mirror of
https://github.com/coder/coder.git
synced 2026-06-02 20:48:20 +00:00
dependabot[bot]
011914bb14
Bumps [axios](https://github.com/axios/axios) from 1.15.2 to 1.16.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/releases">axios's releases</a>.</em></p> <blockquote> <h2>v1.16.0 — May 2, 2026</h2> <p>This release adds support for the QUERY HTTP method and a new <code>ECONNREFUSED</code> error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.</p> <h2>⚠️ Notable Changes</h2> <p>A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:</p> <ul> <li><strong>Fetch adapter now enforces <code>maxBodyLength</code> and <code>maxContentLength</code>.</strong> These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (<strong><a href="https://redirect.github.com/axios/axios/issues/10795">#10795</a></strong>)</li> <li><strong>Proxy requests now preserve user-supplied <code>Host</code> headers.</strong> Previously, the proxy path could overwrite a custom <code>Host</code>. Virtual-host-style routing through a proxy will now behave correctly. (<strong><a href="https://redirect.github.com/axios/axios/issues/10822">#10822</a></strong>)</li> <li><strong>Basic auth credentials embedded in URLs are now URL-decoded.</strong> If you have percent-encoded credentials in a URL (e.g. <code>https://user:p%40ss@host</code>), the decoded value is what now goes on the wire. (<strong><a href="https://redirect.github.com/axios/axios/issues/10825">#10825</a></strong>)</li> <li><strong><code>parseProtocol</code> now strictly requires a colon in the protocol separator.</strong> Strings that loosely parsed as protocols before may no longer match. (<strong><a href="https://redirect.github.com/axios/axios/issues/10729">#10729</a></strong>)</li> <li><strong>Deprecated <code>unescape()</code> replaced with modern UTF-8 encoding.</strong> Non-ASCII URL handling is now spec-correct; consumers depending on legacy <code>unescape()</code> quirks may see different output bytes. (<strong><a href="https://redirect.github.com/axios/axios/issues/7378">#7378</a></strong>)</li> <li><strong><code>transformRequest</code> input typing change was reverted.</strong> The typing change introduced in <a href="https://redirect.github.com/axios/axios/issues/10745">#10745</a> was reverted in <a href="https://redirect.github.com/axios/axios/issues/10810">#10810</a> after follow-up review — net behavior is unchanged from 1.15.2. (<strong><a href="https://redirect.github.com/axios/axios/issues/10745">#10745</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10810">#10810</a></strong>)</li> </ul> <h2>🚀 New Features</h2> <ul> <li><strong>QUERY HTTP Method:</strong> Added support for the QUERY HTTP method across adapters and type definitions. (<strong><a href="https://redirect.github.com/axios/axios/issues/10802">#10802</a></strong>)</li> <li><strong>ECONNREFUSED Error Constant:</strong> Exposed <code>ECONNREFUSED</code> as a constant on <code>AxiosError</code> so callers can match connection-refused failures without comparing string literals (closes <a href="https://redirect.github.com/axios/axios/issues/6485">#6485</a>). (<strong><a href="https://redirect.github.com/axios/axios/issues/10680">#10680</a></strong>)</li> <li><strong>Encode Helper Export:</strong> Exported the internal <code>encode</code> helper from <code>buildURL</code> so userland param serializers can reuse the same encoding logic that axios uses internally. (<strong><a href="https://redirect.github.com/axios/axios/issues/6897">#6897</a></strong>)</li> </ul> <h2>🐛 Bug Fixes</h2> <ul> <li><strong>HTTP Adapter — Redirects & Headers:</strong> Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing <code>requestDetails</code> argument on <code>beforeRedirect</code>, preserved user-supplied <code>Host</code> headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (<strong><a href="https://redirect.github.com/axios/axios/issues/10794">#10794</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10800">#10800</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/6241">#6241</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10822">#10822</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10825">#10825</a></strong>)</li> <li><strong>HTTP Adapter — Streams & Timeouts:</strong> Preserved the partial response object on <code>AxiosError</code> when a stream is aborted after headers arrive, honoured the <code>timeout</code> option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and <code>maxRedirects: 0</code>. (<strong><a href="https://redirect.github.com/axios/axios/issues/10708">#10708</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10819">#10819</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/7149">#7149</a></strong>)</li> <li><strong>Fetch