Update Helm chart and changelog with 4.125.0

Update Code to 1.125.0 (#7861 )
Bump codecov/codecov-action from 6.0.1 to 7.0.0 (#7853 )
2026-06-19 00:17:10 +02:00 · 2026-06-18 04:05:30 +00:00 · 2026-06-17 10:51:01 -08:00 · 2026-06-16 12:02:46 -08:00 · 2026-06-16 12:01:52 -08:00 · 2026-06-16 12:01:11 -08:00
40 changed files with 458 additions and 457 deletions
--- a/.github/dependabot.yaml
+++ b/.github/dependabot.yaml
@@ -16,8 +16,6 @@ updates:
      interval: "monthly"
      time: "06:00"
      timezone: "America/Chicago"
    commit-message:
      prefix: "chore"
    labels: []
    ignore:
      # Ignore patch updates for all dependencies
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -25,7 +25,7 @@ jobs:
      docs: ${{ steps.filter.outputs.docs }}
      helm: ${{ steps.filter.outputs.helm }}
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
        id: filter
        with:
@@ -55,7 +55,7 @@ jobs:
    name: Run prettier check
    runs-on: ubuntu-22.04
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
          node-version-file: .node-version
@@ -72,7 +72,7 @@ jobs:
    needs: changes
    if: needs.changes.outputs.docs == 'true'
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
          node-version-file: .node-version
@@ -89,7 +89,7 @@ jobs:
    needs: changes
    if: needs.changes.outputs.helm == 'true'
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
@@ -103,7 +103,7 @@ jobs:
    needs: changes
    if: needs.changes.outputs.code == 'true'
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
          node-version-file: .node-version
@@ -121,7 +121,7 @@ jobs:
    if: needs.changes.outputs.ci == 'true'
    steps:
      - name: Checkout repo
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - name: Check workflow files
        run: |
          bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) 1.7.9
@@ -134,7 +134,7 @@ jobs:
    needs: changes
    if: needs.changes.outputs.code == 'true'
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
          node-version-file: .node-version
@@ -144,7 +144,7 @@ jobs:
            test/package-lock.json
      - run: SKIP_SUBMODULE_DEPS=1 npm ci
      - run: npm run test:unit
-      - uses: codecov/codecov-action@75cd11691c0faa626561e295848008c8a7dddffe # v5
+      - uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0
        if: success()
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
@@ -163,12 +163,12 @@ jobs:
    steps:
      - run: sudo apt update && sudo apt install -y libkrb5-dev
-      - uses: awalsh128/cache-apt-pkgs-action@2c09a5e66da6c8016428a2172bd76e5e4f14bb17 # latest
+      - uses: awalsh128/cache-apt-pkgs-action@681749ae568c81c2037cb9185e38b709b261bd2f # latest
        with:
          packages: quilt
          version: 1.0
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
        with:
          submodules: true
      - run: quilt push -a
@@ -191,7 +191,7 @@ jobs:
      # embedded into the code).  Use VSCODE_CACHE_VERSION to force a rebuild.
      - name: Fetch prebuilt linux-x64 Code package from cache
        id: cache-vscode
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
+        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
        with:
          path: lib/vscode-reh-web-linux-x64
          key: vscode-linux-x64-package-${{ secrets.VSCODE_CACHE_VERSION }}-${{ steps.vscode-rev.outputs.rev }}-${{ hashFiles('patches/*.diff', 'ci/build/build-vscode.sh') }}
@@ -219,7 +219,7 @@ jobs:
    if: needs.changes.outputs.code == 'true' || needs.changes.outputs.deps == 'true' || needs.changes.outputs.ci == 'true'
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
          node-version-file: .node-version
@@ -256,7 +256,7 @@ jobs:
    steps:
      - name: Cache Caddy
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
+        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
        id: caddy-cache
        with:
          path: |
@@ -269,7 +269,7 @@ jobs:
          mkdir -p ~/.cache/caddy
          tar -xzf caddy_2.5.2_linux_amd64.tar.gz --directory ~/.cache/caddy
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
          node-version-file: .node-version
--- a/.github/workflows/installer.yaml
+++ b/.github/workflows/installer.yaml
@@ -30,7 +30,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repo
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - name: Install code-server
        run: ./install.sh
@@ -44,7 +44,7 @@ jobs:
    container: "alpine:3.17"
    steps:
      - name: Checkout repo
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - name: Install curl
        run: apk add curl
@@ -67,7 +67,7 @@ jobs:
    steps:
      - name: Checkout repo
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - name: Install code-server
        run: ./install.sh
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -33,7 +33,7 @@ jobs:
        run: |
          echo "VERSION=${TAG#v}" >> $GITHUB_ENV
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
          node-version-file: .node-version
@@ -64,7 +64,7 @@ jobs:
          echo "VERSION=${TAG#v}" >> $GITHUB_ENV
      - name: Checkout code-server-aur repo
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
        with:
          repository: "cdrci/code-server-aur"
          token: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }}
@@ -93,7 +93,7 @@ jobs:
        run: |
          git checkout -b update-version-${{ env.VERSION }}
          git add .
-          git commit -m "chore: updating version to ${{ env.VERSION }}"
+          git commit -m "Update to ${{ env.VERSION }}"
          git push -u origin $(git branch --show)
          gh pr create --repo coder/code-server-aur --title "chore: bump version to ${{ env.VERSION }}" --body "PR opened by @$GITHUB_ACTOR" --assignee $GITHUB_ACTOR
@@ -108,9 +108,9 @@ jobs:
        run: |
          echo "VERSION=${TAG#v}" >> $GITHUB_ENV
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
-      - uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
+      - uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # v4.1.0
-      - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
+      - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
      - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
        with:
@@ -149,7 +149,7 @@ jobs:
        run: |
          echo "VERSION=${TAG#v}" >> $GITHUB_ENV
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - run: ./ci/build/update-repo.sh
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -59,7 +59,7 @@ jobs:
    steps:
      - run: sudo apt update && sudo apt install -y libkrb5-dev
-      - uses: awalsh128/cache-apt-pkgs-action@2c09a5e66da6c8016428a2172bd76e5e4f14bb17 # latest
+      - uses: awalsh128/cache-apt-pkgs-action@681749ae568c81c2037cb9185e38b709b261bd2f # latest
        with:
          packages: quilt
          version: 1.0
@@ -76,7 +76,7 @@ jobs:
          version=4${version:1}
          echo "VERSION=$version" >> $GITHUB_ENV
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
        with:
          submodules: true
      - run: quilt push -a
@@ -110,7 +110,7 @@ jobs:
      - run: |
          sed "/^## Unreleased/,/^## / ! d" CHANGELOG.md | head -n -2 | tail -n +3 > .cache/release-notes
        if: ${{ matrix.vscode_arch == 'x64' }}
-      - uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
+      - uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0
        if: ${{ matrix.vscode_arch == 'x64' }}
        with:
          draft: true
@@ -123,7 +123,7 @@ jobs:
      # Platform-specific release.
      - run: KEEP_MODULES=1 npm run release
      - run: npm run package
-      - uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
+      - uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0
        with:
          draft: true
          discussion_category_name: "📣 Announcements"
@@ -170,7 +170,7 @@ jobs:
          version=4${version:1}
          echo "VERSION=$version" >> $GITHUB_ENV
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
        with:
          submodules: true
      - run: quilt push -a
@@ -189,7 +189,7 @@ jobs:
      - run: npm run test:native
      - run: npm run package
-      - uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
+      - uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0
        with:
          draft: true
          discussion_category_name: "📣 Announcements"
--- a/.github/workflows/scripts.yaml
+++ b/.github/workflows/scripts.yaml
@@ -41,7 +41,7 @@ jobs:
    container: "alpine:3.17"
    steps:
      - name: Checkout repo
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - name: Install test utilities
        run: apk add bats checkbashisms
@@ -58,7 +58,7 @@ jobs:
    timeout-minutes: 5
    steps:
      - name: Checkout repo
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - name: Install lint utilities
        run: sudo apt install shellcheck
--- a/.github/workflows/security.yaml
+++ b/.github/workflows/security.yaml
@@ -25,7 +25,7 @@ jobs:
    timeout-minutes: 15
    steps:
      - name: Checkout repo
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
        with:
          fetch-depth: 0
@@ -46,7 +46,7 @@ jobs:
    runs-on: ubuntu-22.04
    steps:
      - name: Checkout repo
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
        with:
          fetch-depth: 0
@@ -62,7 +62,7 @@ jobs:
          severity: "HIGH,CRITICAL"
      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4
+        uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4
        with:
          sarif_file: "trivy-repo-results.sarif"
@@ -76,17 +76,17 @@ jobs:
    steps:
      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4
+        uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4
        with:
          config-file: ./.github/codeql-config.yml
          languages: javascript
      - name: Autobuild
-        uses: github/codeql-action/autobuild@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4
+        uses: github/codeql-action/autobuild@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4
      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4
+        uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4
--- a/.github/workflows/trivy-docker.yaml
+++ b/.github/workflows/trivy-docker.yaml
@@ -46,7 +46,7 @@ jobs:
    steps:
      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - name: Run Trivy vulnerability scanner in image mode
        uses: aquasecurity/trivy-action@314ff8b43182423b84c50b1670b0e10f858f2d98 # latest
@@ -58,6 +58,6 @@ jobs:
          severity: "HIGH,CRITICAL"
      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4
+        uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4
        with:
          sarif_file: "trivy-image-results.sarif"
--- a/.github/workflows/update.yaml
+++ b/.github/workflows/update.yaml
@@ -28,7 +28,7 @@ jobs:
        run: |
          echo "VERSION=${TAG#v}" >> $GITHUB_ENV
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
        with:
          submodules: true
@@ -47,7 +47,7 @@ jobs:
            echo done=false >> $GITHUB_OUTPUT
          fi
-      - uses: awalsh128/cache-apt-pkgs-action@2c09a5e66da6c8016428a2172bd76e5e4f14bb17 # latest
+      - uses: awalsh128/cache-apt-pkgs-action@681749ae568c81c2037cb9185e38b709b261bd2f # latest
        if: steps.check.outputs.done == 'false'
        with:
          packages: quilt
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -22,6 +22,32 @@ Code v99.99.999
 ## Unreleased
 ## [4.125.0](https://github.com/coder/code-server/releases/tag/v4.125.0) - 2026-06-18
 Code v1.125.0
 ### Changed
 - Update to Code 1.125.0
 ## [4.124.2](https://github.com/coder/code-server/releases/tag/v4.124.2) - 2026-06-16
 Code v1.124.2
 ### Security
 - Strip code-server's session token from the cookie before proxying to a local
  port. Previously, when you used built-in password authentication, the cookie
  would be sent to the local proxied port, which meant if the service was
  malicious and not already running as your code-server user it could use the
  cookie to log into code-server and execute commands as your code-server user.
