mirror of
https://github.com/coder/coder.git
synced 2026-06-02 20:48:20 +00:00
730edba87a09df3c15b98611078ccefec252e442
13732 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
 Callum Styan
|
730edba87a |
fix: fix false positive disconnected agent metric reporting (#24225)
We noticed during higher active workspace counts that the agent connection metric, generated via a query to the database, would report a relatively high amount of agents as disconnected. Somewhere between 5 and 20%. However, other metrics such as # of websocket connections would suggest that all agent connections are healthy. Looking at the `Agents` function in prometheus metrics, plus the query execution time (not accounting for actual database RT time) revealed that this reporting of agents as disconnected was almost certainly false positives due to clock drift in the way we're generating the metric values. At 10k metrics, with a p50 of 2ms and p99 of 5ms, the entire `agents` function could take upwards of 50s to execute. Because we were doing a query/database RT to query th apps for each agent individually, and grabbing a `time.Now` value on each iteration of that loop, it's likely the portion of agents that were reported as disconnected were those that had last heartbeat the furthest in the past. The fix here is to set a consistent `now` before fetching agent data to avoid clock drift inflating the inactive timeout comparison, and replace the per-agent app query N+1 with a single batched lookup to prevent loop execution time from pushing agents over the disconnected threshold. Signed-off-by: Callum Styan <callumstyan@gmail.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|
Ethan
|
0080bcbf33 |
fix(Makefile): rebuild clidocgen when Go sources or template change (#24302)
The `_gen/bin/clidocgen` binary only declared `scripts/clidocgen/*.go` as prerequisites. Since it reflects over the full CLI tree (227 transitive internal packages via `enterprise/cli` → `cli/` → `codersdk/` → …), any change to CLI flags, SDK structs, or command definitions could alter its output — but Make would keep serving the stale binary until it was manually deleted (or `-B` was passed). This caused a recurring developer-facing bug: after merging main (or rebasing onto new CLI/SDK changes), the pre-commit hook would use the stale binary, commit wrong docs, `make gen` would see no diff (same stale binary), and CI would fail because it builds fresh. Add `$(GO_SRC_FILES)` and the embedded `command.tpl` to the prerequisite list so Make invalidates the binary whenever its inputs change. Move `FIND_EXCLUSIONS` and `GO_SRC_FILES` above the helper-binary block so the variable is defined before first use. |
||
|
Yevhenii Shcherbina
|
95fd3e5e23 |
docs: use coder-api-token instead of coder-session-token (#24316)
## Summary Follows up on https://github.com/coder/coder/pull/24032 Renames "Coder session token" to "Coder API token" in AI Gateway client documentation pages. Also renames the `CODER_SESSION_TOKEN` env var to `CODER_API_TOKEN` in Codex CLI examples and Copilot proxy configuration. Note: "Coder session token" is still used in some parts of the documentation where it make sense. --------- Co-authored-by: Susana Ferreira <susana@coder.com> |
||
|
Zach
|
0832033a73 |
fix: relax secrets env var denylist for model providers (#24344)
Previously we reserved some env vars that may collide with AI gateway. These were incomplete and take away flexibility from the user, which we're prioritizing in the first iteration of the feature. |
||
|
Garrett Delfosse
|
7e68d18e04 | fix(.github/workflows/contrib): use @actions/github instead of @octokit/rest in community-label job (#24343) | ||
|
Kayla はな
|
214351ebe1 | feat: link group names to group page in agents limit settings (#24212) | ||
|
J. Scott Miller
|
20b953a99d |
feat: add Prometheus metric for agent first connection duration (#24179)
## Summary Add `coderd_agents_first_connection_seconds` histogram metric that records the duration from workspace agent creation to first connection. This fills an observability gap — provisioner job timings and startup script metrics exist, but the agent connection phase (which can take several minutes) was not exposed to Prometheus. Closes https://github.com/coder/coder/issues/21282 ## Changes - **`coderd/prometheusmetrics/prometheusmetrics.go`** — Define and register a `HistogramVec` in the existing `Agents()` polling loop. Observe `first_connected_at - created_at` exactly once per agent via a deduplication map, pruned each tick to prevent unbounded memory growth. - **`coderd/prometheusmetrics/prometheusmetrics_test.go`** — Update `TestAgents` to set `first_connected_at` on the test agent and assert the histogram is collected with correct labels, sample count, and sample sum. - **`docs/admin/integrations/prometheus.md`**, **`scripts/metricsdocgen/generated_metrics`** — Auto-generated documentation updates from `make gen`. ## Metric details | Property | Value | |---|---| | Name | `coderd_agents_first_connection_seconds` | | Type | histogram | | Labels | `template_name`, `agent_name`, `username`, `workspace_name` | | Buckets | 1s, 10s, 30s, 1m, 2m, 5m, 10m, 30m, 1h | ## Example PromQL ```promql # P95 agent connection time by template histogram_quantile(0.95, sum(rate(coderd_agents_first_connection_seconds_bucket[1h])) by (le, template_name) ) ``` <details> <summary>Implementation notes</summary> ### Design decisions - **Histogram over gauge**: Enables `histogram_quantile()` for percentile queries. - **Observe in `Agents()` polling loop**: All required data is already fetched by `GetWorkspaceAgentsForMetrics()` — no new DB queries. - **Dedup via `map[uuid.UUID]struct{}`**: Prevents re-observing the same agent across polling ticks. Pruned each cycle to bound memory. - **Buckets**: Aligned with `coderd_provisionerd_workspace_build_timings_seconds` range (1s–1h). ### Overhead at scale (100k active workspaces) The deduplication map (`observedFirstConnection`) and per-tick pruning map (`currentAgentIDs`) are both `map[[16]byte]struct{}`. At 100k agents: - **Memory**: ~2.25 MB persistent + ~2.25 MB transient per tick = **~4.5 MB peak**. - **CPU**: ~25 ms of map operations per tick (one tick per minute) = **<0.05% of one core**. Both are negligible relative to the existing cost of the `Agents()` loop (the DB query, per-agent `GetWorkspaceAppsByAgentID` calls, and coordinator node lookups dominate). </details> > 🤖 Generated by Coder Agents |
||
|
Zach
|
6fb27c980d |
fix: remove OIDC_TOKEN from secrets deny lsit (#24337)
This was originally added because it was present in `env` output in dogfood, but it's specifically injected in the dogfood template so it doesn't make sense to deny across the board for a secret environment variable name. |
||
|
Cian Johnston
|
c552f9f281 |
fix: stop group spend limits from leaking across org boundaries (#24294)
Three SQL queries (`GetUserGroupSpendLimit`, `ResolveUserChatSpendLimit`, `GetUserChatSpendInPeriod`) aggregated chat spend limits and usage globally across all organizations. A restrictive group limit in org A would bleed into org B. ## Changes - Add `organization_id` parameter to all three SQL queries in `coderd/database/queries/chats.sql` - When nil UUID is passed, queries fall back to global behavior (backward compat for HTTP dashboard endpoints) - When real org ID is passed, limits and spend are scoped to that organization - Thread `organizationID` through `ResolveUsageLimitStatus` → `checkUsageLimit` → all chatd call sites - Update dbauthz wrappers for new param structs - HTTP endpoints (`chatCostSummary`, `getMyChatUsageLimitStatus`) pass `uuid.Nil` with TODO for future org-scoped UI - Add `TestResolveUsageLimitStatus_OrgScoped` with 5 test cases covering org isolation, nil-UUID fallback, spend scoping, and user override priority Closes coder/internal#1466 > 🤖 |
||
|
Jeremy Ruppel
|
4d4266a4ad |
fix(site): hide bottom spacer on last session thread (#24248)
If theres is no agentic loop on the last thread, there will be a space between the bottom of the section and the session completed lines. This fixes that Before <img width="346" height="333" alt="Screenshot 2026-04-10 at 12 25 39 PM" src="https://github.com/user-attachments/assets/de0a1ebb-ba58-4318-be0d-28dacfd5dcb2" /> After <img width="222" height="209" alt="Screenshot 2026-04-10 at 12 26 13 PM" src="https://github.com/user-attachments/assets/c2bd5086-6bbd-4c85-ba7b-4955185ddaf1" /> |
||
|
Mathias Fredriksson
|
a1ef3043bb |
fix: prevent site storybook tests from hanging after completion (#23936)
