mirror of
https://github.com/coder/coder.git
synced 2026-06-07 23:18:20 +00:00
1a774ab7ce99063a2e01beb94de3fcbccaf84dbe
12434 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
 Danny Kopping
|
6e967780c9 |
feat: track resource replacements when claiming a prebuilt workspace (#17571)
Closes https://github.com/coder/internal/issues/369 We can't know whether a replacement (i.e. drift of terraform state leading to a resource needing to be deleted/recreated) will take place apriori; we can only detect it at `plan` time, because the provider decides whether a resource must be replaced and it cannot be inferred through static analysis of the template. **This is likely to be the most common gotcha with using prebuilds, since it requires a slight template modification to use prebuilds effectively**, so let's head this off before it's an issue for customers. Drift details will now be logged in the workspace build logs:  Plus a notification will be sent to template admins when this situation arises:  A new metric - `coderd_prebuilt_workspaces_resource_replacements_total` - will also increment each time a workspace encounters replacements. We only track _that_ a resource replacement occurred, not how many. Just one is enough to ruin a prebuild, but we can't know apriori which replacement would cause this. For example, say we have 2 replacements: a `docker_container` and a `null_resource`; we don't know which one might cause an issue (or indeed if either would), so we just track the replacement. --------- Signed-off-by: Danny Kopping <dannykopping@gmail.com> |
||
|
Bruno Quaresma
|
e75d1c1ce5 | chore: replace MUI LoadingButton with Button + Spinner - 2 (#17817) | ||
|
Bruno Quaresma
|
c7bc4047ba | chore: replace MUI LoadingButton with Button + Spinner - 1 (#17816) | ||
|
Sas Swart
|
425ee6fa55 |
feat: reinitialize agents when a prebuilt workspace is claimed (#17475)
This pull request allows coder workspace agents to be reinitialized when a prebuilt workspace is claimed by a user. This facilitates the transfer of ownership between the anonymous prebuilds system user and the new owner of the workspace. Only a single agent per prebuilt workspace is supported for now, but plumbing has already been done to facilitate the seamless transition to multi-agent support. --------- Signed-off-by: Danny Kopping <dannykopping@gmail.com> Co-authored-by: Danny Kopping <dannykopping@gmail.com> |
||
|
Bruno Quaresma
|
fcbdd1a28e |
refactor: replace badge by status indicator (#17811)
**Why?** In the workspaces page, it is using the status indicator, and not the badge anymore, so to keep the UI consistent, I'm replacing the badge by the indicator in the workspace page too. **Before:** <img width="672" alt="Screenshot 2025-05-13 at 19 14 17" src="https://github.com/user-attachments/assets/0e8ea4bd-68d1-4d27-b81b-f79f15cabb2c" /> **After:** <img width="672" alt="Screenshot 2025-05-13 at 19 14 21" src="https://github.com/user-attachments/assets/45719262-011e-4fc8-9ebe-fe9e33d9d572" /> |
||
|
Bruno Quaresma
|
80e1be0db1 |
fix: replace wrong emoji reference (#17810)
Before: <img width="713" alt="Screenshot 2025-05-13 at 19 01 15" src="https://github.com/user-attachments/assets/9e4438a4-28db-4d94-a9ce-cecfb73ce8ab" /> After: <img width="713" alt="Screenshot 2025-05-13 at 19 02 22" src="https://github.com/user-attachments/assets/627ddbb2-45d1-48a1-bd34-a998e11966a2" /> |
||
|
Bruno Quaresma
|
f87dbe757e |
chore: replace MUI icons with Lucide icons - 11 (#17814)
PersonOutlined -> UserIcon Schedule -> ClockIcon SettingsSuggest -> SettingsIcon SettingsOutlined -> SettingsIcon CodeOutlined -> CodeIcon TimerOutlined -> TimerIcon |
||
|
Bruno Quaresma
|
c71839294b |
fix: don't open a window for external apps (#17813)
This prevents empty windows like the following to happen:  |
||
|
Bruno Quaresma
|
67e40244a4 |
feat: add extra workspace actions in the workspaces table (#17775)
**Demo:** <img width="1624" alt="Screenshot 2025-05-12 at 16 53 36" src="https://github.com/user-attachments/assets/7f125b31-5ce8-4c1f-8e26-c3136346cae3" /> |
||
|
ケイラ
|
60762d4c13 | feat: load terraform modules when using dynamic parameters (#17714) | ||
|
Edward Angert
|
f9817af11f |
docs: add section on how to retrieve user list (#17798)
previews - [admin/users](https://coder.com/docs/@export-coder-users/admin/users) - [reference/cli/users](https://coder.com/docs/@export-coder-users/reference/cli/users) followup to slack thread: > Tim > what's the best way for customers to export a list of Coder users? > > @ericpaulsen > the `/api/v2/users` API route returns all users in the deployment (along with other information - email, status, username, etc.). from <https://coder.com/docs/reference/api/users#get-users> - adds an easy-to-find section to the admin/users doc - updates the cli commands with short descriptions --------- Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com> Co-authored-by: M Atif Ali <atif@coder.com> |
||
|
M Atif Ali
|
170f41ac55 |
chore: fix release calendar and script (#17745)
Updates the script for the release calendar to use the actual release dates. This is done to work around the anomaly of the delayed May release. |
||
|
Dean Sheather
|
ef745c0c5d |
chore: optimize workspace_latest_builds view query (#17789)
Avoids two sequential scans of massive tables (`workspace_builds`, `provisioner_jobs`) and uses index scans instead. This new view largely replicates our already optimized query `GetWorkspaces` to fetch the latest build. The original query and the new query were compared against the dogfood database to ensure they return the exact same data in the exact same order (minus the new `workspaces.deleted = false` filter to improve performance even more). The performance is massively improved even without the `workspaces.deleted = false` filter, but it was added to improve it even more. Note: these query times are probably inflated due to high database load on our dogfood environment that this intends to partially resolve. Before: 2,139ms ([explain](https://explain.dalibo.com/plan/997e4fch241b46e6)) After: 33ms ([explain](https://explain.dalibo.com/plan/c888dc223870f181)) Co-authored-by: Cian Johnston <cian@coder.com> --------- Signed-off-by: Danny Kopping <dannykopping@gmail.com> Co-authored-by: Mathias Fredriksson <mafredri@gmail.com> Co-authored-by: Danny Kopping <dannykopping@gmail.com> |
||
|
Danny Kopping
|
b2a1de9e2a |
feat: fetch prebuilds metrics state in background (#17792)
`Collect()` is called whenever the `/metrics` endpoint is hit to retrieve metrics. The queries used in prebuilds metrics collection are quite heavy, and we want to avoid having them running concurrently / too often to keep db load down. Here I'm moving towards a background retrieval of the state required to set the metrics, which gets invalidated every interval. Also introduces `coderd_prebuilt_workspaces_metrics_last_updated` which operators can use to determine when these metrics go stale. See https://github.com/coder/coder/pull/17789 as well. --------- Signed-off-by: Danny Kopping <dannykopping@gmail.com> |
||
|
Bruno Quaresma
|
709445e6fb |
chore: replace MUI icons with Lucide icons - 9 (#17796)
OpenInNew -> ExternalLinkIcon KeyboardArrowLeft -> ChevronLeftIcon KeyboardArrowRight -> ChevronRightIcon Settings -> SettingsIcon |
||
|
Steven Masley
|
64807e1d61 |
chore: apply the 4mb max limit on drpc protocol message size (#17771)
Respect the 4mb max limit on proto messages |
||
|
Cian Johnston
|
a1c03b6c5f |
feat: add experimental Chat UI (#17650)
Builds on https://github.com/coder/coder/pull/17570 Frontend portion of https://github.com/coder/coder/tree/chat originally authored by @kylecarbs Additional changes: - Addresses linter complaints - Brings `ChatToolInvocation` argument definitions in line with those defined in `codersdk/toolsdk` - Ensures chat-related features are not shown unless `ExperimentAgenticChat` is enabled. Co-authored-by: Kyle Carberry <kyle@carberry.com> |
||
|
Charlie Voiselle
|
8f64d49b22 |
chore: update alpine 3.21.2 => 3.21.3 (#17773)
Resolves 3 CVEs in base container (1 High, 2 Medium) | CVE ID | CVSS Score | Package / Version | | -------------- | ---------- | ------------------------------ | | CVE-2025-26519 | 8.1 High | apk / alpine/musl / 1.2.5-r8 | | CVE-2024-12797 | 6.3 Medium | apk / alpine/openssl / 3.3.2-r4 | | CVE-2024-13176 | 4.1 Medium | apk / alpine/openssl / 3.3.2-r4 | |
||
|
Bruno Quaresma
|
86da21c491 |
chore: replace MUI icons with Lucide icons - 10 (#17797)
CloseOutlined -> XIcon SearchOutlined -> SearchIcon Refresh -> RotateCwIcon Build -> WrenchIcon |
||
|
Bruno Quaresma
|
eb9a651acd |
chore: replace MUI icons with Lucide icons - 8 (#17778)
1. Replaced CheckOutlined with CheckIcon in: - TemplateVersionStatusBadge.tsx - TemplateEmbedPage.tsx - IntervalMenu.tsx - WeekPicker.tsx - SelectMenu.tsx 2. Replaced EditCalendarOutlined with CalendarCogIcon in: - UserSettingsPage/Sidebar.tsx - Sidebar.stories.tsx 3. Replaced LockOutlined with LockIcon in: - UserSettingsPage/Sidebar.tsx - TemplateSettingsPage/Sidebar.tsx - Sidebar.stories.tsx 4. Replaced Person with UserIcon in: - UserSettingsPage/Sidebar.tsx - Sidebar.stories.tsx 5. Replaced VpnKeyOutlined with KeyIcon in: - UserSettingsPage/Sidebar.tsx - Sidebar.stories.tsx 6. Replaced FingerprintOutlined with FingerprintIcon in: - UserSettingsPage/Sidebar.tsx - Sidebar.stories.tsx |
||
|
Bruno Quaresma
|
02425ee864 |
chore: replace MUI icons with Lucide icons - 7 (#17776)
VisibilityOffOutlined -> EyeOffIcon VisibilityOutlined -> EyeIcon |
||
|
Danielle Maywood
|
b0788f410f |
chore: rename "Test Notification" to "Troubleshooting Notification" (#17790)
Rename the "Test Notification" to "Troubleshooting Notification" |
||
|
Susana Ferreira
|
599bb35a04 |
fix(coderd): list templates returns non-deprecated templates by default (#17747)
## Description
Modifies the behaviour of the "list templates" API endpoints to return
non-deprecated templates by default. Users can still query for
deprecated templates by specifying the `deprecated=true` query
parameter.