 ### Changed
 - Update to Code 1.124.2
 ## [4.123.0](https://github.com/coder/code-server/releases/tag/v4.123.0) - 2026-06-03
 Code v1.123.0
 ### Changed
--- a/ci/build/build-release.sh
+++ b/ci/build/build-release.sh
@@ -128,7 +128,9 @@ bundle_vscode() {
  # Merge the package.json for the web/remote server so we can include
  # dependencies, since we want to ship this via NPM.
-  jq --slurp '.[0] * .[1]' \
+  # Also override the name to prevent vulnerability scanners from
  # misidentifying this package as VS Code (see #7071).
  jq --slurp '.[0] * .[1] | .name = "code-oss-dev"' \
    "$VSCODE_SRC_PATH/remote/package.json" \
    "$VSCODE_OUT_PATH/package.json" > "$VSCODE_OUT_PATH/package.json.merged"
  mv "$VSCODE_OUT_PATH/package.json.merged" "$VSCODE_OUT_PATH/package.json"
--- a/ci/helm-chart/Chart.yaml
+++ b/ci/helm-chart/Chart.yaml
@@ -15,9 +15,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 3.37.1
+version: 3.40.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 4.122.1
+appVersion: 4.125.0
--- a/ci/helm-chart/values.yaml
+++ b/ci/helm-chart/values.yaml
@@ -6,7 +6,7 @@ replicaCount: 1
 image:
  repository: codercom/code-server
-  tag: '4.122.1'
+  tag: '4.125.0'
  pullPolicy: Always
 # Specifies one or more secrets to be used when pulling images from a
--- a/docs/install.md
+++ b/docs/install.md
@@ -101,9 +101,8 @@ _exact_ same commands presented in the rest of this document.
 We recommend installing with `npm` when:
 1. You aren't using a machine with `amd64` or `arm64`.
-2. You are installing code-server on Windows.
+2. You're on Linux with `glibc` < v2.28 or `glibcxx` < v3.4.21.
-3. You're on Linux with `glibc` < v2.28 or `glibcxx` < v3.4.21.
+3. You're running Alpine Linux or are using a non-glibc libc. See
 4. You're running Alpine Linux or are using a non-glibc libc. See
   [#1430](https://github.com/coder/code-server/issues/1430#issuecomment-629883198)
   for more information.
@@ -296,8 +295,7 @@ You can install code-server using the [Helm package manager](https://coder.com/d
 ## Windows
 We currently [do not publish Windows
-releases](https://github.com/coder/code-server/issues/1397). We recommend
+releases](https://github.com/coder/code-server/issues/1397).
 installing code-server onto Windows with [`npm`](#npm).
 ## Raspberry Pi
--- a/lib/vscode
+++ b/lib/vscode
--- a/package-lock.json
+++ b/package-lock.json
@@ -13,12 +13,13 @@
        "@coder/logger": "^3.0.1",
        "argon2": "^0.44.0",
        "compression": "^1.7.4",
        "cookie": "^1.1.1",
        "cookie-parser": "^1.4.6",
        "env-paths": "^2.2.1",
        "express": "^5.0.1",
        "http-proxy": "^1.18.1",
        "httpolyglot": "^0.1.2",
-        "i18next": "^25.8.3",
+        "i18next": "^26.3.1",
        "js-yaml": "^4.1.0",
        "limiter": "^2.1.0",
        "pem": "^1.14.8",
@@ -57,7 +58,7 @@
        "eslint-import-resolver-typescript": "^4.4.4",
        "eslint-plugin-import": "^2.28.1",
        "eslint-plugin-prettier": "^5.0.0",
-        "globals": "^16.1.0",
+        "globals": "^17.6.0",
        "prettier": "3.8.3",
        "prettier-plugin-sh": "^0.18.0",
        "ts-node": "^10.9.1",
@@ -68,15 +69,6 @@
        "node": "22"
      }
    },
    "node_modules/@babel/runtime": {
      "version": "7.28.6",
      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.28.6.tgz",
      "integrity": "sha512-05WQkdpL9COIMz4LjTxGpPNCdlpyimKppYNoJ5Di5EUObifl8t4tuLuUBBZEpoLYOmfvIWrsp9fCl0HoPRVTdA==",
      "license": "MIT",
      "engines": {
        "node": ">=6.9.0"
      }
    },
    "node_modules/@coder/logger": {
      "version": "3.0.1",
      "resolved": "https://registry.npmjs.org/@coder/logger/-/logger-3.0.1.tgz",
@@ -454,27 +446,28 @@
      "license": "MIT"
    },
    "node_modules/@textlint/ast-node-types": {
-      "version": "12.6.1",
+      "version": "15.7.1",
-      "resolved": "https://registry.npmjs.org/@textlint/ast-node-types/-/ast-node-types-12.6.1.tgz",
+      "resolved": "https://registry.npmjs.org/@textlint/ast-node-types/-/ast-node-types-15.7.1.tgz",
-      "integrity": "sha512-uzlJ+ZsCAyJm+lBi7j0UeBbj+Oy6w/VWoGJ3iHRHE5eZ8Z4iK66mq+PG/spupmbllLtz77OJbY89BYqgFyjXmA==",
+      "integrity": "sha512-Wii5UgUKFEh9Uv6wbq1zr4/Kf+dtjiUuzPrrXzKp8H+ifkvKNzi23V4Nz+6wVyHQn5T28AFuc8VH8OtzvGYecA==",
      "dev": true,
      "license": "MIT"
    },
    "node_modules/@textlint/markdown-to-ast": {
-      "version": "12.6.1",
+      "version": "15.7.1",
-      "resolved": "https://registry.npmjs.org/@textlint/markdown-to-ast/-/markdown-to-ast-12.6.1.tgz",
+      "resolved": "https://registry.npmjs.org/@textlint/markdown-to-ast/-/markdown-to-ast-15.7.1.tgz",
-      "integrity": "sha512-T0HO+VrU9VbLRiEx/kH4+gwGMHNMIGkp0Pok+p0I33saOOLyhfGvwOKQgvt2qkxzQEV2L5MtGB8EnW4r5d3CqQ==",
+      "integrity": "sha512-9DLSah7g6mYNHvO6pssLdFvFPAl3HHyEIm4RE5of/1QN9FXJXDgdOcVV3YpQmbYT/YntuIvOQiqOndCSPWTW2A==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@textlint/ast-node-types": "^12.6.1",
+        "@textlint/ast-node-types": "15.7.1",
-        "debug": "^4.3.4",
+        "debug": "^4.4.3",
        "mdast-util-gfm-autolink-literal": "^0.1.3",
        "neotraverse": "^0.6.18",
        "remark-footnotes": "^3.0.0",
        "remark-frontmatter": "^3.0.0",
        "remark-gfm": "^1.0.0",
        "remark-parse": "^9.0.0",
-        "traverse": "^0.6.7",
+        "structured-source": "^4.0.0",
        "unified": "^9.2.2"
      }
    },
@@ -770,20 +763,20 @@
      }
    },
    "node_modules/@typescript-eslint/eslint-plugin": {
-      "version": "8.56.1",
+      "version": "8.61.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.56.1.tgz",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.61.1.tgz",
-      "integrity": "sha512-Jz9ZztpB37dNC+HU2HI28Bs9QXpzCz+y/twHOwhyrIRdbuVDxSytJNDl6z/aAKlaRIwC7y8wJdkBv7FxYGgi0A==",
+      "integrity": "sha512-ZPlVl3PB3et/59Ne0fv/sci6ZXz4T4Hp4nTJ56i/Y0gR89ARb+KphojTq6j+56E5PIezmOIOOWyY+aWQFd+IkQ==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "@eslint-community/regexpp": "^4.12.2",
-        "@typescript-eslint/scope-manager": "8.56.1",
+        "@typescript-eslint/scope-manager": "8.61.1",
-        "@typescript-eslint/type-utils": "8.56.1",
+        "@typescript-eslint/type-utils": "8.61.1",
-        "@typescript-eslint/utils": "8.56.1",
+        "@typescript-eslint/utils": "8.61.1",
-        "@typescript-eslint/visitor-keys": "8.56.1",
+        "@typescript-eslint/visitor-keys": "8.61.1",
        "ignore": "^7.0.5",
        "natural-compare": "^1.4.0",
-        "ts-api-utils": "^2.4.0"
+        "ts-api-utils": "^2.5.0"
      },
      "engines": {
        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -793,9 +786,9 @@
        "url": "https://opencollective.com/typescript-eslint"
      },
      "peerDependencies": {
-        "@typescript-eslint/parser": "^8.56.1",
+        "@typescript-eslint/parser": "^8.61.1",
        "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-        "typescript": ">=4.8.4 <6.0.0"
+        "typescript": ">=4.8.4 <6.1.0"
      }
    },
    "node_modules/@typescript-eslint/eslint-plugin/node_modules/ignore": {
@@ -809,16 +802,16 @@
      }
    },
    "node_modules/@typescript-eslint/parser": {
-      "version": "8.56.1",
+      "version": "8.61.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.56.1.tgz",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.61.1.tgz",
-      "integrity": "sha512-klQbnPAAiGYFyI02+znpBRLyjL4/BrBd0nyWkdC0s/6xFLkXYQ8OoRrSkqacS1ddVxf/LDyODIKbQ5TgKAf/Fg==",
+      "integrity": "sha512-PJ5vePq5/ognBbrIcoC5+SHO5dfpeLPzP9FpLkzWrguoYQEeeSjlJpVwOpo1JRSTEi7dRcwNy4h4dzV70PqHcg==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/scope-manager": "8.56.1",
+        "@typescript-eslint/scope-manager": "8.61.1",
-        "@typescript-eslint/types": "8.56.1",
+        "@typescript-eslint/types": "8.61.1",
-        "@typescript-eslint/typescript-estree": "8.56.1",
+        "@typescript-eslint/typescript-estree": "8.61.1",
-        "@typescript-eslint/visitor-keys": "8.56.1",
+        "@typescript-eslint/visitor-keys": "8.61.1",
        "debug": "^4.4.3"
      },
      "engines": {
