add arm64 to GOARCH switches</li>
<li>Additional commits viewable in <a
href="https://github.com/andybalholm/brotli/compare/v1.1.1...v1.2.0 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-30 14:08:44 +00:00
c8bc8d3865
chore: bump github.com/moby/moby from 28.2.2+incompatible to 28.3.0+incompatible ( #18660 )
...
Bumps [github.com/moby/moby](https://github.com/moby/moby ) from
28.2.2+incompatible to 28.3.0+incompatible.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/moby/moby/releases ">github.com/moby/moby's
releases</a>.</em></p>
<blockquote>
<h2>28.3.0</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.3.0 ">docker/cli,
28.3.0 milestone</a></li>
<li><a
href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A28.3.0 ">moby/moby,
28.3.0 milestone</a></li>
<li>Deprecated and removed features, see <a
href="https://github.com/docker/cli/blob/v28.3.0/docs/deprecated.md ">Deprecated
Features</a>.</li>
<li>Changes to the Engine API, see <a
href="https://github.com/moby/moby/blob/v28.3.0/docs/api/version-history.md ">API
version history</a>.</li>
</ul>
<h3>New</h3>
<ul>
<li>Add support for AMD GPUs in <code>docker run --gpus</code>. <a
href="https://redirect.github.com/moby/moby/pull/49952 ">moby/moby#49952</a></li>
<li>Use <code>DOCKER_AUTH_CONFIG</code> as a credential store. <a
href="https://redirect.github.com/docker/cli/pull/6008 ">docker/cli#6008</a></li>
</ul>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>Ensure that the state of the container in the daemon database (used
by <a
href="https://docs.docker.com/reference/api/engine/version/v1.49/#tag/Container/operation/ContainerList ">/containers/json</a>
API) is up to date when the container is stopped using the <a
href="https://docs.docker.com/reference/api/engine/version/v1.49/#tag/Container/operation/ContainerStop ">/containers/{id}/stop</a>
API (before response of API). <a
href="https://redirect.github.com/moby/moby/pull/50136 ">moby/moby#50136</a></li>
<li>Fix <code>docker image inspect inspect</code> omitting empty fields.
<a
href="https://redirect.github.com/moby/moby/pull/50135 ">moby/moby#50135</a></li>
<li>Fix <code>docker images --tree</code> not marking images as in-use
when the containerd image store is disabled. <a
href="https://redirect.github.com/docker/cli/pull/6140 ">docker/cli#6140</a></li>
<li>Fix <code>docker pull/push</code> hang in non-interactive when
authentication is required caused by prompting for login credentials. <a
href="https://redirect.github.com/docker/cli/pull/6141 ">docker/cli#6141</a></li>
<li>Fix a potential resource leak when a node leaves a Swarm. <a
href="https://redirect.github.com/moby/moby/pull/50115 ">moby/moby#50115</a></li>
<li>Fix a regression where a login prompt on <code>docker pull</code>
would show Docker Hub-specific hints when logging in on other
registries. <a
href="https://redirect.github.com/docker/cli/pull/6135 ">docker/cli#6135</a></li>
<li>Fix an issue where all new tasks in the Swarm could get stuck in the
PENDING state forever after scaling up a service with placement
preferences. <a
href="https://redirect.github.com/moby/moby/pull/50211 ">moby/moby#50211</a></li>
<li>Remove an undocumented, hidden, top-level <code>docker remove</code>
command that was accidentally introduced in Docker 23.0. <a
href="https://redirect.github.com/docker/cli/pull/6144 ">docker/cli#6144</a></li>
<li>Validate registry-mirrors configuration as part of <code>dockerd
--validate</code> and improve error messages for invalid mirrors. <a
href="https://redirect.github.com/moby/moby/pull/50240 ">moby/moby#50240</a></li>
<li><code>dockerd-rootless-setuptool.sh</code>: Fix the script from
silently returning with no error message when subuid/subgid system
requirements are not satisfied. <a
href="https://redirect.github.com/moby/moby/pull/50059 ">moby/moby#50059</a></li>
<li>containerd image store: Fix <code>docker push</code> not creating a
tag on the remote repository. <a
href="https://redirect.github.com/moby/moby/pull/50199 ">moby/moby#50199</a></li>
<li>containerd image store: Improve handling of errors returned by the
token server during <code>docker pull/push</code>. <a
href="https://redirect.github.com/moby/moby/pull/50176 ">moby/moby#50176</a></li>
</ul>
<h3>Packaging updates</h3>
<ul>
<li>Allow customizing containerd service name for OpenRC. <a
href="https://redirect.github.com/moby/moby/pull/50156 ">moby/moby#50156</a></li>
<li>Update BuildKit to <a
href="https://github.com/moby/buildkit/releases/tag/v0.23.1 ">v0.23.1</a>.
