mirror of
https://github.com/coder/coder.git
synced 2026-06-02 20:48:20 +00:00
75f5b60eb6a674220249e7da73158faef44db289
2224 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
 Asher
|
47daca6eea |
feat: add filtering to org members (#23334)
Continuation of https://github.com/coder/coder/pull/23067 Add filtering to the paginated org member endpoint (pretty much the same as what I did in the previous PR with group members, except there I also had to add pagination since it was missing). |
||
|
Asher
|
24ab216dd1 |
feat: add new group members endpoint with filtering and pagination (#23067)
Partially addresses #21813 (still need to make changes to the "add user" button to be complete) Since there are a lot of user tests already, I moved them into `coderdtest` to be shared. |
||
|
Mathias Fredriksson
|
89eaf6ad74 |
docs: document smart hook file classification in CONTRIBUTING (#23370)
The git hooks now classify staged files and select either the full or lightweight make target. This was missing from the contributing guide after #23358 landed. Also add actionlint config to suppress a pre-existing SC2016 false positive in the triage workflow. Shellcheck disable directives don't work inside heredocs when actionlint drives shellcheck. |
||
|
Susana Ferreira
|
139594a4f4 |
feat: block CONNECT tunnels to private/reserved IP ranges (#23109)
## Description Blocks `CONNECT` tunnels to private and reserved IP ranges in aibridgeproxyd, preventing the proxy from being used to reach internal networks. The Coder access URL is always exempt (hostname+port match) so the proxy can reach its own deployment. It is possible to exempt additional ranges via `CODER_AIBRIDGE_PROXY_ALLOWED_PRIVATE_CIDRS`. DNS rebinding is handled differently per path: * Direct (no upstream proxy): validate the resolved IP right before the TCP dial, no window between check and connect. * Upstream proxy: Resolves and checks before forwarding to the upstream dialer. A small rebinding window exists since the upstream proxy re-resolves independently. ## Changes * Add blocked IP denylist covering private, reserved, and special-purpose ranges * Add `AllowedPrivateCIDRs` option with CLI flag and env var * Wire IP checks into `proxy.ConnectDial` for both upstream and direct paths * Add tests for blocked/allowed cases across direct dial, upstream proxy, CIDR exemptions, and CoderAccessURL exemption Notes: documentation will be handled in a follow-up PR. Closes: https://github.com/coder/security/issues/124 |
||
|
dependabot[bot]
|
abd7b7aeba |
ci: bump the github-actions group across 1 directory with 9 updates (#23345)
Bumps the github-actions group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [crate-ci/typos](https://github.com/crate-ci/typos) | `1.40.0` | `1.44.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6.0.0` | `7.0.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.7.0` | `4.0.0` | | [actions/attest](https://github.com/actions/attest) | `3.2.0` | `4.1.0` | | [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `47.0.1` | `47.0.5` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.12.0` | `4.0.0` | | [linear/linear-release-action](https://github.com/linear/linear-release-action) | `0.4.0` | `0.5.0` | | [benc-uk/workflow-dispatch](https://github.com/benc-uk/workflow-dispatch) | `1.2.4` | `1.3.1` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `c1824fd6edce30d7ab345a9989de00bbd46ef284` | `57a97c7e7821a5776cebc9bb87c984fa69cba8f1` | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.2` | `2.16.0` | Updates `crate-ci/typos` from 1.40.0 to 1.44.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/crate-ci/typos/releases">crate-ci/typos's releases</a>.</em></p> <blockquote> <h2>v1.44.0</h2> <h2>[1.44.0] - 2026-02-27</h2> <h3>Features</h3> <ul> <li>Updated the dictionary with the <a href="https://redirect.github.com/crate-ci/typos/issues/1488">February 2026</a> changes</li> </ul> <h2>v1.43.5</h2> <h2>[1.43.5] - 2026-02-16</h2> <h3>Fixes</h3> <ul> <li><em>(pypi)</em> Hopefully fix the sdist build</li> </ul> <h2>v1.43.4</h2> <h2>[1.43.4] - 2026-02-09</h2> <h3>Fixes</h3> <ul> <li>Don't correct <code>pincher</code></li> </ul> <h2>v1.43.3</h2> <h2>[1.43.3] - 2026-02-06</h2> <h3>Fixes</h3> <ul> <li><em>(action)</em> Adjust how typos are reported to github</li> </ul> <h2>v1.43.2</h2> <h2>[1.43.2] - 2026-02-05</h2> <h3>Fixes</h3> <ul> <li>Don't correct <code>certifi</code> in Python</li> </ul> <h2>v1.43.1</h2> <h2>[1.43.1] - 2026-02-03</h2> <h3>Fixes</h3> <ul> <li>Don't correct <code>consts</code></li> </ul> <h2>v1.43.0</h2> <h2>[1.43.0] - 2026-02-02</h2> <h3>Features</h3> <ul> <li>Updated the dictionary with the <a href="https://redirect.github.com/crate-ci/typos/issues/1453">January 2026</a> changes</li> </ul> <h2>v1.42.3</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/crate-ci/typos/blob/master/CHANGELOG.md">crate-ci/typos's changelog</a>.</em></p> <blockquote> <h1>Change Log</h1> <p>All notable changes to this project will be documented in this file.</p> <p>The format is based on <a href="https://keepachangelog.com/">Keep a Changelog</a> and this project adheres to <a href="https://semver.org/">Semantic Versioning</a>.</p> <!-- raw HTML omitted --> <h2>[Unreleased] - ReleaseDate</h2> <h2>[1.44.0] - 2026-02-27</h2> <h3>Features</h3> <ul> <li>Updated the dictionary with the <a href="https://redirect.github.com/crate-ci/typos/issues/1488">February 2026</a> changes</li> </ul> <h2>[1.43.5] - 2026-02-16</h2> <h3>Fixes</h3> <ul> <li><em>(pypi)</em> Hopefully fix the sdist build</li> </ul> <h2>[1.43.4] - 2026-02-09</h2> <h3>Fixes</h3> <ul> <li>Don't correct <code>pincher</code></li> </ul> <h2>[1.43.3] - 2026-02-06</h2> <h3>Fixes</h3> <ul> <li><em>(action)</em> Adjust how typos are reported to github</li> </ul> <h2>[1.43.2] - 2026-02-05</h2> <h3>Fixes</h3> <ul> <li>Don't correct <code>certifi</code> in Python</li> </ul> <h2>[1.43.1] - 2026-02-03</h2> <h3>Fixes</h3> <ul> <li>Don't correct <code>consts</code></li> </ul> <h2>[1.43.0] - 2026-02-02</h2> <h3>Compatibility</h3> <ul> <li>Bumped MSRV to 1.91</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/crate-ci/typos/commit/631208b7aac2daa8b707f55e7331f9112b0e062d"><code>631208b</code></a> chore: Release</li> <li><a href="https://github.com/crate-ci/typos/commit/3d3c6e376823e66c4f3e2583fc47b8be83b66d71"><code>3d3c6e3</code></a> chore: Release</li> <li><a href="https://github.com/crate-ci/typos/commit/ba1f545443d223c6bc2c821dad76c210fa78b46f"><code>ba1f545</code></a> docs: Update changelog</li> <li><a href="https://github.com/crate-ci/typos/commit/102f66c093f0eb1a69937d3d1c589d5f16c5569b"><code>102f66c</code></a> Merge pull request <a href="https://redirect.github.com/crate-ci/typos/issues/1510">#1510</a> from epage/feb</li> <li><a href="https://github.com/crate-ci/typos/commit/d303c9398affd88fc562292a2ec9433a37817b28"><code>d303c93</code></a> feat(dict): February updates</li> <li><a href="https://github.com/crate-ci/typos/commit/30eea72e385d435c00a24eeba0d96f87048f42ec"><code>30eea72</code></a> chore(ci): Update pre-build binary workflow</li> <li><a href="https://github.com/crate-ci/typos/commit/57b11c6b7e54c402ccd9cda953f1072ec4f78e33"><code>57b11c6</code></a> chore: Release</li> <li><a href="https://github.com/crate-ci/typos/commit/105ced22a5a7fedc36cbef6e5dec31b708e9ec5b"><code>105ced2</code></a> docs: Update changelog</li> <li><a href="https://github.com/crate-ci/typos/commit/4f89be7e4a7933f8d9693a9da7a9e9258a8671ba"><code>4f89be7</code></a> Merge pull request <a href="https://redirect.github.com/crate-ci/typos/issues/1504">#1504</a> from schnellerhase/bump-maturin</li> <li><a href="https://github.com/crate-ci/typos/commit/d8547ad9c141d0e2c568b2344f0804a446ff25ab"><code>d8547ad</code></a> Merge pull request <a href="https://redirect.github.com/crate-ci/typos/issues/1503">#1503</a> from 1195343015/patch-1</li> <li>Additional commits viewable in <a href="https://github.com/crate-ci/typos/compare/2d0ce569feab1f8752f1dde43cc2f2aa53236e06...631208b7aac2daa8b707f55e7331f9112b0e062d">compare view</a></li> </ul> </details> <br /> Updates `actions/upload-artifact` from 6.0.0 to 7.0.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p> <blockquote> <h2>v7.0.0</h2> <h2>v7 What's new</h2> <h3>Direct Uploads</h3> <p>Adds support for uploading single files directly (unzipped). Callers can set the new <code>archive</code> parameter to <code>false</code> to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The <code>name</code> parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.</p> <h3>ESM</h3> <p>To support new versions of the <code>@actions/*</code> packages, we've upgraded the package to ESM.</p> <h2>What's Changed</h2> <ul> <li>Add proxy integration test by <a href="https://github.com/Link"><code>@Link</code></a>- in <a href="https://redirect.github.com/actions/upload-artifact/pull/754">actions/upload-artifact#754</a></li> <li>Upgrade the module to ESM and bump dependencies by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/762">actions/upload-artifact#762</a></li> <li>Support direct file uploads by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/764">actions/upload-artifact#764</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Link"><code>@Link</code></a>- made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/754">actions/upload-artifact#754</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v6...v7.0.0">https://github.com/actions/upload-artifact/compare/v6...v7.