Adapter:</strong> Enforced <code>maxBodyLength</code> / <code>maxContentLength</code> in the fetch adapter, set the <code>User-Agent</code> header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a <code>TypeError</code> in restricted environments. (<strong><a href="https://redirect.github.com/axios/axios/issues/10795">#10795</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10772">#10772</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10806">#10806</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/7260">#7260</a></strong>)</li> <li><strong>XHR Adapter:</strong> Unsubscribed the <code>cancelToken</code> and <code>AbortSignal</code> listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (<strong><a href="https://redirect.github.com/axios/axios/issues/10787">#10787</a></strong>)</li> <li><strong>Error Handling:</strong> Attached the parsed response to <code>AxiosError</code> when <code>JSON.parse</code> fails inside <code>dispatchRequest</code>, prevented <code>settle</code> from emitting <code>undefined</code> error codes, and tightened the <code>parseProtocol</code> regex to require a colon in the protocol separator. (<strong><a href="https://redirect.github.com/axios/axios/issues/10724">#10724</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/7276">#7276</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10729">#10729</a></strong>)</li> <li><strong>Types & Exports:</strong> Aligned the CommonJS <code>CancelToken</code> typings with the ESM build, fixed a compiler error caused by <code>RawAxiosHeaders</code>, and re-exported <code>create</code> from the package index. (<strong><a href="https://redirect.github.com/axios/axios/issues/7414">#7414</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/6389">#6389</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/6460">#6460</a></strong>)</li> <li><strong>UTF-8 Encoding:</strong> Replaced the deprecated <code>unescape()</code> call with a modern UTF-8 encoding implementation. (<strong><a href="https://redirect.github.com/axios/axios/issues/7378">#7378</a></strong>)</li> <li><strong>Misc Cleanup:</strong> Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (<strong><a href="https://redirect.github.com/axios/axios/issues/10833">#10833</a></strong>)</li> </ul> <h2>🔧 Maintenance & Chores</h2> <ul> <li><strong>Refactor — ES6 Modernisation:</strong> Modernised the <code>utils</code> module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (<strong><a href="https://redirect.github.com/axios/axios/issues/10588">#10588</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/7419">#7419</a></strong>)</li> <li><strong>Tests:</strong> Hardened the HTTP test server lifecycle to fix flaky <code>FormData</code> EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (<strong><a href="https://redirect.github.com/axios/axios/issues/10820">#10820</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10791">#10791</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10796">#10796</a></strong>)</li> <li><strong>Docs:</strong> Documented <code>paramsSerializer.encode</code> for strict RFC 3986 query encoding, updated the <code>parseReviver</code> TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (<strong><a href="https://redirect.github.com/axios/axios/issues/10821">#10821</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10782">#10782</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10759">#10759</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10804">#10804</a></strong>)</li> <li><strong>Reverted:</strong> Reverted the <code>transformRequest</code> input typing change from <a href="https://redirect.github.com/axios/axios/issues/10745">#10745</a> after follow-up review. (<strong><a href="https://redirect.github.com/axios/axios/issues/10745">#10745</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10810">#10810</a></strong>)</li> <li><strong>Dependencies:</strong> Bumped <code>actions/setup-node</code>, the <code>github-actions</code> group, and <code>postcss</code> (in <code>/docs</code>) to their latest versions. (<strong><a href="https://redirect.github.com/axios/axios/issues/10785">#10785</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10813">#10813</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10814">#10814</a></strong>)</li> <li><strong>Release:</strong> Updated changelog and packages, and prepared the 1.16.0 release. (<strong><a href="https://redirect.github.com/axios/axios/issues/10790">#10790</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10834">#10834</a></strong>)</li> </ul> <h2>🌟 