<a
href="https://redirect.github.com/moby/moby/pull/50243 ">moby/moby#50243</a></li>
<li>Update Buildx to <a
href="https://github.com/docker/buildx/releases/tag/v0.25.0 ">v0.25.0</a>.
<a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/1217 ">docker/docker-ce-packaging#1217</a></li>
<li>Update Compose to <a
href="https://github.com/docker/compose/releases/tag/v2.37.2 ">v2.37.2</a>.
<a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/1219 ">docker/docker-ce-packaging#1219</a></li>
<li>Update Docker Model CLI plugin to <a
href="https://github.com/docker/model-cli/releases/tag/v0.1.30 ">v0.1.30</a>.
<a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/1218 ">docker/docker-ce-packaging#1218</a></li>
<li>Update Go runtime to <a
href="https://go.dev/doc/devel/release#go1.24.4 ">1.24.4</a>. <a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/1213 ">docker/docker-ce-packaging#1213</a>,
<a
href="https://redirect.github.com/moby/moby/pull/50153 ">moby/moby#50153</a>,
<a
href="https://redirect.github.com/docker/cli/pull/6124 ">docker/cli#6124</a></li>
</ul>
<h3>Networking</h3>
<ul>
<li>Revert Swarm related changes added in 28.2.x builds, due to a
regression reported in <a
href="https://redirect.github.com/moby/moby/issues/50129 ">moby/moby#50129</a>.
<a
href="https://redirect.github.com/moby/moby/pull/50169 ">moby/moby#50169</a>
<ul>
<li>Revert: Fix an issue where <code>docker network inspect
--verbose</code> could sometimes crash the daemon (<a
href="https://redirect.github.com/moby/moby/pull/49937 ">moby/moby#49937</a>).</li>
<li>Revert: Fix an issue where the load-balancer IP address for an
overlay network would not be released in certain cases if the Swarm was
lacking an ingress network (<a
href="https://redirect.github.com/moby/moby/pull/49948 ">moby/moby#49948</a>).</li>
<li>Revert: Improve the reliability of NetworkDB in busy clusters and
lossy networks (<a
href="https://redirect.github.com/moby/moby/pull/49932 ">moby/moby#49932</a>).</li>
<li>Revert: Improvements to the reliability and convergence speed of
NetworkDB (<a
href="https://redirect.github.com/moby/moby/pull/49939 ">moby/moby#49939</a>).</li>
</ul>
</li>
<li>Fix an issue that could cause container startup to fail, or lead to
failed UDP port mappings, when some container ports are mapped to
<code>0.0.0.0</code> and others are mapped to specific host addresses.