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f"><code>bbbca2d</code></a> Support direct file uploads (<a href="https://redirect.github.com/actions/upload-artifact/issues/764">#764</a>)</li> <li><a href="https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296"><code>589182c</code></a> Upgrade the module to ESM and bump dependencies (<a href="https://redirect.github.com/actions/upload-artifact/issues/762">#762</a>)</li> <li><a href="https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5"><code>47309c9</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/754">#754</a> from actions/Link-/add-proxy-integration-tests</li> <li><a href="https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0"><code>02a8460</code></a> Add proxy integration test</li> <li>See full diff in <a href="https://github.com/actions/upload-artifact/compare/b7c566a772e6b6bfb58ed0dc250532a479d7789f...bbbca2ddaa5d8feaa63e36b76fdaad77386f024f">compare view</a></li> </ul> </details> <br /> Updates `docker/login-action` from 3.7.0 to 4.0.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/login-action/releases">docker/login-action's releases</a>.</em></p> <blockquote> <h2>v4.0.0</h2> <ul> <li>Node 24 as default runtime (requires <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Actions Runner v2.327.1</a> or later) by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/929">docker/login-action#929</a></li> <li>Switch to ESM and update config/test wiring by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/927">docker/login-action#927</a></li> <li>Bump <code>@actions/core</code> from 1.11.1 to 3.0.0 in <a href="https://redirect.github.com/docker/login-action/pull/919">docker/login-action#919</a></li> <li>Bump <code>@aws-sdk/client-ecr</code> from 3.890.0 to 3.1000.0 in <a href="https://redirect.github.com/docker/login-action/pull/909">docker/login-action#909</a> <a href="https://redirect.github.com/docker/login-action/pull/920">docker/login-action#920</a></li> <li>Bump <code>@aws-sdk/client-ecr-public</code> from 3.890.0 to 3.1000.0 in <a href="https://redirect.github.com/docker/login-action/pull/909">docker/login-action#909</a> <a href="https://redirect.github.com/docker/login-action/pull/920">docker/login-action#920</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.63.0 to 0.77.0 in <a href="https://redirect.github.com/docker/login-action/pull/910">docker/login-action#910</a> <a href="https://redirect.github.com/docker/login-action/pull/928">docker/login-action#928</a></li> <li>Bump <code>@isaacs/brace-expansion</code> from 5.0.0 to 5.0.1 in <a href="https://redirect.github.com/docker/login-action/pull/921">docker/login-action#921</a></li> <li>Bump js-yaml from 4.1.0 to 4.1.1 in <a href="https://redirect.github.com/docker/login-action/pull/901">docker/login-action#901</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.7.0...v4.0.0">https://github.com/docker/login-action/compare/v3.7.0...v4.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/login-action/commit/b45d80f862d83dbcd57f89517bcf500b2ab88fb2"><code>b45d80f</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/929">#929</a> from crazy-max/node24</li> <li><a href="https://github.com/docker/login-action/commit/176cb9c12abea98dfe844071c0999ff6ee9688a7"><code>176cb9c</code></a> node 24 as default runtime</li> <li><a href="https://github.com/docker/login-action/commit/cad89843109a11cb6f69f52fe695c42cf69d57d3"><code>cad8984</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/920">#920</a> from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...</li> <li><a href="https://github.com/docker/login-action/commit/92cbcb231ed341e7dc71693351b21f5ba65f8349"><code>92cbcb2</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/5a2d6a71bd3e0cb4abb6faae33f3dde61ece8e5b"><code>5a2d6a7</code></a> build(deps): bump the aws-sdk-dependencies group with 2 updates</li> <li><a href="https://github.com/docker/login-action/commit/44512b6b2e08b878e82b107b394fcd1af5748e63"><code>44512b6</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/928">#928</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="https://github.com/docker/login-action/commit/28737a5e46bc0c62910ef429b2e55f9cabbbd5df"><code>28737a5</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/dac079354afbd8db4c3b58b8cc6946573479b2a6"><code>dac0793</code></a> build(deps): bump <code>@docker/actions-toolkit</code> from 0.76.0 to 0.77.0</li> <li><a href="https://github.com/docker/login-action/commit/62029f315d6d05c8646343320e4a1552e5f1c77a"><code>62029f3</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/919">#919</a> from docker/dependabot/npm_and_yarn/actions/core-3.0.0</li> <li><a href="https://github.com/docker/login-action/commit/08c8f064bf22a1c55918ee608a81d87b13cc4461"><code>08c8f06</code></a> chore: update generated content</li> <li>Additional commits viewable in <a href="https://github.com/docker/login-action/compare/c94ce9fb468520275223c153574b00df6fe4bcc9...b45d80f862d83dbcd57f89517bcf500b2ab88fb2">compare view</a></li> </ul> </details> <br /> Updates `actions/attest` from 3.2.0 to 4.1.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/attest/releases">actions/attest's releases</a>.</em></p> <blockquote> <h2>v4.1.0</h2> <h2>What's Changed</h2> <ul> <li>Bump <code>@actions/attest</code> from 3.0.0 to 3.1.0 by <a href="https://github.com/bdehamer"><code>@bdehamer</code></a> in <a href="https://redirect.github.com/actions/attest/pull/362">actions/attest#362</a></li> <li>Bump <code>@actions/attest</code> from 3.1.0 to 3.2.0 by <a href="https://github.com/bdehamer"><code>@bdehamer</code></a> in <a href="https://redirect.github.com/actions/attest/pull/365">actions/attest#365</a></li> <li>Add new <code>subject-version</code> input for inclusion in storage record by <a href="https://github.com/bdehamer"><code>@bdehamer</code></a> in <a href="https://redirect.github.com/actions/attest/pull/364">actions/attest#364</a></li> <li>Add storage record content to README by <a href="https://github.com/bdehamer"><code>@bdehamer</code></a> in <a href="https://redirect.github.com/actions/attest/pull/366">actions/attest#366</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/attest/compare/v4.0.0...v4.1.0">https://github.com/actions/attest/compare/v4.0.0...v4.1.0</a></p> <h2>v4.0.0</h2> <p>All of the capabilities of <a href="https://github.com/actions/attest-build-provenance"><code>actions/attest-build-provenance</code></a>, and <a href="https://github.com/actions/attest-sbom"><code>actions/attest-sbom</code></a> have now been folded into <code>actions/attest</code>.</p> <h2>What's Changed</h2> <ul> <li>Bump <code>@actions/core</code> from 2.0.1 to 2.0.2 in the npm-production group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/attest/pull/323">actions/attest#323</a></li> <li>Bump tar from 7.4.3 to 7.5.6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/attest/pull/333">actions/attest#333</a></li> <li>Bump <code>@actions/github</code> from 6.0.1 to 7.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/attest/pull/324">actions/attest#324</a></li> <li>Bump <code>@actions/attest</code> from 2.1.0 to 2.2.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/attest/pull/325">actions/attest#325</a></li> <li>Bump tar from 7.4.3 to 7.5.7 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/attest/pull/337">actions/attest#337</a></li> <li>Bump <code>@isaacs/brace-expansion</code> from 5.0.0 to 5.0.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/attest/pull/342">actions/attest#342</a></li> <li>Consolidate attestation actions by <a href="https://github.com/bdehamer"><code>@bdehamer</code></a> in <a href="https://redirect.github.com/actions/attest/pull/346">actions/attest#346</a></li> <li>ESM Conversion by <a href="https://github.com/bdehamer"><code>@bdehamer</code></a> in <a href="https://redirect.github.com/actions/attest/pull/347">actions/attest#347</a></li> <li>Test suite refactor by <a href="https://github.com/bdehamer"><code>@bdehamer</code></a> in <a href="https://redirect.github.com/actions/attest/pull/356">actions/attest#356</a></li> <li>Bump tar from 7.5.7 to 7.5.9 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/attest/pull/354">actions/attest#354</a></li> <li>Bump version in package.json to v4.0.0 by <a href="https://github.com/bdehamer"><code>@bdehamer</code></a> in <a href="https://redirect.github.com/actions/attest/pull/360">actions/attest#360</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/attest/compare/v3.2.0...v4.0.0">https://github.com/actions/attest/compare/v3.2.0...v4.