Update changelog for 3.10.1

Fixes #3395.

.github/ISSUE_TEMPLATE/release.md

@@ -0,0 +1,16 @@
+---
+name: Release
+about: "*For maintainers only*"
+title: "release: 0.0.0"
+labels: ""
+assignees: "@cdr/code-server-reviewers"
+---
+
+<!-- Maintainer: fill out the checklist -->
+
+## Checklist
+
+- [ ] Assign to next release manager
+- [ ] Close previous release milestone
+- [ ] Create next release milestone
+- [ ] Associate issue with next release milestone

.github/PULL_REQUEST_TEMPLATE.md

@@ -2,7 +2,7 @@
 Please link to the issue this PR solves.
 If there is no existing issue, please first create one unless the fix is minor.
 
-Please make sure the base of your PR is the master branch!
+Please make sure the base of your PR is the default branch!
 -->
 
 ## Checklist

.github/PULL_REQUEST_TEMPLATE/release_template.md

@@ -8,11 +8,9 @@ TODO
 
 ## TODOs
 
-- [ ] test locally
+Follow "Publishing a release" steps in `ci/README.md`
-- [ ] upload assets to draft release
+
-- [ ] test one of the release packages locally
+<!-- Note some of these steps below are redundant since they're listed in the "Publishing a release" docs -->
-- [ ] double-check github release tag is the commit with artifacts (_note gets messed up after uploading assets_)
+
-- [ ] publish release
+- [ ] publish release and merge PR
-- [ ] merge PR
-- [ ] update the homebrew package
 - [ ] update the AUR package

.github/dependabot.yml

@@ -10,6 +10,7 @@ updates:
       # release tag, so handle updates manually
       - dependency-name: "actions/*"
       - dependency-name: "github/codeql-action/*"
+      - dependency-name: "microsoft/playwright-github-action"
 
   - package-ecosystem: "npm"
     directory: "/"

.github/workflows/ci.yaml

@@ -446,8 +446,8 @@ jobs:
           path: ./release-images
 
       - name: Run Trivy vulnerability scanner in image mode
-        # Commit SHA for v0.0.14
+        # Commit SHA for v0.0.17
-        uses: aquasecurity/trivy-action@341f810bd602419f966a081da3f4debedc3e5c8e
+        uses: aquasecurity/trivy-action@dba83feec810c70bacbc4bead308ae1e466c572b
         with:
           input: "./release-images/code-server-amd64-*.tar"
           scan-type: "image"
@@ -461,20 +461,17 @@ jobs:
         uses: github/codeql-action/upload-sarif@v1
         with:
           sarif_file: "trivy-image-results.sarif"
-
   # We have to use two trivy jobs
   # because GitHub only allows
   # codeql/upload-sarif action per job
   trivy-scan-repo:
     runs-on: ubuntu-20.04
-
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
-
       - name: Run Trivy vulnerability scanner in repo mode
-        # Commit SHA for v0.0.14
+        #Commit SHA for v0.0.17
-        uses: aquasecurity/trivy-action@341f810bd602419f966a081da3f4debedc3e5c8e
+        uses: aquasecurity/trivy-action@dba83feec810c70bacbc4bead308ae1e466c572b
         with:
           scan-type: "fs"
           scan-ref: "."
@@ -483,7 +480,6 @@ jobs:
           template: "@/contrib/sarif.tpl"
           output: "trivy-repo-results.sarif"
           severity: "HIGH,CRITICAL"
-
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v1
         with:

CHANGELOG.md

@@ -3,11 +3,15 @@
 # Changelog
 
 - [Changelog](#changelog)
+  - [3.10.1](#3101)
+    - [Bug Fixes](#bug-fixes)
+    - [Documentation](#documentation)
+    - [Development](#development)
   - [3.10.0](#3100)
     - [New Features](#new-features)
-    - [Bug Fixes](#bug-fixes)
+    - [Bug Fixes](#bug-fixes-1)
-  - [Documentation](#documentation)
+    - [Documentation](#documentation-1)
-  - [Development](#development)
+    - [Development](#development-1)
   - [Previous versions](#previous-versions)
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
@@ -25,7 +29,7 @@ We copy from here into the release notes.
 <!--
 Add next version above previous version but below this line using the template
 