<a
href="https://redirect.github.com/moby/moby/pull/50054 ">moby/moby#50054</a></li>
<li>The <code>network inspect</code> response for an overlay network now
reports that <code>EnableIPv4</code> is true. <a
href="https://redirect.github.com/moby/moby/pull/50147 ">moby/moby#50147</a></li>
<li>Windows: Improve daemon startup time in cases where the host has
networks of type <code>"Mirrored"</code>. <a
href="https://redirect.github.com/moby/moby/pull/50155 ">moby/moby#50155</a></li>
<li>Windows: Make sure <code>docker system prune</code> and <code>docker
network prune</code> only remove networks created by Docker. <a
href="https://redirect.github.com/moby/moby/pull/50154 ">moby/moby#50154</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/moby/moby/commit/265f709647947fb5a1adf7e4f96f2113dcc377bd "><code>265f709</code></a>
Merge pull request <a
href="https://redirect.github.com/moby/moby/issues/50247 ">#50247</a>
from vvoland/50245-28.x</li>
<li><a
href="https://github.com/moby/moby/commit/b2a9318a1e70deabdf9cda8c08caabd492b6b581 "><code>b2a9318</code></a>
docs: cut api docs for v1.51</li>
<li><a
href="https://github.com/moby/moby/commit/b3e2e22b2adee0cff0a20134559074b9481ba2ba "><code>b3e2e22</code></a>
Merge pull request <a
href="https://redirect.github.com/moby/moby/issues/50244 ">#50244</a>
from vvoland/50177-28.x</li>
<li><a
href="https://github.com/moby/moby/commit/c571cd85133c8e25ce9c9b7eb3a1c8c54f88346e "><code>c571cd8</code></a>
Merge pull request <a
href="https://redirect.github.com/moby/moby/issues/50243 ">#50243</a>
from vvoland/50238-28.x</li>
<li><a
href="https://github.com/moby/moby/commit/8c713c1af4ad61a9faf8b55e7710b8a17e081275 "><code>8c713c1</code></a>
gha: lower timeouts on "build" and "merge"
steps</li>
<li><a
href="https://github.com/moby/moby/commit/539c115023eb01f1dd65b019cd5d50dd36d34188 "><code>539c115</code></a>
Merge pull request <a
href="https://redirect.github.com/moby/moby/issues/50240 ">#50240</a>
from thaJeztah/28.x_backport_validate_mirrors</li>
<li><a
href="https://github.com/moby/moby/commit/8e7ea470cf0720f1988fe9a0af6342d550d86cc3 "><code>8e7ea47</code></a>
vendor: update buildkit to v0.23.1</li>
<li><a
href="https://github.com/moby/moby/commit/222baf4ccbcb216fe812ad0300d02dfec3f28a70 "><code>222baf4</code></a>
vendor: github.com/moby/buildkit v0.23.0</li>
<li><a
href="https://github.com/moby/moby/commit/1627e828d7e5566ead2c69f63d661ef47f96e61a "><code>1627e82</code></a>
Merge pull request <a
href="https://redirect.github.com/moby/moby/issues/50241 ">#50241</a>
from thaJeztah/28.x_backport_update_cgroups</li>
<li><a
href="https://github.com/moby/moby/commit/4070ebda88cb8f6448d0725633dc40394e563705 "><code>4070ebd</code></a>
Merge pull request <a
href="https://redirect.github.com/moby/moby/issues/50242 ">#50242</a>
from thaJeztah/28.x_backport_fix_event_ordering</li>
<li>Additional commits viewable in <a
href="https://github.com/moby/moby/compare/v28.2.2...v28.3.0 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-30 14:03:08 +00:00
f89e057c4c
chore: add beta badge to tasks ( #18656 )
2025-06-30 10:51:42 +02:00
d814fdfa1c
fix(.devcontainer): add home volume and fix code-server and filebrowser ( #18648 )
2025-06-30 09:32:17 +01:00
e97540afbd
chore: work around race in lib/pq ( #18655 )
...
Upgrade our lib/pq fork to work around the data race identified here:
https://github.com/coder/internal/issues/731
2025-06-30 12:00:46 +04:00
4095330041
fix: use only template version ID to create task workspace ( #18642 )
...
When creating a new task, the following error was getting returned:
**Error:**
```json
{
"message": "Validation failed.",
"validations": [
{
"field": "template_id",
"detail": "Validation failed for tag \"excluded_with\" with value: \"42205a38-845c-4186-8475-f002e0936d53\""
},
{
"field": "template_version_id",
"detail": "Validation failed for tag \"excluded_with\" with value: \"22b1c4b7-432d-4eb5-9341-cd8efacb8f46\""
}
]
}
```
Caused by https://github.com/coder/coder/pull/18623
2025-06-27 15:07:54 -03:00
d4208d23aa
refactor: show icons for multi-select parameter options ( #18594 )
2025-06-27 10:54:47 -06:00
5ae21517e0
chore: bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 ( #18647 )
...