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/attest/commit/59d89421af93a897026c735860bf21b6eb4f7b26"><code>59d8942</code></a> add storage record content to README (<a href="https://redirect.github.com/actions/attest/issues/366">#366</a>)</li> <li><a href="https://github.com/actions/attest/commit/ec072a1cb2a95a9fb38f16ee92f72e0270cbf263"><code>ec072a1</code></a> add new subject-version input (<a href="https://redirect.github.com/actions/attest/issues/364">#364</a>)</li> <li><a href="https://github.com/actions/attest/commit/8b290b8d865f4d5d2caca84a45d0de9620d2187a"><code>8b290b8</code></a> bump <code>@actions/attest</code> from 3.1.0 to 3.2.0 (<a href="https://redirect.github.com/actions/attest/issues/365">#365</a>)</li> <li><a href="https://github.com/actions/attest/commit/35cfe2422ed5658cfc87b5cca7e50507f7d478da"><code>35cfe24</code></a> bump <code>@actions/attest</code> from 3.0.0 to 3.1.0 (<a href="https://redirect.github.com/actions/attest/issues/362">#362</a>)</li> <li><a href="https://github.com/actions/attest/commit/c32b4b8b198b65d0bd9d63490e847ff7b53989d4"><code>c32b4b8</code></a> bump version in package.json to v4.0.0 (<a href="https://redirect.github.com/actions/attest/issues/360">#360</a>)</li> <li><a href="https://github.com/actions/attest/commit/1e73be196c8840af1fa1fbff376890066093a323"><code>1e73be1</code></a> Bump typescript-eslint in the npm-development group (<a href="https://redirect.github.com/actions/attest/issues/358">#358</a>)</li> <li><a href="https://github.com/actions/attest/commit/e1345cbec46c2ad797722d96bfa19e14e3548b70"><code>e1345cb</code></a> Bump the npm-development group across 1 directory with 3 updates (<a href="https://redirect.github.com/actions/attest/issues/357">#357</a>)</li> <li><a href="https://github.com/actions/attest/commit/09cd5f66cb420c0389c6f725c641e08df274410e"><code>09cd5f6</code></a> Bump tar from 7.5.7 to 7.5.9 (<a href="https://redirect.github.com/actions/attest/issues/354">#354</a>)</li> <li><a href="https://github.com/actions/attest/commit/19ad753d23453c7b9e9caf8a907f1d9e08816359"><code>19ad753</code></a> test suite re-write (<a href="https://redirect.github.com/actions/attest/issues/356">#356</a>)</li> <li><a href="https://github.com/actions/attest/commit/7d7ff4475a8e98e172944ad0b6687ab116043a85"><code>7d7ff44</code></a> ESM Conversion (<a href="https://redirect.github.com/actions/attest/issues/347">#347</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/attest/compare/e59cbc1ad1ac2d59339667419eb8cdde6eb61e3d...59d89421af93a897026c735860bf21b6eb4f7b26">compare view</a></li> </ul> </details> <br /> Updates `tj-actions/changed-files` from 47.0.1 to 47.0.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tj-actions/changed-files/releases">tj-actions/changed-files's releases</a>.</em></p> <blockquote> <h2>v47.0.5</h2> <h2>What's Changed</h2> <ul> <li>Upgraded to v47.0.4 by <a href="https://github.com/github-actions"><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2802">tj-actions/changed-files#2802</a></li> <li>Updated README.md by <a href="https://github.com/github-actions"><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2803">tj-actions/changed-files#2803</a></li> <li>Updated README.md by <a href="https://github.com/github-actions"><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2805">tj-actions/changed-files#2805</a></li> <li>chore(deps-dev): bump <code>@types/node</code> from 25.2.2 to 25.3.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2811">tj-actions/changed-files#2811</a></li> <li>chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2810">tj-actions/changed-files#2810</a></li> <li>chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2809">tj-actions/changed-files#2809</a></li> <li>chore(deps-dev): bump eslint-plugin-jest from 29.12.1 to 29.15.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2799">tj-actions/changed-files#2799</a></li> <li>chore(deps): bump github/codeql-action from 4.32.2 to 4.32.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2806">tj-actions/changed-files#2806</a></li> <li>chore(deps-dev): bump prettier from 3.7.4 to 3.8.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2775">tj-actions/changed-files#2775</a></li> <li>chore(deps): bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2774">tj-actions/changed-files#2774</a></li> <li>chore(deps): bump lodash and <code>@types/lodash</code> by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2807">tj-actions/changed-files#2807</a></li> <li>chore(deps-dev): bump eslint-plugin-prettier from 5.5.4 to 5.5.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2764">tj-actions/changed-files#2764</a></li> <li>chore(deps): bump github/codeql-action from 4.32.4 to 4.32.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2815">tj-actions/changed-files#2815</a></li> <li>chore(deps-dev): bump <code>@types/node</code> from 25.3.2 to 25.3.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2814">tj-actions/changed-files#2814</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tj-actions/changed-files/compare/v47.0.4...v47.0.5">https://github.com/tj-actions/changed-files/compare/v47.0.4...v47.0.5</a></p> <h2>v47.0.4</h2> <h2>What's Changed</h2> <ul> <li>update: release-tagger action to version 6.0.6 by <a href="https://github.com/jackton1"><code>@jackton1</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2801">tj-actions/changed-files#2801</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tj-actions/changed-files/compare/v47.0.3...v47.0.4">https://github.com/tj-actions/changed-files/compare/v47.0.3...v47.0.4</a></p> <h2>v47.0.3</h2> <h2>What's Changed</h2> <ul> <li>chore(deps): bump github/codeql-action from 4.31.10 to 4.32.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2790">tj-actions/changed-files#2790</a></li> <li>update: release-tagger action to version 6.0.0 by <a href="https://github.com/jackton1"><code>@jackton1</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2800">tj-actions/changed-files#2800</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tj-actions/changed-files/compare/v47.0.2...v47.0.3">https://github.com/tj-actions/changed-files/compare/v47.0.2...v47.0.3</a></p> <h2>v47.0.2</h2> <h2>What's Changed</h2> <ul> <li>chore(deps-dev): bump eslint-plugin-jest from 29.2.1 to 29.11.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2751">tj-actions/changed-files#2751</a></li> <li>chore(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2741">tj-actions/changed-files#2741</a></li> <li>chore(deps): bump actions/download-artifact from 6.0.0 to 7.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2743">tj-actions/changed-files#2743</a></li> <li>chore(deps): bump <code>@actions/core</code> from 2.0.0 to 2.0.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2757">tj-actions/changed-files#2757</a></li> <li>Updated README.md by <a href="https://github.com/github-actions"><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2768">tj-actions/changed-files#2768</a></li> <li>chore: update dist by <a href="https://github.com/jackton1"><code>@jackton1</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2769">tj-actions/changed-files#2769</a></li> <li>chore: update matrix-example.yml by <a href="https://github.com/jackton1"><code>@jackton1</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2752">tj-actions/changed-files#2752</a></li> <li>feat: add support for excluding symlinks and fix bug with commit not found by <a href="https://github.com/jackton1"><code>@jackton1</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2770">tj-actions/changed-files#2770</a></li> <li>chore(deps): bump github/codeql-action from 4.31.7 to 4.31.10 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2761">tj-actions/changed-files#2761</a></li> <li>Updated README.md by <a href="https://github.com/github-actions"><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2771">tj-actions/changed-files#2771</a></li> <li>chore(deps-dev): bump eslint-plugin-jest from 29.11.0 to 29.12.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2756">tj-actions/changed-files#2756</a></li> <li>chore(deps-dev): bump <code>@types/lodash</code> from 4.17.21 to 4.17.23 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2759">tj-actions/changed-files#2759</a></li> <li>fix: Update test.yml by <a href="https://github.com/jackton1"><code>@jackton1</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2781">tj-actions/changed-files#2781</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tj-actions/changed-files/blob/main/HISTORY.md">tj-actions/changed-files's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h1><a href="https://github.com/tj-actions/changed-files/compare/v47.0.4...v47.0.5">47.0.5</a> - (2026-03-03)</h1> <h2><!-- raw HTML omitted -->🔄 Update</h2> <ul> <li>Updated README.md (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2805">#2805</a>)</li> </ul> <p>Co-authored-by: github-actions[bot] <41898282+github-actions[bot]<a href="https://github.com/users"><code>@users</code></a>.noreply.github.com> (<a href="https://github.com/tj-actions/changed-files/commit/35dace0375d89e25e78db5f0a44127b61f4e5c20">35dace0</a>) - (github-actions[bot])</p> <ul> <li>Updated README.md (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2803">#2803</a>)</li> </ul> <p>Co-authored-by: github-actions[bot] <41898282+github-actions[bot]<a href="https://github.com/users"><code>@users</code></a>.noreply.github.com> Co-authored-by: Tonye Jack <a href="mailto:jtonye@ymail.com">jtonye@ymail.com</a> (<a href="https://github.com/tj-actions/changed-files/commit/9ee99eb5bda5d6a67fedcd50ecd24fb10add2f41">9ee99eb</a>) - (github-actions[bot])</p> <h2><!