-## 0.0.0
+## Next Version
 
 VS Code v0.00.0
 
@@ -37,19 +41,44 @@ VS Code v0.00.0
 
 - fix(socket): did this thing #321 @githubuser
 
-## Documentation
+### Documentation
 
 - item
 
-## Development
+### Development
 
 - item
 
 -->
 
+## 3.10.1
+
+VS Code v1.56.1
+
+### Bug Fixes
+
+- fix: Check the logged user instead of $USER #3330 @videlanicolas
+- fix: Fix broken node_modules.asar symlink in npm package #3355 @code-asher
+- fix: Update cloud agent to fix version issue #3342 @oxy
+
+### Documentation
+
+- docs(install): add raspberry pi section #3376 @jsjoeio
+- docs(maintaining): add pull requests section #3378 @jsjoeio
+- docs(maintaining): add merge strategies section #3379 @jsjoeio
+- refactor: move default PR template #3375 @jsjoeio
+- docs(contributing): add commits section #3377 @jsjoeio
+- docs(maintaining): add process for release managers #3360 @jsjoeio
+
+### Development
+
+- chore: ignore updates to microsoft/playwright-github-action
+- fix(socket): use xdgBasedir.runtime instead of tmp #3304 @jsjoeio
+- fix(ci): re-enable trivy-scan-repo #3368 @jsjoeio
+
 ## 3.10.0
 
-VS Code v1.56
+VS Code v1.56.0
 
 ### New Features
 
@@ -69,7 +98,7 @@ VS Code v1.56
 - fix: add flag for toggling permessage-deflate #3286 @code-asher
 - fix: make sure directories exist #3309 @code-asher
 
-## Documentation
+### Documentation
 
 - docs(FAQ): add mention of sysbox #3087 @bpmct
 - docs: add security policy #3148 @jsjoeio
@@ -84,7 +113,7 @@ VS Code v1.56
 - docs(maintaining): add versioning #3288 @jsjoeio
 - docs: add changelog #3337 @jsjoeio
 
-## Development
+### Development
 
 - fix(update-vscode): add check/docs for git-subtree #3129 @oxy
 - refactor(testing): migrate to playwright-test from jest-playwright #3133 @jsjoeio

README.md

@@ -1,7 +1,7 @@
 # code-server · [!["GitHub Discussions"](https://img.shields.io/badge/%20GitHub-%20Discussions-gray.svg?longCache=true&logo=github&colorB=purple)](https://github.com/cdr/code-server/discussions) [!["Join us on Slack"](https://img.shields.io/badge/join-us%20on%20slack-gray.svg?longCache=true&logo=slack&colorB=brightgreen)](https://cdr.co/join-community) [![Twitter Follow](https://img.shields.io/twitter/follow/CoderHQ?label=%40CoderHQ&style=social)](https://twitter.com/coderhq)
 
 [![codecov](https://codecov.io/gh/cdr/code-server/branch/main/graph/badge.svg?token=5iM9farjnC)](https://codecov.io/gh/cdr/code-server)
-[![See latest docs](https://img.shields.io/static/v1?label=Docs&message=see%20latest%20&color=blue)](https://github.com/cdr/code-server/tree/v3.10.0/docs)
+[![See latest docs](https://img.shields.io/static/v1?label=Docs&message=see%20latest%20&color=blue)](https://github.com/cdr/code-server/tree/v3.10.1/docs)
 
 Run [VS Code](https://github.com/Microsoft/vscode) on any machine anywhere and access it in the browser.
 

ci/README.md

@@ -24,17 +24,13 @@ Any file or directory in this subdirectory should be documented here.
    - It will upload them to the draft release.
 6. Run some basic sanity tests on one of the released packages.
    - Especially make sure the terminal works fine.
-7. Make sure the github release tag is the commit with the artifacts.
+7. Publish the release and merge the PR.
-8. Publish the release and merge the PR.
    1. CI will automatically grab the artifacts and then:
       1. Publish the NPM package from `npm-package`.
       2. Publish the Docker Hub image from `release-images`.
-9. Update the AUR package.
+8. Update the AUR package.
    - Instructions on updating the AUR package are at [cdr/code-server-aur](https://github.com/cdr/code-server-aur).
-10. Wait for the npm package to be published.
+9. Wait for the npm package to be published.
-11. Update the [homebrew package](https://github.com/Homebrew/homebrew-core/blob/master/Formula/code-server.rb).
-    1. Install [homebrew](https://brew.sh/)
-    2. Run `brew bump-formula-pr --version=3.8.1 code-server` and update the version accordingly. This will bump the version and open a PR. Note: this will only work once the version is published on npm.
 
 ## dev
 

ci/build/npm-postinstall.sh

@@ -56,18 +56,21 @@ main() {
   fi
 }
 
+# This is a copy of symlink_asar in ../lib.sh. Look there for details.
+symlink_asar() {
+  rm -f node_modules.asar
+  if [ "${WINDIR-}" ]; then
+    mklink /J node_modules.asar node_modules
+  else
+    ln -s node_modules node_modules.asar
+  fi
+}
+
 vscode_yarn() {
   cd lib/vscode
   yarn --production --frozen-lockfile
 