Bumps
[github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure )
from 2.2.1 to 2.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/go-viper/mapstructure/releases ">github.com/go-viper/mapstructure/v2's
releases</a>.</em></p>
<blockquote>
<h2>v2.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>build(deps): bump actions/checkout from 4.1.7 to 4.2.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/46 ">go-viper/mapstructure#46</a></li>
<li>build(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1
by <a href="https://github.com/dependabot "><code>@dependabot</code></a>
in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/47 ">go-viper/mapstructure#47</a></li>
<li>[enhancement] Add check for <code>reflect.Value</code> in
<code>ComposeDecodeHookFunc</code> by <a
href="https://github.com/mahadzaryab1 "><code>@mahadzaryab1</code></a>
in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/52 ">go-viper/mapstructure#52</a></li>
<li>build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/51 ">go-viper/mapstructure#51</a></li>
<li>build(deps): bump actions/checkout from 4.2.0 to 4.2.2 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/50 ">go-viper/mapstructure#50</a></li>
<li>build(deps): bump actions/setup-go from 5.1.0 to 5.2.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/55 ">go-viper/mapstructure#55</a></li>
<li>build(deps): bump actions/setup-go from 5.2.0 to 5.3.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/58 ">go-viper/mapstructure#58</a></li>
<li>ci: add Go 1.24 to the test matrix by <a
href="https://github.com/sagikazarmark "><code>@sagikazarmark</code></a>
in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/74 ">go-viper/mapstructure#74</a></li>
<li>build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.5.0
by <a href="https://github.com/dependabot "><code>@dependabot</code></a>
in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/72 ">go-viper/mapstructure#72</a></li>
<li>build(deps): bump golangci/golangci-lint-action from 6.5.0 to 6.5.1
by <a href="https://github.com/dependabot "><code>@dependabot</code></a>
in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/76 ">go-viper/mapstructure#76</a></li>
<li>build(deps): bump actions/setup-go from 5.3.0 to 5.4.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/78 ">go-viper/mapstructure#78</a></li>
<li>feat: add decode hook for netip.Prefix by <a
href="https://github.com/tklauser "><code>@tklauser</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/85 ">go-viper/mapstructure#85</a></li>
<li>Updates by <a
href="https://github.com/sagikazarmark "><code>@sagikazarmark</code></a>
in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/86 ">go-viper/mapstructure#86</a></li>
<li>build(deps): bump github/codeql-action from 2.13.4 to 3.28.15 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/87 ">go-viper/mapstructure#87</a></li>
<li>build(deps): bump actions/setup-go from 5.4.0 to 5.5.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/93 ">go-viper/mapstructure#93</a></li>
<li>build(deps): bump github/codeql-action from 3.28.15 to 3.28.17 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/92 ">go-viper/mapstructure#92</a></li>
<li>build(deps): bump github/codeql-action from 3.28.17 to 3.28.19 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/97 ">go-viper/mapstructure#97</a></li>
<li>build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/96 ">go-viper/mapstructure#96</a></li>
<li>Update README.md by <a
href="https://github.com/peczenyj "><code>@peczenyj</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/90 ">go-viper/mapstructure#90</a></li>
<li>Add omitzero tag. by <a
href="https://github.com/Crystalix007 "><code>@Crystalix007</code></a>
in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/98 ">go-viper/mapstructure#98</a></li>
<li>Use error structs instead of duplicated strings by <a
href="https://github.com/m1k1o "><code>@m1k1o</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/102 ">go-viper/mapstructure#102</a></li>
<li>build(deps): bump github/codeql-action from 3.28.19 to 3.29.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/101 ">go-viper/mapstructure#101</a></li>
<li>feat: add common error interface by <a
href="https://github.com/sagikazarmark "><code>@sagikazarmark</code></a>
in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/105 ">go-viper/mapstructure#105</a></li>
<li>update linter by <a
href="https://github.com/sagikazarmark "><code>@sagikazarmark</code></a>
in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/106 ">go-viper/mapstructure#106</a></li>
<li>Feature allow unset pointer by <a
href="https://github.com/rostislaved "><code>@rostislaved</code></a> in