**Note:** The deprecation feature is an enterprise-level feature
## Affected Endpoints
* /api/v2/organizations/{organization}/templates
* /api/v2/templates
Fixes #17565
|
||
|
Danielle Maywood
|
7f056da088 |
feat: add hidden CODER_AGENT_IS_SUB_AGENT flag to coder agent (#17783)
Closes https://github.com/coder/internal/issues/620 Adds a new, hidden, flag `CODER_AGENT_IS_SUB_AGENT` to the `coder agent` command. |
||
|
Danielle Maywood
|
0b5f27f566 |
feat: add parent_id column to workspace_agents table (#17758)
Adds a new nullable column `parent_id` to `workspace_agents` table. This lays the groundwork for having child agents. |
||
|
Steven Masley
|
398b999d8f |
chore: pass previous values into terraform apply (#17696)
Pass previous workspace build parameter values into the terraform `plan/apply`. Enforces monotonicity in terraform as well as `coderd`. |
||
|
ケイラ
|
d0ab91c16f | fix: reduce size of terraform modules archive (#17749) | ||
|
ケイラ
|
10b44a5d1d | fix: use monochrome zed icon (#17774) | ||
|
Callum Styan
|
578b9ff5fe |
fix: enrich the notLoggedInMessage error message with the full path to the coder (#17715)
--------- Signed-off-by: Callum Styan <callumstyan@gmail.com> |
||
|
Bruno Quaresma
|
15bd7a3add |
chore: replace MUI icons with Lucide icons - 5 (#17750)
Replacements: MUI | Lucide OpenInNewOutlined | ExternalLinkIcon HelpOutline | CircleHelpIcon ErrorOutline | CircleAlertIcon |
||
|
Cian Johnston
|
e0dd50d7fb |
chore(cli): fix test flake in TestExpMcpServer (#17772)
Test was failing inside a Coder workspace. |
||
|
Hugo Dutka
|
ea2cae0e20 |
chore: tune postgres CI tests (#17756)
Changes: - use a bigger runner for test-go-pg on Linux - use a depot runner to run postgres tests on Windows - use the same Windows ramdisk action for postgres tests as the one currently used for in-memory tests - put GOTMPDIR on a ramdisk on Windows - tune the number of tests running in parallel on macOS and Windows - use a ramdisk for postgres on macOS - turn off Spotlight indexing on macOS - rerun failing tests to stop flakes from disrupting developers Results: - test-go-pg on Linux completing in 50% of the time it takes to run on main ([run on main](https://github.com/coder/coder/actions/runs/14937632073/job/41968714750), [run on this PR](https://github.com/coder/coder/actions/runs/14956584795/job/42013097674?pr=17756)) - macOS tests completing in 70% of the time ([run on main](https://github.com/coder/coder/actions/runs/14921155015/job/41916639889), [run on this PR](https://github.com/coder/coder/actions/runs/14956590940/job/42013102975)) - Windows tests completing in 50% of the time ([run on main](https://github.com/coder/coder/actions/runs/14921155015/job/41916640058), [run on this PR](https://github.com/coder/coder/actions/runs/14956590940/job/42013103116)) This PR helps unblock https://github.com/coder/coder/issues/15109. |
||
|
Steven Masley
|
37832413ba |
chore: resolve internal drpc package conflict (#17770)
Our internal drpc package name conflicts with the external one in usage. `drpc.*` == external `drpcsdk.*` == internal |
||
|
Danny Kopping
|
af2941bb92 |
feat: add is_prebuild_claim to distinguish post-claim provisioning (#17757)
Used in combination with https://github.com/coder/terraform-provider-coder/pull/396 This is required by both https://github.com/coder/coder/pull/17475 and https://github.com/coder/coder/pull/17571 Operators may need to conditionalize their templates to perform certain operations once a prebuilt workspace has been claimed. This value will **only** be set once a claim takes place and a subsequent `terraform apply` occurs. Any `terraform apply` runs thereafter will be indistinguishable from a normal run on a workspace. --------- Signed-off-by: Danny Kopping <dannykopping@gmail.com> |
||
|
dependabot[bot]
|
799a0ba573 |
chore: bump github.com/valyala/fasthttp from 1.61.0 to 1.62.0 (#17766)
Bumps [github.com/valyala/fasthttp](https://github.com/valyala/fasthttp) from 1.61.0 to 1.62.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/valyala/fasthttp/releases">github.com/valyala/fasthttp's releases</a>.</em></p> <blockquote> <h2>v1.62.0</h2> <h2>What's Changed</h2> <ul> <li>Add support for streaming identity-encoded or unknown length response bodies by <a href="https://github.com/osxtest"><code>@osxtest</code></a> in <a href="https://redirect.github.com/valyala/fasthttp/pull/2000">valyala/fasthttp#2000</a></li> <li>feat: move user values to Request structure by <a href="https://github.com/mdenushev"><code>@mdenushev</code></a> in <a href="https://redirect.github.com/valyala/fasthttp/pull/1999">valyala/fasthttp#1999</a></li> <li>chore(deps): bump golangci/golangci-lint-action from 7 to 8 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/valyala/fasthttp/pull/2001">valyala/fasthttp#2001</a></li> <li>chore(deps): bump golang.org/x/crypto from 0.37.0 to 0.38.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/valyala/fasthttp/pull/2002">valyala/fasthttp#2002</a></li> <li>chore(deps): bump golang.org/x/net from 0.39.0 to 0.40.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/valyala/fasthttp/pull/2003">valyala/fasthttp#2003</a></li> <li>modify <code>acceptConn</code> for <code>RIO</code> by <a href="https://github.com/wamshawn"><code>@wamshawn</code></a> in <a href="https://redirect.github.com/valyala/fasthttp/pull/2005">valyala/fasthttp#2005</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/osxtest"><code>@osxtest</code></a> made their first contribution in <a href="https://redirect.github.com/valyala/fasthttp/pull/2000">valyala/fasthttp#2000</a></li> <li><a href="https://github.com/wamshawn"><code>@wamshawn</code></a> made their first contribution in <a href="https://redirect.github.com/valyala/fasthttp/pull/2005">valyala/fasthttp#2005</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/valyala/fasthttp/compare/v1.61.0...v1.62.0">https://github.com/valyala/fasthttp/compare/v1.61.0...v1.62.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/valyala/fasthttp/commit/9e457ebd982fe77cce75b59667ff20d4c3af30b2"><code>9e457eb</code></a> mod acceptConn (<a href="https://redirect.github.com/valyala/fasthttp/issues/2005">#2005</a>)</li> <li><a href="https://github.com/valyala/fasthttp/commit/69a68df4eb257570ffed33b85a8e6d523b07ed70"><code>69a68df</code></a> chore(deps): bump golang.org/x/net from 0.39.0 to 0.40.0 (<a href="https://redirect.github.com/valyala/fasthttp/issues/2003">#2003</a>)</li> <li><a href="https://github.com/valyala/fasthttp/commit/83fbe80f9379db8388b4ee24a2eaab4674998b3f"><code>83fbe80</code></a> chore(deps): bump golang.org/x/crypto from 0.37.0 to 0.38.0 (<a href="https://redirect.github.com/valyala/fasthttp/issues/2002">#2002</a>)</li> <li><a href="https://github.com/valyala/fasthttp/commit/51817a4eb67dabb67e0870efccb20caafe0a936d"><code>51817a4</code></a> chore(deps): bump golangci/golangci-lint-action from 7 to 8 (<a href="https://redirect.github.com/valyala/fasthttp/issues/2001">#2001</a>)</li> <li><a href="https://github.com/valyala/fasthttp/commit/41a1449627b8ba0cbf30030ea41fc1ae4ca514f2"><code>41a1449</code></a> feat: move user values to Request structure (<a href="https://redirect.github.com/valyala/fasthttp/issues/1999">#1999</a>)</li> <li><a href="https://github.com/valyala/fasthttp/commit/1345f42ede3f31b6fe6b42342256f338261bd9d5"><code>1345f42</code></a> Add support for streaming identity-encoded or unknown length response bodies ...</li> <li>See full diff in <a href="https://github.com/valyala/fasthttp/compare/v1.61.0...v1.62.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
345a239838 |
chore: bump github.com/open-policy-agent/opa from 1.3.0 to 1.4.2 (#17674)
Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 1.3.0 to 1.4.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/open-policy-agent/opa/releases">github.com/open-policy-agent/opa's releases</a>.</em></p> <blockquote> <h2>v1.4.2</h2> <p>This is a bug fix release addressing the missing <code>capabilities/v1.4.1.json</code> in the v1.4.1 release.</p> <h2>v1.4.1</h2> <p>⚠️ Please skip this release and go straight to v1.4.2 ⚠️ This release is broken due to a mistake during the release process and the artifacts are missing a crucial capabilities file. Sorry for any inconvenience.</p> <hr /> <p>This is a security fix release for the fixes published in Go <a href="https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI">1.24.1</a> and <a href="https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk">1.24.2</a></p> <ul> <li>build: bump go to 1.24.2 (<a href="https://redirect.github.com/open-policy-agent/opa/issues/7544">#7544</a>) (authored by <a href="https://github.com/sspaink"><code>@sspaink</code></a>) Addressing <code>CVE-2025-22870</code> and <code>CVE-2025-22871</code> vulnerabilities in the Go runtime.</li> </ul> <h2>v1.4.0</h2> <p>This release contains a security fix addressing CVE-2025-46569. It also includes a mix of new features, bugfixes, and dependency updates.</p> <h4>Security Fix: CVE-2025-46569 - OPA server Data API HTTP path injection of Rego (<a href="https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7">GHSA-6m8w-jc87-6cr7</a>)</h4> <p>A vulnerability in the OPA server's <a href="https://www.openpolicyagent.org/docs/latest/rest-api/#data-api">Data API</a> allows an attacker to craft the HTTP path in a way that injects Rego code into the query that is evaluated.<br /> The evaluation result cannot be made to return any other data than what is generated by the requested path, but this path can be misdirected, and the injected Rego code can be crafted to make the query succeed or fail; opening up for oracle attacks or, given the right circumstances, erroneous policy decision results. Furthermore, the injected code can be crafted to be computationally expensive, resulting in a Denial Of Service (DoS) attack.</p> <p><strong>Users are only impacted if all of the following apply:</strong></p> <ul> <li>OPA is deployed as a standalone server (rather than being used as a Go library)</li> <li>The OPA server is exposed outside of the local host in an untrusted environment.</li> <li>The configured <a href="https://www.openpolicyagent.org/docs/latest/security/#authentication-and-authorization">authorization policy</a> does not do exact matching of the input.path attribute when deciding if the request should be allowed.</li> </ul> <p><strong>or, if all of the following apply:</strong></p> <ul> <li>OPA is deployed as a standalone server.</li> <li>The service connecting to OPA allows 3rd parties to insert unsanitised text into the path of the HTTP request to OPA’s Data API.</li> </ul> <p>Note: With <strong>no</strong> <a href="https://www.openpolicyagent.org/docs/latest/security/#authentication-and-authorization">Authorization Policy</a> configured for restricting API access (the default configuration), the RESTful <a href="https://www.openpolicyagent.org/docs/latest/rest-api/#data-api">Data API</a> provides access for managing Rego policies; and the RESTful <a href="https://www.openpolicyagent.org/docs/latest/rest-api/#query-api">Query API</a> facilitates advanced queries. Full access to these APIs provides both simpler, and broader access than what the security issue describes here can facilitate. As such, OPA servers exposed to a network are <strong>not</strong> considered affected by the attack described here if they are knowingly not restricting access through an Authorization Policy.</p> <p>This issue affects all versions of OPA prior to 1.4.0.</p> <p>See the <a href="https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7">Security Advisory</a> for more details.</p> <p>Reported by <a href="https://github.com/GamrayW"><code>@GamrayW</code></a>, <a href="https://github.com/HyouKash"><code>@HyouKash</code></a>, <a href="https://github.com/AdrienIT"><code>@AdrienIT</code></a>, authored by <a href="https://github.com/johanfylling"><code>@johanfylling</code></a></p> <h3>Runtime, Tooling, SDK</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md">github.com/open-policy-agent/opa's changelog</a>.</em></p> <blockquote> <h2>1.4.2</h2> <p>This is a bug fix release addressing the missing <code>capabilities/v1.4.1.json</code> in the v1.4.1 release.</p> <h2>1.4.1</h2> <p>This is a security fix release for the fixes published in Go <a href="https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI">1.24.1</a> and <a href="https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk">1.24.2</a></p> <ul> <li>build: bump go to 1.24.2 (<a href="https://redirect.github.com/open-policy-agent/opa/issues/7544">#7544</a>) (authored by <a href="https://github.com/sspaink"><code>@sspaink</code></a>) Addressing <code>CVE-2025-22870</code> and <code>CVE-2025-22871</code> vulnerabilities in the Go runtime.</li> </ul> <h2>1.4.0</h2> <p>This release contains a security fix addressing CVE-2025-46569. It also includes a mix of new features, bugfixes, and dependency updates.</p> <h4>Security Fix: CVE-2025-46569 - OPA server Data API HTTP path injection of Rego (<a href="https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7">GHSA-6m8w-jc87-6cr7</a>)</h4> <p>A vulnerability in the OPA server's <a href="https://www.openpolicyagent.org/docs/latest/rest-api/#data-api">Data API</a> allows an attacker to craft the HTTP path in a way that injects Rego code into the query that is evaluated.<br /> The evaluation result cannot be made to return any other data than what is generated by the requested path, but this path can be misdirected, and the injected Rego code can be crafted to make the query succeed or fail; opening up for oracle attacks or, given the right circumstances, erroneous policy decision results. Furthermore, the injected code can be crafted to be computationally expensive, resulting in a Denial Of Service (DoS) attack.</p> <p><strong>Users are only impacted if all of the following apply:</strong></p> <ul> <li>OPA is deployed as a standalone server (rather than being used as a Go library)</li> <li>The OPA server is exposed outside of the local host in an untrusted environment.</li> <li>The configured <a href="https://www.openpolicyagent.org/docs/latest/security/#authentication-and-authorization">authorization policy</a> does not do exact matching of the input.path attribute when deciding if the request should be allowed.</li> </ul> <p><strong>or, if all of the following apply:</strong></p> <ul> <li>OPA is deployed as a standalone server.</li> <li>The service connecting to OPA allows 3rd parties to insert unsanitised text into the path of the HTTP request to OPA’s Data API.</li> </ul> <p>Note: With <strong>no</strong> <a href="https://www.openpolicyagent.org/docs/latest/security/#authentication-and-authorization">Authorization Policy</a> configured for restricting API access (the default configuration), the RESTful <a href="https://www.openpolicyagent.org/docs/latest/rest-api/#data-api">Data API</a> provides access for managing Rego policies; and the RESTful <a href="https://www.openpolicyagent.org/docs/latest/rest-api/#query-api">Query API</a> facilitates advanced queries. Full access to these APIs provides both simpler, and broader access than what the security issue describes here can facilitate. As such, OPA servers exposed to a network are <strong>not</strong> considered affected by the attack described here if they are knowingly not restricting access through an Authorization Policy.</p> <p>This issue affects all versions of OPA prior to 1.4.0.</p> <p>See the <a href="https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7">Security Advisory</a> for more details.