-  # This is a copy of symlink_asar in ../lib.sh. Look there for details.
+  symlink_asar
-  if [ ! -e node_modules.asar ]; then
-    if [ "${WINDIR-}" ]; then
-      mklink /J node_modules.asar node_modules
-    else
-      ln -s node_modules node_modules.asar
-    fi
-  fi
 
   cd extensions
   yarn --production --frozen-lockfile

ci/build/release-prep.sh

@@ -81,7 +81,7 @@ main() {
   read -r -p "What version of code-server do you want to update to?"$'\n' CODE_SERVER_VERSION_TO_UPDATE
 
   echo -e "Great! We'll prep a PR for updating to $CODE_SERVER_VERSION_TO_UPDATE\n"
-  $CMD rg -g '!yarn.lock' -g '!*.svg' --files-with-matches --fixed-strings "${CODE_SERVER_CURRENT_VERSION}" | $CMD xargs sd "$CODE_SERVER_CURRENT_VERSION" "$CODE_SERVER_VERSION_TO_UPDATE"
+  $CMD rg -g '!yarn.lock' -g '!*.svg' -g '!CHANGELOG.md' --files-with-matches --fixed-strings "${CODE_SERVER_CURRENT_VERSION}" | $CMD xargs sd "$CODE_SERVER_CURRENT_VERSION" "$CODE_SERVER_VERSION_TO_UPDATE"
 
   # Ensure the tests are passing and code coverage is up-to-date
   echo -e "Running unit tests and updating code coverage...\n"

ci/helm-chart/Chart.yaml

@@ -20,4 +20,4 @@ version: 1.0.3
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 3.10.0
+appVersion: 3.10.1

ci/helm-chart/README.md

@@ -1,6 +1,6 @@
 # code-server
 
-![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.10.0](https://img.shields.io/badge/AppVersion-3.10.0-informational?style=flat-square)
+![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.10.1](https://img.shields.io/badge/AppVersion-3.10.1-informational?style=flat-square)
 
 [code-server](https://github.com/cdr/code-server) code-server is VS Code running
 on a remote server, accessible through the browser.
@@ -72,7 +72,7 @@ and their default values.
 | hostnameOverride | string | `""` |  |
 | image.pullPolicy | string | `"Always"` |  |
 | image.repository | string | `"codercom/code-server"` |  |
-| image.tag | string | `"3.10.0"` |  |
+| image.tag | string | `"3.10.1"` |  |
 | imagePullSecrets | list | `[]` |  |
 | ingress.enabled | bool | `false` |  |
 | nameOverride | string | `""` |  |

ci/helm-chart/values.yaml

@@ -6,7 +6,7 @@ replicaCount: 1
 
 image:
   repository: codercom/code-server
-  tag: '3.10.0'
+  tag: '3.10.1'
   pullPolicy: Always
 
 imagePullSecrets: []

ci/lib.sh

@@ -49,14 +49,15 @@ arch() {
   esac
 }
 
-# Grabs the most recent ci.yaml github workflow run that was successful and triggered from the same commit being pushd.
+# Grabs the most recent ci.yaml github workflow run that was triggered from the
+# pull request of the release branch for this version (regardless of whether
+# that run succeeded or failed). The release branch name must be in semver
+# format with a v prepended.
 # This will contain the artifacts we want.
 # https://developer.github.com/v3/actions/workflow-runs/#list-workflow-runs
 get_artifacts_url() {
   local artifacts_url
   local workflow_runs_url="repos/:owner/:repo/actions/workflows/ci.yaml/runs?event=pull_request"
-  # For releases, we look for run based on the branch name v$code_server_version
-  # example: v3.10.0
   local version_branch="v$VERSION"
   artifacts_url=$(gh api "$workflow_runs_url" | jq -r ".workflow_runs[] | select(.head_branch == \"$version_branch\") | .artifacts_url" | head -n 1)
   if [[ -z "$artifacts_url" ]]; then
@@ -112,13 +113,12 @@ RELEASE_PATH="${RELEASE_PATH-release}"
 # Code itself but also extensions will look specifically in this directory for
 # files (like the ripgrep binary or the oniguruma wasm).
 symlink_asar() {
-  if [ ! -L node_modules.asar ]; then
+  rm -f node_modules.asar
-    if [ "${WINDIR-}" ]; then
+  if [ "${WINDIR-}" ]; then
-      # mklink takes the link name first.
+    # mklink takes the link name first.
-      mklink /J node_modules.asar node_modules
+    mklink /J node_modules.asar node_modules
-    else
+  else
-      # ln takes the link name second.
+    # ln takes the link name second.
-      ln -s node_modules node_modules.asar
+    ln -s node_modules node_modules.asar
-    fi
   fi
 }

ci/release-image/entrypoint.sh

@@ -5,16 +5,17 @@ set -eu
 # Otherwise the current container UID may not exist in the passwd database.
 eval "$(fixuid -q)"
 
