Update npm dependencies

chore: bump eslint-config-prettier from 9.1.0 to 10.1.8 (#7653 )
chore: bump typescript-eslint from 8.33.0 to 8.54.0 (#7654 )
2026-05-10 22:37:26 +02:00 · 2026-03-03 16:18:30 -09:00 · 2026-03-03 15:27:51 -09:00 · 2026-03-03 15:27:10 -09:00 · 2026-03-03 13:10:47 -09:00 · 2026-03-03 12:35:36 -09:00
13 changed files with 1529 additions and 1142 deletions
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -219,7 +219,7 @@ jobs:
        if: success()
      # https://github.com/actions/upload-artifact/issues/38
      - run: tar -czf package.tar.gz release
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@v7
        with:
          name: npm-package
          path: ./package.tar.gz
@@ -241,7 +241,7 @@ jobs:
            package-lock.json
            test/package-lock.json
      - run: SKIP_SUBMODULE_DEPS=1 npm ci
-      - uses: actions/download-artifact@v5
+      - uses: actions/download-artifact@v8
        with:
          name: npm-package
      - run: tar -xzf package.tar.gz
@@ -251,7 +251,7 @@ jobs:
          ./test/node_modules/.bin/playwright install-deps
          ./test/node_modules/.bin/playwright install
      - run: CODE_SERVER_TEST_ENTRY=./release npm run test:e2e
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@v7
        if: always()
        with:
          name: failed-test-videos
@@ -275,7 +275,7 @@ jobs:
            package-lock.json
            test/package-lock.json
      - run: SKIP_SUBMODULE_DEPS=1 npm ci
-      - uses: actions/download-artifact@v5
+      - uses: actions/download-artifact@v8
        with:
          name: npm-package
      - run: tar -xzf package.tar.gz
@@ -304,7 +304,7 @@ jobs:
      - run: ~/.cache/caddy/caddy stop --config ./ci/Caddyfile
        if: always()

-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@v7
        if: always()
        with:
          name: failed-test-videos-proxy
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -92,7 +92,7 @@ jobs:
          echo "VERSION=${TAG#v}" >> $GITHUB_ENV

      - name: Validate package
-        uses: heyhusen/archlinux-package-action@v2.4.0
+        uses: heyhusen/archlinux-package-action@v3.0.0
        env:
          VERSION: ${{ env.VERSION }}
        with:
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -94,7 +94,7 @@ jobs:
          echo "$HOME/.local/bin" >> $GITHUB_PATH

      - name: Download npm package
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v8
        with:
          name: npm-release-package

@@ -160,7 +160,7 @@ jobs:
      - run: brew install python-setuptools

      - name: Download npm package
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v8
        with:
          name: npm-release-package

@@ -221,7 +221,7 @@ jobs:
      - run: brew install python-setuptools

      - name: Download npm package
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v8
        with:
          name: npm-release-package

@@ -253,7 +253,7 @@ jobs:
    needs: npm-version
    steps:
      - name: Download npm package
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v8
        with:
          name: npm-release-package

@@ -269,7 +269,7 @@ jobs:
    timeout-minutes: 15
    steps:
      - name: Download artifacts
-        uses: dawidd6/action-download-artifact@v12
+        uses: dawidd6/action-download-artifact@v16
        id: download
        with:
          branch: ${{ github.ref }}
@@ -303,7 +303,7 @@ jobs:
      - run: tar -czf package.tar.gz release

      - name: Upload npm package artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
        with:
          name: npm-release-package
          path: ./package.tar.gz
--- a/.github/workflows/security.yaml
+++ b/.github/workflows/security.yaml
@@ -51,7 +51,7 @@ jobs:
          fetch-depth: 0

      - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
+        uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478
        with:
          scan-type: "fs"
          scan-ref: "."
--- a/.github/workflows/trivy-docker.yaml
+++ b/.github/workflows/trivy-docker.yaml
@@ -51,7 +51,7 @@ jobs:
        uses: actions/checkout@v6

      - name: Run Trivy vulnerability scanner in image mode
-        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
+        uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478
        with:
          image-ref: "docker.io/codercom/code-server:latest"
          ignore-unfixed: true
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -22,6 +22,46 @@ Code v99.99.999

 ## Unreleased

+## [4.109.5](https://github.com/coder/code-server/releases/tag/v4.109.5) - 2026-03-02
+
+Code v1.109.5
+
+### Changed
+
+- Update to Code 1.109.5
+
+## [4.109.2](https://github.com/coder/code-server/releases/tag/v4.109.2) - 2026-02-12
+
+Code v1.109.2
+
+### Changed
+
+- Update to Code 1.109.2
+
+## [4.109.0](https://github.com/coder/code-server/releases/tag/v4.109.0) - 2026-02-12
+
+Code v1.109.0
+
+### Changed
+
+- Update to Code 1.109.0
+
+## [4.108.2](https://github.com/coder/code-server/releases/tag/v4.108.2) - 2026-01-26
+
+Code v1.108.2
+
+### Changed
+
+- Update to Code 1.108.2
+
+## [4.108.1](https://github.com/coder/code-server/releases/tag/v4.108.1) - 2026-01-16
+
+Code v1.108.1
+
+### Changed
+
+- Update to Code 1.108.1
+
 ## [4.108.0](https://github.com/coder/code-server/releases/tag/v4.108.0) - 2026-01-12