</p> <p>Reported by <a href="https://github.com/GamrayW"><code>@GamrayW</code></a>, <a href="https://github.com/HyouKash"><code>@HyouKash</code></a>, <a href="https://github.com/AdrienIT"><code>@AdrienIT</code></a>, authored by <a href="https://github.com/johanfylling"><code>@johanfylling</code></a></p> <h3>Runtime, Tooling, SDK</h3> <ul> <li>ast: Adding <code>rego_v1</code> feature to <code>--v0-compatible</code> capabilities (<a href="https://redirect.github.com/open-policy-agent/opa/pull/7474">#7474</a>) authored by <a href="https://github.com/johanfylling"><code>@johanfylling</code></a></li> <li>executable: Add version and icon to OPA windows executable (<a href="https://redirect.github.com/open-policy-agent/opa/issues/3171">#3171</a>) authored by <a href="https://github.com/sspaink"><code>@sspaink</code></a> reported by <a href="https://github.com/christophwille"><code>@christophwille</code></a></li> <li>format: Don't panic on format due to unexpected comments (<a href="https://redirect.github.com/open-policy-agent/opa/issues/6330">#6330</a>) authored by <a href="https://github.com/sspaink"><code>@sspaink</code></a> reported by <a href="https://github.com/sirpi"><code>@sirpi</code></a></li> <li>format: Avoid modifying strings when formatting (<a href="https://redirect.github.com/open-policy-agent/opa/issues/6220">#6220</a>) authored by <a href="https://github.com/sspaink"><code>@sspaink</code></a> reported by <a href="https://github.com/zregvart"><code>@zregvart</code></a></li> <li>plugins/status: FIFO buffer channel for status events to prevent slow status API blocking (<a href="https://redirect.github.com/open-policy-agent/opa/pull/7522">#7522</a>) authored by <a href="https://github.com/sspaink"><code>@sspaink</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/open-policy-agent/opa/commit/5e4582bb951f70641fe9ee85cc46245d079e5037"><code>5e4582b</code></a> Prepare v1.4.2 release (<a href="https://redirect.github.com/open-policy-agent/opa/issues/7547">#7547</a>)</li> <li><a href="https://github.com/open-policy-agent/opa/commit/3b64aff304139d6a84518813c54799d6d165f48d"><code>3b64aff</code></a> Patch release v1.4.1 (<a href="https://redirect.github.com/open-policy-agent/opa/issues/7545">#7545</a>)</li> <li><a href="https://github.com/open-policy-agent/opa/commit/8b0720247e65b97fe7715ca15682fee4040df4d1"><code>8b07202</code></a> Prepare v1.4.0 release (<a href="https://redirect.github.com/open-policy-agent/opa/issues/7541">#7541</a>)</li> <li><a href="https://github.com/open-policy-agent/opa/commit/ad2063247a14711882f18c387a511fc8094aa79c"><code>ad20632</code></a> Merge commit from fork</li> <li><a href="https://github.com/open-policy-agent/opa/commit/24ff9cfb3ad0a6a5629f0b21458982d325ee03c5"><code>24ff9cf</code></a> fix: return the raw strings when formatting (<a href="https://redirect.github.com/open-policy-agent/opa/issues/7525">#7525</a>)</li> <li><a href="https://github.com/open-policy-agent/opa/commit/254f3bf0b9ee5faf1972ba31bbbe749bba19a000"><code>254f3bf</code></a> fix(status plugin): make sure the latest status is read before manually trigg...</li> <li><a href="https://github.com/open-policy-agent/opa/commit/9b5f6010c0503cd91eed8a56268a02d4895a42b4"><code>9b5f601</code></a> docs: fix post merge badge (<a href="https://redirect.github.com/open-policy-agent/opa/issues/7532">#7532</a>)</li> <li><a href="https://github.com/open-policy-agent/opa/commit/e4902774778da576da2a8f4b2fd50df6cc3da8b5"><code>e490277</code></a> docs: Point path versioned requests to new sites (<a href="https://redirect.github.com/open-policy-agent/opa/issues/7531">#7531</a>)</li> <li><a href="https://github.com/open-policy-agent/opa/commit/d65888c14f4cb2d67929590604415e35ba75f58c"><code>d65888c</code></a> plugins/status: FIFO buffer channel for status events to prevent slow status ...</li> <li><a href="https://github.com/open-policy-agent/opa/commit/eb77d10971ec772c3ac4968d4abe3666037d0338"><code>eb77d10</code></a> docs: update edge links to use /docs/edge/ path (<a href="https://redirect.github.com/open-policy-agent/opa/issues/7529">#7529</a>)</li> <li>Additional commits viewable in <a href="https://github.com/open-policy-agent/opa/compare/v1.3.0...v1.4.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
0832afbaf4 |
chore: bump gopkg.in/DataDog/dd-trace-go.v1 from 1.72.1 to 1.73.0 (#17763)
Bumps gopkg.in/DataDog/dd-trace-go.v1 from 1.72.1 to 1.73.0. <details> <summary>Most Recent Ignore Conditions Applied to This Pull Request</summary> | Dependency Name | Ignore Conditions | | --- | --- | | gopkg.in/DataDog/dd-trace-go.v1 | [>= 1.58.a, < 1.59] | </details> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
4f1df34981 |
chore: bump github.com/mark3labs/mcp-go from 0.25.0 to 0.27.0 (#17762)
Bumps [github.com/mark3labs/mcp-go](https://github.com/mark3labs/mcp-go) from 0.25.0 to 0.27.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/mark3labs/mcp-go/releases">github.com/mark3labs/mcp-go's releases</a>.</em></p> <blockquote> <h2>Release v0.27.0</h2> <h2>What's Changed</h2> <ul> <li>Support audio content type in tools/call and prompts/get by <a href="https://github.com/dugenkui03"><code>@dugenkui03</code></a> in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/250">mark3labs/mcp-go#250</a></li> <li>refactor(server): extract common HTTP transport configuration options by <a href="https://github.com/robert-jackson-glean"><code>@robert-jackson-glean</code></a> in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/253">mark3labs/mcp-go#253</a></li> <li>ci: add check to verify generated code is up-to-date by <a href="https://github.com/robert-jackson-glean"><code>@robert-jackson-glean</code></a> in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/258">mark3labs/mcp-go#258</a></li> <li>fix(MCPServer): correct notification method in func <code>RemoveResource()</code> by <a href="https://github.com/cryo-zd"><code>@cryo-zd</code></a> in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/262">mark3labs/mcp-go#262</a></li> <li>Create sample client by <a href="https://github.com/ezynda3"><code>@ezynda3</code></a> in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/265">mark3labs/mcp-go#265</a></li> <li>Fix the issue where the 'Shutdown' method fails to properly exit. by <a href="https://github.com/uppercaveman"><code>@uppercaveman</code></a> in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/255">mark3labs/mcp-go#255</a></li> <li>test(server): reliably detect Start/Shutdown deadlock in SSEServer by <a href="https://github.com/robert-jackson-glean"><code>@robert-jackson-glean</code></a> in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/264">mark3labs/mcp-go#264</a></li> <li>docs: make code examples in the README correct as per spec by <a href="https://github.com/pottekkat"><code>@pottekkat</code></a> in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/268">mark3labs/mcp-go#268</a></li> <li>feat(MCPServer): avoid unnecessary notifications when Resource/Tool not exists by <a href="https://github.com/cryo-zd"><code>@cryo-zd</code></a> in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/266">mark3labs/mcp-go#266</a></li> <li>chore: replace <code>interface{}</code> with <code>any</code> by <a href="https://github.com/pottekkat"><code>@pottekkat</code></a> in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/261">mark3labs/mcp-go#261</a></li> <li>fix(Srv/stdio): risk of goroutine leaks and concurrent reads in <code>readNextLine()</code> by <a href="https://github.com/cryo-zd"><code>@cryo-zd</code></a> in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/257">mark3labs/mcp-go#257</a></li> <li>docs: Remove reference to <code>mcp.RoleSystem</code> by <a href="https://github.com/robert-jackson-glean"><code>@robert-jackson-glean</code></a> in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/269">mark3labs/mcp-go#269</a></li> <li>fix: fix some obvious simplifications by <a href="https://github.com/pottekkat"><code>@pottekkat</code></a> in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/267">mark3labs/mcp-go#267</a></li> <li>Optimization of listByPagination Performance by <a href="https://github.com/qiangmzsx"><code>@qiangmzsx</code></a> in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/246">mark3labs/mcp-go#246</a></li> <li>fix: properly marshal <code>ToolAnnotations</code> with <code>false</code> values by <a href="https://github.com/pottekkat"><code>@pottekkat</code></a> in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/260">mark3labs/mcp-go#260</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/uppercaveman"><code>@uppercaveman</code></a> made their first contribution in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/255">mark3labs/mcp-go#255</a></li> <li><a