The vitest process hung after all 2132 story tests passed because leftover refetchInterval polls kept the Node.js event loop alive. Components that set per-query refetchInterval override the QueryClient default, causing HTTP requests through vite's proxy to localhost:3000 (no backend) that never resolve cleanly. Three fixes: - preview.tsx: disable all automatic refetching defaults and cancel in-flight queries on story unmount via useEffect cleanup - storybook.tsx: save/restore the original window.WebSocket in the withWebSocket decorator, clear pending timers in close() - vite.config.mts: add explicit testTimeout, hookTimeout, bail, and retry settings to the storybook vitest project Also fix 5 story files that imported from @testing-library/react instead of storybook/test. |
||
|
dependabot[bot]
|
10f0786966 |
chore: bump the x group across 1 directory with 7 updates (#24259)
Bumps the x group with 4 updates in the / directory: [golang.org/x/crypto](https://github.com/golang/crypto), [golang.org/x/mod](https://github.com/golang/mod), [golang.org/x/net](https://github.com/golang/net) and [golang.org/x/tools](https://github.com/golang/tools). Updates `golang.org/x/crypto` from 0.49.0 to 0.50.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/crypto/commit/03ca0dcccbd37ba6be80adf74dde8d78a4d72817"><code>03ca0dc</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/8400f4a938077a7a7817ab7d163d148e371b320b"><code>8400f4a</code></a> ssh: respect signer's algorithm preference in pickSignatureAlgorithm</li> <li><a href="https://github.com/golang/crypto/commit/81c6cb34a8fc386ed53293cd79e3c0c232ee7366"><code>81c6cb3</code></a> ssh: swap cbcMinPaddingSize to cbcMinPacketSize to get encLength</li> <li>See full diff in <a href="https://github.com/golang/crypto/compare/v0.49.0...v0.50.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/mod` from 0.34.0 to 0.35.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/mod/commit/03901d351deb5bd95deb90714fb75bf8e232cb22"><code>03901d3</code></a> go.mod: update golang.org/x dependencies</li> <li>See full diff in <a href="https://github.com/golang/mod/compare/v0.34.0...v0.35.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/net` from 0.52.0 to 0.53.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/net/commit/a8d1fc14d9e33e1f6842ab78a0127d42cd8fff44"><code>a8d1fc1</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/net/commit/056ac742146af742aa760d690269c02fa238cc7a"><code>056ac74</code></a> quic: avoid depending on golang.org/x/sys/unix</li> <li><a href="https://github.com/golang/net/commit/c85f61116e47b1523036c3005f8b2923b661eb64"><code>c85f611</code></a> http3: add http3 package for testing in std</li> <li><a href="https://github.com/golang/net/commit/805fc81a196b95c3c00f02e135ffb8a8d5582bdf"><code>805fc81</code></a> http2: add transport API tests</li> <li><a href="https://github.com/golang/net/commit/e63b894ab3cd38a1d05396530dccde7ffa3f68d0"><code>e63b894</code></a> http2: support testing via net/http.Transport.RoundTrip</li> <li><a href="https://github.com/golang/net/commit/9ee1e484e5aab0d95b3babbc6f1384d03f4f9e22"><code>9ee1e48</code></a> http2/hpack: prevent HeaderField from escaping during encoding</li> <li><a href="https://github.com/golang/net/commit/1e71bd86e4a302b4e731bc06da6eb51679c7bd49"><code>1e71bd8</code></a> http2: prevent hanging Transport due to bad SETTINGS frame</li> <li><a href="https://github.com/golang/net/commit/7bca15042b9d2bda1402cb42232a9c6ddbae6212"><code>7bca150</code></a> internal/http3: respect net/http Server Shutdown context when shutting down</li> <li><a href="https://github.com/golang/net/commit/44c41bee5028537e64410b1583e8ae329ceac284"><code>44c41be</code></a> internal/http3: prevent server from holding mutex when sleeping during shutdown</li> <li><a href="https://github.com/golang/net/commit/228a67a374710bff77fc490e7f538b317c34e247"><code>228a67a</code></a> internal/http3: add CloseIdleConnections support in transport</li> <li>Additional commits viewable in <a href="https://github.com/golang/net/compare/v0.52.0...v0.53.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/sys` from 0.42.0 to 0.43.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/sys/commit/f33a730cd0c449cfd6f7106780c73052e96cc33d"><code>f33a730</code></a> windows: support nil security descriptor on GetNamedSecurityInfo</li> <li><a href="https://github.com/golang/sys/commit/493d1725989a7a3f3582adfa68faf7207aec666b"><code>493d172</code></a> cpu: add runtime import in cpu_darwin_arm64_other.go</li> <li><a href="https://github.com/golang/sys/commit/2c2be756b97dee6d15aba69839acfbd4e0f3ccc5"><code>2c2be75</code></a> windows: use syscall.SyscallN in Proc.Call</li> <li><a href="https://github.com/golang/sys/commit/a76ec62d6c5389e4fe51c659ba926bf71e471a67"><code>a76ec62</code></a> cpu: roll back "use IsProcessorFeaturePresent to calculate ARM64 on windows"</li> <li>See full diff in <a href="https://github.com/golang/sys/compare/v0.42.0...v0.43.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/term` from 0.41.0 to 0.42.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/term/commit/52b71d3344c86b384ed34ebf73f1e6f37044fe79"><code>52b71d3</code></a> go.mod: update golang.org/x dependencies</li> <li>See full diff in <a href="https://github.com/golang/term/compare/v0.41.0...v0.42.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/text` from 0.35.0 to 0.36.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/text/commit/8577a70117e110160c45f32af0e0df84eef844f7"><code>8577a70</code></a> go.mod: update golang.org/x dependencies</li> <li>See full diff in <a href="https://github.com/golang/text/compare/v0.35.0...v0.36.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/tools` from 0.43.0 to 0.44.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/tools/commit/3dd188df80fd3563559f02e4eeb10ba1043cce55"><code>3dd188d</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/tools/commit/aebd87084e63fd3aa0a5222eeae28af6c2e33629"><code>aebd870</code></a> gopls: improve doc link matching to support links followed by a colon</li> <li><a href="https://github.com/golang/tools/commit/5357b43c088d8403d5fcd9992431db0a351ce922"><code>5357b43</code></a> go/analysis/passes/modernize: rangeint: handle type parameter constraints</li> <li><a href="https://github.com/golang/tools/commit/bf04c618d518f244d26fb5c7ad77d893f8b1fc4d"><code>bf04c61</code></a> go/types/internal/play: show normal terms of selected type</li> <li><a href="https://github.com/golang/tools/commit/0ae2de027e10d7a0530ecf7ccc2db8df8aa5dcb3"><code>0ae2de0</code></a> gopls/internal/filecache: cache decoded objects in memCache</li> <li><a href="https://github.com/golang/tools/commit/8e51a5fb67f9b3e2b32792f21e727664ca6561e2"><code>8e51a5f</code></a> go/ssa: support direct references to embedded fields in struct lit</li> <li><a href="https://github.com/golang/tools/commit/5005b9e710b3c1eef7e5077c77289410729919ec"><code>5005b9e</code></a> internal/gcimporter: rename ureader_yes.go to ureader.go</li> <li><a href="https://github.com/golang/tools/commit/5ca865bb7d52012b73ac379c5aec59b3d04efce8"><code>5ca865b</code></a> go/types/objectpath: add debugging command</li> <li><a href="https://github.com/golang/tools/commit/f6476fbaabd396b58618b473e4eb71e1f532b495"><code>f6476fb</code></a> internal/gcimporter: consume generic methods in gcimporter</li> <li><a href="https://github.com/golang/tools/commit/b36d1d12a1a724eb9be6609c9789aec3d99e6030"><code>b36d1d1</code></a> internal/pkgbits: sync version.go with goroot</li> <li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.43.0...v0.44.0">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Lukasz
|
03d662a06c |
build: bump Go toolchain to 1.25.9 (#24293)
Bumps the Go toolchain from 1.25.8 to 1.25.9 across `go.mod`, the shared setup-go action, and the dogfood image. This keeps local builds, CI, and containerized workflows aligned on the latest patch release, including the updated Go tarball checksum in the Dockerfile. |
||
|
Michael Suchacz
|
a554de372a |
fix: use per-chat plan file paths (#24268)
> This PR was authored by Mux on behalf of Mike. Chats sharing one workspace (e.g. sibling subagents) all wrote to `/home/coder/PLAN.md`, causing plan file collisions. This change derives a unique plan path per chat from the workspace home directory and chat ID. ## Changes * `write_file`, `edit_files`, and `propose_plan` reject any `plan.md` variant (case-insensitive) at the workspace home root, with a clear error pointing to the chat-specific path. * Root chats receive a `<plan-file-path>` block inlined in the main system prompt with the concrete path. * Prompt and tool descriptions no longer hardcode `/home/coder/PLAN.md`. * Plan path handling is POSIX-only (forward-slash), relying on the contract that workspace agent paths are normalized before reaching chatd. * Updated `ProposePlanTool.stories.tsx` to use per-chat path examples. * Full test coverage for plan path detection, legacy-path rejection in all three tools, inline prompt rendering, and fallback behavior. |
||
|
Cian Johnston
|
116323d3cf |
feat: graduate web-push from experiment to always-on (#24310)
* Removes experiment `web-push`.