-if [ "${DOCKER_USER-}" ] && [ "$DOCKER_USER" != "$USER" ]; then
+if [ "${DOCKER_USER-}" ]; then
-  echo "$DOCKER_USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/nopasswd >/dev/null
-  # Unfortunately we cannot change $HOME as we cannot move any bind mounts
-  # nor can we bind mount $HOME into a new home as that requires a privileged container.
-  sudo usermod --login "$DOCKER_USER" coder
-  sudo groupmod -n "$DOCKER_USER" coder
-
   USER="$DOCKER_USER"
+  if [ "$DOCKER_USER" != "$(whoami)" ]; then
+    echo "$DOCKER_USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/nopasswd >/dev/null
+    # Unfortunately we cannot change $HOME as we cannot move any bind mounts
+    # nor can we bind mount $HOME into a new home as that requires a privileged container.
+    sudo usermod --login "$DOCKER_USER" coder
+    sudo groupmod -n "$DOCKER_USER" coder
 
-  sudo sed -i "/coder/d" /etc/sudoers.d/nopasswd
+    sudo sed -i "/coder/d" /etc/sudoers.d/nopasswd
+  fi
 fi
 
 dumb-init /usr/bin/code-server "$@"

docs/CONTRIBUTING.md

@@ -3,6 +3,7 @@
 # Contributing
 
 - [Pull Requests](#pull-requests)
+  - [Commits](#commits)
 - [Requirements](#requirements)
 - [Development Workflow](#development-workflow)
   - [Updating VS Code](#updating-vs-code)
@@ -23,9 +24,11 @@ you'd like to address unless the proposed fix is minor.
 
 In your Pull Requests (PR), link to the issue that the PR solves.
 
-Please ensure that the base of your PR is the **master** branch. (Note: The default
+Please ensure that the base of your PR is the **main** branch.
-GitHub branch is the latest release branch, though you should point all of your changes to be merged into
+
-master).
+### Commits
+
+We prefer a clean commit history. This means you should squash all fixups and fixup-type commits before asking for review (cleanup, squash, force-push). If you need help with this, feel free to leave a comment in your PR and we'll guide you.
 
 ## Requirements
 
@@ -42,7 +45,7 @@ There are several differences, however. Here is what is needed:
 - [`jq`](https://stedolan.github.io/jq/)
   - used to build code-server releases
 - [`gnupg`](https://gnupg.org/index.html)
-  - all commits must be signed an verified
+  - all commits must be signed and verified
   - see GitHub's ["Managing commit signature verification"](https://docs.github.com/en/github/authenticating-to-github/managing-commit-signature-verification) or follow [this tutorial](https://joeprevite.com/verify-commits-on-github)
 - `build-essential` (Linux)
   - `apt-get install -y build-essential` - used by VS Code

docs/MAINTAINING.md

@@ -8,6 +8,10 @@
     - [Triage](#triage)
     - [Project Boards](#project-boards)
   - [Versioning](#versioning)
+  - [Pull Requests](#pull-requests)
+    - [Merge Strategies](#merge-strategies)
+  - [Release](#release)
+    - [Release Manager Rotation](#release-manager-rotation)
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 
@@ -62,4 +66,27 @@ It also gives us a way to separate the issue triage from bigger-picture, long-te
 
 `<major.minor.patch>`
 
+The code-server project follows traditional [semantic versioning](https://semver.org/), with the objective of minimizing major changes that break backward compatibility. We increment the patch level for all releases, except when the upstream Visual Studio Code project increments its minor version or we change the plugin API in a backward-compatible manner. In those cases, we increment the minor version rather than the patch level.
+
+## Pull Requests
+
+Ideally, every PR should fix an issue. If it doesn't, make sure it's associated with a version milestone.
+
+If a PR does fix an issue, don't add it to the version milestone. Otherwise, the version milestone will have duplicate information: the issue & the PR fixing the issue.
+
+### Merge Strategies
+
+For most things, we recommend "Squash and Merge". If you're updating `lib/vscode`, we suggest using the "Rebase and Merge" strategy. There may be times where "Create a merge commit" makes sense as well. Use your best judgement. If you're unsure, you can always discuss in the PR with the team.
 The code-server project follows traditional [semantic versioning](ttps://semver.org/), with the objective of minimizing major changes that break backward compatibility. We increment the patch level for all releases, except when the upstream Visual Studio Code project increments its minor version or we change the plugin API in a backward-compatible manner. In those cases, we increment the minor version rather than the patch level.
+
+## Release
+
+### Release Manager Rotation
+
+With each release, we rotate the role of "release manager" to ensure every maintainer goes through the process. This helps us keep documentation up-to-date and encourages us to continually review and improve the flow with each set of eyes.
+
+If you're the current release manager, follow these steps:
+
+1. Create a [release issue](../.github/ISSUE_TEMPLATE/release.md)
+2. Fill out checklist
+3. After release is published, close release milestone

docs/install.md

@@ -10,6 +10,7 @@
 - [Fedora, CentOS, RHEL, SUSE](#fedora-centos-rhel-suse)
 - [Arch Linux](#arch-linux)
 - [Termux](#termux)
+- [Raspberry Pi](#raspberry-pi)
 - [yarn, npm](#yarn-npm)
 - [macOS](#macos)
 - [Standalone Releases](#standalone-releases)
@@ -68,7 +69,7 @@ commands presented in the rest of this document.
 