href="https://github.com/pottekkat"><code>@pottekkat</code></a> made their first contribution in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/268">mark3labs/mcp-go#268</a></li> <li><a href="https://github.com/qiangmzsx"><code>@qiangmzsx</code></a> made their first contribution in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/246">mark3labs/mcp-go#246</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/mark3labs/mcp-go/compare/v0.26.0...v0.27.0">https://github.com/mark3labs/mcp-go/compare/v0.26.0...v0.27.0</a></p> <h2>Release v0.26.0</h2> <h2>What's Changed</h2> <ul> <li>feat(sse): Add <code>SessionWithTools</code> support to SSEServer by <a href="https://github.com/robert-jackson-glean"><code>@robert-jackson-glean</code></a> in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/232">mark3labs/mcp-go#232</a></li> <li>Fix bug with MarshalJSON for NotificationParams by <a href="https://github.com/Gelembjuk"><code>@Gelembjuk</code></a> in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/233">mark3labs/mcp-go#233</a></li> <li>fix: write back error message if the response marshal failed by <a href="https://github.com/ppzqh"><code>@ppzqh</code></a> in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/235">mark3labs/mcp-go#235</a></li> <li>fix(server/sse): potential goroutine leak in Heartbeat sender by <a href="https://github.com/cryo-zd"><code>@cryo-zd</code></a> in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/236">mark3labs/mcp-go#236</a></li> <li>Fix stdio test compilation issues in CI by <a href="https://github.com/ezynda3"><code>@ezynda3</code></a> in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/240">mark3labs/mcp-go#240</a></li> <li>refactor(server/sse): rename WithBasePath to WithStaticBasePath by <a href="https://github.com/robert-jackson-glean"><code>@robert-jackson-glean</code></a> in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/238">mark3labs/mcp-go#238</a></li> <li>fix(MCPServer): Session tool handler not used due to variable shadowing by <a href="https://github.com/cryo-zd"><code>@cryo-zd</code></a> in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/242">mark3labs/mcp-go#242</a></li> <li>test: build mockstdio_server with isolated cache to prevent flaky CI by <a href="https://github.com/robert-jackson-glean"><code>@robert-jackson-glean</code></a> in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/241">mark3labs/mcp-go#241</a></li> <li>fix: Use detached context for SSE message handling by <a href="https://github.com/yash025"><code>@yash025</code></a> in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/244">mark3labs/mcp-go#244</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Gelembjuk"><code>@Gelembjuk</code></a> made their first contribution in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/233">mark3labs/mcp-go#233</a></li> <li><a href="https://github.com/ppzqh"><code>@ppzqh</code></a> made their first contribution in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/235">mark3labs/mcp-go#235</a></li> <li><a href="https://github.com/yash025"><code>@yash025</code></a> made their first contribution in <a href="https://redirect.github.com/mark3labs/mcp-go/pull/244">mark3labs/mcp-go#244</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/mark3labs/mcp-go/compare/v0.25.0...v0.26.0">https://github.com/mark3labs/mcp-go/compare/v0.25.0...v0.26.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/mark3labs/mcp-go/commit/e5121b37d7214e23c572e1b9a49ca5b8a4d648e4"><code>e5121b3</code></a> Release v0.27.0</li> <li><a href="https://github.com/mark3labs/mcp-go/commit/eeb7070c3dc7a3c1df64fe309a3b8433ea78096e"><code>eeb7070</code></a> fix: properly marshal <code>ToolAnnotations</code> with <code>false</code> values (<a href="https://redirect.github.com/mark3labs/mcp-go/issues/260">#260</a>)</li> <li><a href="https://github.com/mark3labs/mcp-go/commit/e1f1b4794ea047757a1272659b9c6a6d68826800"><code>e1f1b47</code></a> optimize listByPagination (<a href="https://redirect.github.com/mark3labs/mcp-go/issues/246">#246</a>)</li> <li><a href="https://github.com/mark3labs/mcp-go/commit/46bfb6fbb69067de5513049479408732cbea5f33"><code>46bfb6f</code></a> fix: fix some obvious simplifications (<a href="https://redirect.github.com/mark3labs/mcp-go/issues/267">#267</a>)</li> <li><a href="https://github.com/mark3labs/mcp-go/commit/716eabedfef62d99a04b749472b8cef27b404fa3"><code>716eabe</code></a> docs: Remove reference to <code>mcp.RoleSystem</code> (<a href="https://redirect.github.com/mark3labs/mcp-go/issues/269">#269</a>)</li> <li><a href="https://github.com/mark3labs/mcp-go/commit/3dfa33164fe642a2adc8908c9d4794e8fb2cf806"><code>3dfa331</code></a> fix(server/stdio): risk of concurrent reads and data loss in readNextLine() (...</li> <li><a href="https://github.com/mark3labs/mcp-go/commit/f8badd69d08f609cbbd7a218c3b2b8de05987277"><code>f8badd6</code></a> chore: replace <code>interface{}</code> with <code>any</code> (<a href="https://redirect.github.com/mark3labs/mcp-go/issues/261">#261</a>)</li> <li><a href="https://github.com/mark3labs/mcp-go/commit/3442d321ad10a9edce5f2f76580e014a67de2229"><code>3442d32</code></a> feat(MCPServer): avoid unnecessary notifications when Resource/Tool not exist...</li> <li><a href="https://github.com/mark3labs/mcp-go/commit/61b9784ea84d637e29a1bb2b226b953c4bdce4fe"><code>61b9784</code></a> docs: make code examples in the README correct as per spec (<a href="https://redirect.github.com/mark3labs/mcp-go/issues/268">#268</a>)</li> <li><a href="https://github.com/mark3labs/mcp-go/commit/1c99eaf3bfa39f832e73ec26402b4c5fa62d0d16"><code>1c99eaf</code></a> test(server): reliably detect Start/Shutdown deadlock in SSEServer (<a href="https://redirect.github.com/mark3labs/mcp-go/issues/264">#264</a>)</li> <li>Additional commits viewable in <a href="https://github.com/mark3labs/mcp-go/compare/v0.25.0...v0.27.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
87152db05b |
ci: bump the github-actions group across 1 directory with 4 updates (#17760)
Bumps the github-actions group with 4 updates in the / directory: [crate-ci/typos](https://github.com/crate-ci/typos), [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata), [tj-actions/changed-files](https://github.com/tj-actions/changed-files) and [github/codeql-action](https://github.com/github/codeql-action). Updates `crate-ci/typos` from 1.31.1 to 1.32.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/crate-ci/typos/releases">crate-ci/typos's releases</a>.</em></p> <blockquote> <h2>v1.32.0</h2> <h2>[1.32.0] - 2025-05-02</h2> <h3>Features</h3> <ul> <li>Updated the dictionary with the <a href="https://redirect.github.com/crate-ci/typos/issues/1264">April 2025</a> changes</li> </ul> <h2>v1.31.2</h2> <h2>[1.31.2] - 2025-04-28</h2> <h3>Fixes</h3> <ul> <li><em>(exclusion)</em> Don't confused emails as base64</li> <li><em>(dict)</em> Correct <code>contamint</code> to <code>contaminant</code>, not <code>contaminat</code></li> <li><em>(dict)</em> Correct <code>contamints</code> to <code>contaminants</code>, not <code>contaminats</code></li> </ul> <h3>Performance</h3> <ul> <li>Improve tokenization performance</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/crate-ci/typos/blob/master/CHANGELOG.md">crate-ci/typos's changelog</a>.</em></p> <blockquote> <h1>Change Log</h1> <p>All notable changes to this project will be documented in this file.</p> <p>The format is based on <a href="http://keepachangelog.com/">Keep a Changelog</a> and this project adheres to <a href="http://semver.org/">Semantic Versioning</a>.</p> <!