* Falls back to NoopWebpusher in case of error
* Checks browser capability in FE
* Adds note to agents getting-started docs regarding webpush without TLS
> 🤖
|
||
|
Ethan
|
155e98914d |
ci: broaden workflow path filter and fix zizmor lint findings (#24323)
## What
The `lint-actions` CI job only ran when `.github/workflows/ci.yaml` or
`.github/actions/**` changed. New workflow files like `backport.yaml`
and `cherry-pick.yaml` were never linted by zizmor, allowing several
findings to land undetected.
## Changes
**`.github/workflows/ci.yaml`** — Broaden the `ci` path filter from
`".github/workflows/ci.yaml"` to `".github/workflows/**"` so
`lint-actions` runs when any workflow file changes.
**`.github/workflows/backport.yaml`**:
- Move permissions from workflow-level to job-level (`detect` →
`contents: read`, `backport` → `contents: write` + `pull-requests:
write`) — fixes `excessive-permissions`
- Replace `${{ matrix.branch }}` in `run:` block with `$BRANCH` env var
— fixes `template-injection`
- Add `persist-credentials: false` to both checkouts — fixes
`artipacked`
**`.github/workflows/cherry-pick.yaml`** — Add `persist-credentials:
false` to checkout — fixes `artipacked`
**`.github/zizmor.yml`** — Ignore `dangerous-triggers` for
`backport.yaml` and `cherry-pick.yaml`. Both use `pull_request_target`
intentionally — they only run post-merge (`merged == true`) and don't
check out or execute untrusted PR code.
|
||
|
Ethan
|
47a12d26bc |
ci: fix texlive.svg viewBox and add icon paths to CI go filter (#24322)
## What Fixes the `TestSVGIconAttributes/texlive.svg` CI failure introduced by #24312. Two changes: 1. **Fix `texlive.svg` viewBox**: Changed from `0 0 1024 1024` to `0 0 256 256` (wrapping content in `<g transform="scale(0.25)">` to preserve rendering). Also cleaned up non-standard attributes (`version`, `style`, `preserveAspectRatio`) to match other icons. 2. **Add icon/theme paths to CI go filter**: Added `site/static/icon/**` and `site/src/theme/**` to the `go` path filter in `ci.yaml` so Go tests (`test-go-pg`, `test-go-pg-17`, `test-go-race-pg`) run when icons or theme config change. This is why the failure wasn't caught on the PR — only `site/` files were modified, so Go tests were skipped entirely. Closes https://github.com/coder/internal/issues/1468 |
||
|
Jake Howell
|
60aed55eaa |
feat: de-mui the <UserGroupsCell /> component (#24277)
This pull-request takes the `<UserGroupsCell />` component and removes out the `@mui/material/List`/`@mui/material/ListItem` dependencies. One step closer to being a mui-free codebase. <img width="364" height="309" alt="image" src="https://github.com/user-attachments/assets/999995ef-88b6-4e54-834a-aa03c1274da0" /> |
||
|
DevCats
|
3d8d89e56c | feat: add texlive.svg icon (#24312) | ||
|
Danielle Maywood
|
1458861fd2 | fix: validate individual edit entries in parseEditFilesArgs (#24301) | ||
|
Yevhenii Shcherbina
|
ff6f5893df |
docs: byok docs (#24032)
## Summary Adds BYOK (Personal API Key) documentation for OpenCode. ## BYOK support | Client | Personal API Key | ChatGPT Subscription | Claude Subscription | |--------------|------------------|----------------------|---------------------| | Codex CLI | ✅ | ✅ | - | | Claude Code | ✅ | - | ✅ | | Mux | ? | ? | ? | | OpenCode | ✅ | ❌ | ❌ | | Factory | ✅ | ❌ | ❌ | | Cline | ✅ Only OpenAI API | ❌ | ❌ | | KiloCode | ❌ (client-side bug) | ❌ | ❌ | | RooCode | ✅ Only OpenAI API | ❌ | ❌ | | VSCode | ❌ | ❌ | ❌ | | JetBrains | ❌ | ❌ | ❌ | | Zed | ❌ | ❌ | ❌ | | Copilot CLI | ? | ? | ? | <details> <summary>Why OpenCode doesn't support subscriptions through AI Bridge</summary> **ChatGPT subscription**: OpenCode's codex plugin [hardcodes the upstream URL](https://github.com/anomalyco/opencode/blob/3a0e00dd7f9192730f6d0eeee37ae0a5fb023927/packages/opencode/src/plugin/codex.ts#L458-L460) to `https://chatgpt.com/backend-api/codex/responses` inside a custom `fetch`, bypassing any configured `baseURL`. **Claude subscription**: Anthropic [no longer supports](https://www.reddit.com/r/ClaudeAI/comments/1r9hqdk/claude_subscriptions_will_no_longer_be_usable_in/) using subscriptions in third-party clients. </details> ## Notes - Anthropic forbids Claude subscription in all 3rd-party clients - OpenCode supports ChatGPT subscription, but there is no way to customize BaseURL - Does it make sense to investigate Mux? - Factory doesn't support ChatGPT subscription - Cline supports ChatGPT subscription, but there is no way to customize BaseURL - KiloCode supports CustomHeaders, but I wasn't able to make it work neither for centralized key nor for BYOK. Seems support for custom providers has bugs. I got different errors for different models, this one is common: `Unsupported parameter: 'max_tokens' is not supported with this model. Use 'max_completion_tokens' instead.` Seems should be fixed on KiloCode side. - RooCode and Cline support only OpenAI. They have special OpenAI-Compatible provider which allows adding custom headers. - VSCode (NativeChat) uses github copilot under the hood. I wasn't able to make it work, neither in VSCode nor in VSCode-Insiders on my MacOS. I used VSCode-Insiders Version: 1.116.0-insider (Universal). I got different errors. When I used Github Copilot Chat (stable release - it ignored my AI Gateway configuration), when I tried to install Github Copilot Chat pre-release it failed with `~/.vscode-insiders/extensions/github.copilot-chat-0.43.2026040705` - JetBrains (embedded AI assistant). OpenAI Compatible provider doesn't support custom headers. Also I got some errors even for centralized key setup. - Zed doesn't support custom headers - Copilot CLI is special, because it's only supported via gateway proxy. But it also means that we don't need support of custom headers, because `X-AI-Gov-Token` is set by proxy itself. So if BYOK is supported in CopilotCLI - it should be supported for CopilotCLI via Bridge and BridgeProxy. ## Questions - Do we want to explicitly state that Claude Max/Pro or ChatGPT Plus/Pro subscriptions aren’t supported by OpenCode via AIBridge? I initially avoided mentioning it since this could change over time, and keeping that information up to date across clients might be difficult. |
||
|
Thomas Kosiewski
|
8382e96a81 | feat: add types, context, and model normalization (#23914) | ||
|
Kyle Carberry
|
a414d37165 |
feat(site/src/pages/AgentsPage): add full-width chat layout toggle (#24307)
Adds a user preference to remove the `max-w-3xl` constraint on agent chat messages, letting the content fill the available viewport width. The toggle lives in **Agents > Settings > Behavior** under "Chat Layout" and persists via `localStorage` (`agents.chat-full-width`). A `useSyncExternalStore` hook (`useChatFullWidth`) provides same-tab reactivity so flipping the toggle updates all mounted consumers immediately — the chat timeline, chat input, the Suspense skeleton, and the in-page loading view. This was requested by a customer and is an individual user setting, so it seems fine to add. |
||
|
Jake Howell
|
e0902e3c27 |
feat: demui the <LinearProgress /> dependency (#24275)
Adds a small LinearProgress (determinate + MUI-style dual-bar indeterminate) and uses it on workspace build progress; drops MUI and adds Tailwind keyframes + Storybook stories. - New component under `site/src/components/LinearProgress/` - `WorkspaceBuildProgress` switched off `@mui/material/LinearProgress` - Added `bar-indeterminate` / `bar-indeterminate-2` animation keyframes <img width="563" height="115" alt="image" src="https://github.com/user-attachments/assets/bdcd8584-fa2d-487c-96f6-084891a9b084" /> |
||
|
Cian Johnston
|
11fe4972b6 |
fix(site): use readonly Organization[] and explicit is_default lookups (#24288)