New Contributors</h2> <p>We are thrilled to welcome our new contributors. Thank you for helping improve axios:</p> <ul> <li><strong><a href="https://github.com/singhankit001"><code>@singhankit001</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10588">#10588</a></strong>)</li> <li><strong><a href="https://github.com/cuiweixie"><code>@cuiweixie</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/7419">#7419</a></strong>)</li> <li><strong><a href="https://github.com/iruizsalinas"><code>@iruizsalinas</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10787">#10787</a></strong>)</li> <li><strong><a href="https://github.com/MarcosNocetti"><code>@MarcosNocetti</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10680">#10680</a></strong>)</li> <li><strong><a href="https://github.com/deepview-autofix"><code>@deepview-autofix</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10729">#10729</a></strong>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's changelog</a>.</em></p> <blockquote> <h2>v1.16.0 — May 2, 2026</h2> <p>This release adds support for the QUERY HTTP method and a new <code>ECONNREFUSED</code> error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.</p> <h2>⚠️ Notable Changes</h2> <p>A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:</p> <ul> <li><strong>Fetch adapter now enforces <code>maxBodyLength</code> and <code>maxContentLength</code>.</strong> These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (<strong><a href="https://redirect.github.com/axios/axios/issues/10795">#10795</a></strong>)</li> <li><strong>Proxy requests now preserve user-supplied <code>Host</code> headers.</strong> Previously, the proxy path could overwrite a custom <code>Host</code>. Virtual-host-style routing through a proxy will now behave correctly. (<strong><a href="https://redirect.github.com/axios/axios/issues/10822">#10822</a></strong>)</li> <li><strong>Basic auth credentials embedded in URLs are now URL-decoded.</strong> If you have percent-encoded credentials in a URL (e.g. <code>https://user:p%40ss@host</code>), the decoded value is what now goes on the wire. (<strong><a href="https://redirect.github.com/axios/axios/issues/10825">#10825</a></strong>)</li> <li><strong><code>parseProtocol</code> now strictly requires a colon in the protocol separator.</strong> Strings that loosely parsed as protocols before may no longer match. (<strong><a href="https://redirect.github.com/axios/axios/issues/10729">#10729</a></strong>)</li> <li><strong>Deprecated <code>unescape()</code> replaced with modern UTF-8 encoding.</strong> Non-ASCII URL handling is now spec-correct; consumers depending on legacy <code>unescape()</code> quirks may see different output bytes. (<strong><a href="https://redirect.github.com/axios/axios/issues/7378">#7378</a></strong>)</li> <li><strong><code>transformRequest</code> input typing change was reverted.</strong> The typing change introduced in <a href="https://redirect.github.com/axios/axios/issues/10745">#10745</a> was reverted in <a href="https://redirect.github.com/axios/axios/issues/10810">#10810</a> after follow-up review — net behavior is unchanged from 1.15.2. (<strong><a href="https://redirect.github.com/axios/axios/issues/10745">#10745</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10810">#10810</a></strong>)</li> </ul> <h2>🚀 New Features</h2> <ul> <li><strong>QUERY HTTP Method:</strong> Added support for the QUERY HTTP method across adapters and type definitions. (<strong><a href="https://redirect.github.com/axios/axios/issues/10802">#10802</a></strong>)</li> <li><strong>ECONNREFUSED Error Constant:</strong> Exposed <code>ECONNREFUSED</code> as a constant on <code>AxiosError</code> so callers can match connection-refused failures without comparing string literals (closes <a href="https://redirect.github.com/axios/axios/issues/6485">#6485</a>). (<strong><a href="https://redirect.github.com/axios/axios/issues/10680">#10680</a></strong>)</li> <li><strong>Encode Helper Export:</strong> Exported the internal <code>encode</code> helper from <code>buildURL</code> so userland param serializers can reuse the same encoding logic that axios uses internally. (<strong><a href="https://redirect.github.com/axios/axios/issues/6897">#6897</a></strong>)</li> </ul> <h2>🐛 Bug Fixes</h2> <ul> <li><strong>HTTP Adapter — Redirects & Headers:</strong> Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing <code>requestDetails</code> argument on <code>beforeRedirect</code>, preserved user-supplied <code>Host</code> headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (<strong><a