@@ -830,18 +823,18 @@
      },
      "peerDependencies": {
        "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-        "typescript": ">=4.8.4 <6.0.0"
+        "typescript": ">=4.8.4 <6.1.0"
      }
    },
    "node_modules/@typescript-eslint/project-service": {
-      "version": "8.56.1",
+      "version": "8.61.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.56.1.tgz",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.61.1.tgz",
-      "integrity": "sha512-TAdqQTzHNNvlVFfR+hu2PDJrURiwKsUvxFn1M0h95BB8ah5jejas08jUWG4dBA68jDMI988IvtfdAI53JzEHOQ==",
+      "integrity": "sha512-PrC4JYGmR241lYnfhmKGTXkFqv8+ymbTFgSAY0fVXpY82/QkMw5TZPl+vGzuDDU2QYJk9fIDOBTntF+yDv9LEA==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/tsconfig-utils": "^8.56.1",
+        "@typescript-eslint/tsconfig-utils": "^8.61.1",
-        "@typescript-eslint/types": "^8.56.1",
+        "@typescript-eslint/types": "^8.61.1",
        "debug": "^4.4.3"
      },
      "engines": {
@@ -852,18 +845,18 @@
        "url": "https://opencollective.com/typescript-eslint"
      },
      "peerDependencies": {
-        "typescript": ">=4.8.4 <6.0.0"
+        "typescript": ">=4.8.4 <6.1.0"
      }
    },
    "node_modules/@typescript-eslint/scope-manager": {
-      "version": "8.56.1",
+      "version": "8.61.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.56.1.tgz",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.61.1.tgz",
-      "integrity": "sha512-YAi4VDKcIZp0O4tz/haYKhmIDZFEUPOreKbfdAN3SzUDMcPhJ8QI99xQXqX+HoUVq8cs85eRKnD+rne2UAnj2w==",
+      "integrity": "sha512-L2bdIeoQS8FlKAvONAr20w6OcLXeB+qiDKbAooS9A0Ben+iSIkBef0FxqwKWYqt5sa0i4KJtxVyVmhMylKzF5w==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/types": "8.56.1",
+        "@typescript-eslint/types": "8.61.1",
-        "@typescript-eslint/visitor-keys": "8.56.1"
+        "@typescript-eslint/visitor-keys": "8.61.1"
      },
      "engines": {
        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -874,9 +867,9 @@
      }
    },
    "node_modules/@typescript-eslint/tsconfig-utils": {
-      "version": "8.56.1",
+      "version": "8.61.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.56.1.tgz",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.61.1.tgz",
-      "integrity": "sha512-qOtCYzKEeyr3aR9f28mPJqBty7+DBqsdd63eO0yyDwc6vgThj2UjWfJIcsFeSucYydqcuudMOprZ+x1SpF3ZuQ==",
+      "integrity": "sha512-UN/H4di+OO7EWx2ovME+8t31YO+KVnK0RRKEHR3kOt21/Ay8BOq3M1OMvWs5vNiqcFCYGYoxK3MXPZzmMUE+yg==",
      "dev": true,
      "license": "MIT",
      "engines": {
@@ -887,21 +880,21 @@
        "url": "https://opencollective.com/typescript-eslint"
      },
      "peerDependencies": {
-        "typescript": ">=4.8.4 <6.0.0"
+        "typescript": ">=4.8.4 <6.1.0"
      }
    },
    "node_modules/@typescript-eslint/type-utils": {
-      "version": "8.56.1",
+      "version": "8.61.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.56.1.tgz",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.61.1.tgz",
-      "integrity": "sha512-yB/7dxi7MgTtGhZdaHCemf7PuwrHMenHjmzgUW1aJpO+bBU43OycnM3Wn+DdvDO/8zzA9HlhaJ0AUGuvri4oGg==",
+      "integrity": "sha512-GYRicKmVK0C4fsKgaACaknOUAq9Oa2kwsjnpFhFcS/5p4Ht5IP9OVLbgIgcK4SRk92nVHFluurg1lumD9dBcLw==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/types": "8.56.1",
+        "@typescript-eslint/types": "8.61.1",
-        "@typescript-eslint/typescript-estree": "8.56.1",
+        "@typescript-eslint/typescript-estree": "8.61.1",
-        "@typescript-eslint/utils": "8.56.1",
+        "@typescript-eslint/utils": "8.61.1",
        "debug": "^4.4.3",
-        "ts-api-utils": "^2.4.0"
+        "ts-api-utils": "^2.5.0"
      },
      "engines": {
        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -912,13 +905,13 @@
      },
      "peerDependencies": {
        "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-        "typescript": ">=4.8.4 <6.0.0"
+        "typescript": ">=4.8.4 <6.1.0"
      }
    },
    "node_modules/@typescript-eslint/types": {
-      "version": "8.56.1",
+      "version": "8.61.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.56.1.tgz",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.61.1.tgz",
-      "integrity": "sha512-dbMkdIUkIkchgGDIv7KLUpa0Mda4IYjo4IAMJUZ+3xNoUXxMsk9YtKpTHSChRS85o+H9ftm51gsK1dZReY9CVw==",
+      "integrity": "sha512-G+CRlPqLv7Bz1IZVs03x5K59F1veqL0EJUROAdGhKsEq8qOiRiZbI+HUojPq5l0fEGOKModD9br6lObhB8zkoA==",
      "dev": true,
      "license": "MIT",
      "engines": {
@@ -930,21 +923,21 @@
      }
    },
    "node_modules/@typescript-eslint/typescript-estree": {
-      "version": "8.56.1",
+      "version": "8.61.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.56.1.tgz",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.61.1.tgz",
-      "integrity": "sha512-qzUL1qgalIvKWAf9C1HpvBjif+Vm6rcT5wZd4VoMb9+Km3iS3Cv9DY6dMRMDtPnwRAFyAi7YXJpTIEXLvdfPxg==",
+      "integrity": "sha512-u+oQD3BqYWPc8YV9Zab4vaJElJuwOLPRc10Jm1o/qS+6Qwen14HCWwx0Seo4LnSn2wxea2Ik8DxPt2/FHmuhrg==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/project-service": "8.56.1",
+        "@typescript-eslint/project-service": "8.61.1",
-        "@typescript-eslint/tsconfig-utils": "8.56.1",
+        "@typescript-eslint/tsconfig-utils": "8.61.1",
-        "@typescript-eslint/types": "8.56.1",
+        "@typescript-eslint/types": "8.61.1",
-        "@typescript-eslint/visitor-keys": "8.56.1",
+        "@typescript-eslint/visitor-keys": "8.61.1",
        "debug": "^4.4.3",
        "minimatch": "^10.2.2",
        "semver": "^7.7.3",
        "tinyglobby": "^0.2.15",
-        "ts-api-utils": "^2.4.0"
+        "ts-api-utils": "^2.5.0"
      },
      "engines": {
        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -954,7 +947,7 @@
        "url": "https://opencollective.com/typescript-eslint"
      },
      "peerDependencies": {
-        "typescript": ">=4.8.4 <6.0.0"
+        "typescript": ">=4.8.4 <6.1.0"
      }
    },
    "node_modules/@typescript-eslint/typescript-estree/node_modules/balanced-match": {
@@ -968,9 +961,9 @@
      }
    },
    "node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": {
-      "version": "5.0.5",
+      "version": "5.0.6",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
-      "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
+      "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
@@ -981,13 +974,13 @@
      }
    },
    "node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch": {
-      "version": "10.2.4",
+      "version": "10.2.5",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.4.tgz",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz",
-      "integrity": "sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==",
+      "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==",
      "dev": true,
      "license": "BlueOak-1.0.0",
      "dependencies": {
-        "brace-expansion": "^5.0.2"
+        "brace-expansion": "^5.0.5"
      },
      "engines": {
        "node": "18 || 20 || >=22"
@@ -997,16 +990,16 @@
      }
    },
    "node_modules/@typescript-eslint/utils": {
-      "version": "8.56.1",
+      "version": "8.61.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.56.1.tgz",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.61.1.tgz",
-      "integrity": "sha512-HPAVNIME3tABJ61siYlHzSWCGtOoeP2RTIaHXFMPqjrQKCGB9OgUVdiNgH7TJS2JNIQ5qQ4RsAUDuGaGme/KOA==",
+      "integrity": "sha512-1+P/3Dj6jvtybE1q0HQ6yBt/gq+oKJyLdEv4HdnqasaEXRSYCAsD59mXEVQnM/ULNdQxbX77tdG4jPRjIS6knA==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "@eslint-community/eslint-utils": "^4.9.1",
-        "@typescript-eslint/scope-manager": "8.56.1",
+        "@typescript-eslint/scope-manager": "8.61.1",
-        "@typescript-eslint/types": "8.56.1",
+        "@typescript-eslint/types": "8.61.1",
-        "@typescript-eslint/typescript-estree": "8.56.1"
+        "@typescript-eslint/typescript-estree": "8.61.1"
      },
      "engines": {
        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -1017,17 +1010,17 @@
      },
      "peerDependencies": {
        "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-        "typescript": ">=4.8.4 <6.0.0"
