chore: bump qs from 6.15.0 to 6.15.2

Bumps [qs](https://github.com/ljharb/qs) from 6.15.0 to 6.15.2. - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](https://github.com/ljharb/qs/compare/v6.15.0...v6.15.2) --- updated-dependencies: - dependency-name: qs dependency-version: 6.15.2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
chore: bump robinraju/release-downloader from 1.12 to 1.13 (#7770 )
2026-05-23 12:47:26 +02:00 · 2026-05-22 20:31:15 +00:00 · 2026-05-22 12:30:42 -08:00 · 2026-05-22 12:29:05 -08:00 · 2026-05-22 12:28:29 -08:00 · 2026-05-22 12:27:36 -08:00
15 changed files with 100 additions and 44 deletions
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -38,7 +38,7 @@ jobs:
        with:
          node-version-file: .node-version

-      - uses: robinraju/release-downloader@daf26c55d821e836577a15f77d86ddc078948b05 # v1.12
+      - uses: robinraju/release-downloader@28fc21f50d76778e7023361aa1f863e717d3d56f # v1.13
        with:
          repository: "coder/code-server"
          tag: ${{ env.TAG }}
@@ -122,13 +122,13 @@ jobs:
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

-      - uses: robinraju/release-downloader@daf26c55d821e836577a15f77d86ddc078948b05 # v1.12
+      - uses: robinraju/release-downloader@28fc21f50d76778e7023361aa1f863e717d3d56f # v1.13
        with:
          repository: "coder/code-server"
          tag: v${{ env.VERSION }}
          fileName: "*.deb"
          out-file-path: "release-packages"
-      - uses: robinraju/release-downloader@daf26c55d821e836577a15f77d86ddc078948b05 # v1.12
+      - uses: robinraju/release-downloader@28fc21f50d76778e7023361aa1f863e717d3d56f # v1.13
        with:
          repository: "coder/code-server"
          tag: v${{ env.VERSION }}
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -10,7 +10,7 @@ on:
    types:
      - closed
    branches:
-      - "update/**"
+      - main

 permissions:
  contents: write # For creating releases.
@@ -26,7 +26,9 @@ jobs:
  package-linux:
    name: ${{ format('linux-{0}', matrix.vscode_arch) }}
    runs-on: ubuntu-22.04
-    if: github.event_name == 'workflow_dispatch' || github.event.pull_request.merged == true
+    if: >-
+      (github.event_name == 'workflow_dispatch') ||
+      (github.event_name == 'pull_request_target' && github.event.pull_request.merged == true && startsWith(github.head_ref, 'update/'))

    strategy:
      matrix:
@@ -117,7 +119,7 @@ jobs:
          files: package.tar.gz
          tag_name: v${{ env.VERSION }}
          name: v${{ env.VERSION }}
-          body: .cache/release-notes
+          body_path: .cache/release-notes

      # Platform-specific release.
      - run: KEEP_MODULES=1 npm run release
@@ -133,7 +135,9 @@ jobs:
  package-macos:
    name: ${{ matrix.vscode_target }}
    runs-on: ${{ matrix.os }}
-    if: github.event_name == 'workflow_dispatch' || github.event.pull_request_merged == true
+    if: >-
+      (github.event_name == 'workflow_dispatch') ||
+      (github.event_name == 'pull_request_target' && github.event.pull_request.merged == true && startsWith(github.head_ref, 'update/'))
    strategy:
      matrix:
        include:
--- a/.github/workflows/security.yaml
+++ b/.github/workflows/security.yaml
@@ -51,7 +51,7 @@ jobs:
          fetch-depth: 0

      - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 # latest
+        uses: aquasecurity/trivy-action@314ff8b43182423b84c50b1670b0e10f858f2d98 # latest
        with:
          scan-type: "fs"
          scan-ref: "."
--- a/.github/workflows/trivy-docker.yaml
+++ b/.github/workflows/trivy-docker.yaml
@@ -49,7 +49,7 @@ jobs:
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