`OrganizationAutocomplete` declared `options: Organization[]` (mutable), but `useDashboard().organizations` returns `readonly Organization[]`. Callers forced to spread to satisfy the type even though the component never mutates the array. While fixing this, found two more issues with how organization context is resolved: - `AgentCreateForm`, `ChatPageContent`, and `OrganizationRedirect` used `organizations[0]` assuming the default org is first — nothing guarantees that ordering. - `ChatPageInput` was guessing the org from `useDashboard()` for file uploads on existing chats, even though the chat already has `organization_id`. In multi-org deployments, uploads could land in the wrong org. Changes: - Widen `OrganizationAutocomplete` `options` to `readonly Organization[]` - Remove unnecessary `[...organizations]` spread in `AgentCreateForm` - Replace all `organizations[0]` with `.find(o => o.is_default) ?? organizations[0]` for users not in the default org - Eliminate `[...organizations].sort()` allocation in `OrganizationRedirect` with direct `.find()` lookups (equivalent priority: editable default → any editable → viewable default → any viewable) - Thread `chat.organization_id` from `AgentChatPage` → `AgentChatPageView` → `ChatPageInput` so file uploads use the chat's actual org instead of guessing Closes #24285 > 🤖 PR initially created by Claude Opus 4.6 |
||
|
Kyle Carberry
|
69917b4516 |
fix: resolve flaky TestWatchChats/DiffStatusChangeIncludesDiffStatus (#24298)
## Problem `TestWatchChats/DiffStatusChangeIncludesDiffStatus` flakes with: ``` failed to read JSON message: failed to get reader: context deadline exceeded ``` Tracker: https://github.com/coder/internal/issues/1467 ## Root Cause The test published a pubsub event **once**, immediately after `client.Dial()` returned. However, `Dial` completes as soon as the HTTP upgrade finishes — before the server-side `watchChats` handler has called `SubscribeWithErr` on the pubsub channel. When the publish races ahead of the subscription, the message is silently dropped and the `wsjson.Read` loop blocks until the context deadline. ## Fix Publish the event on a short ticker (`testutil.IntervalFast` = 25ms) in a background goroutine instead of publishing once. This guarantees that at least one publish lands **after** the subscription is active, regardless of goroutine scheduling. The goroutine is cleanly stopped via a `publishDone` channel once the expected event is received. ## Verification - `go test -race -count=50 -run TestWatchChats/DiffStatusChangeIncludesDiffStatus` → **50/50 PASS, 0 races** - `go test -race -count=5 -run TestWatchChats` → **all 5 subtests pass 5/5 times** |
||
|
Garrett Delfosse
|
079dc48ba0 |
ci: use GitHub App for community label org membership check (#24149)
Supersedes #23343. ## Problem `author_association` on `pull_request_target` events is unreliable: - Returns `CONTRIBUTOR` instead of `MEMBER` when both apply ([actions/github-script#643](https://github.com/actions/github-script/issues/643)). - Returns `NONE` for members with private org visibility ([community#18690](https://github.com/orgs/community/discussions/18690)). This causes org members to incorrectly receive the `community` label. ## Approach Replace the `author_association` check with an explicit `orgs.checkMembershipForUser()` API call, which reliably detects both public and private org members. Uses a dedicated **GitHub App** via `actions/create-github-app-token` instead of a PAT. The App only needs **Organization > Members: Read** permission. Installation tokens are short-lived (1 hour) and auto-rotated — no long-lived secrets to worry about. ### Setup required A repo/org admin needs to: 1. Create a GitHub App with only **Organization > Members: Read** permission. 2. Install it on the `coder` org. 3. Store the App ID as a repository variable: `ORG_MEMBERSHIP_APP_ID`. 4. Store the App's private key as a repository secret: `ORG_MEMBERSHIP_APP_PRIVATE_KEY`. > [!NOTE] > Generated by Coder Agents --------- Co-authored-by: Jakub Domeracki <jakub@coder.com> |
||
|
Yevhenii Shcherbina
|
b78eba9f9d |
feat: make sure creds are always masked (#24241)
## Summary Adds a `sanitizeCredentialHint` safety check in the db-to-SDK conversion layer to ensure credential hints are always masked before being exposed in the API. Also adds `credential_kind` and `credential_hint` assertions to the session threads API test. |
||
|
Zach
|
4854f33678 |
feat: add secret value and file path validation (#24269)
Add secret value validation to reject null bytes and values exceeding 32KB. The 32KB limit applies uniformly to both env var and file secrets because the value field is shared and the destination can change after creation. Add file path validation to also reject null bytes and paths exceeding 4096 bytes. Wire up secret value validation into both POST and PATCH handlers. |
||
|
Thomas Kosiewski
|
6ab30123bf | feat: add chat debug log tables, queries, and SDK types (#23913) | ||
|
Jake Howell
|
58c6855c59 |
feat: de-mui <Skeleton /> component (#24278)
Replaces remaining MUI `<Skeleton />` usages with our shared `Skeleton` component to keep loading states consistent and reduce MUI/Emotion coupling. Also cleans up a few adjacent touched styles while preserving existing behavior. - Replace `@mui/material/Skeleton` with `#/components/Skeleton/Skeleton` - Remove a few MUI-specific skeleton patterns at callsites - De-mui adjacent Emotion styles - Simplify filter layout handling with class-based responsive wrapping |
||
|
Danielle Maywood
|
39ceb8cfe3 | fix(site): show "Preparing" in workspace pill during agent startup scripts (#24286) | ||
|
Cian Johnston
|
22062ec52e |
feat: add organization scoping to chats (#23827)
Fixes https://github.com/coder/internal/issues/1436 * Adds organization_id to chats with backfill (workspace org → user org membership → default org) * No support yet for ACLs (follow-up issue) - Cross-org workspace binding rejected (both in `CreateChatRequest` and in `create_workspace` tool - Adds `OrganizationAutocomplete` to `AgentCreateForm` - Docs updated with `organization_id` in chats-api.md > 🤖 Written by a Coder Agent. Reviewed by many humans and many agents. --------- Co-authored-by: Mathias Fredriksson <mafredri@gmail.com> |
||
|
Danielle Maywood
|
cb0b84a2d3 | feat: show build logs in chat for start_workspace and create_workspace tools (#24194) | ||
|
Jake Howell
|
982739f3bf |
feat: add a debounce to menu filtering (#24048)
This pull-request implements a small debounce to ensure we aren't constantly pinging the backend on each keystroke of an input. <img width="962" height="317" alt="image" src="https://github.com/user-attachments/assets/4f187c18-0dd8-4456-bcc1-59ad7ce9c7dd" /> https://github.com/user-attachments/assets/5787310a-2c1e-448a-a4b7-123eb9d50124 |
||
|
Jake Howell
|
7b02a51841 |
feat: refactor <AgentLogs /> error state (#24233)
This pull-request addresses a few design things within the `<AgentRow />` element. This is a follow-on from the previous work done with implementing tabs. - Workspace border can no longer be red, will always be orange (this was done in a previous PR but not stated). - Warnings have been moved to inside the Agent Logs collapsible. - Warning badge has been added to the Agent Logs collapsible trigger. - Collapsible is now open by default when there is an error inside of the agent. - Agent disconnected is no longer prominent by default. |
||
|
david-fraley
|
bd467ce443 | chore: update EA text and docs link in Coder Agents UI (#24255) | ||
|
Kayla はな
|
c67c93982b | chore: fix typescript skill table (#24217) | ||
|
Zach
|
2f52de7cfc |
feat(agent/proto): add user secrets to agent manifest (#24252)
Add workspace secrets as a field in the agent manifest protobuf schema. This allows the control plane to pass user secrets to agents for runtime injection into workspace sessions. Message fields: - env_name: environment variable name (empty for file-only secrets) - file_path: file path (empty for env-only secrets) - value: the decrypted secret value as bytes |
||
|
dependabot[bot]
|
0552b927b2 |
chore: bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp from 0.67.0 to 0.68.0 (#24078)