+        "typescript": ">=4.8.4 <6.1.0"
      }
    },
    "node_modules/@typescript-eslint/visitor-keys": {
-      "version": "8.56.1",
+      "version": "8.61.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.56.1.tgz",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.61.1.tgz",
-      "integrity": "sha512-KiROIzYdEV85YygXw6BI/Dx4fnBlFQu6Mq4QE4MOH9fFnhohw6wX/OAvDY2/C+ut0I3RSPKenvZJIVYqJNkhEw==",
+      "integrity": "sha512-6fJ9MHWtK14C1DSkiMlHUSOmrVebL7150xZJBlJiL62jjhIA4JmOq6flwBgDxIdBKKdoiZRel+dfPD5MLfny3w==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/types": "8.56.1",
+        "@typescript-eslint/types": "8.61.1",
        "eslint-visitor-keys": "^5.0.0"
      },
      "engines": {
@@ -1405,9 +1398,9 @@
      }
    },
    "node_modules/anchor-markdown-header": {
-      "version": "0.8.2",
+      "version": "0.8.4",
-      "resolved": "https://registry.npmjs.org/anchor-markdown-header/-/anchor-markdown-header-0.8.2.tgz",
+      "resolved": "https://registry.npmjs.org/anchor-markdown-header/-/anchor-markdown-header-0.8.4.tgz",
-      "integrity": "sha512-ix0Hx6ARkHOsQRmt1++ZmjURq4Pr5MGXQJjh0lQ/l5jTpTURn4aqhbZ+AJMpZ/Sd3JiyNwi7KaeiF64OsMGCPg==",
+      "integrity": "sha512-20eMBMpts7k5rXAAj67geSqc/tsexHZOZJDWQD214YcDuNtyizDa7Q77sYa5rkao2FwsQP1WKRt2X6mphwmhbg==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
@@ -1671,6 +1664,13 @@
        "url": "https://opencollective.com/express"
      }
    },
    "node_modules/boundary": {
      "version": "2.0.0",
      "resolved": "https://registry.npmjs.org/boundary/-/boundary-2.0.0.tgz",
      "integrity": "sha512-rJKn5ooC9u8q13IMCrW0RSp31pxBCHE3y9V/tp3TdWSLf8Em3p6Di4NBpfzbJge9YjjFEsD0RtFEjtvHL5VyEA==",
      "dev": true,
      "license": "BSD-2-Clause"
    },
    "node_modules/brace-expansion": {
      "version": "1.1.14",
      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz",
@@ -1936,12 +1936,16 @@
      }
    },
    "node_modules/cookie": {
-      "version": "0.7.2",
+      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-1.1.1.tgz",
-      "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==",
+      "integrity": "sha512-ei8Aos7ja0weRpFzJnEA9UHJ/7XQmqglbRwnf2ATjcB9Wq874VKH9kfjjirM6UhU2/E5fFYadylyhFldcqSidQ==",
      "license": "MIT",
      "engines": {
-        "node": ">= 0.6"
+        "node": ">=18"
      },
      "funding": {
        "type": "opencollective",
        "url": "https://opencollective.com/express"
      }
    },
    "node_modules/cookie-parser": {
@@ -1957,6 +1961,15 @@
        "node": ">= 0.8.0"
      }
    },
    "node_modules/cookie-parser/node_modules/cookie": {
      "version": "0.7.2",
      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz",
      "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==",
      "license": "MIT",
      "engines": {
        "node": ">= 0.6"
      }
    },
    "node_modules/cookie-signature": {
      "version": "1.0.6",
      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
@@ -2167,18 +2180,17 @@
      }
    },
    "node_modules/doctoc": {
-      "version": "2.3.0",
+      "version": "2.5.0",
-      "resolved": "https://registry.npmjs.org/doctoc/-/doctoc-2.3.0.tgz",
+      "resolved": "https://registry.npmjs.org/doctoc/-/doctoc-2.5.0.tgz",
-      "integrity": "sha512-duuDNVnRHE5mFGYlI+oDf1vguML8PIhKnbUCs7iKPHIEdzYhkCldk6MQeX3ZeXQStRtZxGspSHImtgOMQPIS4A==",
+      "integrity": "sha512-xWb2P8mQw9x+T9xPYToytRP0/bA68oexdsY0anMG72RdhZGTVPx6oHJfI57gbZe9LsOSfQUNNLwxSspdoTlJIQ==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@textlint/markdown-to-ast": "^12.1.1",
+        "@textlint/markdown-to-ast": "^15.6.0",
-        "anchor-markdown-header": "^0.8.2",
+        "anchor-markdown-header": "^0.8.4",
        "htmlparser2": "^7.2.0",
-        "minimist": "^1.2.6",
+        "loglevel": "^1.9.2",
-        "underscore": "^1.13.2",
+        "minimist": "^1.2.6"
        "update-section": "^0.3.3"
      },
      "bin": {
        "doctoc": "doctoc.js"
@@ -2953,6 +2965,15 @@
        "url": "https://opencollective.com/express"
      }
    },
    "node_modules/express/node_modules/cookie": {
      "version": "0.7.2",
      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz",
      "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==",
      "license": "MIT",
      "engines": {
        "node": ">= 0.6"
      }
    },
    "node_modules/express/node_modules/cookie-signature": {
      "version": "1.2.2",
      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.2.2.tgz",
@@ -3310,9 +3331,9 @@
      }
    },
    "node_modules/globals": {
-      "version": "16.5.0",
+      "version": "17.6.0",
-      "resolved": "https://registry.npmjs.org/globals/-/globals-16.5.0.tgz",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-17.6.0.tgz",
-      "integrity": "sha512-c/c15i26VrJ4IRt5Z89DnIzCGDn9EcebibhAOjw5ibqEHsE1wLUgkPn9RDmNcUKyU87GeaL633nyJ+pplFR2ZQ==",
+      "integrity": "sha512-sepffkT8stwnIYbsMBpoCHJuJM5l98FUF2AnE07hfvE0m/qp3R586hw4jF4uadbhvg1ooIdzuu7CsfD2jzCaNA==",
      "dev": true,
      "license": "MIT",
      "engines": {
@@ -3532,29 +3553,26 @@
      }
    },
    "node_modules/i18next": {
-      "version": "25.8.13",
+      "version": "26.3.1",
-      "resolved": "https://registry.npmjs.org/i18next/-/i18next-25.8.13.tgz",
+      "resolved": "https://registry.npmjs.org/i18next/-/i18next-26.3.1.tgz",
-      "integrity": "sha512-E0vzjBY1yM+nsFrtgkjLhST2NBkirkvOVoQa0MSldhsuZ3jUge7ZNpuwG0Cfc74zwo5ZwRzg3uOgT+McBn32iA==",
+      "integrity": "sha512-txQqd5EULsqEh9OJqRH15aCaOuy/nLJyhw5EHCSKLKJE1aBbb3Zve2+uQIxgWhPm1QqUQoWyQBm2kfmmIrzkcQ==",
      "funding": [
        {
          "type": "individual",
-          "url": "https://locize.com"
+          "url": "https://www.locize.com/i18next"
        },
        {
          "type": "individual",
          "url": "https://locize.com/i18next.html"
        },
        {
          "type": "individual",
          "url": "https://www.i18next.com/how-to/faq#i18next-is-awesome.-how-can-i-support-the-project"
        },
        {
          "type": "individual",
          "url": "https://www.locize.com"
        }
      ],
      "license": "MIT",
      "dependencies": {
        "@babel/runtime": "^7.28.4"
      },
      "peerDependencies": {
-        "typescript": "^5"
+        "typescript": "^5 || ^6"
      },
      "peerDependenciesMeta": {
        "typescript": {
@@ -4130,9 +4148,19 @@
      "license": "ISC"
    },
    "node_modules/js-yaml": {
-      "version": "4.1.1",
+      "version": "4.2.0",
-      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.2.0.tgz",
-      "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
+      "integrity": "sha512-ePWsvanv0DWuDRsW8dnt+R4jQ31SCRCQ7hhNcPXZPsoBZiemuZNYGf7adZdqX2D86j6rvKp3RpCxVTSb8WQlOw==",
      "funding": [
        {
          "type": "github",
          "url": "https://github.com/sponsors/puzrin"
        },
        {
          "type": "github",
          "url": "https://github.com/sponsors/nodeca"
        }
      ],
      "license": "MIT",
      "dependencies": {
        "argparse": "^2.0.1"
@@ -4237,6 +4265,20 @@
      "dev": true,
      "license": "MIT"
    },
    "node_modules/loglevel": {
      "version": "1.9.2",
      "resolved": "https://registry.npmjs.org/loglevel/-/loglevel-1.9.2.tgz",
      "integrity": "sha512-HgMmCqIJSAKqo68l0rS2AanEWfkxaZ5wNiEFb5ggm08lDs9Xl2KxBlX3PTcaD2chBM1gXAYf491/M2Rv8Jwayg==",
      "dev": true,
      "license": "MIT",
      "engines": {
        "node": ">= 0.6.0"
      },
      "funding": {
        "type": "tidelift",
        "url": "https://tidelift.com/funding/github/npm/loglevel"
      }
    },
    "node_modules/longest-streak": {
      "version": "2.0.4",
      "resolved": "https://registry.npmjs.org/longest-streak/-/longest-streak-2.0.4.tgz",
@@ -4710,6 +4752,16 @@
        "node": ">= 0.6"
      }
    },
    "node_modules/neotraverse": {
      "version": "0.6.18",
      "resolved": "https://registry.npmjs.org/neotraverse/-/neotraverse-0.6.18.tgz",
      "integrity": "sha512-Z4SmBUweYa09+o6pG+eASabEpP6QkQ70yHj351pQoEXIs8uHbaU2DWVmzBANKgflPa47A50PtB2+NgRpQvr7vA==",