-- raw HTML omitted -->⚙️ Miscellaneous Tasks</h2> <ul> <li><strong>deps-dev:</strong> Bump <code>@types/node</code> from 25.3.2 to 25.3.3 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2814">#2814</a>) (<a href="https://github.com/tj-actions/changed-files/commit/22103cc46bda19c2b464ffe86db46df6922fd323">22103cc</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Bump github/codeql-action from 4.32.4 to 4.32.5 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2815">#2815</a>) (<a href="https://github.com/tj-actions/changed-files/commit/6c02e900a24488df269842eb1cf6ffe3391ce182">6c02e90</a>) - (dependabot[bot])</li> <li><strong>deps-dev:</strong> Bump eslint-plugin-prettier from 5.5.4 to 5.5.5 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2764">#2764</a>) (<a href="https://github.com/tj-actions/changed-files/commit/05f9457d921137103bb9687b6b571075f75a65f2">05f9457</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Bump lodash and <code>@types/lodash</code> (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2807">#2807</a>) (<a href="https://github.com/tj-actions/changed-files/commit/52ed872dd71bea01a73ce5c7c595e78cb9566401">52ed872</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2774">#2774</a>) (<a href="https://github.com/tj-actions/changed-files/commit/1cc574637935a98713e34cbd4e8cf01a985f942c">1cc5746</a>) - (dependabot[bot])</li> <li><strong>deps-dev:</strong> Bump prettier from 3.7.4 to 3.8.1 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2775">#2775</a>) (<a href="https://github.com/tj-actions/changed-files/commit/de2962f9f408abd241f7c1a8b6cac3ab44358d1a">de2962f</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Bump github/codeql-action from 4.32.2 to 4.32.4 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2806">#2806</a>) (<a href="https://github.com/tj-actions/changed-files/commit/37e96ccbfefb9100f34f87d75c890c50c6e78d15">37e96cc</a>) - (dependabot[bot])</li> <li><strong>deps-dev:</strong> Bump eslint-plugin-jest from 29.12.1 to 29.15.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2799">#2799</a>) (<a href="https://github.com/tj-actions/changed-files/commit/2180b0f05d03655e0bedd1657d13f6abc6313014">2180b0f</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Bump actions/upload-artifact from 6.0.0 to 7.0.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2809">#2809</a>) (<a href="https://github.com/tj-actions/changed-files/commit/cf021c158c722f81dea97fe5edc8bd2de1cc2bc1">cf021c1</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Bump actions/download-artifact from 7.0.0 to 8.0.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2810">#2810</a>) (<a href="https://github.com/tj-actions/changed-files/commit/b54ac6f17f95fdc4ec5ee3bf355ea7c354dc9c53">b54ac6f</a>) - (dependabot[bot])</li> <li><strong>deps-dev:</strong> Bump <code>@types/node</code> from 25.2.2 to 25.3.2 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2811">#2811</a>) (<a href="https://github.com/tj-actions/changed-files/commit/0f2a510bd7ac84bc12cdc52c2094298bc26b1692">0f2a510</a>) - (dependabot[bot])</li> </ul> <h2><!-- raw HTML omitted -->⬆️ Upgrades</h2> <ul> <li>Upgraded to v47.0.4 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2802">#2802</a>)</li> </ul> <p>Co-authored-by: github-actions[bot] <41898282+github-actions[bot]<a href="https://github.com/users"><code>@users</code></a>.noreply.github.com> Co-authored-by: Tonye Jack <a href="mailto:jtonye@ymail.com">jtonye@ymail.com</a> (<a href="https://github.com/tj-actions/changed-files/commit/b7ac303c8684d5e668c6c810e61a6fe32a53fe25">b7ac303</a>) - (github-actions[bot])</p> <h1><a href="https://github.com/tj-actions/changed-files/compare/v47.0.3...v47.0.4">47.0.4</a> - (2026-02-17)</h1> <h2><!-- raw HTML omitted -->🔄 Update</h2> <ul> <li>Release-tagger action to version 6.0.6 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2801">#2801</a>) (<a href="https://github.com/tj-actions/changed-files/commit/7dee1b0c1557f278e5c7dc244927139d78c0e22a">7dee1b0</a>) - (Tonye Jack)</li> </ul> <h1><a href="https://github.com/tj-actions/changed-files/compare/v47.0.2...v47.0.3">47.0.3</a> - (2026-02-17)</h1> <h2><!-- raw HTML omitted -->🔄 Update</h2> <ul> <li>Release-tagger action to version 6.0.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2800">#2800</a>) (<a href="https://github.com/tj-actions/changed-files/commit/28b28f6e4e9e3d997beb9dce86cfd8cf0ce7c7f6">28b28f6</a>) - (Tonye Jack)</li> </ul> <h2><!-- raw HTML omitted -->⚙️ Miscellaneous Tasks</h2> <ul> <li><strong>deps:</strong> Bump github/codeql-action from 4.31.10 to 4.32.2 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2790">#2790</a>) (<a href="https://github.com/tj-actions/changed-files/commit/875e6e5df8b8b00995fe6f0afd7ff1531ac1c47d">875e6e5</a>) - (dependabot[bot])</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tj-actions/changed-files/commit/22103cc46bda19c2b464ffe86db46df6922fd323"><code>22103cc</code></a> chore(deps-dev): bump <code>@types/node</code> from 25.3.2 to 25.3.3 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2814">#2814</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/6c02e900a24488df269842eb1cf6ffe3391ce182"><code>6c02e90</code></a> chore(deps): bump github/codeql-action from 4.32.4 to 4.32.5 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2815">#2815</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/05f9457d921137103bb9687b6b571075f75a65f2"><code>05f9457</code></a> chore(deps-dev): bump eslint-plugin-prettier from 5.5.4 to 5.5.5 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2764">#2764</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/52ed872dd71bea01a73ce5c7c595e78cb9566401"><code>52ed872</code></a> chore(deps): bump lodash and <code>@types/lodash</code> (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2807">#2807</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/1cc574637935a98713e34cbd4e8cf01a985f942c"><code>1cc5746</code></a> chore(deps): bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2774">#2774</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/de2962f9f408abd241f7c1a8b6cac3ab44358d1a"><code>de2962f</code></a> chore(deps-dev): bump prettier from 3.7.4 to 3.8.1 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2775">#2775</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/37e96ccbfefb9100f34f87d75c890c50c6e78d15"><code>37e96cc</code></a> chore(deps): bump github/codeql-action from 4.32.2 to 4.32.4 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2806">#2806</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/2180b0f05d03655e0bedd1657d13f6abc6313014"><code>2180b0f</code></a> chore(deps-dev): bump eslint-plugin-jest from 29.12.1 to 29.15.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2799">#2799</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/cf021c158c722f81dea97fe5edc8bd2de1cc2bc1"><code>cf021c1</code></a> chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2809">#2809</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/b54ac6f17f95fdc4ec5ee3bf355ea7c354dc9c53"><code>b54ac6f</code></a> chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2810">#2810</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tj-actions/changed-files/compare/e0021407031f5be11a464abee9a0776171c79891...22103cc46bda19c2b464ffe86db46df6922fd323">compare view</a></li> </ul> </details> <br /> Updates `docker/setup-buildx-action` from 3.12.0 to 4.0.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v4.0.0</h2> <ul> <li>Node 24 as default runtime (requires <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Actions Runner v2.327.1</a> or later) by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/483">docker/setup-buildx-action#483</a></li> <li>Remove deprecated inputs/outputs by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/464">docker/setup-buildx-action#464</a></li> <li>Switch to ESM and update config/test wiring by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/481">docker/setup-buildx-action#481</a></li> <li>Bump <code>@actions/core</code> from 1.11.1 to 3.0.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/475">docker/setup-buildx-action#475</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.63.0 to 0.79.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/482">docker/setup-buildx-action#482</a> <a href="https://redirect.github.com/docker/setup-buildx-action/pull/485">docker/setup-buildx-action#485</a></li> <li>Bump js-yaml from 4.1.0 to 4.1.1 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/452">docker/setup-buildx-action#452</a></li> <li>Bump lodash from 4.17.21 to 4.17.23 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/472">docker/setup-buildx-action#472</a></li> <li>Bump minimatch from 3.1.2 to 3.1.5 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/480">docker/setup-buildx-action#480</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0">https://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/setup-buildx-action/commit/4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd"><code>4d04d5d</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/485">#485</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/cd74e05d9bae4eeec789f90ba15dc6fb4b60ae5d"><code>cd74e05</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/eee38ec7b3ed034ee896d3e212e5d11c04562b84"><code>eee38ec</code></a> build(deps): bump <code>@docker/actions-toolkit</code> from 0.77.0 to 0.79.0</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/7a83f65b5a215b3c81b210dafdc20362bd2b4e24"><code>7a83f65</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/484">#484</a> from docker/dependabot/github_actions/docker/setup-qe...</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/a5aa96747d67f62520b42af91aeb306e7374b327"><code>a5aa967</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/464">#464</a> from crazy-max/rm-deprecated</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/e73d53fa4ed86ff46faaf2b13a228d6e93c51af3"><code>e73d53f</code></a> build(deps): bump docker/setup-qemu-action from 3 to 4</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/28a438e9ed9ef7ae2ebd0bf839039005c9501312"><code>28a438e</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/483">#483</a> from crazy-max/node24</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/034e9d37dd436b56b0167bea5a11ab731413e8cf"><code>034e9d3</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/b4664d8fd0ba15ff14560ab001737c666076d5be"><code>b4664d8</code></a> remove deprecated inputs/outputs</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/a8257dec35f244ad06b4ff6c90fdd2ba97f262ba"><code>a8257de</code></a> node 24 as default runtime</li> <li>Additional commits viewable in <a href="https://github.com/docker/setup-buildx-action/compare/8d2750c68a42422c14e847fe6c8ac0403b4cbd6f...4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd">compare view</a></li> </ul> </details> <br /> Updates `linear/linear-release-action` from 0.4.0 to 0.5.