-- raw HTML omitted --> <h2>[Unreleased] - ReleaseDate</h2> <h2>[1.32.0] - 2025-05-02</h2> <h3>Features</h3> <ul> <li>Updated the dictionary with the <a href="https://redirect.github.com/crate-ci/typos/issues/1264">April 2025</a> changes</li> </ul> <h2>[1.31.2] - 2025-04-28</h2> <h3>Fixes</h3> <ul> <li><em>(exclusion)</em> Don't confused emails as base64</li> <li><em>(dict)</em> Correct <code>contamint</code> to <code>contaminant</code>, not <code>contaminat</code></li> <li><em>(dict)</em> Correct <code>contamints</code> to <code>contaminants</code>, not <code>contaminats</code></li> </ul> <h3>Performance</h3> <ul> <li>Improve tokenization performance</li> </ul> <h2>[1.31.1] - 2025-03-31</h2> <h3>Fixes</h3> <ul> <li><em>(dict)</em> Also correct <code>typ</code> to <code>type</code></li> </ul> <h2>[1.31.0] - 2025-03-28</h2> <h3>Features</h3> <ul> <li>Updated the dictionary with the <a href="https://redirect.github.com/crate-ci/typos/issues/1248">March 2025</a> changes</li> </ul> <h2>[1.30.3] - 2025-03-24</h2> <h3>Features</h3> <ul> <li>Support detecting <code>go.work</code> and <code>go.work.sum</code> files</li> </ul> <h2>[1.30.2] - 2025-03-10</h2> <h3>Features</h3> <ul> <li>Add <code>--highlight-words</code> and <code>--highlight-identifiers</code> for easier debugging of config</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/crate-ci/typos/commit/0f0ccba9ed1df83948f0c15026e4f5ccfce46109"><code>0f0ccba</code></a> chore: Release</li> <li><a href="https://github.com/crate-ci/typos/commit/5cb94233a615fb61c4500572b64d22425e96099a"><code>5cb9423</code></a> chore: Release</li> <li><a href="https://github.com/crate-ci/typos/commit/2af8019e8687956766fbe303524b7f9b820885dd"><code>2af8019</code></a> docs: Update changelog</li> <li><a href="https://github.com/crate-ci/typos/commit/970eb5442de8ea11b6b0e84904a11eda611a65db"><code>970eb54</code></a> Merge pull request <a href="https://redirect.github.com/crate-ci/typos/issues/1291">#1291</a> from epage/may</li> <li><a href="https://github.com/crate-ci/typos/commit/e84064f2d66ab3e807cfa29a1e203f78e56e115e"><code>e84064f</code></a> feat(dict): April 2025 updates</li> <li><a href="https://github.com/crate-ci/typos/commit/8dddd500291130802cbb593827be9d862181402c"><code>8dddd50</code></a> chore(deps): Update compatible (<a href="https://redirect.github.com/crate-ci/typos/issues/1289">#1289</a>)</li> <li><a href="https://github.com/crate-ci/typos/commit/3be83342e28b9421997e9f781f713f8dde8453d2"><code>3be8334</code></a> chore: Release</li> <li><a href="https://github.com/crate-ci/typos/commit/f16e5d44ec16bfba422e39e66c11d58fc1a3da76"><code>f16e5d4</code></a> docs: Update changelog</li> <li><a href="https://github.com/crate-ci/typos/commit/e0927bd9d2433efaf2c8a998ad0434cb94304415"><code>e0927bd</code></a> docs(action): Remove non-existent variables</li> <li><a href="https://github.com/crate-ci/typos/commit/2dbcebf645e8918080b28c7eb1f913143a3426da"><code>2dbcebf</code></a> Merge pull request <a href="https://redirect.github.com/crate-ci/typos/issues/1287">#1287</a> from epage/dict</li> <li>Additional commits viewable in <a href="https://github.com/crate-ci/typos/compare/b1a1ef3893ff35ade0cfa71523852a49bfd05d19...0f0ccba9ed1df83948f0c15026e4f5ccfce46109">compare view</a></li> </ul> </details> <br /> Updates `dependabot/fetch-metadata` from 2.3.0 to 2.4.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dependabot/fetch-metadata/releases">dependabot/fetch-metadata's releases</a>.</em></p> <blockquote> <h2>v2.4.0</h2> <h2>What's Changed</h2> <ul> <li>Bump actions/create-github-app-token from 1.11.0 to 1.11.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/598">dependabot/fetch-metadata#598</a></li> <li>Bump <code>@vercel/ncc</code> from 0.38.1 to 0.38.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/578">dependabot/fetch-metadata#578</a></li> <li>Add missing <code>@octokit/request-error</code> to <code>package.json</code> by <a href="https://github.com/jeffwidman"><code>@jeffwidman</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/605">dependabot/fetch-metadata#605</a></li> <li>Bump to ESLint 9 by <a href="https://github.com/jeffwidman"><code>@jeffwidman</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/606">dependabot/fetch-metadata#606</a></li> <li>Stop using a node16 devcontainer image by <a href="https://github.com/jeffwidman"><code>@jeffwidman</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/608">dependabot/fetch-metadata#608</a></li> <li>Make typescript compile to <code>"es2022"</code> by <a href="https://github.com/jeffwidman"><code>@jeffwidman</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/609">dependabot/fetch-metadata#609</a></li> <li>Bump the dev-dependencies group across 1 directory with 8 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/607">dependabot/fetch-metadata#607</a></li> <li>Tidy up examples slightly by <a href="https://github.com/jeffwidman"><code>@jeffwidman</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/611">dependabot/fetch-metadata#611</a></li> <li>Fixup some anchor tags that weren't deeplinking by <a href="https://github.com/jeffwidman"><code>@jeffwidman</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/614">dependabot/fetch-metadata#614</a></li> <li>Remove unnecessary hardcoding of <code>ref</code> by <a href="https://github.com/jeffwidman"><code>@jeffwidman</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/617">dependabot/fetch-metadata#617</a></li> <li>Bump actions/create-github-app-token from 1.11.3 to 2.0.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/616">dependabot/fetch-metadata#616</a></li> <li>Enable caching of <code>npm install</code>/<code>npm ci</code> for <code>setup-node</code> action by <a href="https://github.com/jeffwidman"><code>@jeffwidman</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/618">dependabot/fetch-metadata#618</a></li> <li>Add workflow to publish new version of immutable action on every release by <a href="https://github.com/jeffwidman"><code>@jeffwidman</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/623">dependabot/fetch-metadata#623</a></li> <li>Bump actions/create-github-app-token from 2.0.2 to 2.0.6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/621">dependabot/fetch-metadata#621</a></li> <li>v2.4.0 by <a href="https://github.com/fetch-metadata-action-automation"><code>@fetch-metadata-action-automation</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/594">dependabot/fetch-metadata#594</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dependabot/fetch-metadata/compare/v2...v2.4.0">https://github.com/dependabot/fetch-metadata/compare/v2...v2.4.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dependabot/fetch-metadata/commit/08eff52bf64351f401fb50d4972fa95b9f2c2d1b"><code>08eff52</code></a> v2.4.0 (<a href="https://redirect.github.com/dependabot/fetch-metadata/issues/594">#594</a>)</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/821b65425137ec0dd9fa4e4931297ce81a017ed7"><code>821b654</code></a> Merge pull request <a href="https://redirect.github.com/dependabot/fetch-metadata/issues/621">#621</a> from dependabot/dependabot/github_actions/actions/cre...</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/2c22a370e3e9f4d539470325c4c46acc607ef78e"><code>2c22a37</code></a> Bump actions/create-github-app-token from 2.0.2 to 2.0.6</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/6ad01a0495c3f8488ba16705f5031cadde56c8ba"><code>6ad01a0</code></a> Add workflow to publish new version of immutable action on every release (<a href="https://redirect.github.com/dependabot/fetch-metadata/issues/623">#623</a>)</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/8ca800c1642f5e46fd4fe73c07af0e3baf1375d6"><code>8ca800c</code></a> Enable caching of <code>npm install</code>/<code>npm ci</code> for <code>setup-node</code> action (<a href="https://redirect.github.com/dependabot/fetch-metadata/issues/618">#618</a>)</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/67876354acc60aadf59dc57d46959117cee2b764"><code>6787635</code></a> Merge pull request <a href="https://redirect.github.com/dependabot/fetch-metadata/issues/616">#616</a> from dependabot/dependabot/github_actions/actions/cre...