      "dev": true,
      "license": "MIT",
      "engines": {
        "node": ">= 10"
      }
    },
    "node_modules/netmask": {
      "version": "2.0.2",
      "resolved": "https://registry.npmjs.org/netmask/-/netmask-2.0.2.tgz",
@@ -5339,9 +5391,9 @@
      }
    },
    "node_modules/remove-markdown": {
-      "version": "0.6.3",
+      "version": "0.6.4",
-      "resolved": "https://registry.npmjs.org/remove-markdown/-/remove-markdown-0.6.3.tgz",
+      "resolved": "https://registry.npmjs.org/remove-markdown/-/remove-markdown-0.6.4.tgz",
-      "integrity": "sha512-Qvp2p0Q1irE7AaJO7QemJe04HdObHylJrG+q4hszvPlYp7q4EvfINpEIaIEFdB+3XTDp1h6fiyT60ae00gmRow==",
+      "integrity": "sha512-BompiLClzjfh46irZmzv+1Q61jZYlKN3iq/hzae9EOUwf7ctr/5wpD4qwgn/FWDAYE18RORO7z/yr+HXZJCY8Q==",
      "dev": true,
      "license": "MIT"
    },
@@ -5904,6 +5956,16 @@
        "url": "https://github.com/sponsors/sindresorhus"
      }
    },
    "node_modules/structured-source": {
      "version": "4.0.0",
      "resolved": "https://registry.npmjs.org/structured-source/-/structured-source-4.0.0.tgz",
      "integrity": "sha512-qGzRFNJDjFieQkl/sVOI2dUjHKRyL9dAJi2gCPGJLbJHBIkyOHxjuocpIEfbLioX+qSJpvbYdT49/YCdMznKxA==",
      "dev": true,
      "license": "BSD-2-Clause",
      "dependencies": {
        "boundary": "^2.0.0"
      }
    },
    "node_modules/supports-color": {
      "version": "7.2.0",
      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
@@ -5972,24 +6034,6 @@
        "node": ">=0.6"
      }
    },
    "node_modules/traverse": {
      "version": "0.6.11",
      "resolved": "https://registry.npmjs.org/traverse/-/traverse-0.6.11.tgz",
      "integrity": "sha512-vxXDZg8/+p3gblxB6BhhG5yWVn1kGRlaL8O78UDXc3wRnPizB5g83dcvWV1jpDMIPnjZjOFuxlMmE82XJ4407w==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "gopd": "^1.2.0",
        "typedarray.prototype.slice": "^1.0.5",
        "which-typed-array": "^1.1.18"
      },
      "engines": {
        "node": ">= 0.4"
      },
      "funding": {
        "url": "https://github.com/sponsors/ljharb"
      }
    },
    "node_modules/trough": {
      "version": "1.0.5",
      "resolved": "https://registry.npmjs.org/trough/-/trough-1.0.5.tgz",
@@ -6002,9 +6046,9 @@
      }
    },
    "node_modules/ts-api-utils": {
-      "version": "2.4.0",
+      "version": "2.5.0",
-      "resolved": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-2.4.0.tgz",
+      "resolved": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-2.5.0.tgz",
-      "integrity": "sha512-3TaVTaAv2gTiMB35i3FiGJaRfwb3Pyn/j3m/bfAvGe8FB7CF6u+LMYqYlDh7reQf7UNvoTvdfAqHGmPGOSsPmA==",
+      "integrity": "sha512-OJ/ibxhPlqrMM0UiNHJ/0CKQkoKF243/AEmplt3qpRgkW8VG7IfOS41h7V8TjITqdByHzrjcS/2si+y4lIh8NA==",
      "dev": true,
      "license": "MIT",
      "engines": {
@@ -6182,29 +6226,6 @@
        "url": "https://github.com/sponsors/ljharb"
      }
    },
    "node_modules/typedarray.prototype.slice": {
      "version": "1.0.5",
      "resolved": "https://registry.npmjs.org/typedarray.prototype.slice/-/typedarray.prototype.slice-1.0.5.tgz",
      "integrity": "sha512-q7QNVDGTdl702bVFiI5eY4l/HkgCM6at9KhcFbgUAzezHFbOVy4+0O/lCjsABEQwbZPravVfBIiBVGo89yzHFg==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "call-bind": "^1.0.8",
        "define-properties": "^1.2.1",
        "es-abstract": "^1.23.9",
        "es-errors": "^1.3.0",
        "get-proto": "^1.0.1",
        "math-intrinsics": "^1.1.0",
        "typed-array-buffer": "^1.0.3",
        "typed-array-byte-offset": "^1.0.4"
      },
      "engines": {
        "node": ">= 0.4"
      },
      "funding": {
        "url": "https://github.com/sponsors/ljharb"
      }
    },
    "node_modules/typescript": {
      "version": "5.9.3",
      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.3.tgz",
@@ -6220,16 +6241,16 @@
      }
    },
    "node_modules/typescript-eslint": {
-      "version": "8.56.1",
+      "version": "8.61.1",
-      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.56.1.tgz",
+      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.61.1.tgz",
-      "integrity": "sha512-U4lM6pjmBX7J5wk4szltF7I1cGBHXZopnAXCMXb3+fZ3B/0Z3hq3wS/CCUB2NZBNAExK92mCU2tEohWuwVMsDQ==",
+      "integrity": "sha512-V7PayAfJokV3pEHgN7/v03D1SpujhRfQtYLbLIiBfDDncdg4PAiRBfoS4cnCANK4jmAPncczi59QO3afiXUlNw==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/eslint-plugin": "8.56.1",
+        "@typescript-eslint/eslint-plugin": "8.61.1",
-        "@typescript-eslint/parser": "8.56.1",
+        "@typescript-eslint/parser": "8.61.1",
-        "@typescript-eslint/typescript-estree": "8.56.1",
+        "@typescript-eslint/typescript-estree": "8.61.1",
-        "@typescript-eslint/utils": "8.56.1"
+        "@typescript-eslint/utils": "8.61.1"
      },
      "engines": {
        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -6240,7 +6261,7 @@
      },
      "peerDependencies": {
        "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-        "typescript": ">=4.8.4 <6.0.0"
+        "typescript": ">=4.8.4 <6.1.0"
      }
    },
    "node_modules/unbox-primitive": {
@@ -6262,13 +6283,6 @@
        "url": "https://github.com/sponsors/ljharb"
      }
    },
    "node_modules/underscore": {
      "version": "1.13.8",
      "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.13.8.tgz",
      "integrity": "sha512-DXtD3ZtEQzc7M8m4cXotyHR+FAS18C64asBYY5vqZexfYryNNnDc02W4hKg3rdQuqOYas1jkseX0+nZXjTXnvQ==",
      "dev": true,
      "license": "MIT"
    },
    "node_modules/undici-types": {
      "version": "6.21.0",
      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.21.0.tgz",
@@ -6403,13 +6417,6 @@
        "@unrs/resolver-binding-win32-x64-msvc": "1.11.1"
      }
    },
    "node_modules/update-section": {
      "version": "0.3.3",
      "resolved": "https://registry.npmjs.org/update-section/-/update-section-0.3.3.tgz",
      "integrity": "sha512-BpRZMZpgXLuTiKeiu7kK0nIPwGdyrqrs6EDSaXtjD/aQ2T+qVo9a5hRC3HN3iJjCMxNT/VxoLGQ7E/OzE5ucnw==",
      "dev": true,
      "license": "MIT"
    },
    "node_modules/uri-js": {
      "version": "4.4.1",
      "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz",
@@ -6613,9 +6620,9 @@
      "license": "ISC"
    },
    "node_modules/ws": {
-      "version": "8.20.1",
+      "version": "8.21.0",
-      "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.1.tgz",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-8.21.0.tgz",
-      "integrity": "sha512-It4dO0K5v//JtTXuPkfEOaI3uUN87iYPnqo/ZzqCoG3g8uhA66QUMs/SrM0YK7/NAu+r4LMh/9dq2A7k+rHs+w==",
+      "integrity": "sha512-Vsp28b7DRcimFQvrqu2Wek3z1iYxDCWqHYB8Qsnk/S4RfaCQzPGPyBNuVjJV3cd6UiKtUtp6sNM77gWvzcCH+g==",
      "license": "MIT",
      "engines": {
        "node": ">=10.0.0"
--- a/package.json
+++ b/package.json
@@ -59,7 +59,7 @@
    "eslint-import-resolver-typescript": "^4.4.4",
    "eslint-plugin-import": "^2.28.1",
    "eslint-plugin-prettier": "^5.0.0",
-    "globals": "^16.1.0",
+    "globals": "^17.6.0",
    "prettier": "3.8.3",
    "prettier-plugin-sh": "^0.18.0",
    "ts-node": "^10.9.1",
@@ -70,12 +70,13 @@
    "@coder/logger": "^3.0.1",
    "argon2": "^0.44.0",
    "compression": "^1.7.4",
    "cookie": "^1.1.1",
    "cookie-parser": "^1.4.6",
    "env-paths": "^2.2.1",
    "express": "^5.0.1",
    "http-proxy": "^1.18.1",
    "httpolyglot": "^0.1.2",
-    "i18next": "^25.8.3",
+    "i18next": "^26.3.1",
    "js-yaml": "^4.1.0",
    "limiter": "^2.1.0",
    "pem": "^1.14.8",
--- a/patches/base-path.diff
+++ b/patches/base-path.diff
@@ -241,7 +241,7 @@ Index: code-server/lib/vscode/src/vs/base/common/product.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/base/common/product.ts
 +++ code-server/lib/vscode/src/vs/base/common/product.ts
-@@ -66,6 +66,7 @@ export type ExtensionVirtualWorkspaceSup
+@@ -85,6 +85,7 @@ export interface IAgentSdkProductConfig
 export interface IProductConfiguration {
 	readonly codeServerVersion?: string
--- a/patches/disable-builtin-ext-update.diff
+++ b/patches/disable-builtin-ext-update.diff
@@ -7,7 +7,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/extensions/browser/extens