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/linear/linear-release-action/releases">linear/linear-release-action's releases</a>.</em></p> <blockquote> <h2>v0.5.0</h2> <h2>What's Changed</h2> <ul> <li>Documentation improvements by <a href="https://github.com/RomainCscn"><code>@RomainCscn</code></a> in <a href="https://redirect.github.com/linear/linear-release-action/pull/8">linear/linear-release-action#8</a></li> <li>Add support for release_version, same as the CLI by <a href="https://github.com/RomainCscn"><code>@RomainCscn</code></a> in <a href="https://redirect.github.com/linear/linear-release-action/pull/9">linear/linear-release-action#9</a></li> <li>Set CLI version default to latest</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/linear/linear-release-action/compare/v0.4.0...v0.5.0">https://github.com/linear/linear-release-action/compare/v0.4.0...v0.5.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/linear/linear-release-action/commit/5cbaabc187ceb63eee9d446e62e68e5c29a03ae8"><code>5cbaabc</code></a> Make latest the default cli version</li> <li><a href="https://github.com/linear/linear-release-action/commit/7fb27ceb7e17ef4353a87f85f4fc1e3d3416c057"><code>7fb27ce</code></a> Add support for release_version, same as the CLI (<a href="https://redirect.github.com/linear/linear-release-action/issues/9">#9</a>)</li> <li><a href="https://github.com/linear/linear-release-action/commit/fbf0176c7348aa6444e5e3d14db454cb4f4baab8"><code>fbf0176</code></a> Ensure name is properly used when creating scheduled release (<a href="https://redirect.github.com/linear/linear-release-action/issues/8">#8</a>)</li> <li>See full diff in <a href="https://github.com/linear/linear-release-action/compare/v0.4.0...5cbaabc187ceb63eee9d446e62e68e5c29a03ae8">compare view</a></li> </ul> </details> <br /> Updates `benc-uk/workflow-dispatch` from 1.2.4 to 1.3.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/benc-uk/workflow-dispatch/releases">benc-uk/workflow-dispatch's releases</a>.</em></p> <blockquote> <h2>v1.3.1</h2> <h2>Features</h2> <ul> <li><strong>New <code>sync-status</code> input</strong> — when used with <code>wait-for-completion</code>, mirrors the triggered workflow's conclusion (failure/cancelled) back to this action's status (<a href="https://redirect.github.com/benc-uk/workflow-dispatch/issues/84">#84</a>)</li> <li><strong>Alternate <code>ref</code> default for PRs</strong> — automatically uses <code>github.head_ref</code> when running in a pull request context, avoiding <code>refs/pull/.../merge</code> errors (<a href="https://redirect.github.com/benc-uk/workflow-dispatch/issues/79">#79</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li><strong>Safer JSON input parsing</strong> — invalid <code>inputs</code> JSON now logs an error instead of throwing an unhandled exception (<a href="https://redirect.github.com/benc-uk/workflow-dispatch/issues/84">#84</a>)</li> <li><strong>Improved timeout handling</strong> — timeout now sets a distinct <code>timed_out</code> status and emits a warning instead of silently breaking (<a href="https://redirect.github.com/benc-uk/workflow-dispatch/issues/84">#84</a>)</li> <li><strong>Improved warning message formatting</strong> for workflow run timeout</li> </ul> <h2>Internal Changes & Chores</h2> <ul> <li>Replaced <code>console.log</code> calls with <code>core.info</code> for proper Actions log integration (<a href="https://redirect.github.com/benc-uk/workflow-dispatch/issues/84">#84</a>)</li> <li>Removed stale <code>ref</code>/<code>inputs</code> parameters from the workflow list API call (<a href="https://redirect.github.com/benc-uk/workflow-dispatch/issues/84">#84</a>)</li> <li>Expanded CI test matrix from 3 sequential steps to 9 parallel test jobs covering workflow lookup, output assertions, wait-for-completion, sync-status, and error handling (<a href="https://redirect.github.com/benc-uk/workflow-dispatch/issues/84">#84</a>)</li> <li>Added CI path filters to skip docs-only changes (<a href="https://redirect.github.com/benc-uk/workflow-dispatch/issues/84">#84</a>)</li> <li>Changed echo-3 test fixture from <code>workflow_call</code> to <code>workflow_dispatch</code> with deterministic failure (<a href="https://redirect.github.com/benc-uk/workflow-dispatch/issues/84">#84</a>)</li> <li>Removed unused <code>.vscode/settings.json</code> (<a href="https://redirect.github.com/benc-uk/workflow-dispatch/issues/84">#84</a>)</li> <li>Added <code>.github/copilot-instructions.md</code> (<a href="https://redirect.github.com/benc-uk/workflow-dispatch/issues/84">#84</a>)</li> <li>General project chores</li> </ul> <h2>Documentation Updates</h2> <ul> <li>No documentation updates in this release</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/benc-uk/workflow-dispatch/commit/7a027648b88c2413826b6ddd6c76114894dc5ec4"><code>7a02764</code></a> Improvements: sync-status, error handling, CI test coverage & path filters (<a href="https://redirect.github.com/benc-uk/workflow-dispatch/issues/84">#84</a>)</li> <li><a href="https://github.com/benc-uk/workflow-dispatch/commit/3162154e5e0697f47fb76f12ed5508c5f3c066d7"><code>3162154</code></a> Use alternate <code>ref</code> default for PRs (<a href="https://redirect.github.com/benc-uk/workflow-dispatch/issues/79">#79</a>)</li> <li><a href="https://github.com/benc-uk/workflow-dispatch/commit/4085c9787530f7d3f497838f77fce7b96a554397"><code>4085c97</code></a> project chores</li> <li><a href="https://github.com/benc-uk/workflow-dispatch/commit/6fd6de2826a993af5b50dfb55da903d4f1ca05ee"><code>6fd6de2</code></a> Improve warning message formatting for workflow run timeout</li> <li><a href="https://github.com/benc-uk/workflow-dispatch/commit/a54f9d194fed472732282ed1597dc4909e4b4080"><code>a54f9d1</code></a> 2026 refresh (<a href="https://redirect.github.com/benc-uk/workflow-dispatch/issues/83">#83</a>)</li> <li>See full diff in <a href="https://github.com/benc-uk/workflow-dispatch/compare/e2e5e9a103e331dad343f381a29e654aea3cf8fc...7a027648b88c2413826b6ddd6c76114894dc5ec4">compare view</a></li> </ul> </details> <br /> Updates `aquasecurity/trivy-action` from c1824fd6edce30d7ab345a9989de00bbd46ef284 to 57a97c7e7821a5776cebc9bb87c984fa69cba8f1 | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.2` | `2.16.0` | <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aquasecurity/trivy-action/commit/57a97c7e7821a5776cebc9bb87c984fa69cba8f1"><code>57a97c7</code></a> chore(deps): Update trivy to v0.69.3 (<a href="https://redirect.github.com/aquasecurity/trivy-action/issues/519">#519</a>)</li> | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.2` | `2.16.0` | <li><a href="https://github.com/aquasecurity/trivy-action/commit/97e0b3872f55f89b95b2f65b3dbab56962816478"><code>97e0b38</code></a> chore: bump Trivy version to v0.69.2 in test workflow and README (<a href="https://redirect.github.com/aquasecurity/trivy-action/issues/515">#515</a>)</li> | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.2` | `2.16.0` | <li><a href="https://github.com/aquasecurity/trivy-action/commit/4c61e6329bab9be735ca35291551614bc663dff3"><code>4c61e63</code></a> chore: bump default Trivy version to v0.69.2 (<a href="https://redirect.github.com/aquasecurity/trivy-action/issues/513">#513</a>)</li> | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.2` | `2.16.0` | <li><a href="https://github.com/aquasecurity/trivy-action/commit/1bd062560b422f5944df1de50abd05162bea079e"><code>1bd0625</code></a> Merge pull request <a href="https://redirect.github.com/aquasecurity/trivy-action/issues/508">#508</a> from nikpivkin/feat/pass-yaml-ignore-file</li> | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.2` | `2.16.0` | <li><a href="https://github.com/aquasecurity/trivy-action/commit/bce3086c4aa186dadd6671d45ad6dd5d1b8440ac"><code>bce3086</code></a> remove unused init-cache target</li> | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.2` | `2.16.0` | <li><a href="https://github.com/aquasecurity/trivy-action/commit/5a9fbb1236dc1b5ee9e73b5a515009a1dc684548"><code>5a9fbb1</code></a> supress progress bar when download db</li> | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.2` | `2.16.0` | <li><a href="https://github.com/aquasecurity/trivy-action/commit/16154502cae788884830e8df2671639b8cbaa03f"><code>1615450</code></a> update trivyignores input description</li> | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.2` | `2.16.0` | <li><a href="https://github.com/aquasecurity/trivy-action/commit/df85774a457f1f0a32a8e5744c2bced057257d65"><code>df85774</code></a> add comment about fd3</li> | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.2` | `2.16.0` | <li><a href="https://github.com/aquasecurity/trivy-action/commit/56c8daebb96c35cabeeda8187a6dd3ec711d0a72"><code>56c8dae</code></a> remove unused variable</li> | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.2` | `2.16.0` | <li><a href="https://github.com/aquasecurity/trivy-action/commit/e368e328979b113139d6f9068e03accaed98a518"><code>e368e32</code></a> ci(test): add zizmor security linter for GitHub Actions (<a href="https://redirect.github.com/aquasecurity/trivy-action/issues/502">#502</a>)</li> | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.2` | `2.16.0` | <li>Additional commits viewable in <a href="https://github.com/aquasecurity/trivy-action/compare/c1824fd6edce30d7ab345a9989de00bbd46ef284...57a97c7e7821a5776cebc9bb87c984fa69cba8f1">compare view</a></li> | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.2` | `2.16.0` | </ul> </details> <br /> <details> <summary>Most Recent Ignore Conditions Applied to This Pull Request</summary> | Dependency Name | Ignore Conditions | | --- | --- | | crate-ci/typos | [>= 1.30.a, < 1.31] | </details> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Atif Ali <atif@coder.com> |
||
|
greg-the-coder
|
176f57bb13 |
docs: Updated AWS Reference Arch to support black background (#23311)
Updated to latest Ref Arch to support Black background provided by Coder marketing content team |
||
|
Ben Potter
|
00d292d764 |
docs: remove EC2 install guide and rename AWS marketplace doc (#23298)
## Summary - **Removed** `docs/install/cloud/ec2.md` — the standalone EC2 install guide. - **Renamed** `docs/install/cloud/aws-mktplc-ce.md` → `docs/install/cloud/aws-marketplace.md` for a clearer, more discoverable filename. - **Updated** `docs/manifest.json`: replaced the "AWS EC2" entry with "AWS Marketplace" pointing to the renamed file. - **Updated** `docs/install/cloud/index.md`: fixed the internal link to the renamed file. |
||
|
Cian Johnston
|
be1c06dec9 |
feat: add endpoint and CLI for users to view their own OIDC claims (#23053)
- Adds a new API endpoint `GET /api/v2/users/oidc-claims` that returns only the **merged claims** (not the separate id_token/userinfo breakdown). Scoped exclusively to the authenticated user's own identity — no user parameter, so users cannot view each other's claims. - Adds a new CLI command:** `coder users oidc-claims` that hits the above endpoint. - The existing owner-only debug endpoint is preserved unchanged for admins who need the full claim breakdown. > 🤖 This PR was created with the help of Coder Agents, and will be reviewed by my human. 🧑💻 |
||
|
greg-the-coder
|
a6856320f9 |
docs: update Install to support AWS Marketplace Coder Community Edition (#22314)
Added new AWS install documentation and screenshots to support deployment of AWS Marketplace Coder Community Edition, as the primary/recommended method on AWS for POCs and experimenting with Coder. |
||
|
Kyle Carberry
|
d6fef96d72 |
feat: add PR insights analytics dashboard (#23215)
## What Adds a new admin-only **PR Insights** page for the `/agents` analytics view — a dashboard for engineering leaders to understand code shipped by AI agents. ### Backend - `GET /api/v2/chats/insights/pull-requests` — admin-only endpoint - 4 SQL queries in `chatinsights.sql` aggregating `chat_diff_statuses` joined with chat cost data (via root chat tree rollup) - Runs 5 parallel DB queries: current summary, previous summary (for trends), time series, per-model breakdown, recent PRs - SDK types auto-generate to TypeScript ### Frontend (`PRInsightsView`) - **Stat cards**: PRs created, Merged, Merge rate, Lines shipped, Cost/merged PR — with trend badges comparing to previous period - **Activity chart**: Stacked area chart (created/merged/closed) using git color tokens (`git-added-bright`, `git-merged-bright`, `git-deleted-bright`) - **Model performance table**: Per-model PR counts, inline merge rate bars, diff stats, cost breakdown - **Recent PRs table**: Status badges, review state icons, author info, external links - **Time range filter**: 7d/14d/30d/90d button group - **4 Storybook stories**: Default, HighPerformance, LowVolume, NoPRs ### Data source All PR data comes from the existing `chat_diff_statuses` table (populated by the `gitsync.Worker` background job that polls GitHub every 120s). No new data collection required. ### Screenshot View in Storybook: `pages/AgentsPage/PRInsightsView` |
||
|
Kacper Sawicki
|
1e07ec49a6 |
feat: add merge_strategy support for coder_env resources (#23107)
## Description Implements the server-side merge logic for the `merge_strategy` attribute added to `coder_env` in [terraform-provider-coder v2.15.0](https://github.com/coder/terraform-provider-coder/pull/489). This allows template authors to control how duplicate environment variable names are combined across multiple `coder_env` resources. Relates to https://github.com/coder/coder/issues/21885 ## Supported strategies | Strategy | Behavior | |----------|----------| | `replace` (default) | Last value wins — backward compatible | | `append` | Joins values with `:` separator (e.g. PATH additions) | | `prepend` | Prepends value with `:` separator | | `error` | Fails the build if the variable is already defined | ## Example ```hcl resource "coder_env" "path_tools" { agent_id = coder_agent.dev.id name = "PATH" value = "/home/coder/tools/bin" merge_strategy = "append" } ``` ## Changes - **Proto**: Added `merge_strategy` field to `Env` message in `provisioner.proto` - **State reader**: Updated `agentEnvAttributes` struct and proto construction in `resources.go` - **Merge logic**: Added `mergeExtraEnvs()` function in `provisionerdserver.go` with strategy-aware merging for both agent envs and devcontainer subagent envs - **Tests**: 15 unit tests covering all strategies, edge cases (empty values, mixed strategies, multiple appends) - **Dependency**: Bumped `terraform-provider-coder` v2.14.0 → v2.15.0 - **Fixtures**: Updated `duplicate-env-keys` test fixtures and golden files ## Ordering When multiple resources `append` or `prepend` to the same key, they are processed in alphabetical order by Terraform resource address (per the determinism fix in #22706). |
||
|
Ethan
|
fc3508dc60 |
feat: configure acquire chat batch size (#23196)
## Summary - add a hidden deployment config option for chat acquire batch size (`CODER_CHAT_ACQUIRE_BATCH_SIZE` / `chat.acquireBatchSize`) - thread the configured value into chatd startup while preserving the existing default of `10` - clamp the deployment value to the `int32` range before passing it into chatd - regenerate the API/docs/types/testdata artifacts for the new config field ## Why `chatd` currently acquires pending chats in batches of `10` via a compile-time default. This change makes that batch size operator-configurable from deployment config, so we can tune acquisition behavior without another code change. |
||
|
Cian Johnston
|
fe82d0aeb9 |
fix: allow member users to generate support bundles (#23040)
Fixes AIGOV-141 The `coder support bundle` command previously required admin permissions (`Read DeploymentConfig`) and would abort entirely for non-admin `member` users with: ``` failed authorization check: cannot Read DeploymentValues ``` This change makes the command **degrade gracefully** instead of failing outright. <details> <summary> Changes </summary> ### `support/support.go` - **`Run()`**: The authorization check for `Read DeploymentValues` is now a soft warning instead of a hard gate. Unauthenticated users (401) still fail, but authenticated users with insufficient permissions proceed with reduced data. - **`DeploymentInfo()`**: `DeploymentConfig` and `DebugHealth` fetches now handle 403/401 responses gracefully, matching the existing pattern used by `DeploymentStats`, `Entitlements`, and `HealthSettings`. - **`NetworkInfo()`**: Coordinator debug and tailnet debug fetches now check response status codes for 403/401 before reading the body. ### `cli/support.go` - **`summarizeBundle()`**: No longer returns early when `Config` or `HealthReport` is nil. Instead prints warnings and continues summarizing available data (e.g., netcheck). ### Tests - `MissingPrivilege` → `MemberNoWorkspace`: Asserts member users can generate a bundle successfully with degraded admin-only data. - `NoPrivilege` → `MemberCanGenerateBundle`: Asserts the CLI produces a valid zip bundle for member users. - All existing tests continue to pass (`NoAuth`, `OK`, `OK_NoWorkspace`, `DontPanic`, etc.). ## Behavior matrix | User type | Before | After | |---|---|---| | **Admin** | Full bundle | Full bundle (no change) | | **Member** | Hard error | Bundle with degraded admin-only data | | **Unauthenticated** | Hard error | Hard error (no change) | Related to PRODUCT-182 |
||
|
35C4n0r
|
d697213373 | feat(docs/ai-coder/ai-bridge): update aibridge docs for codex to use model_provider (#23199) | ||
|
Matt Vollmer
|
481c132135 |
docs: clarify agent permission inheritance and default security posture (#23194)
Addresses five documentation gaps identified from an internal agents briefing Q&A, specifically around what permissions an agent inherits from the user: 1. **No privilege escalation** — Added explicit statement that the agent has the exact same permissions as the user. No escalation, no shared service account. 2. **Cross-user workspace isolation** — Added statement that agents cannot access workspaces belonging to other users. 3. **Default-state warning** — Added WARNING callouts that agent workspaces inherit the user's full network access unless templates explicitly restrict it. 4. **Tool boundary statement** — Added explicit statement that the agent cannot act outside its defined tool set and has no direct access to the Coder API. 5. **Template visibility scoped to user RBAC** — Clarified that template selection respects the user's role and permissions. Changes across 3 files: - `docs/ai-coder/agents/index.md` - `docs/ai-coder/agents/architecture.md` - `docs/ai-coder/agents/platform-controls/template-optimization.md` --- PR generated with Coder Agents |