      - name: Run Trivy vulnerability scanner in image mode
-        uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 # latest
+        uses: aquasecurity/trivy-action@314ff8b43182423b84c50b1670b0e10f858f2d98 # latest
        with:
          image-ref: "docker.io/codercom/code-server:latest"
          ignore-unfixed: true
--- a/.github/workflows/update.yaml
+++ b/.github/workflows/update.yaml
@@ -63,10 +63,10 @@ jobs:
          git config --global user.email opensource@coder.com
          git checkout -b "update/$VERSION"
          git add .
-          git commit -m "Update VS Code to $VERSION"
+          git commit -m "Update Code to $VERSION"
          git push -u origin "$(git branch --show)"
          gh pr create \
            --repo coder/code-server \
-            --title "Update VS Code to $VERSION" \
+            --title "Update Code to $VERSION" \
            --body-file .cache/checklist \
            --draft
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -22,20 +22,14 @@ Code v99.99.999

 ## Unreleased

+## [4.121.0](https://github.com/coder/code-server/releases/tag/v4.121.0) - 2026-05-20
+
 Code v1.121.0

 ### Changed

 - Update to Code 1.121.0

-## [4.119.0](https://github.com/coder/code-server/releases/tag/v4.119.0) - 2026-05-07
-
-Code v1.119.0
-
-### Changed
-
- Update to Code 1.119.0
-
 ## [4.118.0](https://github.com/coder/code-server/releases/tag/v4.118.0) - 2026-05-06

 Code v1.118.0
--- a/ci/build/update-vscode.sh
+++ b/ci/build/update-vscode.sh
@@ -132,12 +132,12 @@ function main() {
    fi
    target_vscode_version="${VERSION#v}"
    steps+=(
-      "Update VS Code to $target_vscode_version" "update_vscode"
-      "Refresh VS Code patches" "refresh_patches"
+      "Update Code to $target_vscode_version" "update_vscode"
+      "Refresh Code patches" "refresh_patches"
    )
  else
    target_vscode_version="$(git -C lib/vscode describe --tags --exact-match)"
-    echo "Detected VS Code version $target_vscode_version"
+    echo "Detected Code version $target_vscode_version"
  fi

  steps+=(
--- a/ci/helm-chart/Chart.yaml
+++ b/ci/helm-chart/Chart.yaml
@@ -15,9 +15,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 3.35.0
+version: 3.36.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 4.116.0
+appVersion: 4.121.0
--- a/ci/helm-chart/values.yaml
+++ b/ci/helm-chart/values.yaml
@@ -6,7 +6,7 @@ replicaCount: 1

 image:
  repository: codercom/code-server
-  tag: '4.116.0'
+  tag: '4.121.0'
  pullPolicy: Always