Bumps [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) from 0.67.0 to 0.68.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/open-telemetry/opentelemetry-go-contrib/releases">go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp's releases</a>.</em></p> <blockquote> <h2>Release v1.43.0/v2.5.0/v0.68.0/v0.37.0/v0.23.0/v0.18.0/v0.16.0/v0.15.0</h2> <h2>Added</h2> <ul> <li>Add <code>Resource</code> method to <code>SDK</code> in <code>go.opentelemetry.io/contrib/otelconf/v0.3.0</code> to expose the resolved SDK resource from declarative configuration. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8660">#8660</a>)</li> <li>Add support to set the configuration file via <code>OTEL_CONFIG_FILE</code> in <code>go.opentelemetry.io/contrib/otelconf</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8639">#8639</a>)</li> <li>Add support for <code>service</code> resource detector in <code>go.opentelemetry.io/contrib/otelconf</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8674">#8674</a>)</li> <li>Add support for <code>attribute_count_limit</code> and <code>attribute_value_length_limit</code> in tracer provider configuration in <code>go.opentelemetry.io/contrib/otelconf</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8687">#8687</a>)</li> <li>Add support for <code>attribute_count_limit</code> and <code>attribute_value_length_limit</code> in logger provider configuration in <code>go.opentelemetry.io/contrib/otelconf</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8686">#8686</a>)</li> <li>Add support for <code>server.address</code> and <code>server.port</code> attributes in <code>go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8723">#8723</a>)</li> <li>Add support for <code>OTEL_SEMCONV_STABILITY_OPT_IN</code> in <code>go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc</code>. Supported values are <code>rpc</code> (default), <code>rpc/dup</code> and <code>rpc/old</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8726">#8726</a>)</li> <li>Add the <code>http.route</code> metric attribute to <code>go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8632">#8632</a>)</li> </ul> <h2>Changed</h2> <ul> <li>Prepend <code>_</code> to the normalized environment variable name when the key starts with a digit in <code>go.opentelemetry.io/contrib/propagators/envcar</code>, ensuring POSIX compliance. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8678">#8678</a>)</li> <li>Move experimental types from <code>go.opentelemetry.io/contrib/otelconf</code> to <code>go.opentelemetry.io/contrib/otelconf/x</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8529">#8529</a>)</li> <li>Normalize cached environment variable names in <code>go.opentelemetry.io/contrib/propagators/envcar</code>, aligning <code>Carrier.Keys</code> output with the carrier's normalized key format. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8761">#8761</a>)</li> </ul> <h2>Fixed</h2> <ul> <li>Fix <code>go.opentelemetry.io/contrib/otelconf</code> Prometheus reader converting OTel dot-style label names (e.g. <code>service.name</code>) to underscore-style (<code>service_name</code>) in <code>target_info</code> when both <code>without_type_suffix</code> and <code>without_units</code> are set. Use <code>NoTranslation</code> instead of <code>UnderscoreEscapingWithoutSuffixes</code> to preserve dot-style label names while still suppressing metric name suffixes. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8763">#8763</a>)</li> <li>Limit the request body size at 1MB in <code>go.opentelemetry.io/contrib/zpages</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8656">#8656</a>)</li> <li>Fix server spans using the client's address and port for <code>server.address</code> and <code>server.port</code> attributes in <code>go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8723">#8723</a>)</li> </ul> <h2>Removed</h2> <ul> <li>Host ID resource detector has been removed when configuring the <code>host</code> resource detector in <code>go.opentelemetry.io/contrib/otelconf</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8581">#8581</a>)</li> </ul> <h2>Deprecated</h2> <ul> <li>Deprecate <code>OTEL_EXPERIMENTAL_CONFIG_FILE</code> in favour of <code>OTEL_CONFIG_FILE</code> in <code>go.opentelemetry.io/contrib/otelconf</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8639">#8639</a>)</li> </ul> <h2>What's Changed</h2> <ul> <li>chore(deps): update module github.com/jgautheron/goconst to v1.9.0 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8651">open-telemetry/opentelemetry-go-contrib#8651</a></li> <li>chore(deps): update module go.yaml.in/yaml/v2 to v2.4.4 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8652">open-telemetry/opentelemetry-go-contrib#8652</a></li> <li>chore(deps): update golang.org/x/telemetry digest to e526e8a by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8647">open-telemetry/opentelemetry-go-contrib#8647</a></li> <li>chore(deps): update module k8s.io/klog/v2 to v2.140.0 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8650">open-telemetry/opentelemetry-go-contrib#8650</a></li> <li>chore(deps): update module github.com/mgechev/revive to v1.14.0 by <a href="https://github.com/mmorel-35"><code>@mmorel-35</code></a> in <a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8646">open-telemetry/opentelemetry-go-contrib#8646</a></li> <li>chore(deps): update module github.com/mgechev/revive to v1.15.0 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8539">open-telemetry/opentelemetry-go-contrib#8539</a></li> <li>chore: fix noctx issues by <a href="https://github.com/mmorel-35"><code>@mmorel-35</code></a> in <a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8645">open-telemetry/opentelemetry-go-contrib#8645</a></li> <li>chore(deps): update golang.org/x by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8655">open-telemetry/opentelemetry-go-contrib#8655</a></li> <li>chore(deps): update module codeberg.org/chavacava/garif to v0.2.1 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8654">open-telemetry/opentelemetry-go-contrib#8654</a></li> <li>chore(deps): update module github.com/mattn/go-runewidth to v0.0.21 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8653">open-telemetry/opentelemetry-go-contrib#8653</a></li> <li>fix(deps): update module go.opentelemetry.io/proto/otlp to v1.10.0 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8657">open-telemetry/opentelemetry-go-contrib#8657</a></li> <li>Limit the number of bytes read from the zpages body by <a href="https://github.com/dmathieu"><code>@dmathieu</code></a> in <a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8656">open-telemetry/opentelemetry-go-contrib#8656</a></li> <li>fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.11.2 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8648">open-telemetry/opentelemetry-go-contrib#8648</a></li> <li>fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.11.3 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8661">open-telemetry/opentelemetry-go-contrib#8661</a></li> <li>chore(deps): update github.com/securego/gosec/v2 digest to 8895462 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8663">open-telemetry/opentelemetry-go-contrib#8663</a></li> <li>otelconf: support OTEL_CONFIG_FILE as it is no longer experimental by <a href="https://github.com/codeboten"><code>@codeboten</code></a> in <a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8639">open-telemetry/opentelemetry-go-contrib#8639</a></li> <li>chore(deps): update module github.com/sonatard/noctx to v0.5.1 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8664">open-telemetry/opentelemetry-go-contrib#8664</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md">go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp's changelog</a>.</em></p> <blockquote> <h2>[1.43.0/2.5.0/0.68.0/0.37.0/0.23.0/0.18.0/0.16.0/0.15.0] - 2026-04-03</h2> <h3>Added</h3> <ul> <li>Add <code>Resource</code> method to <code>SDK</code> in <code>go.opentelemetry.io/contrib/otelconf/v0.3.0</code> to expose the resolved SDK resource from declarative configuration. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8660">#8660</a>)</li> <li>Add support to set the configuration file via <code>OTEL_CONFIG_FILE</code> in <code>go.opentelemetry.io/contrib/otelconf</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8639">#8639</a>)</li> <li>Add support for <code>service</code> resource detector in <code>go.opentelemetry.io/contrib/otelconf</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8674">#8674</a>)</li> <li>Add support for <code>attribute_count_limit</code> and <code>attribute_value_length_limit</code> in tracer provider configuration in <code>go.opentelemetry.io/contrib/otelconf</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8687">#8687</a>)</li> <li>Add support for <code>attribute_count_limit</code> and <code>attribute_value_length_limit</code> in logger provider configuration in <code>go.opentelemetry.io/contrib/otelconf</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8686">#8686</a>)</li> <li>Add support for <code>server.address</code> and <code>server.port</code> attributes in <code>go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8723">#8723</a>)</li> <li>Add support for <code>OTEL_SEMCONV_STABILITY_OPT_IN</code> in <code>go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc</code>. Supported values are <code>rpc</code> (default), <code>rpc/dup</code> and <code>rpc/old</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8726">#8726</a>)</li> <li>Add the <code>http.route</code> metric attribute to <code>go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8632">#8632</a>)</li> </ul> <h3>Changed</h3> <ul> <li>Prepend <code>_</code> to the normalized environment variable name when the key starts with a digit in <code>go.opentelemetry.io/contrib/propagators/envcar</code>, ensuring POSIX compliance. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8678">#8678</a>)</li> <li>Move experimental types from <code>go.opentelemetry.io/contrib/otelconf</code> to <code>go.opentelemetry.io/contrib/otelconf/x</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8529">#8529</a>)</li> <li>Normalize cached environment variable names in <code>go.opentelemetry.io/contrib/propagators/envcar</code>, aligning <code>Carrier.Keys</code> output with the carrier's normalized key format. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8761">#8761</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Fix <code>go.opentelemetry.io/contrib/otelconf</code> Prometheus reader converting OTel dot-style label names (e.g. <code>service.name</code>) to underscore-style (<code>service_name</code>) in <code>target_info</code> when both <code>without_type_suffix</code> and <code>without_units</code> are set. Use <code>NoTranslation</code> instead of <code>UnderscoreEscapingWithoutSuffixes</code> to preserve dot-style label names while still suppressing metric name suffixes. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8763">#8763</a>)</li> <li>Limit the request body size at 1MB in <code>go.opentelemetry.io/contrib/zpages</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8656">#8656</a>)</li> <li>Fix server spans using the client's address and port for <code>server.address</code> and <code>server.port</code> attributes in <code>go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8723">#8723</a>)</li> </ul> <h3>Removed</h3> <ul> <li>Host ID resource detector has been removed when configuring the <code>host</code> resource detector in <code>go.opentelemetry.io/contrib/otelconf</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8581">#8581</a>)</li> </ul> <h3>Deprecated</h3> <ul> <li>Deprecate <code>OTEL_EXPERIMENTAL_CONFIG_FILE</code> in favour of <code>OTEL_CONFIG_FILE</code> in <code>go.opentelemetry.io/contrib/otelconf</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8639">#8639</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/open-telemetry/opentelemetry-go-contrib/commit/45977a4b9cf4a60effd1ee07367043f7e9bcae66"><code>45977a4</code></a> Release v1.43.0/v2.5.0/v0.68.0/v0.37.0/v0.23.0/v0.18.0/v0.16.0/v0.15.0 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8769">#8769</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go-contrib/commit/0fcc1524d1a740b3632db418f73236d29536f119"><code>0fcc152</code></a> fix(deps): update module github.com/googlecloudplatform/opentelemetry-operati...</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go-contrib/commit/eaba3cdaa1559cc7425644e21a389f227e30dc86"><code>eaba3cd</code></a> chore(deps): update googleapis to 6f92a3b (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8776">#8776</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go-contrib/commit/6df430c48045ad1221f203c01f6656367dd46fd1"><code>6df430c</code></a> chore(deps): update module github.com/jgautheron/goconst to v1.10.0 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8771">#8771</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go-contrib/commit/ae90e3237e8d8f14bc3f181e1f82feb1686604f0"><code>ae90e32</code></a> Fix otelconf prometheus label escaping (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8763">#8763</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go-contrib/commit/f202c3f8000fe3e681621808b5e316fe4749850a"><code>f202c3f</code></a> otelconf: move experimental types to otelconf/x (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8529">#8529</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go-contrib/commit/8ddaecee1cc531ae753d4812842745bdfb805208"><code>8ddaece</code></a> fix(deps): update aws-sdk-go-v2 monorepo (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8764">#8764</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go-contrib/commit/c7c03a47d4cf7252728b11efd78e2159b437dbd2"><code>c7c03a4</code></a> chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8766">#8766</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go-contrib/commit/717a85a20313ac21712dd055ba2ede71205889e8"><code>717a85a</code></a> envcar: normalize cached environment variable names (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8761">#8761</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go-contrib/commit/ad990b6d55811953d06ec88720fa373931fa1a27"><code>ad990b6</code></a> fix(deps): update module github.com/aws/smithy-go to v1.24.3 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8765">#8765</a>)</li> <li>Additional commits viewable in <a href="https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.67.0...zpages/v0.68.0">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
16b1b6865d |
chore: bump google.golang.org/api from 0.274.0 to 0.275.0 (#24260)
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.274.0 to 0.275.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/googleapis/google-api-go-client/releases">google.golang.org/api's releases</a>.