href="https://redirect.github.com/axios/axios/issues/10794">#10794</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10800">#10800</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/6241">#6241</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10822">#10822</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10825">#10825</a></strong>)</li> <li><strong>HTTP Adapter — Streams & Timeouts:</strong> Preserved the partial response object on <code>AxiosError</code> when a stream is aborted after headers arrive, honoured the <code>timeout</code> option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and <code>maxRedirects: 0</code>. (<strong><a href="https://redirect.github.com/axios/axios/issues/10708">#10708</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10819">#10819</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/7149">#7149</a></strong>)</li> <li><strong>Fetch Adapter:</strong> Enforced <code>maxBodyLength</code> / <code>maxContentLength</code> in the fetch adapter, set the <code>User-Agent</code> header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a <code>TypeError</code> in restricted environments. (<strong><a href="https://redirect.github.com/axios/axios/issues/10795">#10795</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10772">#10772</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10806">#10806</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/7260">#7260</a></strong>)</li> <li><strong>XHR Adapter:</strong> Unsubscribed the <code>cancelToken</code> and <code>AbortSignal</code> listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (<strong><a href="https://redirect.github.com/axios/axios/issues/10787">#10787</a></strong>)</li> <li><strong>Error Handling:</strong> Attached the parsed response to <code>AxiosError</code> when <code>JSON.parse</code> fails inside <code>dispatchRequest</code>, prevented <code>settle</code> from emitting <code>undefined</code> error codes, and tightened the <code>parseProtocol</code> regex to require a colon in the protocol separator. (<strong><a href="https://redirect.github.com/axios/axios/issues/10724">#10724</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/7276">#7276</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10729">#10729</a></strong>)</li> <li><strong>Types & Exports:</strong> Aligned the CommonJS <code>CancelToken</code> typings with the ESM build, fixed a compiler error caused by <code>RawAxiosHeaders</code>, and re-exported <code>create</code> from the package index. (<strong><a href="https://redirect.github.com/axios/axios/issues/7414">#7414</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/6389">#6389</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/6460">#6460</a></strong>)</li> <li><strong>UTF-8 Encoding:</strong> Replaced the deprecated <code>unescape()</code> call with a modern UTF-8 encoding implementation. (<strong><a href="https://redirect.github.com/axios/axios/issues/7378">#7378</a></strong>)</li> <li><strong>Misc Cleanup:</strong> Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (<strong><a href="https://redirect.github.com/axios/axios/issues/10833">#10833</a></strong>)</li> </ul> <h2>🔧 Maintenance & Chores</h2> <ul> <li><strong>Refactor — ES6 Modernisation:</strong> Modernised the <code>utils</code> module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (<strong><a href="https://redirect.github.com/axios/axios/issues/10588">#10588</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/7419">#7419</a></strong>)</li> <li><strong>Tests:</strong> Hardened the HTTP test server lifecycle to fix flaky <code>FormData</code> EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (<strong><a href="https://redirect.github.com/axios/axios/issues/10820">#10820</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10791">#10791</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10796">#10796</a></strong>)</li> <li><strong>Docs:</strong> Documented <code>paramsSerializer.encode</code> for strict RFC 3986 query encoding, updated the <code>parseReviver</code> TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (<strong><a href="https://redirect.github.com/axios/axios/issues/10821">#10821</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10782">#10782</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10759">#10759</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10804">#10804</a></strong>)</li> <li><strong>Reverted:</strong> Reverted the <code>transformRequest</code> input typing change from <a href="https://redirect.github.com/axios/axios/issues/10745">#10745</a> after follow-up review. (<strong><a