<a
href="https://redirect.github.com/go-viper/mapstructure/pull/80 ">go-viper/mapstructure#80</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/tklauser "><code>@tklauser</code></a>
made their first contribution in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/85 ">go-viper/mapstructure#85</a></li>
<li><a href="https://github.com/peczenyj "><code>@peczenyj</code></a>
made their first contribution in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/90 ">go-viper/mapstructure#90</a></li>
<li><a
href="https://github.com/Crystalix007 "><code>@Crystalix007</code></a>
made their first contribution in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/98 ">go-viper/mapstructure#98</a></li>
<li><a
href="https://github.com/rostislaved "><code>@rostislaved</code></a>
made their first contribution in <a
href="https://redirect.github.com/go-viper/mapstructure/pull/80 ">go-viper/mapstructure#80</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/go-viper/mapstructure/compare/v2.2.1...v2.3.0 ">https://github.com/go-viper/mapstructure/compare/v2.2.1...v2.3.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/go-viper/mapstructure/commit/8c61ec1924fcfa522f9fc6b4618c672db61d1a38 "><code>8c61ec1</code></a>
Merge pull request <a
href="https://redirect.github.com/go-viper/mapstructure/issues/80 ">#80</a>
from rostislaved/feature-allow-unset-pointer</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/df765f469ad16a1996fd0f0ae6a32b20535b966a "><code>df765f4</code></a>
Merge pull request <a
href="https://redirect.github.com/go-viper/mapstructure/issues/106 ">#106</a>
from go-viper/update-linter</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/5f34b05aa12639380ef7c2af69eb6f8fd629dbd0 "><code>5f34b05</code></a>
update linter</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/36de1e1d74f55681536097ff8467a8ce952ef183 "><code>36de1e1</code></a>
Merge pull request <a
href="https://redirect.github.com/go-viper/mapstructure/issues/105 ">#105</a>
from go-viper/error-refactor</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/6a283a390ee7bc0f9331f58199db234902e0739f "><code>6a283a3</code></a>
chore: update error type doc</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/599cb73236404c044abcf278a45c3928d7480dd0 "><code>599cb73</code></a>
Merge pull request <a
href="https://redirect.github.com/go-viper/mapstructure/issues/101 ">#101</a>
from go-viper/dependabot/github_actions/github/codeql...</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/ed3f92181528ff776a0324107b8b55026e93766a "><code>ed3f921</code></a>
feat: remove value from error messages</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/a3f8b227dcdae324c070d389152837f0aa635f4b "><code>a3f8b22</code></a>
revert: error message change</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/9661f6d07c319da00ae0508d99df5f3f0c3953bd "><code>9661f6d</code></a>
feat: add common error interface</li>
<li><a
href="https://github.com/go-viper/mapstructure/commit/f12f6c76fe743c8e4cc6465c6a9f16fcd8cede57 "><code>f12f6c7</code></a>
Merge pull request <a
href="https://redirect.github.com/go-viper/mapstructure/issues/102 ">#102</a>
from m1k1o/prettify-errors2</li>
<li>Additional commits viewable in <a
href="https://github.com/go-viper/mapstructure/compare/v2.2.1...v2.3.0 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/coder/coder/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-27 16:52:24 +00:00
ff3ff0170a
chore: update logo description to specify maximum 3:1 aspect ratio ( #18641 )
...
Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
Co-authored-by: matifali <10648092+matifali@users.noreply.github.com >
2025-06-27 16:38:44 +00:00
8eebb4fa4c
feat: make task panels resizable ( #18590 )
...
**Demo:**
https://github.com/user-attachments/assets/cc80b768-197e-42a0-9326-f30c9d9038e3
2025-06-27 13:34:04 -03:00
0f3a1e9849
fix(agent/agentcontainers): split Init into Init and Start for early API responses ( #18640 )
...
Previously in #18635 we delayed the containers API `Init` to avoid producing
errors due to Docker and `@devcontainers/cli` not yet being installed by startup
scripts. This had an adverse effect on the UX via UI responsiveness as the
detection of devcontainers was greatly delayed.
This change splits `Init` into `Init` and `Start` so that we can immediately
after `Init` start serving known devcontainers (defined in Terraform), improving
the UX.
Related #18635
Related #18640
2025-06-27 19:01:50 +03:00
e46d892c29
fix(.devcontainer): remove double slash from zed path ( #18639 )
2025-06-27 18:34:08 +03:00
b4aa643dfa
fix(agent/agentcontainers): ensure proper channel closure for updateTrigger ( #18631 )
2025-06-27 18:05:48 +03:00
Rowan Smith