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/extensions/browser/extensionsWorkbenchService.ts
 +++ code-server/lib/vscode/src/vs/workbench/contrib/extensions/browser/extensionsWorkbenchService.ts
-@@ -344,6 +344,10 @@ export class Extension implements IExten
+@@ -343,6 +343,10 @@ export class Extension implements IExten
 			if (this.type === ExtensionType.System && this.productService.quality === 'stable' && !this.productService.builtInExtensionsEnabledWithAutoUpdates?.some(id => id.toLowerCase() === this.identifier.id.toLowerCase())) {
 				return false;
 			}
--- a/patches/external-file-actions.diff
+++ b/patches/external-file-actions.diff
@@ -230,7 +230,7 @@ Index: code-server/lib/vscode/src/vs/workbench/services/dialogs/browser/simpleFi
 import { IRemoteAgentService } from '../../remote/common/remoteAgentService.js';
 import { IContextKeyService, IContextKey, RawContextKey } from '../../../../platform/contextkey/common/contextkey.js';
 import { equalsIgnoreCase, format, startsWithIgnoreCase } from '../../../../base/common/strings.js';
-@@ -161,7 +161,7 @@ export class SimpleFileDialog extends Di
+@@ -152,7 +152,7 @@ export class SimpleFileDialog extends Di
 		@IFileDialogService private readonly fileDialogService: IFileDialogService,
 		@IModelService private readonly modelService: IModelService,
 		@ILanguageService private readonly languageService: ILanguageService,
@@ -239,7 +239,7 @@ Index: code-server/lib/vscode/src/vs/workbench/services/dialogs/browser/simpleFi
 		@IRemoteAgentService private readonly remoteAgentService: IRemoteAgentService,
 		@IPathService protected readonly pathService: IPathService,
 		@IKeybindingService private readonly keybindingService: IKeybindingService,
-@@ -392,21 +392,23 @@ export class SimpleFileDialog extends Di
+@@ -362,21 +362,23 @@ export class SimpleFileDialog extends Di
 			this.filePickBox.placeholder = nls.localize('remoteFileDialog.placeholder', "Folder path");
 			this.filePickBox.ok = true;
 			this.filePickBox.okLabel = typeof this.options.openLabel === 'string' ? this.options.openLabel : this.options.openLabel?.withoutMnemonic;
--- a/patches/integration.diff
+++ b/patches/integration.diff
@@ -186,8 +186,8 @@ Index: code-server/lib/vscode/src/vs/base/common/product.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/base/common/product.ts
 +++ code-server/lib/vscode/src/vs/base/common/product.ts
-@@ -65,6 +65,8 @@ export type ExtensionVirtualWorkspaceSup
+@@ -84,6 +84,8 @@ export interface IAgentSdkProductConfig
- };
+ }
 export interface IProductConfiguration {
 +	readonly codeServerVersion?: string
--- a/patches/logout.diff
+++ b/patches/logout.diff
@@ -8,7 +8,7 @@ Index: code-server/lib/vscode/src/vs/base/common/product.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/base/common/product.ts
 +++ code-server/lib/vscode/src/vs/base/common/product.ts
-@@ -68,6 +68,7 @@ export interface IProductConfiguration {
+@@ -87,6 +87,7 @@ export interface IProductConfiguration {
 	readonly codeServerVersion?: string
 	readonly rootEndpoint?: string
 	readonly updateEndpoint?: string
--- a/patches/proxy-uri.diff
+++ b/patches/proxy-uri.diff
@@ -30,7 +30,7 @@ Index: code-server/lib/vscode/src/vs/base/common/product.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/base/common/product.ts
 +++ code-server/lib/vscode/src/vs/base/common/product.ts
-@@ -69,6 +69,7 @@ export interface IProductConfiguration {
+@@ -88,6 +88,7 @@ export interface IProductConfiguration {
 	readonly rootEndpoint?: string
 	readonly updateEndpoint?: string
 	readonly logoutEndpoint?: string
--- a/patches/service-worker.diff
+++ b/patches/service-worker.diff
@@ -6,7 +6,7 @@ Index: code-server/lib/vscode/src/vs/base/common/product.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/base/common/product.ts
 +++ code-server/lib/vscode/src/vs/base/common/product.ts
-@@ -70,6 +70,10 @@ export interface IProductConfiguration {
+@@ -89,6 +89,10 @@ export interface IProductConfiguration {
 	readonly updateEndpoint?: string
 	readonly logoutEndpoint?: string
 	readonly proxyEndpointTemplate?: string
--- a/patches/sourcemaps.diff
+++ b/patches/sourcemaps.diff
@@ -6,7 +6,7 @@ Index: code-server/lib/vscode/build/gulpfile.reh.ts
 ===================================================================
 --- code-server.orig/lib/vscode/build/gulpfile.reh.ts
 +++ code-server/lib/vscode/build/gulpfile.reh.ts
-@@ -296,10 +296,15 @@ function packageTask(type: string, platf
+@@ -297,10 +297,15 @@ function packageTask(type: string, platf
 	const destination = path.join(BUILD_ROOT, destinationFolderName);
 	return () => {
--- a/patches/telemetry.diff
+++ b/patches/telemetry.diff
@@ -147,7 +147,7 @@ Index: code-server/lib/vscode/src/vs/base/common/product.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/base/common/product.ts
 +++ code-server/lib/vscode/src/vs/base/common/product.ts
-@@ -74,6 +74,7 @@ export interface IProductConfiguration {
+@@ -93,6 +93,7 @@ export interface IProductConfiguration {
 		readonly path: string;
 		readonly scope: string;
 	}
--- a/patches/update-check.diff
+++ b/patches/update-check.diff
@@ -93,7 +93,7 @@ Index: code-server/lib/vscode/src/vs/base/common/product.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/base/common/product.ts
 +++ code-server/lib/vscode/src/vs/base/common/product.ts
-@@ -67,6 +67,7 @@ export type ExtensionVirtualWorkspaceSup
+@@ -86,6 +86,7 @@ export interface IAgentSdkProductConfig
 export interface IProductConfiguration {
 	readonly codeServerVersion?: string
 	readonly rootEndpoint?: string
@@ -101,14 +101,14 @@ Index: code-server/lib/vscode/src/vs/base/common/product.ts
 	readonly version: string;
 	readonly date?: string;
-@@ -119,6 +120,7 @@ export interface IProductConfiguration {
+@@ -138,6 +139,7 @@ export interface IProductConfiguration {
 		readonly resourceUrlTemplate: string;
 		readonly nlsBaseUrl: string;
 		readonly accessSKUs?: string[];
 +		readonly authorizationHeaderToken?: string;
 	};
- 	readonly mcpGallery?: {
+ 	readonly agentSdks?: { readonly [packageId: string]: IAgentSdkProductConfig };
 Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
--- a/patches/webview.diff
+++ b/patches/webview.diff
@@ -70,8 +70,8 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index
 	<meta charset="UTF-8">
 	<meta http-equiv="Content-Security-Policy"
-		content="default-src 'none'; script-src 'sha256-q+WTr+fBXpLLE3++yWNaxT6BTWQtsKscoeIlynBRk4E=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
+-		content="default-src 'none'; script-src 'sha256-nXjtuhBilO++r8hfxl5VjEScSmdm07wDAk6jw228DgM=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
-+		content="default-src 'none'; script-src 'sha256-m1DlJtsIJd46QuWYNcsaYIG1xI+9FyjKQu+cfp+zq5Q=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
+		content="default-src 'none'; script-src 'sha256-A6/szVNdTzyi4hDa+9OLbzS8tSd2iUV4CqimLNWex2Y=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
 	<!-- Disable pinch zooming -->
 	<meta name="viewport"
--- a/src/node/i18n/index.ts
+++ b/src/node/i18n/index.ts
@@ -54,7 +54,6 @@ init({
  lowerCaseLng: true,
  debug: process.env.NODE_ENV === "development",
  resources: defaultResources,
  showSupportNotice: false,
 })
 export default i18next
--- a/src/node/proxy.ts
+++ b/src/node/proxy.ts
@@ -1,5 +1,7 @@
 import * as cookie from "cookie"
 import type { Request } from "express"
 import proxyServer from "http-proxy"
-import { HttpCode } from "../common/http"
+import { getCookieSessionName, HttpCode } from "../common/http"
 export const proxy = proxyServer.createProxyServer({})
@@ -18,6 +20,19 @@ proxy.on("error", (error, _, res) => {
  }
 })
 // Strip the code-server cookie if it exists to avoid transmitting the cookie
 // to potentially malicious local ports.
 proxy.on("proxyReq", (preq, req) => {
  const cookieSessionName = getCookieSessionName((req as Request).args["cookie-suffix"])
  preq.setHeader(
    "Cookie",
    cookie.stringifyCookie({
      ...(req as Request).cookies,
      [cookieSessionName]: undefined,
    }),
  )
 })
 // Intercept the response to rewrite absolute redirects against the base path.