 Code v1.108.0
--- a/ci/helm-chart/Chart.yaml
+++ b/ci/helm-chart/Chart.yaml
@@ -15,9 +15,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 3.32.1
+version: 3.33.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 4.108.0
+appVersion: 4.109.5
--- a/ci/helm-chart/values.yaml
+++ b/ci/helm-chart/values.yaml
@@ -6,7 +6,7 @@ replicaCount: 1

 image:
  repository: codercom/code-server
-  tag: '4.108.0'
+  tag: '4.109.5'
  pullPolicy: Always

 # Specifies one or more secrets to be used when pulling images from a
--- a/lib/vscode
+++ b/lib/vscode
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -56,7 +56,7 @@
    "@types/ws": "^8.5.5",
    "doctoc": "^2.2.1",
    "eslint": "^9.12.0",
-    "eslint-config-prettier": "^9.0.0",
+    "eslint-config-prettier": "^10.1.8",
    "eslint-import-resolver-typescript": "^4.4.4",
    "eslint-plugin-import": "^2.28.1",
    "eslint-plugin-prettier": "^5.0.0",
@@ -81,7 +81,7 @@
    "limiter": "^2.1.0",
    "pem": "^1.14.8",
    "proxy-agent": "^6.3.1",
-    "qs": "6.14.1",
+    "qs": "^6.15.0",
    "rotating-file-stream": "^3.1.1",
    "safe-compare": "^1.1.4",
    "semver": "^7.5.4",
--- a/src/node/routes/pathProxy.ts
+++ b/src/node/routes/pathProxy.ts
@@ -13,7 +13,8 @@ const getProxyTarget = (
 ): string => {
  // If there is a base path, strip it out.
  const base = (req as any).base || ""
-  const port = parseInt(req.params.port, 10)
+  // Cast since we only have one port param.
+  const port = parseInt(req.params.port as string, 10)
  if (isNaN(port)) {
    throw new HttpError("Invalid port", HttpCode.BadRequest)
  }
--- a/test/package-lock.json
+++ b/test/package-lock.json
@@ -3750,9 +3750,9 @@
      }
    },
    "node_modules/minimatch": {
-      "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
-      "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+      "version": "3.1.5",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+      "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
      "dev": true,
      "license": "ISC",
      "dependencies": {
Author	SHA1	Message	Date
Asher	62afaf261b	Update npm dependencies	2026-03-03 16:18:30 -09:00
dependabot[bot]	b6e0c844a9	chore: bump eslint-config-prettier from 9.1.0 to 10.1.8 (#7653 )	2026-03-03 15:27:51 -09:00
dependabot[bot]	83d2935223	chore: bump typescript-eslint from 8.33.0 to 8.54.0 (#7654 )	2026-03-03 15:27:10 -09:00
dependabot[bot]	9e3794487f	chore: bump eslint-plugin-import from 2.31.0 to 2.32.0 (#7652 )	2026-03-03 13:10:47 -09:00
dependabot[bot]	65b0f0e1bb	chore: bump heyhusen/archlinux-package-action from 2.4.0 to 3.0.0 (#7650 )	2026-03-03 12:35:36 -09:00
dependabot[bot]	841ec45573	chore: bump aquasecurity/trivy-action from 0.33.1 to 0.34.1 (#7676 )	2026-03-03 12:29:03 -09:00
dependabot[bot]	3eada681d3	chore: bump ws and @types/ws (#7651 )	2026-03-03 12:24:36 -09:00
dependabot[bot]	52f1542621	chore: bump basic-ftp from 5.0.5 to 5.2.0 (#7680 )	2026-03-03 12:23:40 -09:00
dependabot[bot]	b5e2c42183	chore: bump minimatch from 3.1.2 to 3.1.5 in /test (#7682 )	2026-03-03 12:19:52 -09:00
dependabot[bot]	980e009b6d	chore: bump minimatch (#7683 )	2026-03-03 12:19:01 -09:00
dependabot[bot]	36b00d37ff	chore: bump actions/upload-artifact from 4 to 7 (#7685 )	2026-03-03 12:11:52 -09:00
dependabot[bot]	355546d0a5	chore: bump dawidd6/action-download-artifact from 12 to 16 (#7686 )	2026-03-03 12:11:17 -09:00
dependabot[bot]	e9c577549f	chore: bump actions/download-artifact from 5 to 8 (#7687 )	2026-03-03 11:50:14 -09:00
Asher	98a2a0064b	Update Helm chart and changelog to 4.109.5	2026-03-03 08:24:56 -09:00
Olivier Benz	d58aaa7b34	Update Code to 1.109.5 (#7675 )	2026-03-02 11:18:40 -09:00
Olivier Benz	9184b645cc	Update Code to 1.109.2 (#7669 )	2026-02-11 08:56:27 -09:00