 ### Detection Reference
 
-- For Debian, Ubuntu and Raspbian it will install the latest deb package.
+- For Debian and Ubuntu it will install the latest deb package.
 - For Fedora, CentOS, RHEL and openSUSE it will install the latest rpm package.
 - For Arch Linux it will install the AUR package.
 - For any unrecognized Linux operating system it will install the latest standalone release into `~/.local`.
@@ -92,8 +93,8 @@ NOTE: The standalone arm64 .deb does not support Ubuntu <16.04.
 Please upgrade or [build with yarn](#yarn-npm).
 
 ```bash
-curl -fOL https://github.com/cdr/code-server/releases/download/v3.10.0/code-server_3.10.0_amd64.deb
+curl -fOL https://github.com/cdr/code-server/releases/download/v$VERSION/code-server_$VERSION_amd64.deb
-sudo dpkg -i code-server_3.10.0_amd64.deb
+sudo dpkg -i code-server_$VERSION_amd64.deb
 sudo systemctl enable --now code-server@$USER
 # Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml
 ```
@@ -104,8 +105,8 @@ NOTE: The standalone arm64 .rpm does not support CentOS 7.
 Please upgrade or [build with yarn](#yarn-npm).
 
 ```bash
-curl -fOL https://github.com/cdr/code-server/releases/download/v3.10.0/code-server-3.10.0-amd64.rpm
+curl -fOL https://github.com/cdr/code-server/releases/download/v$VERSION/code-server-$VERSION-amd64.rpm
-sudo rpm -i code-server-3.10.0-amd64.rpm
+sudo rpm -i code-server-$VERSION-amd64.rpm
 sudo systemctl enable --now code-server@$USER
 # Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml
 ```
@@ -132,6 +133,10 @@ sudo systemctl enable --now code-server@$USER
 
 Please see "Installation" in the [Termux docs](./termux.md#installation)
 
+## Raspberry Pi
+
+If you're running a Raspberry Pi, we recommend install code-server with `yarn` or `npm`. See [yarn-npm](#yarn-npm).
+
 ## yarn, npm
 