 // Is disabled when the request has no base path which means /absproxy is in use.
 proxy.on("proxyRes", (res, req) => {
--- a/test/e2e/codeServer.test.ts
+++ b/test/e2e/codeServer.test.ts
@@ -32,7 +32,7 @@ describe("code-server", ["--disable-workspace-trust"], {}, () => {
  test("should show the Integrated Terminal", async ({ codeServerPage }) => {
    await codeServerPage.focusTerminal()
-    expect(await codeServerPage.page.isVisible("#terminal")).toBe(true)
+    await expect(codeServerPage.page.locator("#terminal")).toBeVisible()
  })
  test("should open a file", async ({ codeServerPage }) => {
--- a/test/e2e/downloads.test.ts
+++ b/test/e2e/downloads.test.ts
@@ -18,7 +18,7 @@ describe("Downloads (enabled)", ["--disable-workspace-trust"], {}, async () => {
    // Action
    await codeServerPage.openContextMenu("text=unique-file.txt")
-    expect(await codeServerPage.page.isVisible("text=Download...")).toBe(true)
+    await expect(codeServerPage.page.locator("text=Download...")).toBeVisible()
  })
  test("should see the 'Show Local' button on Save As", async ({ codeServerPage }) => {
@@ -37,7 +37,7 @@ describe("Downloads (enabled)", ["--disable-workspace-trust"], {}, async () => {
    await codeServerPage.page.keyboard.type("Making some edits.")
    await codeServerPage.navigateMenus(["File", "Save As..."])
    await codeServerPage.page.waitForSelector(".quick-input-widget")
-    expect(await codeServerPage.page.isVisible("text=Show Local")).toBe(true)
+    await expect(codeServerPage.page.locator("text=Show Local")).toBeVisible()
  })
  test("should see the 'Show Local' button on Save File", async ({ codeServerPage }) => {
@@ -46,14 +46,14 @@ describe("Downloads (enabled)", ["--disable-workspace-trust"], {}, async () => {
    await codeServerPage.waitForTab("Untitled-1")
    await codeServerPage.navigateMenus(["File", "Save"])
    await codeServerPage.page.waitForSelector(".quick-input-widget")
-    expect(await codeServerPage.page.isVisible("text=Show Local")).toBe(true)
+    await expect(codeServerPage.page.locator("text=Show Local")).toBeVisible()
  })
  test("should see the 'Show Local' button on Save Workspace As", async ({ codeServerPage }) => {
    // Action
    await codeServerPage.navigateMenus(["File", "Save Workspace As..."])
    await codeServerPage.page.waitForSelector(".quick-input-widget")
-    expect(await codeServerPage.page.isVisible("text=Show Local")).toBe(true)
+    await expect(codeServerPage.page.locator("text=Show Local")).toBeVisible()
  })
 })
@@ -72,7 +72,7 @@ describe("Downloads (disabled)", ["--disable-workspace-trust", "--disable-file-d
    // Action
    await codeServerPage.openContextMenu("text=unique-file.txt")
-    expect(await codeServerPage.page.isVisible("text=Download...")).toBe(false)
+    await expect(codeServerPage.page.locator("text=Download...")).not.toBeVisible()
  })
  test("should not see the 'Show Local' button on Save as", async ({ codeServerPage }) => {
@@ -87,7 +87,7 @@ describe("Downloads (disabled)", ["--disable-workspace-trust", "--disable-file-d
    await codeServerPage.openFile(fileName)
    await codeServerPage.page.click(".tab")
    await codeServerPage.navigateMenus(["File", "Save As..."])
-    expect(await codeServerPage.page.isVisible("text=Show Local")).toBe(false)
+    await expect(codeServerPage.page.locator("text=Show Local")).not.toBeVisible()
  })
  test("should not see the 'Show Local' button on Save File", async ({ codeServerPage }) => {
@@ -96,13 +96,13 @@ describe("Downloads (disabled)", ["--disable-workspace-trust", "--disable-file-d
    await codeServerPage.waitForTab("Untitled-1")
    await codeServerPage.navigateMenus(["File", "Save"])
    await codeServerPage.page.waitForSelector(".quick-input-widget")
-    expect(await codeServerPage.page.isVisible("text=Show Local")).toBe(false)
+    await expect(codeServerPage.page.locator("text=Show Local")).not.toBeVisible()
  })
  test("should not see the 'Show Local' button on Save Workspace As", async ({ codeServerPage }) => {
    // Action
    await codeServerPage.navigateMenus(["File", "Save Workspace As..."])
    await codeServerPage.page.waitForSelector(".quick-input-widget")
-    expect(await codeServerPage.page.isVisible("text=Show Local")).toBe(false)
+    await expect(codeServerPage.page.locator("text=Show Local")).not.toBeVisible()
  })
 })
--- a/test/e2e/extensions.test.ts
+++ b/test/e2e/extensions.test.ts
@@ -13,7 +13,7 @@ function runTestExtensionTests() {
    // Remove end slash in address.
    const normalizedAddress = address.replace(/\/+$/, "")
-    await codeServerPage.page.getByText(`Info: proxyUri: ${normalizedAddress}/proxy/{{port}}/`)
+    await expect(codeServerPage.page.getByText(`Info: proxyUri: ${normalizedAddress}/proxy/{{port}}/`)).toBeVisible()
  })
 }
--- a/test/e2e/github.test.ts
+++ b/test/e2e/github.test.ts
@@ -12,7 +12,7 @@ if (process.env.GITHUB_TOKEN) {
      await codeServerPage.page.click("text=Allow")
      // It should ask to select an account, one of which will be the one we
      // pre-injected.
-      expect(await codeServerPage.page.isVisible("text=Select an account")).toBe(false)
+      await expect(codeServerPage.page.locator("text=Select an account")).not.toBeVisible()
    })
  })
@@ -26,7 +26,7 @@ if (process.env.GITHUB_TOKEN) {
      await codeServerPage.page.click("text=Allow")
      // Since there is no account it will ask directly for the token (because
      // we are on localhost; otherwise it would initiate the oauth flow).
-      expect(await codeServerPage.page.isVisible("text=GitHub Personal Access Token")).toBe(false)
+      await expect(codeServerPage.page.locator("text=GitHub Personal Access Token")).not.toBeVisible()
    })
  })
 } else {
--- a/test/e2e/login.test.ts
+++ b/test/e2e/login.test.ts
@@ -24,8 +24,8 @@ describe("login", ["--disable-workspace-trust", "--auth", "password"], {}, () =>
    // Skip entering password
    // Click the submit button and login
    await codeServerPage.page.click(".submit")
-    await codeServerPage.page.waitForLoadState("networkidle")
+    // The required input blocks empty submits, so the server-side error can't render.
-    expect(await codeServerPage.page.isVisible("text=Missing password"))
+    await expect(codeServerPage.page.locator("input.password:invalid")).toBeVisible()
  })
  test("should see an error message for incorrect password", async ({ codeServerPage }) => {
@@ -34,28 +34,29 @@ describe("login", ["--disable-workspace-trust", "--auth", "password"], {}, () =>
    // Click the submit button and login
    await codeServerPage.page.click(".submit")
    await codeServerPage.page.waitForLoadState("networkidle")
-    expect(await codeServerPage.page.isVisible("text=Incorrect password"))
+    await expect(codeServerPage.page.locator("text=Incorrect password")).toBeVisible()
  })
  test("should hit the rate limiter for too many unsuccessful logins", async ({ codeServerPage }) => {
-    // Type in password
+    test.slow()
    await codeServerPage.page.fill(".password", "password123")
    // Click the submit button and login
    // The current RateLimiter allows 2 logins per minute plus
    // 12 logins per hour for a total of 14
    // See: src/node/routes/login.ts
    for (let i = 1; i <= 14; i++) {
      await codeServerPage.page.fill(".password", "password123")
      await codeServerPage.page.click(".submit")
      await codeServerPage.page.waitForLoadState("networkidle")
      // We double-check that the correct error message shows
      // which should be for incorrect password
-      expect(await codeServerPage.page.isVisible("text=Incorrect password"))
+      await expect(codeServerPage.page.locator("text=Incorrect password")).toBeVisible()
    }
    // The 15th should fail for a different reason:
    // login rate
    await codeServerPage.page.fill(".password", "password123")
    await codeServerPage.page.click(".submit")
    await codeServerPage.page.waitForLoadState("networkidle")
-    expect(await codeServerPage.page.isVisible("text=Login rate limited!"))