 # Specifies one or more secrets to be used when pulling images from a
--- a/package-lock.json
+++ b/package-lock.json
@@ -58,7 +58,7 @@
        "eslint-plugin-import": "^2.28.1",
        "eslint-plugin-prettier": "^5.0.0",
        "globals": "^16.1.0",
-        "prettier": "3.6.2",
+        "prettier": "3.8.3",
        "prettier-plugin-sh": "^0.18.0",
        "ts-node": "^10.9.1",
        "typescript": "^5.6.2",
@@ -5100,9 +5100,9 @@
      }
    },
    "node_modules/prettier": {
-      "version": "3.6.2",
-      "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.6.2.tgz",
-      "integrity": "sha512-I7AIg5boAr5R0FFtJ6rCfD+LFsWHp81dolrFD8S79U9tb8Az2nGrJncnMSnys+bpQJfRUzqs9hnA81OAA3hCuQ==",
+      "version": "3.8.3",
+      "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.3.tgz",
+      "integrity": "sha512-7igPTM53cGHMW8xWuVTydi2KO233VFiTNyF5hLJqpilHfmn8C8gPf+PS7dUT64YcXFbiMGZxS9pCSxL/Dxm/Jw==",
      "dev": true,
      "license": "MIT",
      "bin": {
@@ -5197,9 +5197,9 @@
      }
    },
    "node_modules/qs": {
-      "version": "6.15.0",
-      "resolved": "https://registry.npmjs.org/qs/-/qs-6.15.0.tgz",
-      "integrity": "sha512-mAZTtNCeetKMH+pSjrb76NAM8V9a05I9aBZOHztWy/UqcJdQYNsf59vrRKWnojAT9Y+GbIvoTBC++CPHqpDBhQ==",
+      "version": "6.15.2",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.15.2.tgz",
+      "integrity": "sha512-Rzq0KEyX/w/tEybncDgdkZrJgVUsUMk3xjh3t5bv3S1HTAtg+uOYt72+ZfwiQwKdysThkTBdL/rTi6HDmX9Ddw==",
      "license": "BSD-3-Clause",
      "dependencies": {
        "side-channel": "^1.1.0"
@@ -6613,9 +6613,9 @@
      "license": "ISC"
    },
    "node_modules/ws": {
-      "version": "8.19.0",
-      "resolved": "https://registry.npmjs.org/ws/-/ws-8.19.0.tgz",
-      "integrity": "sha512-blAT2mjOEIi0ZzruJfIhb3nps74PRWTCz1IjglWEEpQl5XS/UNama6u2/rjFkDDouqr4L67ry+1aGIALViWjDg==",
+      "version": "8.20.1",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.1.tgz",
+      "integrity": "sha512-It4dO0K5v//JtTXuPkfEOaI3uUN87iYPnqo/ZzqCoG3g8uhA66QUMs/SrM0YK7/NAu+r4LMh/9dq2A7k+rHs+w==",
      "license": "MIT",
      "engines": {
        "node": ">=10.0.0"
--- a/package.json
+++ b/package.json
@@ -60,7 +60,7 @@
    "eslint-plugin-import": "^2.28.1",
    "eslint-plugin-prettier": "^5.0.0",
    "globals": "^16.1.0",
-    "prettier": "3.6.2",
+    "prettier": "3.8.3",
    "prettier-plugin-sh": "^0.18.0",
    "ts-node": "^10.9.1",
    "typescript": "^5.6.2",
--- a/patches/app-name.diff
+++ b/patches/app-name.diff
@@ -0,0 +1,46 @@
+Apply --app-name to VS Code web page titles
+
+VS Code's `${appName}` title variable comes from `productService.nameLong` in the
+web client. code-server already injects per-request product configuration into
+VS Code's web bootstrap, so set `nameShort`/`nameLong` from the existing
+`--app-name` CLI arg there.
+
+This keeps the patch minimal and makes browser tab titles honor `--app-name`
+without changing unrelated product metadata.
+
+Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
+++ code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
+@@ -24,6 +24,7 @@ export const serverOptions: OptionDescri
+ 	'disable-getting-started-override': { type: 'boolean' },
+ 	'locale': { type: 'string' },
+ 	'link-protection-trusted-domains': { type: 'string[]' },
+	'app-name': { type: 'string' },
+ 
+ 	/* ----- server setup ----- */
+ 
+@@ -120,6 +121,7 @@ export interface ServerParsedArgs {
+ 	'disable-getting-started-override'?: boolean,
+ 	'locale'?: string
+ 	'link-protection-trusted-domains'?: string[],
+	'app-name'?: string,
+ 
+ 	/* ----- server setup ----- */
+ 
+Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
+++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+@@ -366,8 +366,11 @@ export class WebClientServer {
+ 			linkProtectionTrustedDomains.push(...this._productService.linkProtectionTrustedDomains);
+ 		}
+ 
+		const appName = this._environmentService.args['app-name'];
+ 		const productConfiguration: Partial<Mutable<IProductConfiguration>> = {
+ 			codeServerVersion: this._productService.codeServerVersion,
+			nameShort: appName,