 We recommend installing with `yarn` or `npm` when:
@@ -179,10 +184,10 @@ Here is an example script for installing and using a standalone `code-server` re
 
 ```bash
 mkdir -p ~/.local/lib ~/.local/bin
-curl -fL https://github.com/cdr/code-server/releases/download/v3.10.0/code-server-3.10.0-linux-amd64.tar.gz \
+curl -fL https://github.com/cdr/code-server/releases/download/v$VERSION/code-server-$VERSION-linux-amd64.tar.gz \
   | tar -C ~/.local/lib -xz
-mv ~/.local/lib/code-server-3.10.0-linux-amd64 ~/.local/lib/code-server-3.10.0
+mv ~/.local/lib/code-server-$VERSION-linux-amd64 ~/.local/lib/code-server-$VERSION
-ln -s ~/.local/lib/code-server-3.10.0/bin/code-server ~/.local/bin/code-server
+ln -s ~/.local/lib/code-server-$VERSION/bin/code-server ~/.local/bin/code-server
 PATH="~/.local/bin:$PATH"
 code-server
 # Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml

docs/termux.md

@@ -17,7 +17,7 @@ Termux is an Android terminal application and Linux environment, which can also
 
 ## Installation
 
-1. Install Termux from the [Google Play Store](https://play.google.com/store/apps/details?id=com.termux)
+1. Install Termux from [F-Droid](https://f-droid.org/en/packages/com.termux/)
 2. Make sure it's up-to-date by running `apt update && apt upgrade`
 3. Install required packages: `apt install build-essential python git nodejs yarn`
 4. Install code-server: `yarn global add code-server`

install.sh

@@ -419,7 +419,7 @@ install_npm() {
   echoh
   echoerr "Please install npm or yarn to install code-server!"
   echoerr "You will need at least node v12 and a few C dependencies."
-  echoerr "See the docs https://github.com/cdr/code-server/blob/v3.10.0/docs/install.md#yarn-npm"
+  echoerr "See the docs https://github.com/cdr/code-server/blob/v3.10.1/docs/install.md#yarn-npm"
   exit 1
 }
 

lib/vscode/package.json

@@ -1,7 +1,7 @@
 {
   "name": "code-oss-dev",
-  "version": "1.56.0",
+  "version": "1.56.1",
-  "distro": "3d76109d9437bda93a3f337625de2833149ca724",
+  "distro": "278cafaa4343ba7b12773886685e04ece97fbdc1",
   "author": {
     "name": "Microsoft Corporation"
   },
@@ -76,6 +76,7 @@
     "nsfw": "2.1.2",
     "proxy-agent": "^4.0.1",
     "proxy-from-env": "^1.1.0",
+    "rimraf": "^3.0.2",
     "spdlog": "^0.11.1",
     "sudo-prompt": "9.2.1",
     "tas-client-umd": "0.1.4",
@@ -127,7 +128,8 @@
     "copy-webpack-plugin": "^6.0.3",
     "cson-parser": "^1.3.3",
     "css-loader": "^3.2.0",
-    "cssnano": "^4.1.11",
+    "cssnano": "^5.0.2",
+    "postcss": "^8.2.1",
     "debounce": "^1.0.0",
     "deemon": "^1.4.0",
     "eslint": "6.8.0",
@@ -185,7 +187,6 @@
     "queue": "3.0.6",
     "rcedit": "^1.1.0",
     "request": "^2.85.0",
-    "rimraf": "^3.0.2",
     "sinon": "^1.17.2",
     "source-map": "0.6.1",
     "source-map-support": "^0.3.2",
@@ -220,6 +221,7 @@
     "windows-process-tree": "0.3.0"
   },
   "resolutions": {
+    "postcss": "^8.2.1",
     "elliptic": "^6.5.3",
     "nwmatcher": "^1.4.4"
   }

lib/vscode/src/vs/platform/actions/browser/menuEntryActionViewItem.css

@@ -8,6 +8,7 @@
 	height: 16px;
 	background-repeat: no-repeat;
 	background-position: 50%;
+	background-size: 16px;
 }
 
 .monaco-action-bar .action-item.menu-entry .action-label {

lib/vscode/src/vs/platform/remote/common/remoteAgentConnection.ts

@@ -229,7 +229,9 @@ async function connectToRemoteExtensionHostAgent(options: ISimpleConnectionOptio
 
 	let socket: ISocket;
 	try {
-		socket = await createSocket(options.logService, options.socketFactory, options.host, options.port, `reconnectionToken=${options.reconnectionToken}&reconnection=${options.reconnectionProtocol ? 'true' : 'false'}`, timeoutCancellationToken);
+		// NOTE@coder: Add connection type to the socket. This is so they can be
+		// distinguished by the backend.
+		socket = await createSocket(options.logService, options.socketFactory, options.host, options.port, `type=${connectionTypeToString(connectionType)}&reconnectionToken=${options.reconnectionToken}&reconnection=${options.reconnectionProtocol ? 'true' : 'false'}`, timeoutCancellationToken);
 	} catch (error) {
 		options.logService.error(`${logPrefix} socketFactory.connect() failed or timed out. Error:`);
 		options.logService.error(error);

lib/vscode/src/vs/workbench/contrib/scm/browser/media/scm.css

@@ -83,12 +83,6 @@
 	display: flex;
 	align-items: center;
 	overflow: hidden;
-	min-width: 16px; /* for flex */
-	height: 100%;
-	margin: 0;
-	background-repeat: no-repeat;
-	background-position: center;
-	background-size: contain;
 }
 
 .scm-view .scm-provider > .actions > .monaco-toolbar > .monaco-action-bar > .actions-container  > .action-item > .action-label > .codicon {

package.json

@@ -1,7 +1,7 @@
 {
   "name": "code-server",
   "license": "MIT",
-  "version": "3.10.0",
+  "version": "3.10.1",
   "description": "Run VS Code on a remote server.",
   "homepage": "https://github.com/cdr/code-server",
   "bugs": {
@@ -77,6 +77,9 @@
   "resolutions": {
     "normalize-package-data": "^3.0.0",
     "doctoc/underscore": "^1.13.1",
+    "doctoc/**/trim": "^1.0.0",
+    "postcss": "^8.2.1",
+    "parcel-bundler/cssnano": "^5.0.2",
     "safe-buffer": "^5.1.1",
     "vfile-message": "^2.0.2"
   },

src/node/socket.ts