||
|
Matt Vollmer
|
9df7fda5f6 |
docs: rename "Template Routing" to "Template Optimization" (#23192)
Renames the page title from "Template Routing" to "Template Optimization" in both the markdown H1 header and the docs manifest entry. --- PR generated with Coder Agents |
||
|
Matt Vollmer
|
665db7bdeb |
docs: add agent workspaces best practices guide (#23142)
Add a new docs page under /docs/ai-coder/agents/ covering best practices for creating templates that are discoverable and useful to Coder Agents. Covers template descriptions, dedicated agent templates, network boundaries, credential scoping, parameter design, pre-installed tooling, and prebuilt workspaces for reducing provisioning latency. <!-- If you have used AI to produce some or all of this PR, please ensure you have read our [AI Contribution guidelines](https://coder.com/docs/about/contributing/AI_CONTRIBUTING) before submitting. --> |
||
|
Asher
|
903cfb183f | feat: add --service-account to cli user creation (#23186) | ||
|
Kayla はな
|
49e5547c22 | feat: add support for creating service accounts (#23140) | ||
|
George K
|
91ec0f1484 |
feat: add service_accounts workspace sharing mode (#23093)
Introduce a three-way workspace sharing setting (none, everyone, service_accounts) replacing the boolean workspace_sharing_disabled. In service_accounts mode, only service account-owned workspaces can be shared while regular members' share permissions are removed. Adds a new organization-service-account system role with per-org permissions reconciled alongside the existing organization-member system role. Related to: https://linear.app/codercom/issue/PLAT-28/feat-service-accounts-sharing-mode-and-rbac-role --------- Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com> Co-authored-by: Kayla はな <mckayla@hey.com> |
||
|
Danny Kopping
|
365de3e367 |
feat: record model thoughts (#22676)
Depends on https://github.com/coder/aibridge/pull/203 Closes https://github.com/coder/internal/issues/1337 --------- Signed-off-by: Danny Kopping <danny@coder.com> |
||
|
Michael Suchacz
|
1031da9738 |
feat: add agent chat spend limiting (backend) (#23071)
Introduces deployment-scoped spend limiting for Coder Agents, enabling administrators to control LLM costs at global, group, and individual user levels. ## Changes - **Database migration (000437)**: `chat_usage_limit_config` (singleton), `chat_usage_limit_overrides` (per-user), `chat_usage_limit_group_overrides` (per-group) - **Single-query limit resolution**: individual override > min(group) > global default via `ResolveUserChatSpendLimit` - **Fail-open enforcement** in chatd with documented TOCTOU trade-off - **Experimental API** under `/api/experimental/chats/usage-limits` for CRUD on limits - **`AsChatd` RBAC subject** for narrowly-scoped daemon access (replaces `AsSystemRestricted`) - **Generated TypeScript types** for the frontend SDK ## Hierarchy 1. Individual user override (highest) 2. Minimum of group limits 3. Global default 4. Disabled / unlimited Currency stored as micro-dollars (`1,000,000` = $1.00). Frontend PR: #23072 |
||
|
Steven Masley
|
93b9d70a9b |
chore: add audit log entry when ai seat is consumed (#22683)
When an ai seat is consumed, an audit log entry is made. This only happens the first time a seat is used. |
||
|
Zach
|
3f76f312e4 |
feat(cli): add --no-wait flag to coder create (#22867)
Adds a `--no-wait` flag (CODER_CREATE_NO_WAIT) to the create command, matching the existing pattern in `coder start`. When set, the `coder create` command returns immediately after the workspace creation API call succeeds instead of streaming build logs until completion. This enables fire-and-forget workspace creation in CI/automation contexts (e.g., GitHub Actions), where waiting for the build to finish is unnecessary. Combined with other existing flags, users can create a workspace with no interactivity, assuming the user is already authenticated. |
||
|
Kyle Carberry
|
530872873e |
chore: remove swagger annotations from experimental chat endpoints (#23120)
The `/archive` and `/desktop` chat endpoints had swagger route comments (`@Summary`, `@ID`, `@Router`, etc.) that would cause them to appear in generated API docs. Since these live under `/experimental/chats`, they should not be documented. This removes the swagger annotations and adds the standard `// EXPERIMENTAL: this endpoint is experimental and is subject to change.` comment to `archiveChat` (the `watchChatDesktop` handler already had it, just needed the swagger block removed). |
||
|
Matt Vollmer
|
115011bd70 |
docs: rename Chat API to Chats API (#23121)
Renames the page title and manifest label from "Chat API" to "Chats API" to match the plural endpoint path (`/api/experimental/chats`). |
||
|
Matt Vollmer
|
3c6445606d |
docs: add Chat API page under Coder Agents (#22898)
Adds `docs/ai-coder/agents/chat-api.md` — a concise guide for the experimental `/api/experimental/chats` endpoints. **What's included:** - Authentication - Quick start curl example - Core workflow (create → stream → follow-up) - All major endpoints: create, messages, stream, list, get, archive, interrupt - File uploads - Chat status reference Also marks all Coder Agents child pages as `early access` in `docs/manifest.json`. |
||
|
blinkagent[bot]
|
3704e930a1 |
docs: update release calendar for v2.31 (#23113)
The release calendar was outdated — it still showed v2.30 as Mainline and v2.31 as Not Released. This runs the `scripts/update-release-calendar.sh` script and manually re-adds the ESR rows that the script doesn't handle: **Changes:** - v2.28: Security Support → Not Supported - v2.29: Stable + ESR → Security Support + ESR (v2.29.8) - v2.30: Mainline → Stable (v2.30.3) - v2.31: Not Released → Mainline (v2.31.5) - Added 2.32 as Not Released - Kept 2.24 as Extended Support Release - Updated latest patch versions for all releases - Removed 2.25 (no longer in the rolling window) Created on behalf of @matifali Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com> |
||
|
Matt Vollmer
|
59553b8df8 |
docs(ai-coder): add enablement instructions for agents experiment (#23057)
Adds a new **Enable Coder Agents** section to the Early Access doc explaining how to activate the `agents` experiment flag via `CODER_EXPERIMENTS` or `--experiments`. ## Changes ### `docs/ai-coder/agents/early-access.md` - New **Enable Coder Agents** section with env var and CLI flag examples. - Note that the `agents` flag is excluded from wildcard (`*`) opt-in. - Quick-start checklist: dashboard → Admin → configure provider/model → start chatting. - Link to GitHub issues for feedback. ### `docs/ai-coder/agents/index.md` - Updated **Product status** from "internal preview" to "Early Access" with a link to the early-access page for enablement instructions. |
||
|
Mathias Fredriksson
|
aa6f301305 |
ci: add conventional commit PR title linting (#23096)
Restore PR title validation that was removed in
|
||
|
Callum Styan
|
36665e17b2 |
feat: add WatchAllWorkspaceBuilds endpoint for autostart scaletests (#22057)
This PR adds a `WatchAllWorkspaces` function with `watch-all-workspaces` endpoint, which can be used to listen on a single global pubsub channel for _all_ workspace build updates, and makes use of it in the autostart scaletest. This negates the need to use a workspace watch pubsub channel _per_ workspace, which has auth overhead associated with each call. This is especially relevant in situations such as the autostart scaletest, where we need to start/stop a set of workspaces before we can configure their autostart config. The overhead associated with all the watch requests skews the scaletest results and makes it harder to reason about the performance of the autostart feature itself. The autostart scaletest also no longer generates its own metrics nor does it wait for all the workspaces to actually start via autostart. We should update the scaletest dashboard after both PRs are merged to measure autostart performance via the new metrics. The new function/endpoint and its usage in the autostart scaletest are gated behind an experiment feature flag, this is something we should discuss whether we want to enable the endpoint in prod by default or not. If so, we can remove the experiment. --------- Signed-off-by: Callum Styan <callumstyan@gmail.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: Callum Styan <callum@coder.com> |
||
|
Hugo Dutka
|
84527390c6 |
feat: chat desktop backend (#23005)
Implement the backend for the desktop feature for agents. - Adds a new `/api/experimental/chats/$id/desktop` endpoint to coderd which exposes a VNC stream from a [portabledesktop](https://github.com/coder/portabledesktop) process running inside the workspace - Adds a new `spawn_computer_use_agent` tool to chatd, which spawns a subagent that has access to the `computer` tool which lets it interact with the `portabledesktop` process running inside the workspace - Adds the plumbing to make the above possible There's a follow up frontend PR here: https://github.com/coder/coder/pull/23006 |
||
|
Michael Suchacz
|
c3b6284955 |
feat: add chat cost analytics backend (#23036)