+			nameLong: appName,
+ 			rootEndpoint: rootBase,
+ 			updateEndpoint: !this._environmentService.args['disable-update-check'] ? rootBase + '/update/check' : undefined,
+ 			logoutEndpoint: this._environmentService.args['auth'] && this._environmentService.args['auth'] !== "none" ? rootBase + '/logout' : undefined,
--- a/patches/series
+++ b/patches/series
@@ -23,3 +23,4 @@ display-language.diff
 trusted-domains.diff
 signature-verification.diff
 copilot.diff
+app-name.diff
--- a/test/e2e/appName.test.ts
+++ b/test/e2e/appName.test.ts
@@ -0,0 +1,9 @@
+import { version } from "../../src/node/constants"
+import { describe, test, expect } from "./baseFixture"
+
+const appName = "testnäme"
+describe("--app-name", [`--app-name=${appName}`], {}, () => {
+  test("should use app-name for the title", async ({ codeServerPage }) => {
+    expect(await codeServerPage.page.title()).toContain(appName)
+  })
+})
--- a/test/playwright.config.ts
+++ b/test/playwright.config.ts
@@ -5,10 +5,10 @@ import path from "path"
 // The default configuration runs all tests in three browsers with workers equal
 // to half the available threads. See 'npm run test:e2e --help' to customize
 // from the command line. For example:
-//   npm run test:e2e --workers 1        # Run with one worker
-//   npm run test:e2e --project Chromium # Only run on Chromium
-//   npm run test:e2e --grep login       # Run tests matching "login"
-//   PWDEBUG=1 npm run test:e2e          # Run Playwright inspector
+//   npm run test:e2e -- --workers 1        # Run with one worker
+//   npm run test:e2e -- --project Chromium # Only run on Chromium
+//   npm run test:e2e -- --grep login       # Run tests matching "login"
+//   PWDEBUG=1 npm run test:e2e             # Run Playwright inspector
 const config: PlaywrightTestConfig = {
  testDir: path.join(__dirname, "e2e"), // Search for tests in this directory.
  timeout: 60000, // Each test is given 60 seconds.
@@ -33,10 +33,12 @@ const config: PlaywrightTestConfig = {
    //   name: "Firefox",
    //   use: { browserName: "firefox" },
    // },
-    {
-      name: "WebKit",
-      use: { browserName: "webkit" },
-    },
+    // Keeps failing with "Underlying ArrayBuffer has been detached from the view or out-of-bounds"
+    // Not sure what we can do about it...so skip for now.
+    // {
+    //   name: "WebKit",
+    //   use: { browserName: "webkit" },
+    // },
  ],
 }
Author	SHA1	Message	Date
dependabot[bot]	86259c4e3f	chore: bump qs from 6.15.0 to 6.15.2 Bumps [qs](https://github.com/ljharb/qs) from 6.15.0 to 6.15.2. - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](https://github.com/ljharb/qs/compare/v6.15.0...v6.15.2) --- updated-dependencies: - dependency-name: qs dependency-version: 6.15.2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-22 20:31:15 +00:00
dependabot[bot]	4f9c23893a	chore: bump robinraju/release-downloader from 1.12 to 1.13 (#7770 )	2026-05-22 12:30:42 -08:00
dependabot[bot]	62e5c450f7	chore: bump prettier from 3.6.2 to 3.8.3 (#7776 )	2026-05-22 12:29:05 -08:00
dependabot[bot]	265713561c	chore: bump ws from 8.19.0 to 8.20.1 (#7804 )	2026-05-22 12:28:29 -08:00
dependabot[bot]	c9faf343ba	chore: bump aquasecurity/trivy-action (#7769 )	2026-05-22 12:27:36 -08:00
Asher	99bfbd5931	Update e2e example commands I think the syntax changed when we moved from yarn to npm.	2026-05-21 13:30:44 -08:00
Micah Zoltu	238769e535	Apply --app-name to web page titles (#7794 )	2026-05-21 12:22:29 -08:00
cdrci	bf61384523	Update to 4.121.0 (#7808 )	2026-05-20 15:41:27 -08:00
Asher	2114937ec6	Fix release draft trigger The branches filter is the target, not the PR branch.	2026-05-20 14:21:59 -08:00
Asher	cd1586214e	Remove "VS" from updates Technically it is Code (or Code OSS), not VS Code.	2026-05-20 14:09:10 -08:00
Asher	51bc3c0f09	Remove unpublished 4.119.0 For some reason, I never actually published the draft on this one. Since 4.121.0 will be out shortly, opted to just skip it.	2026-05-20 14:05:31 -08:00
Asher	3c3f87a3d2	Fix adding release notes to draft release	2026-05-20 14:01:37 -08:00