@@ -4,8 +4,7 @@ import * as path from "path"
 import * as tls from "tls"
 import { Emitter } from "../common/emitter"
 import { generateUuid } from "../common/util"
-import { tmpdir } from "./constants"
+import { canConnect, paths } from "./util"
-import { canConnect } from "./util"
 
 /**
  * Provides a way to proxy a TLS socket. Can be used when you need to pass a
@@ -13,7 +12,7 @@ import { canConnect } from "./util"
  */
 export class SocketProxyProvider {
   private readonly onProxyConnect = new Emitter<net.Socket>()
-  private proxyPipe = path.join(tmpdir, "tls-proxy")
+  private proxyPipe = path.join(paths.runtime, "tls-proxy")
   private _proxyServer?: Promise<net.Server>
   private readonly proxyTimeout = 5000
 
@@ -76,7 +75,10 @@ export class SocketProxyProvider {
       this._proxyServer = this.findFreeSocketPath(this.proxyPipe)
         .then((pipe) => {
           this.proxyPipe = pipe
-          return Promise.all([fs.mkdir(tmpdir, { recursive: true }), fs.rmdir(this.proxyPipe, { recursive: true })])
+          return Promise.all([
+            fs.mkdir(path.dirname(this.proxyPipe), { recursive: true }),
+            fs.rmdir(this.proxyPipe, { recursive: true }),
+          ])
         })
         .then(() => {
           return new Promise((resolve) => {

src/node/util.ts

@@ -8,9 +8,10 @@ import * as path from "path"
 import * as util from "util"
 import xdgBasedir from "xdg-basedir"
 
-interface Paths {
+export interface Paths {
   data: string
   config: string
+  runtime: string
 }
 
 export const paths = getEnvPaths()
@@ -20,23 +21,34 @@ export const paths = getEnvPaths()
  * On MacOS this function gets the standard XDG directories instead of using the native macOS
  * ones. Most CLIs do this as in practice only GUI apps use the standard macOS directories.
  */
-function getEnvPaths(): Paths {
+export function getEnvPaths(): Paths {
-  let paths: Paths
+  const paths = envPaths("code-server", { suffix: "" })
-  if (process.platform === "win32") {
+  const append = (p: string): string => path.join(p, "code-server")
-    paths = envPaths("code-server", {
+  switch (process.platform) {
-      suffix: "",
+    case "darwin":
-    })
+      return {
-  } else {
+        // envPaths uses native directories so force Darwin to use the XDG spec
-    if (xdgBasedir.data === undefined || xdgBasedir.config === undefined) {
+        // to align with other CLI tools.
-      throw new Error("No home folder?")
+        data: xdgBasedir.data ? append(xdgBasedir.data) : paths.data,
-    }
+        config: xdgBasedir.config ? append(xdgBasedir.config) : paths.config,
-    paths = {
+        // Fall back to temp if there is no runtime dir.
-      data: path.join(xdgBasedir.data, "code-server"),
+        runtime: xdgBasedir.runtime ? append(xdgBasedir.runtime) : paths.temp,
-      config: path.join(xdgBasedir.config, "code-server"),
+      }
-    }
+    case "win32":
+      return {
+        data: paths.data,
+        config: paths.config,
+        // Windows doesn't have a runtime dir.
+        runtime: paths.temp,
+      }
+    default:
+      return {
+        data: paths.data,
+        config: paths.config,
+        // Fall back to temp if there is no runtime dir.
+        runtime: xdgBasedir.runtime ? append(xdgBasedir.runtime) : paths.temp,
+      }
   }
-
-  return paths
 }
 
 /**

test/unit/node/util.test.ts

@@ -0,0 +1,147 @@
+describe("getEnvPaths", () => {
+  describe("on darwin", () => {
+    let ORIGINAL_PLATFORM = ""
+
+    beforeAll(() => {
+      ORIGINAL_PLATFORM = process.platform
+
+      Object.defineProperty(process, "platform", {
+        value: "darwin",
+      })
+    })
+
+    beforeEach(() => {
+      jest.resetModules()
+      jest.mock("env-paths", () => {
+        return () => ({
+          data: "/home/envPath/.local/share",
+          config: "/home/envPath/.config",
+          temp: "/tmp/envPath/runtime",
+        })
+      })
+    })
+
+    afterAll(() => {
+      // Restore old platform
+
+      Object.defineProperty(process, "platform", {
+        value: ORIGINAL_PLATFORM,
+      })
+    })
+
+    it("should return the env paths using xdgBasedir", () => {
+      jest.mock("xdg-basedir", () => ({
+        data: "/home/usr/.local/share",
+        config: "/home/usr/.config",
+        runtime: "/tmp/runtime",
+      }))
+      const getEnvPaths = require("../../../src/node/util").getEnvPaths
+      const envPaths = getEnvPaths()
+
+      expect(envPaths.data).toEqual("/home/usr/.local/share/code-server")
+      expect(envPaths.config).toEqual("/home/usr/.config/code-server")
+      expect(envPaths.runtime).toEqual("/tmp/runtime/code-server")
+    })
+
+    it("should return the env paths using envPaths when xdgBasedir is undefined", () => {
+      jest.mock("xdg-basedir", () => ({}))
+      const getEnvPaths = require("../../../src/node/util").getEnvPaths
+      const envPaths = getEnvPaths()
+
+      expect(envPaths.data).toEqual("/home/envPath/.local/share")
+      expect(envPaths.config).toEqual("/home/envPath/.config")
+      expect(envPaths.runtime).toEqual("/tmp/envPath/runtime")
+    })
+  })
+  describe("on win32", () => {
+    let ORIGINAL_PLATFORM = ""
+
+    beforeAll(() => {