href="https://redirect.github.com/axios/axios/issues/10745">#10745</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10810">#10810</a></strong>)</li> <li><strong>Dependencies:</strong> Bumped <code>actions/setup-node</code>, the <code>github-actions</code> group, and <code>postcss</code> (in <code>/docs</code>) to their latest versions. (<strong><a href="https://redirect.github.com/axios/axios/issues/10785">#10785</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10813">#10813</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10814">#10814</a></strong>)</li> <li><strong>Release:</strong> Updated changelog and packages, and prepared the 1.16.0 release. (<strong><a href="https://redirect.github.com/axios/axios/issues/10790">#10790</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10834">#10834</a></strong>)</li> </ul> <h2>🌟 New Contributors</h2> <p>We are thrilled to welcome our new contributors. Thank you for helping improve axios:</p> <ul> <li><strong><a href="https://github.com/singhankit001"><code>@singhankit001</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10588">#10588</a></strong>)</li> <li><strong><a href="https://github.com/cuiweixie"><code>@cuiweixie</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/7419">#7419</a></strong>)</li> <li><strong><a href="https://github.com/iruizsalinas"><code>@iruizsalinas</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10787">#10787</a></strong>)</li> <li><strong><a href="https://github.com/MarcosNocetti"><code>@MarcosNocetti</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10680">#10680</a></strong>)</li> <li><strong><a href="https://github.com/deepview-autofix"><code>@deepview-autofix</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10729">#10729</a></strong>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/axios/axios/commit/df53d7dd99b202fb194217abd127ae6a630e70dc"><code>df53d7d</code></a> chore(release): prepare release 1.16.0 (<a href="https://redirect.github.com/axios/axios/issues/10834">#10834</a>)</li> <li><a href="https://github.com/axios/axios/commit/9d92bcd32639d1eea5b89f03ae45f248d3bb058e"><code>9d92bcd</code></a> fix: gadgets and smaller issues (<a href="https://redirect.github.com/axios/axios/issues/10833">#10833</a>)</li> <li><a href="https://github.com/axios/axios/commit/5107ee69aee527b19eabaf80000ca65752135435"><code>5107ee6</code></a> fix: prevent undefined error codes in settle (<a href="https://redirect.github.com/axios/axios/issues/7276">#7276</a>)</li> <li><a href="https://github.com/axios/axios/commit/e57349992f230b6b13e80613eb84302560aa5ba8"><code>e573499</code></a> fix(fetch): defer global access in fetch adapter (<a href="https://redirect.github.com/axios/axios/issues/7260">#7260</a>)</li> <li><a href="https://github.com/axios/axios/commit/ad68e1a484b50086af427f767bbd7d6e3aab7ac3"><code>ad68e1a</code></a> fix(http): honor timeout during connect without redirects (<a href="https://redirect.github.com/axios/axios/issues/10819">#10819</a>)</li> <li><a href="https://github.com/axios/axios/commit/2a51828213128691d2e37502b5eb2cf4965a737d"><code>2a51828</code></a> fix(http): decode URL basic auth credentials (<a href="https://redirect.github.com/axios/axios/issues/10825">#10825</a>)</li> <li><a href="https://github.com/axios/axios/commit/0e8b6bbb542131bae9940618d84d5286255d4db1"><code>0e8b6bb</code></a> fix(http): preserve user-supplied Host header when forwarding through a proxy...</li> <li><a href="https://github.com/axios/axios/commit/79f39e1d041dca87173226d0255f90eaf252564b"><code>79f39e1</code></a> docs: document paramsSerializer.encode for strict RFC 3986 query encoding (<a href="https://redirect.github.com/axios/axios/issues/1">#1</a>...</li> <li><a href="https://github.com/axios/axios/commit/0fe3a5fc14829535e1d517c662d448e86c33438e"><code>0fe3a5f</code></a> [Docs/Types] Update <code>parseReviver</code> TypeScript definitions for ES2023 and add ...</li> <li><a href="https://github.com/axios/axios/commit/cd6737fd84bdb7caf2a319d3579573a49f9d238d"><code>cd6737f</code></a> chore: matches the sibling responseStream.on(aborted) handler and added tests...</li> <li>Additional commits viewable in <a href="https://github.com/axios/axios/compare/v1.15.2...v1.16.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/coder/coder/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Coder is a self-hosted platform for cloud development environments and AI coding agents. Workspaces are defined with Terraform, connected through a secure Wireguard® tunnel, and automatically shut down when not used. Coder Agents runs a native AI coding agent whose loop executes in the control plane on your infrastructure, with no API keys in workspaces.