</em></p> <blockquote> <h2>v0.275.0</h2> <h2><a href="https://github.com/googleapis/google-api-go-client/compare/v0.274.0...v0.275.0">0.275.0</a> (2026-04-07)</h2> <h3>Features</h3> <ul> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3557">#3557</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/2b2ef99cb9f245743690a4d26e4fdc65287253e0">2b2ef99</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3560">#3560</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/9437d4d741a6ae9e1c20a6f727b9c8f64e1bc19e">9437d4d</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md">google.golang.org/api's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/googleapis/google-api-go-client/compare/v0.274.0...v0.275.0">0.275.0</a> (2026-04-07)</h2> <h3>Features</h3> <ul> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3557">#3557</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/2b2ef99cb9f245743690a4d26e4fdc65287253e0">2b2ef99</a>)</li> <li><strong>all:</strong> Auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3560">#3560</a>) (<a href="https://github.com/googleapis/google-api-go-client/commit/9437d4d741a6ae9e1c20a6f727b9c8f64e1bc19e">9437d4d</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/googleapis/google-api-go-client/commit/d43aa15bdf02279f1beaa366b551587391355265"><code>d43aa15</code></a> chore(main): release 0.275.0 (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3558">#3558</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/9437d4d741a6ae9e1c20a6f727b9c8f64e1bc19e"><code>9437d4d</code></a> feat(all): auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3560">#3560</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/0a62c64ae95b23c6ecb9fc71db89f09c479b0442"><code>0a62c64</code></a> chore(all): update cloud.google.com/go/auth to v0.20.0 (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3559">#3559</a>)</li> <li><a href="https://github.com/googleapis/google-api-go-client/commit/2b2ef99cb9f245743690a4d26e4fdc65287253e0"><code>2b2ef99</code></a> feat(all): auto-regenerate discovery clients (<a href="https://redirect.github.com/googleapis/google-api-go-client/issues/3557">#3557</a>)</li> <li>See full diff in <a href="https://github.com/googleapis/google-api-go-client/compare/v0.274.0...v0.275.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
897533f08d |
chore: bump github.com/coreos/go-oidc/v3 from 3.17.0 to 3.18.0 (#24261)
Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) from 3.17.0 to 3.18.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/coreos/go-oidc/releases">github.com/coreos/go-oidc/v3's releases</a>.</em></p> <blockquote> <h2>v3.18.0</h2> <h2>What's Changed</h2> <ul> <li>.github: configure dependabot by <a href="https://github.com/ericchiang"><code>@ericchiang</code></a> in <a href="https://redirect.github.com/coreos/go-oidc/pull/477">coreos/go-oidc#477</a></li> <li>.github: update go versions in CI by <a href="https://github.com/ericchiang"><code>@ericchiang</code></a> in <a href="https://redirect.github.com/coreos/go-oidc/pull/480">coreos/go-oidc#480</a></li> <li>build(deps): bump golang.org/x/oauth2 from 0.28.0 to 0.36.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/coreos/go-oidc/pull/478">coreos/go-oidc#478</a></li> <li>build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/coreos/go-oidc/pull/479">coreos/go-oidc#479</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/coreos/go-oidc/compare/v3.17.0...v3.18.0">https://github.com/coreos/go-oidc/compare/v3.17.0...v3.18.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/coreos/go-oidc/commit/da6b3bfca8af72414ee0e6e8746585ff5d206003"><code>da6b3bf</code></a> build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4</li> <li><a href="https://github.com/coreos/go-oidc/commit/7f80694215d5eb5b28f851f35845439b1e1e9e5d"><code>7f80694</code></a> build(deps): bump golang.org/x/oauth2 from 0.28.0 to 0.36.0</li> <li><a href="https://github.com/coreos/go-oidc/commit/7271de57587bb756318f9819796ba846b1ba875a"><code>7271de5</code></a> .github: update go versions in CI</li> <li><a href="https://github.com/coreos/go-oidc/commit/3ccf20fdc4afab7c64881a108d6f4c17a4ecc24d"><code>3ccf20f</code></a> .github: configure dependabot</li> <li>See full diff in <a href="https://github.com/coreos/go-oidc/compare/v3.17.0...v3.18.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
3e25cc9238 |
chore: bump the coder-modules group across 2 directories with 2 updates (#24258)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
bb64cab8a5 |
chore: bump rust from a08d20a to cf09adf in /dogfood/coder (#24257)
Bumps rust from `a08d20a` to `cf09adf`. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Kayla はな
|
b149433138 | chore: complete jest to vitest migration (#24216) | ||
|
Kyle Carberry
|
8dff1cbc57 |
fix: resolve idle timeout recording test flake on macOS (#24240)
Fixes https://github.com/coder/internal/issues/1461 Two synchronization issues caused `TestPortableDesktop_IdleTimeout_StopsRecordings` (and the `MultipleRecordings` variant) to flake on macOS CI: 1. **`clk.Advance(idleTimeout)` was not awaited.** In `MultipleRecordings`, both idle timers fire simultaneously but their `fire()` goroutines race to remove themselves from the mock clock's event list. Without `MustWait`, the second timer may still be in `m.all` when the next `Advance` is called, causing `"cannot advance ... beyond next timer/ticker event in 0s"`. 2. **The test depended on SIGINT being handled promptly.** After the `stop_timeout` timer was released, the test relied entirely on the shell process handling SIGINT (via `rec.done`). On macOS, `/bin/sh` may not interrupt `wait` reliably, leaving `lockedStopRecordingProcess` blocked in its `select` while holding `p.mu` — deadlocking the `require.Eventually` callback. ### Fix Wait for each `Advance` to complete and advance past the 15s stop timeout so the process is forcibly killed via the timer path, independent of signal handling. Verified with 1000 iterations (500 per test) with zero failures. > Generated with [Coder Agents](https://coder.com/agents) |
||
|
Mathias Fredriksson
|
a62ead8588 |
fix(coderd): sort pinned chats first in GetChats pagination (#24222)
The GetChats SQL query ordered by (updated_at, id) DESC with no pin_order awareness. A pinned chat with an old updated_at could land on page 2+ and be invisible in the sidebar's Pinned section. Add a 4-column ORDER BY: pinned-first flag DESC, negated pin_order DESC, updated_at DESC, id DESC. The negation trick keeps all sort columns DESC so the cursor tuple < comparison still works. Update the after_id cursor clause to match the expanded sort key. Fix the false handler comment claiming PinChatByID bumps updated_at. |
||
|
dependabot[bot]
|
b68c14dd04 |
chore: bump github.com/hashicorp/go-getter from 1.8.4 to 1.8.6 (#24247)
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.8.4 to 1.8.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/hashicorp/go-getter/releases">github.com/hashicorp/go-getter's releases</a>.</em></p> <blockquote> <h2>v1.8.6</h2> <p>No release notes provided.</p> <h2>v1.8.5</h2> <h2>What's Changed</h2> <ul> <li>[chore] : Bump the go group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/go-getter/pull/576">hashicorp/go-getter#576</a></li> <li>use %w to wrap error by <a href="https://github.com/Ericwww"><code>@Ericwww</code></a> in <a href="https://redirect.github.com/hashicorp/go-getter/pull/475">hashicorp/go-getter#475</a></li> <li>fix: <a href="https://redirect.github.com/hashicorp/go-getter/issues/538">#538</a> http file download skipped if headResp.ContentLength is 0 by <a href="https://github.com/martijnvdp"><code>@martijnvdp</code></a> in <a href="https://redirect.github.com/hashicorp/go-getter/pull/539">hashicorp/go-getter#539</a></li> <li>chore: fix error message capitalization in checksum function by <a href="https://github.com/ssagarverma"><code>@ssagarverma</code></a> in <a href="https://redirect.github.com/hashicorp/go-getter/pull/578">hashicorp/go-getter#578</a></li> <li>[chore] : Bump the go group with 8 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/go-getter/pull/577">hashicorp/go-getter#577</a></li> <li>Fix git url with ambiguous ref by <a href="https://github.com/nimasamii"><code>@nimasamii</code></a> in <a href="https://redirect.github.com/hashicorp/go-getter/pull/382">hashicorp/go-getter#382</a></li> <li>fix: resolve compilation errors in get_git_test.go by <a href="https://github.com/CreatorHead"><code>@CreatorHead</code></a> in <a href="https://redirect.github.com/hashicorp/go-getter/pull/579">hashicorp/go-getter#579</a></li> <li>[chore] : Bump the actions group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/go-getter/pull/582">hashicorp/go-getter#582</a></li> <li>[chore] : Bump the go group with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/go-getter/pull/583">hashicorp/go-getter#583</a></li> <li>test that arbitrary files cannot be checksummed by <a href="https://github.com/schmichael"><code>@schmichael</code></a> in <a