+      ORIGINAL_PLATFORM = process.platform
+
+      Object.defineProperty(process, "platform", {
+        value: "win32",
+      })
+    })
+
+    beforeEach(() => {
+      jest.resetModules()
+      jest.mock("env-paths", () => {
+        return () => ({
+          data: "/windows/envPath/.local/share",
+          config: "/windows/envPath/.config",
+          temp: "/tmp/envPath/runtime",
+        })
+      })
+    })
+
+    afterAll(() => {
+      // Restore old platform
+
+      Object.defineProperty(process, "platform", {
+        value: ORIGINAL_PLATFORM,
+      })
+    })
+
+    it("should return the env paths using envPaths", () => {
+      const getEnvPaths = require("../../../src/node/util").getEnvPaths
+      const envPaths = getEnvPaths()
+
+      expect(envPaths.data).toEqual("/windows/envPath/.local/share")
+      expect(envPaths.config).toEqual("/windows/envPath/.config")
+      expect(envPaths.runtime).toEqual("/tmp/envPath/runtime")
+    })
+  })
+  describe("on other platforms", () => {
+    let ORIGINAL_PLATFORM = ""
+
+    beforeAll(() => {
+      ORIGINAL_PLATFORM = process.platform
+
+      Object.defineProperty(process, "platform", {
+        value: "linux",
+      })
+    })
+
+    beforeEach(() => {
+      jest.resetModules()
+      jest.mock("env-paths", () => {
+        return () => ({
+          data: "/linux/envPath/.local/share",
+          config: "/linux/envPath/.config",
+          temp: "/tmp/envPath/runtime",
+        })
+      })
+    })
+
+    afterAll(() => {
+      // Restore old platform
+
+      Object.defineProperty(process, "platform", {
+        value: ORIGINAL_PLATFORM,
+      })
+    })
+
+    it("should return the runtime using xdgBasedir if it exists", () => {
+      jest.mock("xdg-basedir", () => ({
+        runtime: "/tmp/runtime",
+      }))
+      const getEnvPaths = require("../../../src/node/util").getEnvPaths
+      const envPaths = getEnvPaths()
+
+      expect(envPaths.data).toEqual("/linux/envPath/.local/share")
+      expect(envPaths.config).toEqual("/linux/envPath/.config")
+      expect(envPaths.runtime).toEqual("/tmp/runtime/code-server")
+    })
+
+    it("should return the env paths using envPaths when xdgBasedir is undefined", () => {
+      jest.mock("xdg-basedir", () => ({}))
+      const getEnvPaths = require("../../../src/node/util").getEnvPaths
+      const envPaths = getEnvPaths()
+
+      expect(envPaths.data).toEqual("/linux/envPath/.local/share")
+      expect(envPaths.config).toEqual("/linux/envPath/.config")
+      expect(envPaths.runtime).toEqual("/tmp/envPath/runtime")
+    })
+  })
+})

test/unit/register.test.ts

@@ -9,7 +9,7 @@ describe("register", () => {
 
     beforeAll(() => {
       const { window } = new JSDOM()
-      global.window = (window as unknown) as Window & typeof globalThis
+      global.window = window as unknown as Window & typeof globalThis
       global.document = window.document
       global.navigator = window.navigator
       global.location = window.location
@@ -35,10 +35,10 @@ describe("register", () => {
       jest.restoreAllMocks()
 
       // We don't want these to stay around because it can affect other tests
-      global.window = (undefined as unknown) as Window & typeof globalThis
+      global.window = undefined as unknown as Window & typeof globalThis
-      global.document = (undefined as unknown) as Document & typeof globalThis
+      global.document = undefined as unknown as Document & typeof globalThis
-      global.navigator = (undefined as unknown) as Navigator & typeof globalThis
+      global.navigator = undefined as unknown as Navigator & typeof globalThis
-      global.location = (undefined as unknown) as Location & typeof globalThis
+      global.location = undefined as unknown as Location & typeof globalThis
     })
 
     it("test should have access to browser globals from beforeAll", () => {
@@ -110,7 +110,7 @@ describe("register", () => {
         origin: "http://localhost:8080",
       }
       const { window } = new JSDOM()
-      global.window = (window as unknown) as Window & typeof globalThis
+      global.window = window as unknown as Window & typeof globalThis
       global.document = window.document
       global.navigator = window.navigator
       global.location = location as Location
@@ -131,10 +131,10 @@ describe("register", () => {
       jest.restoreAllMocks()
 
       // We don't want these to stay around because it can affect other tests
-      global.window = (undefined as unknown) as Window & typeof globalThis
+      global.window = undefined as unknown as Window & typeof globalThis
-      global.document = (undefined as unknown) as Document & typeof globalThis
+      global.document = undefined as unknown as Document & typeof globalThis
-      global.navigator = (undefined as unknown) as Navigator & typeof globalThis
+      global.navigator = undefined as unknown as Navigator & typeof globalThis
-      global.location = (undefined as unknown) as Location & typeof globalThis
+      global.location = undefined as unknown as Location & typeof globalThis
     })
     it("should register when options.base is undefined", async () => {
       // Mock getElementById