- Define cloud development environments in Terraform
- EC2 VMs, Kubernetes Pods, Docker Containers, etc.
- Automatically shutdown idle resources to save on costs
- Onboard developers in seconds instead of days
- Delegate coding work to AI agents on your infrastructure
- Bring any model (Anthropic, OpenAI, Google, Bedrock, self-hosted)
- No LLM credentials in workspaces, user identity on every action
- Centralized model governance, cost tracking, and audit logging
Quickstart
The most convenient way to try Coder is to install it on your local machine and experiment with provisioning cloud development environments using Docker (works on Linux, macOS, and Windows).
# First, install Coder
curl -L https://coder.com/install.sh | sh
# Start the Coder server (caches data in ~/.cache/coder)
coder server
# Navigate to http://localhost:3000 to create your initial user,
# create a Docker template and provision a workspace
Install
The easiest way to install Coder is to use the
install script for Linux
and macOS. For Windows, use the latest ..._installer.exe file from GitHub
Releases.
curl -L https://coder.com/install.sh | sh
You can run the install script with --dry-run to see the commands that will be used to install without executing them. Run the install script with --help for additional flags.
See install for additional methods.
Once installed, you can start a production deployment with a single command:
# Automatically sets up an external access URL on *.try.coder.app
coder server
# Requires a PostgreSQL instance (version 13 or higher) and external access URL
coder server --postgres-url <url> --access-url <url>
Use coder --help to get a list of flags and environment variables. See the install guides for a complete tutorial.
Documentation
Browse the documentation or visit a specific section below:
- Workspaces: Workspaces contain the IDEs, dependencies, and configuration information needed for software development
- Templates: Templates are written in Terraform and describe the infrastructure for workspaces
- Coder Agents: Delegate coding work to AI agents running on your self-hosted infrastructure
- Administration: Learn how to operate Coder
- Premium: Learn about paid features built for large teams
- IDEs: Connect your existing editor to a workspace
Support
Feel free to open an issue if you have questions, run into bugs, or have a feature request.
Join our Discord to provide feedback on in-progress features and chat with the community using Coder!
Integrations
New integrations are always in progress. Open an issue to request one. Contributions are welcome in any official or community repository.
Official
- Coder Registry: Templates, modules, and integrations for common development environments
- VS Code Extension: Open any Coder workspace in VS Code with a single click
- JetBrains Toolbox Plugin: Open any Coder workspace from JetBrains Toolbox with a single click
- JetBrains Gateway Plugin: Open any Coder workspace in JetBrains Gateway with a single click
- Dev Containers: Build development environments using
devcontainer.jsonon Docker, Kubernetes, and OpenShift - Kubernetes Log Stream: Stream Kubernetes Pod events to the Coder startup logs
- Self-Hosted VS Code Extension Marketplace: A private extension marketplace that works in restricted or airgapped networks integrating with code-server.
- GitHub Actions: An action to set up the Coder CLI in GitHub workflows
Community
- Community Templates: Community-contributed workspace templates in the Coder Registry
- Community Modules: Community-contributed modules to extend Coder templates
- Provision Coder with Terraform: Provision Coder on Google GKE, Azure AKS, AWS EKS, DigitalOcean DOKS, IBMCloud K8s, OVHCloud K8s, and Scaleway K8s Kapsule with Terraform
- Coder Template GitHub Action: A GitHub Action that updates Coder templates
- Discord: Chat with the community and provide feedback on in-progress features
Contributing
New contributors are always welcome. If you are new to the Coder codebase, see the contribution guide to get started.
Hiring
Apply on the careers page if you are interested in joining the team.