href="https://redirect.github.com/hashicorp/go-getter/pull/250">hashicorp/go-getter#250</a></li> <li>[chore] : Bump google.golang.org/api from 0.260.0 to 0.262.0 in the go group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/go-getter/pull/585">hashicorp/go-getter#585</a></li> <li>[chore] : Bump actions/checkout from 6.0.1 to 6.0.2 in the actions group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/go-getter/pull/586">hashicorp/go-getter#586</a></li> <li>[chore] : Bump the go group with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/go-getter/pull/588">hashicorp/go-getter#588</a></li> <li>[chore] : Bump actions/cache from 5.0.2 to 5.0.3 in the actions group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/go-getter/pull/589">hashicorp/go-getter#589</a></li> <li>[chore] : Bump aws-actions/configure-aws-credentials from 5.1.1 to 6.0.0 in the actions group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/go-getter/pull/592">hashicorp/go-getter#592</a></li> <li>[chore] : Bump google.golang.org/api from 0.264.0 to 0.265.0 in the go group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/go-getter/pull/591">hashicorp/go-getter#591</a></li> <li>[chore] : Bump the go group with 5 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/go-getter/pull/593">hashicorp/go-getter#593</a></li> <li>IND-6310 - CRT Onboarding by <a href="https://github.com/nasareeny"><code>@nasareeny</code></a> in <a href="https://redirect.github.com/hashicorp/go-getter/pull/584">hashicorp/go-getter#584</a></li> <li>Fix crt build path by <a href="https://github.com/ssagarverma"><code>@ssagarverma</code></a> in <a href="https://redirect.github.com/hashicorp/go-getter/pull/594">hashicorp/go-getter#594</a></li> <li>[chore] : Bump the go group with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/go-getter/pull/596">hashicorp/go-getter#596</a></li> <li>fix: remove checkout action from set-product-version job by <a href="https://github.com/ssagarverma"><code>@ssagarverma</code></a> in <a href="https://redirect.github.com/hashicorp/go-getter/pull/598">hashicorp/go-getter#598</a></li> <li>[chore] : Bump the actions group with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/go-getter/pull/595">hashicorp/go-getter#595</a></li> <li>fix(deps): upgrade go.opentelemetry.io/otel/sdk to v1.40.0 (GO-2026-4394) by <a href="https://github.com/ssagarverma"><code>@ssagarverma</code></a> in <a href="https://redirect.github.com/hashicorp/go-getter/pull/599">hashicorp/go-getter#599</a></li> <li>Prepare go-getter for v1.8.5 release by <a href="https://github.com/nasareeny"><code>@nasareeny</code></a> in <a href="https://redirect.github.com/hashicorp/go-getter/pull/597">hashicorp/go-getter#597</a></li> <li>[chore] : Bump the actions group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/go-getter/pull/600">hashicorp/go-getter#600</a></li> <li>sec: bump go and xrepos + redact aws tokens in url by <a href="https://github.com/dduzgun-security"><code>@dduzgun-security</code></a> in <a href="https://redirect.github.com/hashicorp/go-getter/pull/604">hashicorp/go-getter#604</a></li> </ul> <p><strong>NOTES:</strong></p> <p>Binary Distribution Update: To streamline our release process and align with other HashiCorp tools, all release binaries will now be published exclusively to the official HashiCorp <a href="https://releases.hashicorp.com/go-getter/">release</a> site. We will no longer attach release assets to GitHub Releases.</p> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Ericwww"><code>@Ericwww</code></a> made their first contribution in <a href="https://redirect.github.com/hashicorp/go-getter/pull/475">hashicorp/go-getter#475</a></li> <li><a href="https://github.com/martijnvdp"><code>@martijnvdp</code></a> made their first contribution in <a href="https://redirect.github.com/hashicorp/go-getter/pull/539">hashicorp/go-getter#539</a></li> <li><a href="https://github.com/nimasamii"><code>@nimasamii</code></a> made their first contribution in <a href="https://redirect.github.com/hashicorp/go-getter/pull/382">hashicorp/go-getter#382</a></li> <li><a href="https://github.com/nasareeny"><code>@nasareeny</code></a> made their first contribution in <a href="https://redirect.github.com/hashicorp/go-getter/pull/584">hashicorp/go-getter#584</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/hashicorp/go-getter/compare/v1.8.4...v1.8.5">https://github.com/hashicorp/go-getter/compare/v1.8.4...v1.8.5</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/hashicorp/go-getter/commit/d23bff48fb87c956bb507a03d35a63ee45470e34"><code>d23bff4</code></a> Merge pull request <a href="https://redirect.github.com/hashicorp/go-getter/issues/608">#608</a> from hashicorp/dependabot/go_modules/go-security-9c51...</li> <li><a href="https://github.com/hashicorp/go-getter/commit/2c4aba8e5286c18bc66358236454a3e3b0aa7421"><code>2c4aba8</code></a> Merge pull request <a href="https://redirect.github.com/hashicorp/go-getter/issues/613">#613</a> from hashicorp/pull/v1.8.6</li> <li><a href="https://github.com/hashicorp/go-getter/commit/fe61ed9454b818721d81328d7e880fc2ed2c8d15"><code>fe61ed9</code></a> Merge pull request <a href="https://redirect.github.com/hashicorp/go-getter/issues/611">#611</a> from hashicorp/SECVULN-41053</li> <li><a href="https://github.com/hashicorp/go-getter/commit/d53365612c5250f7df8d586ba3be70fbd42e613b"><code>d533656</code></a> Merge pull request <a href="https://redirect.github.com/hashicorp/go-getter/issues/606">#606</a> from hashicorp/pull/CRT</li> <li><a href="https://github.com/hashicorp/go-getter/commit/388f23d7d40f1f1e1a9f5b40ee5590c08154cd6d"><code>388f23d</code></a> Additional test for local branch and head</li> <li><a href="https://github.com/hashicorp/go-getter/commit/b7ceaa59b11a203c14cf58e5fcaa8f169c0ced6e"><code>b7ceaa5</code></a> harden checkout ref handling and added regression tests</li> <li><a href="https://github.com/hashicorp/go-getter/commit/769cc14fdb0df5ac548f4ead1193b5c40460f11e"><code>769cc14</code></a> Release version bump up</li> <li><a href="https://github.com/hashicorp/go-getter/commit/6086a6a1f6347f735401c26429d9a0e14ad29444"><code>6086a6a</code></a> Review Comments Addressed</li> <li><a href="https://github.com/hashicorp/go-getter/commit/e02063cd28e97bb8a23a63e72e2a4a4ab6e982cf"><code>e02063c</code></a> Revert "SECVULN Fix for git checkout argument injection enables arbitrary fil...</li> <li><a href="https://github.com/hashicorp/go-getter/commit/c93084dc4306b2c49c54fe6fbfbe79c98956e5f8"><code>c93084d</code></a> [chore] : Bump google.golang.org/grpc</li> <li>Additional commits viewable in <a href="https://github.com/hashicorp/go-getter/compare/v1.8.4...v1.8.6">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/coder/coder/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Zach
|
508114d484 |
feat: user secret database encryption (#24218)
Add dbcrypt support for user secret values. When database encryption is enabled, secret values are transparently encrypted on write and decrypted on read through the existing dbcrypt store wrapper. - Wrap `CreateUserSecret`, `GetUserSecretByUserIDAndName`, `ListUserSecretsWithValues`, and `UpdateUserSecretByUserIDAndName` in enterprise/dbcrypt/dbcrypt.go. - Add rotate and decrypt support for user secrets in enterprise/dbcrypt/cliutil.go (`server dbcrypt rotate` and `server dbcrypt decrypt`). - Add internal tests covering encrypt-on-create, decrypt-on-read, re-encrypt-on-update, and plaintext passthrough when no cipher is configured. |
||
|
Garrett Delfosse
|
e0fbb0e4ec |
feat: comment on original PR after cherry-pick PR is created (#24243)
After the cherry-pick workflow creates a backport PR, it now comments on the original PR to notify the author with a link to the new PR. If the cherry-pick had conflicts, the comment includes a warning. ## Changes - Capture the URL output of `gh pr create` into `NEW_PR_URL` - Add `gh pr comment` on the original PR with the link - Append a conflict warning to the comment when applicable > Generated by Coder Agents |