</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/a09d4affbb4e2c87349169de0a2ced55e3c27168"><code>a09d4af</code></a> Bump actions/create-github-app-token from 1.11.3 to 2.0.2</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/3a5ce46470ca6c67f17694ac27f0db1caf53b518"><code>3a5ce46</code></a> Remove unnecessary hardcoding of <code>ref</code> (<a href="https://redirect.github.com/dependabot/fetch-metadata/issues/617">#617</a>)</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/798f45cdc56b81396c637207204f29f0f55da017"><code>798f45c</code></a> Fixup some anchor tags that weren't deeplinking (<a href="https://redirect.github.com/dependabot/fetch-metadata/issues/614">#614</a>)</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/6c031ac618d23a38e886535b1c8ea06caaf2a444"><code>6c031ac</code></a> Tidy up examples slightly (<a href="https://redirect.github.com/dependabot/fetch-metadata/issues/611">#611</a>)</li> <li>Additional commits viewable in <a href="https://github.com/dependabot/fetch-metadata/compare/d7267f607e9d3fb96fc2fbe83e0af444713e90b7...08eff52bf64351f401fb50d4972fa95b9f2c2d1b">compare view</a></li> </ul> </details> <br /> Updates `tj-actions/changed-files` from 5426ecc3f5c2b10effaefbd374f0abdc6a571b2f to 480f49412651059a414a6a5c96887abb1877de8a <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tj-actions/changed-files/blob/main/HISTORY.md">tj-actions/changed-files's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h1><a href="https://github.com/tj-actions/changed-files/compare/v46.0.4...v46.0.5">46.0.5</a> - (2025-04-09)</h1> <h2><!-- raw HTML omitted -->⚙️ Miscellaneous Tasks</h2> <ul> <li><strong>deps:</strong> Bump yaml from 2.7.0 to 2.7.1 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2520">#2520</a>) (<a href="https://github.com/tj-actions/changed-files/commit/ed68ef82c095e0d48ec87eccea555d944a631a4c">ed68ef8</a>) - (dependabot[bot])</li> <li><strong>deps-dev:</strong> Bump typescript from 5.8.2 to 5.8.3 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2516">#2516</a>) (<a href="https://github.com/tj-actions/changed-files/commit/a7bc14b808f23d3b467a4079c69a81f1a4500fd5">a7bc14b</a>) - (dependabot[bot])</li> <li><strong>deps-dev:</strong> Bump <code>@types/node</code> from 22.13.11 to 22.14.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2517">#2517</a>) (<a href="https://github.com/tj-actions/changed-files/commit/3d751f6b6d84071a17e1b9cf4ed79a80a27dd0ab">3d751f6</a>) - (dependabot[bot])</li> <li><strong>deps-dev:</strong> Bump eslint-plugin-prettier from 5.2.3 to 5.2.6 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2519">#2519</a>) (<a href="https://github.com/tj-actions/changed-files/commit/e2fda4ec3cb0bc2a353843cae823430b3124db8f">e2fda4e</a>) - (dependabot[bot])</li> <li><strong>deps-dev:</strong> Bump ts-jest from 29.2.6 to 29.3.1 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2518">#2518</a>) (<a href="https://github.com/tj-actions/changed-files/commit/0bed1b1132ec4879a39a2d624cf82a00d0bcfa48">0bed1b1</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Bump github/codeql-action from 3.28.12 to 3.28.15 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2530">#2530</a>) (<a href="https://github.com/tj-actions/changed-files/commit/68024587dc36f49685c96d59d3f1081830f968bb">6802458</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Bump tj-actions/branch-names from 8.0.1 to 8.1.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2521">#2521</a>) (<a href="https://github.com/tj-actions/changed-files/commit/cf2e39e86bf842d1f9bc5bca56c0a6b207cca792">cf2e39e</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Bump tj-actions/verify-changed-files from 20.0.1 to 20.0.4 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2523">#2523</a>) (<a href="https://github.com/tj-actions/changed-files/commit/6abeaa506a419f85fa9e681260b443adbeebb3d4">6abeaa5</a>) - (dependabot[bot])</li> </ul> <h2><!-- raw HTML omitted -->⬆️ Upgrades</h2> <ul> <li>Upgraded to v46.0.4 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2511">#2511</a>)</li> </ul> <p>Co-authored-by: github-actions[bot] <!-- raw HTML omitted --> (<a href="https://github.com/tj-actions/changed-files/commit/6f67ee9ac810f0192ea7b3d2086406f97847bcf9">6f67ee9</a>) - (github-actions[bot])</p> <h1><a href="https://github.com/tj-actions/changed-files/compare/v46.0.3...v46.0.4">46.0.4</a> - (2025-04-03)</h1> <h2><!-- raw HTML omitted -->🐛 Bug Fixes</h2> <ul> <li>Bug modified_keys and changed_key outputs not set when no changes detected (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2509">#2509</a>) (<a href="https://github.com/tj-actions/changed-files/commit/6cb76d07bee4c9772c6882c06c37837bf82a04d3">6cb76d0</a>) - (Tonye Jack)</li> </ul> <h2><!-- raw HTML omitted -->📚 Documentation</h2> <ul> <li>Update readme (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2508">#2508</a>) (<a href="https://github.com/tj-actions/changed-files/commit/b74df86ccb65173a8e33ba5492ac1a2ca6b216fd">b74df86</a>) - (Tonye Jack)</li> </ul> <h2><!-- raw HTML omitted -->⬆️ Upgrades</h2> <ul> <li>Upgraded to v46.0.3 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2506">#2506</a>)</li> </ul> <p>Co-authored-by: github-actions[bot] <!-- raw HTML omitted --> Co-authored-by: Tonye Jack <a href="mailto:jtonye@ymail.com">jtonye@ymail.com</a> (<a href="https://github.com/tj-actions/changed-files/commit/27ae6b33eaed7bf87272fdeb9f1c54f9facc9d99">27ae6b3</a>) - (github-actions[bot])</p> <h1><a href="https://github.com/tj-actions/changed-files/compare/v46.0.2...v46.0.3">46.0.3</a> - (2025-03-23)</h1> <h2><!-- raw HTML omitted -->🔄 Update</h2> <ul> <li>Updated README.md (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2501">#2501</a>)</li> </ul> <p>Co-authored-by: github-actions[bot] <!-- raw HTML omitted --> (<a href="https://github.com/tj-actions/changed-files/commit/41e0de576a0f2b64d9f06f2773f539109e55a70a">41e0de5</a>) - (github-actions[bot])</p> <ul> <li>Updated README.md (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2499">#2499</a>)</li> </ul> <p>Co-authored-by: github-actions[bot] <!-- raw HTML omitted --> (<a href="https://github.com/tj-actions/changed-files/commit/945787811a795cd840a1157ac590dd7827a05c8e">9457878</a>) - (github-actions[bot])</p> <h2><!-- raw HTML omitted -->📚 Documentation</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tj-actions/changed-files/commit/480f49412651059a414a6a5c96887abb1877de8a"><code>480f494</code></a> chore(deps): bump <code>@actions/github</code> from 6.0.0 to 6.0.1 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2556">#2556</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/405524a214f00911f11de2cd3a9a36902ddafa52"><code>405524a</code></a> chore(deps-dev): bump <code>@types/node</code> from 22.15.14 to 22.15.17 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2557">#2557</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/b6970c44e602dd27272fdfc4e3cf76054f721d15"><code>b6970c4</code></a> chore(deps-dev): bump eslint-config-prettier from 10.1.2 to 10.1.5 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2558">#2558</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/11fe0a22639570798676000acac7be726130b5ee"><code>11fe0a2</code></a> chore(deps): bump github/codeql-action from 3.28.16 to 3.28.17 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2551">#2551</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/e7b157b1c4ad44acfc8d9be14b8cd8f5058636e3"><code>e7b157b</code></a> chore(deps-dev): bump <code>@types/node</code> from 22.15.3 to 22.15.10 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2552">#2552</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/9132e0305b2a924727467f54f064d30bc85d67c1"><code>9132e03</code></a> chore(deps-dev): bump eslint-plugin-prettier from 5.2.6 to 5.4.