Add cost tracking for LLM chat interactions with microdollar precision. ## Changes - Add `chatcost` package for per-message cost calculation using `shopspring/decimal` for intermediate arithmetic - **Ceil rounding policy**: fractional micros round UP to next whole micro (applied once after summing all components) - Database migration: `total_cost_micros` BIGINT column with historical backfill and `created_at` index - API endpoints: per-user cost summary and admin rollup under `/api/experimental/chats/cost/` - SDK types: `ChatCostSummary`, `ChatCostModelBreakdown`, `ChatCostUserRollup` - Fix `modeloptionsgen` to handle `decimal.Decimal` as opaque numeric type - Update frontend pricing test fixtures for string decimal types ## Design decisions - `NULL` = unpriced (no matching model config), `0` = free - Reasoning tokens included in output tokens (no double-counting) - Integer microdollars (BIGINT) for storage and API responses - Price config uses `decimal.Decimal` for exact parsing; totals use `int64` Frontend: #23037 |
||
|
Danny Kopping
|
870583224d |
chore: deprecate injected MCP approach in AI Bridge (#23031)
_Disclaimer: implemented by a Coder Agent using Claude Opus 4.6._ Marks the injected MCP approach in AI Bridge as deprecated across the codebase. ## Changes - **`codersdk/deployment.go`**: Deprecated `ExternalAuthConfig.MCPURL`, `.MCPToolAllowRegex`, `.MCPToolDenyRegex` fields; deprecated and hid the `--aibridge-inject-coder-mcp-tools` server flag; deprecated `AIBridgeConfig.InjectCoderMCPTools`. - **`coderd/externalauth/externalauth.go`**: Deprecated `Config.MCPURL`, `.MCPToolAllowRegex`, `.MCPToolDenyRegex`. - **`enterprise/aibridgedserver/aibridgedserver.go`**: Added runtime deprecation warning when `CODER_AIBRIDGE_INJECT_CODER_MCP_TOOLS` is enabled; deprecated `getCoderMCPServerConfig`. - **`enterprise/aibridged/mcp.go`**: Deprecated `MCPProxyBuilder` interface and `MCPProxyFactory` struct. - **`docs/ai-coder/ai-bridge/mcp.md`**: Added deprecation warning banner. |
||
|
Mathias Fredriksson
|
57af7abf1f |
test: add testutil.WaitBuffer and replace time.Sleep in tests (#22922)
WaitBuffer is a thread-safe io.Writer that supports blocking until accumulated output matches a substring or custom predicate. It replaces ad-hoc safeBuffer/syncWriter types and time.Sleep-based poll loops in tests with signal-driven waits. - WaitFor/WaitForNth/WaitForCond for blocking on output - Replace custom buffer types in cli/sync_test.go and provisionersdk/agent_test.go - Convert time.Sleep poll loops to require.Eventually/require.Never in cli/ssh_test.go, coderd/activitybump_test.go, coderd/workspaceagentsrpc_test.go, workspaceproxy_test.go, and scaletest tests |
||
|
Matt Vollmer
|
c7abfc6ff8 | docs: move IDE clarification to 'what agents is and isn't' section (#22982) | ||
|
Mathias Fredriksson
|
660a3dad21 |
feat(scripts/githooks): restore pre-push hook with allowlist (#22980)
The pre-push hook was removed in #22956. This restores it with a reduced scope (tests + site build) and an allowlist so it only runs for developers who opt in. Two opt-in mechanisms: - git config coder.pre-push true (local, not committed) - CODER_WORKSPACE_OWNER_NAME allowlist in the hook script git config takes priority and also supports explicit opt-out for allowlisted users (git config coder.pre-push false). Refs #22956 --------- Co-authored-by: Cian Johnston <cian@coder.com> |
||
|
Michael Suchacz
|
fba00a6b3a |
feat(agents): add chat model pricing metadata (#22959)
## Summary - add chat model pricing metadata to the agents admin form and SDK metadata - split pricing into its own section and show default pricing as placeholders - apply default pricing when admins leave pricing fields blank |
||
|
George K
|
e5c19d0af4 |
feat: backend support for creating and storing service accounts (#22698)
Add is_service_account column to users table with CHECK constraints enforcing login_type='none' and empty email for service accounts. Update user creation API to validate service account constraints. Related to: https://linear.app/codercom/issue/PLAT-27/feat-backend-support-for-creating-and-storing-service-accounts |
||
|
Thomas Kosiewski
|
e96cd5cbb2 |
chore(githooks): remove pre-push hook (#22956)
## Summary - remove the `pre-push` git hook script from the repository - remove the `make pre-push` target and related Makefile documentation - update contributor and agent docs so they only describe the remaining `pre-commit` hook ## Validation - `make pre-commit` - `git diff --check` --- _Generated with [`mux`](https://github.com/coder/mux) • Model: `openai:gpt-5.4` • Thinking: `high`_ |
||
|
Matt Vollmer
|
7b846fb548 |
docs: remove Coder Research page and nav entry (#22947)
Removes the Coder Research page, its left-nav entry in manifest.json, and a back-reference in the Mux docs. |
||
|
Cian Johnston
|
bc27274aba |
feat(coderd): refactors github pr sync functionality (#22715)
- Adds `_API_BASE_URL` to `CODER_EXTERNAL_AUTH_CONFIG_` - Extracts and refactors existing GitHub PR sync logic to new packages `coderd/gitsync` and `coderd/externalauth/gitprovider` - Associated wiring and tests Created using Opus 4.6 |
||
|
Matt Vollmer
|
f22450f29b |
docs: add early access state to agent child pages and fix video URL (#22908)
## Changes - Add `"state": ["early access"]` to all child pages under Coder Agents in `docs/manifest.json` (Architecture, Models, Platform Controls, Early Access). - Point the Coder Agents video `<source>` directly at `raw.githubusercontent.com` instead of the `github.com/blob/` URL with `?raw=true`. |
||
|
Cian Johnston
|
12bdbc693f |
docs: remove experimental chat API from generated docs (#22897)
The chat API is experimental (behind `ExperimentAgents`) and not ready for public documentation yet. This removes swagger annotations from the chat handlers so they no longer appear in the generated API reference at https://coder.com/docs/reference/api/chats. ## Changes - Remove `@swagger` annotations from 5 chat handlers in `coderd/chats.go` - Regenerate `coderd/apidoc/swagger.json` and `docs.go` - Delete `docs/reference/api/chats.md` - Remove Chats entry from `docs/manifest.json` |
||
|
Matt Vollmer
|
72fb0cd554 |
docs: add Early Access page under Coder Agents (#22872)
Adds a new child page at `/docs/ai-coder/agents/early-access` describing the Coder Agents Early Access, including what it includes, what it does not include, feature scope, licensing, and how to provide feedback. |
||
|
Mathias Fredriksson
|
9bc884d597 |
docs(docs/ai-coder): upgrade Codex to full resume support (#22594)
The codex registry module v4.2.0 wires `enable_state_persistence` through to agentapi, completing session resume support. Combined with the `--type codex` flag added in v4.1.2, Codex now fully preserves conversation context across pause and resume cycles. Refs coder/registry#783 Refs coder/registry#785 |
||
|
Danielle Maywood
|
4cf8d4414e |
feat: make coder task send resume paused tasks (#22203)
|
||
|
Mathias Fredriksson
|
a104d608a3 |
feat: add file/image attachment support to chat input (#22604)
This change adds support for image attachments to chat via add button and clipboard paste. Files are stored in a new `chat_files` table and referenced by ID in message content. File data is resolved from storage at LLM dispatch time, keeping the message content column small. Upload validates MIME types via content type or content sniffing against an allowlist (png, jpeg, gif, webp). The retrieval endpoint serves files with immutable caching headers. On the frontend, uploads start eagerly on attach with a background fetch to pre-warm the browser HTTP cache so the timeline renders instantly after send. |
||
|
Mathias Fredriksson
|
752e6ecc16 |
build: add pre-commit/push hooks mirroring CI checks (#22705)
This change adds git hooks and Makefile targets that mirror CI required checks locally, catching issues before they reach CI. This is for use by AI agents (documented in AGENTS.md). - **pre-commit** (every commit): gen, fmt, lint, typos, slim binary build. Fast checks without Docker or Playwright. - **pre-push** (before push): full CI suite including site build, tests, sqlc-vet, offlinedocs. To use: ```sh git config core.hooksPath scripts/githooks ``` Works in worktrees (where `.git` is a file). Bypass with `--no-verify`. |
||
|
Hugo Dutka
|
48ab492f49 |
feat: agents git watch backend (#22565)
Adds real-time git status watching for workspace agents, so the frontend
can subscribe over WebSocket and show
git file changes in near real-time.
1. Subscription is scoped to a **chat** via `GET
/api/experimental/chats/{chat}/git/watch`.
2. The workspace agent automatically determines which paths to watch
based on tool calls made by the chat (and its ancestor chats).
3. Workspace agent polls subscribed repo working trees on a 30s
interval, on tools calls, and on explicit `refresh` from the client.
4. Scans are rate-limited to at most once per second.
5. Edited paths are tracked **in-memory** inside the workspace agent.
There is no database persistence — state is lost on agent restart. This
will be addresses in a future PR.
6. Messages sent over WebSocket include a full-repo snapshot (unified
diff, branch, origin). A new message is emitted only when the snapshot
changes.
This PR was implemented with AI with me closely controlling what it's
doing. The code follows a plan file that was updated continuously during
implementation. Here's the file if you'd like to see it:
[project.md](https://gist.github.com/hugodutka/8722cf80c92f8a56555f7bc595b770e2).
It reflects the current state of the PR.
|