Merge in changes#11
Open
dylanturn wants to merge 1036 commits into
Open
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| env?: NodeJS.ProcessEnv, | ||
| ): Promise<{ stdout: string; stderr: string }> { | ||
| const CODE_SERVER_COMMAND = process.env.CODE_SERVER_PATH || path.resolve("../../release-standalone/bin/code-server") | ||
| const { stdout, stderr } = await promisify(exec)(`${CODE_SERVER_COMMAND} ${argv.join(" ")}`, { |
Check warning
Code scanning / CodeQL
Shell command built from environment values
|
You have successfully added a new CodeQL configuration |
code-asher
force-pushed
the
main
branch
2 times, most recently
from
1f28763 to
d49b3bf
Compare
code-asher
force-pushed
the
main
branch
2 times, most recently
from
5788325 to
ab4b36f
Compare
code-asher
force-pushed
the
main
branch
2 times, most recently
from
915a75a to
2c1981b
Compare
code-asher
force-pushed
the
main
branch
8 times, most recently
from
13754f3 to
cc3c22d
Compare
code-asher
force-pushed
the
main
branch
2 times, most recently
from
c5a2d06 to
dded82b
Compare
Bumps [qs](https://github.com/ljharb/qs) from 6.13.0 to 6.14.0. - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.13.0...v6.14.0) --- updated-dependencies: - dependency-name: qs dependency-version: 6.14.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Courtesy of `npm audit fix`.
…#7839) The VS Code build process sets the bundled lib/vscode/package.json name to "code-server" (from product.json nameShort), causing vulnerability scanners to misidentify it and flag non-applicable CVEs. Override the name to "code-oss-dev" in build-release.sh after merging package.json. Fixes #7071 Signed-off-by: ka-ishimoto <ka-ishimoto@kddi.com>
Since this functionality requires information placed onto the request by code-server (req.args) and Express (req.cookies), move the standalone tests into the integration tests as the proxy can no longer run correctly on its own without that context. We could strip the header elsewhere or refactor in some way (pass in a callback function for the stripping or something) but this seems like the simplest and safest place at the moment to ensure we catch all uses of the proxy. In any case, I think it does lend more confidence to know we are testing the proxy the way it will be used in practice. The downside is some additional complexity when setting up tests, but at the moment I do not think that exchange is overly burdensome.
Co-authored-by: cdrci <opensource@coder.com>
The changelog is manually curated so the prefixes are noise.
We need to properly support Windows before we can recommend any method of installation, including npm.
- Get rid of the global isActive mock; in particular the way it shadows local ones seemed sketchy. - No need for requireActual from my testing. - Reword the comment for why we need setImmediate. - Add the setImmediate to another test that seemed to only pass because of an await on the timer call which is not actually a promise but had the side effect of yielding. - Always set fake/real timers in the before/after handlers and never in individual tests.
The -dev seems a bit weird since it is not a dev version once it is built, and also there is a false positive advisory with the code-oss-dev name.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #