diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 337b55ba6e73..621e609f00d1 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -188,7 +188,7 @@ jobs: run: npm run test:unit - name: Upload coverage report to Codecov - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@v5 with: token: ${{ secrets.CODECOV_TOKEN }} if: success() diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 4e13a31db5eb..a8c9d500cba6 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -71,7 +71,7 @@ jobs: - run: npm run test:integration - name: Upload coverage report to Codecov - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@v5 with: token: ${{ secrets.CODECOV_TOKEN }} if: success() diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml index 5f41bec5bade..d67018340754 100644 --- a/.github/workflows/security.yaml +++ b/.github/workflows/security.yaml @@ -51,7 +51,7 @@ jobs: fetch-depth: 0 - name: Run Trivy vulnerability scanner in repo mode - uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 + uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 with: scan-type: "fs" scan-ref: "." diff --git a/.github/workflows/trivy-docker.yaml b/.github/workflows/trivy-docker.yaml index 30c6efda575d..133720a621e5 100644 --- a/.github/workflows/trivy-docker.yaml +++ b/.github/workflows/trivy-docker.yaml @@ -51,7 +51,7 @@ jobs: uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner in image mode - uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 + uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 with: image-ref: "docker.io/codercom/code-server:latest" ignore-unfixed: true diff --git a/docs/guide.md b/docs/guide.md index 60098ca7e679..c2f230ee5eb7 100644 --- a/docs/guide.md +++ b/docs/guide.md @@ -271,9 +271,9 @@ should see OSSStatus: 9836 in the browser console. If you want to use external authentication mechanism (e.g., Sign in with Google), you can do this with a reverse proxy such as: -- [Pomerium](https://www.pomerium.io/guides/code-server.html) -- [oauth2_proxy](https://github.com/pusher/oauth2_proxy) -- [Cloudflare Access](https://teams.cloudflare.com/access) +- [Pomerium](https://www.pomerium.com/docs/guides/code-server.html) +- [oauth2-proxy](https://oauth2-proxy.github.io/oauth2-proxy/) +- [Cloudflare Access](https://www.cloudflare.com/zero-trust/products/access/) ## HTTPS and self-signed certificates diff --git a/package-lock.json b/package-lock.json index 3779af901516..0d52008a225f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -164,11 +164,10 @@ } }, "node_modules/@eslint/eslintrc": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.1.0.tgz", - "integrity": "sha512-4Bfj15dVJdoy3RfZmmo86RK1Fwzn6SstsvK9JS+BaVKqC6QQQQyXekNaC+g+LKNgkQ+2VhGAzm6hO40AhMR3zQ==", + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.2.0.tgz", + "integrity": "sha512-grOjVNN8P3hjJn/eIETF1wwd12DdnwFDoyceUJLYYdkpbwq3nLi+4fqrTAONx7XDALqlL220wC/RHSC/QTI/0w==", "dev": true, - "license": "MIT", "dependencies": { "ajv": "^6.12.4", "debug": "^4.3.2", @@ -2929,11 +2928,10 @@ } }, "node_modules/globals": { - "version": "15.10.0", - "resolved": "https://registry.npmjs.org/globals/-/globals-15.10.0.tgz", - "integrity": "sha512-tqFIbz83w4Y5TCbtgjZjApohbuh7K9BxGYFm7ifwDR240tvdb7P9x+/9VvUKlmkPoiknoJtanI8UOrqxS3a7lQ==", + "version": "15.14.0", + "resolved": "https://registry.npmjs.org/globals/-/globals-15.14.0.tgz", + "integrity": "sha512-OkToC372DtlQeje9/zHIo5CT8lRP/FUgEOKBEhU4e0abL7J7CD24fD9ohiLN5hagG/kWCYj4K5oaxxtj2Z0Dig==", "dev": true, - "license": "MIT", "engines": { "node": ">=18" }, diff --git a/src/node/main.ts b/src/node/main.ts index b3c4e4c14500..990a7af792b1 100644 --- a/src/node/main.ts +++ b/src/node/main.ts @@ -9,6 +9,7 @@ import { commit, version, vsRootPath } from "./constants" import { register } from "./routes" import { VSCodeModule } from "./routes/vscode" import { isDirectory, open } from "./util" +import * as os from "os" /** * Return true if the user passed an extension-related VS Code flag. @@ -51,7 +52,11 @@ export const runCodeCli = async (args: DefaultedArgs): Promise => { try { // See vscode.loadVSCode for more on this jank. process.env.CODE_SERVER_PARENT_PID = process.pid.toString() - const modPath = path.join(vsRootPath, "out/server-main.js") + let modPath = path.join(vsRootPath, "out/server-main.js") + if (os.platform() === "win32") { + // On Windows, absolute paths of ESM modules must be a valid file URI. + modPath = "file:///" + modPath.replace(/\\/g, "/") + } const mod = (await eval(`import("${modPath}")`)) as VSCodeModule const serverModule = await mod.loadCodeWithNls() await serverModule.spawnCli(await toCodeArgs(args)) diff --git a/src/node/routes/vscode.ts b/src/node/routes/vscode.ts index 7e8f0f3ff4e5..637a30352ceb 100644 --- a/src/node/routes/vscode.ts +++ b/src/node/routes/vscode.ts @@ -5,6 +5,7 @@ import { promises as fs } from "fs" import * as http from "http" import * as net from "net" import * as path from "path" +import * as os from "os" import { WebsocketRequest } from "../../../typings/pluginapi" import { logError } from "../../common/util" import { CodeArgs, toCodeArgs } from "../cli" @@ -58,7 +59,11 @@ async function loadVSCode(req: express.Request): Promise { // which will also require that we switch to ESM, since a hybrid approach // breaks importing `rotating-file-stream` for some reason. To work around // this, use `eval` for now, but we should consider switching to ESM. - const modPath = path.join(vsRootPath, "out/server-main.js") + let modPath = path.join(vsRootPath, "out/server-main.js") + if (os.platform() === "win32") { + // On Windows, absolute paths of ESM modules must be a valid file URI. + modPath = "file:///" + modPath.replace(/\\/g, "/") + } const mod = (await eval(`import("${modPath}")`)) as VSCodeModule const serverModule = await mod.loadCodeWithNls() return serverModule.createServer(null, {