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2553">#2553</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/4168bb487d5b82227665ab4ec90b67ce02691741"><code>4168bb4</code></a> chore(deps-dev): bump <code>@types/node</code> from 22.15.0 to 22.15.3 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2548">#2548</a>)</li> <li>See full diff in <a href="https://github.com/tj-actions/changed-files/compare/5426ecc3f5c2b10effaefbd374f0abdc6a571b2f...480f49412651059a414a6a5c96887abb1877de8a">compare view</a></li> </ul> </details> <br /> Updates `github/codeql-action` from 3.28.16 to 3.28.17 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v3.28.17</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.28.17 - 02 May 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.2. <a href="https://redirect.github.com/github/codeql-action/pull/2872">#2872</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.28.17/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>3.28.17 - 02 May 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.2. <a href="https://redirect.github.com/github/codeql-action/pull/2872">#2872</a></li> </ul> <h2>3.28.16 - 23 Apr 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.1. <a href="https://redirect.github.com/github/codeql-action/pull/2863">#2863</a></li> </ul> <h2>3.28.15 - 07 Apr 2025</h2> <ul> <li>Fix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. <a href="https://redirect.github.com/github/codeql-action/pull/2842">#2842</a></li> </ul> <h2>3.28.14 - 07 Apr 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.0. <a href="https://redirect.github.com/github/codeql-action/pull/2838">#2838</a></li> </ul> <h2>3.28.13 - 24 Mar 2025</h2> <p>No user facing changes.</p> <h2>3.28.12 - 19 Mar 2025</h2> <ul> <li>Dependency caching should now cache more dependencies for Java <code>build-mode: none</code> extractions. This should speed up workflows and avoid inconsistent alerts in some cases.</li> <li>Update default CodeQL bundle version to 2.20.7. <a href="https://redirect.github.com/github/codeql-action/pull/2810">#2810</a></li> </ul> <h2>3.28.11 - 07 Mar 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.20.6. <a href="https://redirect.github.com/github/codeql-action/pull/2793">#2793</a></li> </ul> <h2>3.28.10 - 21 Feb 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.20.5. <a href="https://redirect.github.com/github/codeql-action/pull/2772">#2772</a></li> <li>Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. <a href="https://redirect.github.com/github/codeql-action/pull/2768">#2768</a></li> </ul> <h2>3.28.9 - 07 Feb 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.20.4. <a href="https://redirect.github.com/github/codeql-action/pull/2753">#2753</a></li> </ul> <h2>3.28.8 - 29 Jan 2025</h2> <ul> <li>Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. <a href="https://redirect.github.com/github/codeql-action/pull/2744">#2744</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/60168efe1c415ce0f5521ea06d5c2062adbeed1b"><code>60168ef</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2886">#2886</a> from github/update-v3.28.17-97a2bfd2a</li> <li><a href="https://github.com/github/codeql-action/commit/0d5a3115da6459f8ab4333164184f8292c0c7a7f"><code>0d5a311</code></a> Update changelog for v3.28.17</li> <li><a href="https://github.com/github/codeql-action/commit/97a2bfd2a3d26d458da69e548f7f859d6fca634d"><code>97a2bfd</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2872">#2872</a> from github/update-bundle/codeql-bundle-v2.21.2</li> <li><a href="https://github.com/github/codeql-action/commit/9aba20e4c91fd8c3a71d5ab2bdeba0da11713864"><code>9aba20e</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.21.2</li> <li><a href="https://github.com/github/codeql-action/commit/81a9508deb02898c1a7be79bd5b49bb0ab9c787e"><code>81a9508</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/2876">#2876</a> from github/henrymercer/fix-diff-informed-multiple-a...</li> <li><a href="https://github.com/github/codeql-action/commit/1569f4c145413fbce7d6573c6ee9212d2612d27f"><code>1569f4c</code></a> Disable diff-informed queries in code scanning config tests</li> <li><a href="https://github.com/github/codeql-action/commit/62fbeb66b359bfbdec7d4d96af8f68aece59b4db"><code>62fbeb6</code></a> Merge branch 'main' into henrymercer/fix-diff-informed-multiple-analyze</li> <li><a href="https://github.com/github/codeql-action/commit/f122d1dc9eb83b12dc16b38495b667a2dddfa6f9"><code>f122d1d</code></a> Address test failures from computing temporary directory too early</li> <li><a href="https://github.com/github/codeql-action/commit/083772aae48a3be5654921bb6e6ccb00e0e1d563"><code>083772a</code></a> Do not fail diff informed analyses when <code>analyze</code> is run twice in the same job</li> <li><a href="https://github.com/github/codeql-action/commit/5db14d0471303d6eee1e2a51393f5ae1669b6703"><code>5db14d0</code></a> Merge branch 'main' into update-bundle/codeql-bundle-v2.21.2</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/28deaeda66b76a05916b6923827895f2b14ab387...60168efe1c415ce0f5521ea06d5c2062adbeed1b">compare view</a></li> </ul> </details> <br /> <details> <summary>Most Recent Ignore Conditions Applied to This Pull Request</summary> | Dependency Name | Ignore Conditions | | --- | --- | | crate-ci/typos | [>= 1.30.a, < 1.31] | </details> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Mathias Fredriksson
|
7af188bfc1 |
fix(agent): fix unexpanded devcontainer paths for agentcontainers (#17736)
Devcontainers were duplicated in the API because paths weren't absolute, we now normalize them early on to keep it simple. Updates #16424 |
||
|
Edward Angert
|
bd659142c8 |
docs: add note about experiment_report_tasks to ai-coder/create-template (#17563)
Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com> |
||
|
Bruno Quaresma
|
842bb1f014 |
chore: replace MUI icons - 6 (#17751)
1. Replaced CheckCircleOutlined with CircleCheckIcon (Lucide) 2. Replaced Close/CloseIcon with XIcon (Lucide) 3. Replaced DoNotDisturbOnOutlined with CircleMinusIcon (Lucide) 4. Replaced Sell with TagIcon (Lucide) |
||
|
Bruno Quaresma
|
1adad418ad |
feat: display user apps in the workspaces table (#17744)
Related to https://github.com/coder/coder/issues/17311 **Demo:** <img width="1511" alt="Screenshot 2025-05-09 at 11 46 59" src="https://github.com/user-attachments/assets/3e9ba618-ed5d-4eeb-996f-d7bcceb9f1a9" /> |
||
|
Bruno Quaresma
|
4970fb9bfa |
chore: replace MUI icons - 4 (#17748)
1. Replaced CloudUploadOutlined with CloudUploadIcon in FileUpload.tsx
2. Replaced DeleteOutline with TrashIcon in:
- WorkspaceTopbar.tsx
- TokensPageView.tsx
- GroupPage.tsx
3. Replaced FolderOutlined with FolderIcon in FileUpload.tsx
|
||
|
Bruno Quaresma
|
aa4b764025 |
chore: replace MUI icons - 3 (#17733)
1. Replaced TaskAlt with CircleCheckBigIcon in: - Paywall.tsx - PopoverPaywall.tsx 2. Replaced InfoOutlined with InfoIcon in: - ChangeVersionDialog.tsx - WorkspaceNotifications.tsx - Pill.stories.tsx 3. Replaced ErrorOutline/ErrorOutlineIcon with CircleAlertIcon in: - workspace.tsx - WorkspaceStatusBadge.tsx - AppLink.tsx |
||
|
Bruno Quaresma
|
b0a4ef01a8 |
chore: replace MUI icons - 2 (#17732)
Replace icons: Check | CheckIcon KeyboardArrowDown | ChevronDownIcon KeyboardArrowUp | ChevronUpIcon |
||
|
Bruno Quaresma
|
9e44f18b4b |
refactor: add safe list for external app protocols (#17742)
To prevent malicious apps and vendors to use the Coder session token we are adding safe protocols/schemas we want to support. - vscode: - vscode-insiders: - windsurf: - cursor: - jetbrains-gateway: - jetbrains: Fix https://github.com/coder/security/issues/77 |
||
|
Edward Angert
|
5c532779af |
docs: clarify parameter autofill documentation (#17728)
closes #17706 Clarify that: 1. URL query parameters work without experiment flag 2. The 'populate recently used parameters' feature still requires the auto-fill-parameters experiment flag Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com> |
||
|
Danny Kopping
|
3ee95f14ce |
chore: upgrade terraform-provider-coder & preview libs (#17738)
The changes in `coder/preview` necessitated the changes in `codersdk/richparameters.go` & `provisioner/terraform/resources.go`. --------- Signed-off-by: Danny Kopping <dannykopping@gmail.com> Co-authored-by: Steven Masley <stevenmasley@gmail.com> |
||
|
Bruno Quaresma
|
9d7630bf4b |
chore: replace MUI icons - 1 (#17731)
1. Replaced MUI StopOutlined with Lucide SquareIcon in:
- workspace.tsx
- WorkspacesPageView.tsx
- BuildIcon.tsx
2. Replaced MUI PlayArrowOutlined with Lucide PlayIcon in:
- workspace.tsx
- WorkspacesPageView.tsx
- BuildIcon.tsx
3. Replaced MUI DeleteOutlined with Lucide TrashIcon in:
- WorkspacesPageView.tsx
- WorkspaceActions.tsx
- TemplatePageHeader.tsx
- BuildIcon.tsx
|