+    await expect(codeServerPage.page.locator("text=Login rate limited!")).toBeVisible()
  })
 })
--- a/test/e2e/uploads.test.ts
+++ b/test/e2e/uploads.test.ts
@@ -18,14 +18,14 @@ describe("Uploads (enabled)", ["--disable-workspace-trust"], {}, () => {
    // Action
    await codeServerPage.openContextMenu('span:has-text("test-directory")')
-    expect(await codeServerPage.page.isVisible("text=Upload...")).toBe(true)
+    await expect(codeServerPage.page.locator("text=Upload...")).toBeVisible()
  })
  test("should see the 'Show Local' button on Open File", async ({ codeServerPage }) => {
    // Action
    await codeServerPage.navigateMenus(["File", "Open File..."])
    await codeServerPage.page.waitForSelector(".quick-input-widget")
-    expect(await codeServerPage.page.isVisible("text=Show Local")).toBe(true)
+    await expect(codeServerPage.page.locator("text=Show Local")).toBeVisible()
  })
 })
@@ -44,13 +44,13 @@ describe("Uploads (disabled)", ["--disable-workspace-trust", "--disable-file-upl
    // Action
    await codeServerPage.openContextMenu('span:has-text("test-directory")')
-    expect(await codeServerPage.page.isVisible("text=Upload...")).toBe(false)
+    await expect(codeServerPage.page.locator("text=Upload...")).not.toBeVisible()
  })
  test("should not see the 'Show Local' button on Open File", async ({ codeServerPage }) => {
    // Action
    await codeServerPage.navigateMenus(["File", "Open File..."])
    await codeServerPage.page.waitForSelector(".quick-input-widget")
-    expect(await codeServerPage.page.isVisible("text=Show Local")).toBe(false)
+    await expect(codeServerPage.page.locator("text=Show Local")).not.toBeVisible()
  })
 })
--- a/test/package-lock.json
+++ b/test/package-lock.json
@@ -7,7 +7,7 @@
      "license": "MIT",
      "devDependencies": {
        "@jest-mock/express": "^1.4.5",
-        "@playwright/test": "^1.56.1",
+        "@playwright/test": "^1.61.0",
        "@types/jest": "^27.0.2",
        "@types/jsdom": "^16.2.13",
        "@types/node-fetch": "^2.5.8",
@@ -18,7 +18,7 @@
        "jest-fetch-mock": "^3.0.3",
        "jsdom": "^16.4.0",
        "node-fetch": "^2.6.7",
-        "playwright": "^1.59.1",
+        "playwright": "^1.61.0",
        "ts-jest": "^27.0.7",
        "wtfnode": "^0.9.1"
      }
@@ -998,13 +998,13 @@
      }
    },
    "node_modules/@playwright/test": {
-      "version": "1.56.1",
+      "version": "1.61.0",
-      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.56.1.tgz",
+      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.61.0.tgz",
-      "integrity": "sha512-vSMYtL/zOcFpvJCW71Q/OEGQb7KYBPAdKh35WNSkaZA75JlAO8ED8UN6GUNTm3drWomcbcqRPFqQbLae8yBTdg==",
+      "integrity": "sha512-cKA5B6lpFEMyMGjxF54QihfYpB4FkEGH+qZhtArDEG+wezQAJY8Pq6C7T1SjWz+FFzt3TbyoXBQYk/0292TdJA==",
      "dev": true,
      "license": "Apache-2.0",
      "dependencies": {
-        "playwright": "1.56.1"
+        "playwright": "1.61.0"
      },
      "bin": {
        "playwright": "cli.js"
@@ -1013,53 +1013,6 @@
        "node": ">=18"
      }
    },
    "node_modules/@playwright/test/node_modules/fsevents": {
      "version": "2.3.2",
      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
      "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==",
      "dev": true,
      "hasInstallScript": true,
      "license": "MIT",
      "optional": true,
      "os": [
        "darwin"
      ],
      "engines": {
        "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
      }
    },
    "node_modules/@playwright/test/node_modules/playwright": {
      "version": "1.56.1",
      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.56.1.tgz",
      "integrity": "sha512-aFi5B0WovBHTEvpM3DzXTUaeN6eN0qWnTkKx4NQaH4Wvcmc153PdaY2UBdSYKaGYw+UyWXSVyxDUg5DoPEttjw==",
      "dev": true,
      "license": "Apache-2.0",
      "dependencies": {
        "playwright-core": "1.56.1"
      },
      "bin": {
        "playwright": "cli.js"
      },
      "engines": {
        "node": ">=18"
      },
      "optionalDependencies": {
        "fsevents": "2.3.2"
      }
    },
    "node_modules/@playwright/test/node_modules/playwright-core": {
      "version": "1.56.1",
      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.56.1.tgz",
      "integrity": "sha512-hutraynyn31F+Bifme+Ps9Vq59hKuUCz7H1kDOcBs+2oGguKkWTU50bBWrtz34OUWmIwpBTWDxaRPXrIXkgvmQ==",
      "dev": true,
      "license": "Apache-2.0",
      "bin": {
        "playwright-core": "cli.js"
      },
      "engines": {
        "node": ">=18"
      }
    },
    "node_modules/@sinonjs/commons": {
      "version": "1.8.6",
      "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.6.tgz",
@@ -2336,17 +2289,17 @@
      }
    },
    "node_modules/form-data": {
-      "version": "4.0.4",
+      "version": "4.0.6",
-      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.4.tgz",
+      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.6.tgz",
-      "integrity": "sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow==",
+      "integrity": "sha512-vKatAh4SlVfgbv+YtmhiRjhEMJsYpsG1Y2rMQtR+SVSbytsSD1YGzDIcrAJmdFec88u/+VoGmxnl+80gL1tRCQ==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "asynckit": "^0.4.0",
        "combined-stream": "^1.0.8",
        "es-set-tostringtag": "^2.1.0",
-        "hasown": "^2.0.2",
+        "hasown": "^2.0.4",
-        "mime-types": "^2.1.12"
+        "mime-types": "^2.1.35"
      },
      "engines": {
        "node": ">= 6"
@@ -2561,9 +2514,9 @@
      }
    },
    "node_modules/hasown": {
-      "version": "2.0.2",
+      "version": "2.0.4",
-      "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz",
+      "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.4.tgz",
-      "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==",
+      "integrity": "sha512-T2UbfbBEF32wiepXIsMlTW9+dDYC6wMh/t/vYA4tuOMKqWz/n3vr1NFSxQiyP+zk2mXsoMA/i/7qV6LKut1t1A==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
@@ -3602,16 +3555,16 @@
      }
    },
    "node_modules/jsdom/node_modules/form-data": {
-      "version": "3.0.4",
+      "version": "3.0.5",
-      "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.4.tgz",
+      "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.5.tgz",
-      "integrity": "sha512-f0cRzm6dkyVYV3nPoooP8XlccPQukegwhAnpoLcXy+X+A8KfpGOoXwDr9FLZd3wzgLaBGQBE3lY93Zm/i1JvIQ==",
+      "integrity": "sha512-j23EibVLnp4zNXGW7LjryXYa2X6U/M96yoOX+ybZxwkYajdxRNEqYY3zhh7y0i6kfISKS2jr+EJq1YTUDEv5+w==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "asynckit": "^0.4.0",
        "combined-stream": "^1.0.8",
        "es-set-tostringtag": "^2.1.0",
-        "hasown": "^2.0.2",
+        "hasown": "^2.0.4",
        "mime-types": "^2.1.35"
      },
      "engines": {
@@ -4114,13 +4067,13 @@
      }
    },
    "node_modules/playwright": {
-      "version": "1.59.1",
+      "version": "1.61.0",
-      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.59.1.tgz",
+      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.61.0.tgz",
-      "integrity": "sha512-C8oWjPR3F81yljW9o5OxcWzfh6avkVwDD2VYdwIGqTkl+OGFISgypqzfu7dOe4QNLL2aqcWBmI3PMtLIK233lw==",
+      "integrity": "sha512-Z+7BeeqQPRRzklHsVFP4KTGIyMxKUmfeRA4WisM6G3/XW6nwGeX6fX9qYaDa+CiUqpOkb2f6X3nar05R3kSuJQ==",
      "dev": true,
      "license": "Apache-2.0",
      "dependencies": {
-        "playwright-core": "1.59.1"
+        "playwright-core": "1.61.0"
      },
      "bin": {
        "playwright": "cli.js"
@@ -4133,9 +4086,9 @@
      }
    },
    "node_modules/playwright-core": {
-      "version": "1.59.1",
+      "version": "1.61.0",
-      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.59.1.tgz",
+      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.61.0.tgz",
-      "integrity": "sha512-HBV/RJg81z5BiiZ9yPzIiClYV/QMsDCKUyogwH9p3MCP6IYjUFu/MActgYAvK0oWyV9NlwM3GLBjADyWgydVyg==",
+      "integrity": "sha512-caX7TrY3Ml6egyDX0WUcTHDxodl/b51y5wJOdCEA36QviK/s2g081hvmGs8eaE3DWb6NYZQ6BjO/QkNRPenoPA==",
      "dev": true,
      "license": "Apache-2.0",
      "bin": {
--- a/test/package.json
+++ b/test/package.json
@@ -3,7 +3,7 @@
  "#": "We must put jest in a sub-directory otherwise VS Code somehow picks up the types and generates conflicts with mocha.",
  "devDependencies": {
    "@jest-mock/express": "^1.4.5",
-    "@playwright/test": "^1.56.1",
+    "@playwright/test": "^1.61.0",
    "@types/jest": "^27.0.2",
    "@types/jsdom": "^16.2.13",
    "@types/node-fetch": "^2.5.8",
@@ -14,7 +14,7 @@
    "jest-fetch-mock": "^3.0.3",
    "jsdom": "^16.4.0",
    "node-fetch": "^2.6.7",
-    "playwright": "^1.59.1",
+    "playwright": "^1.61.0",
    "ts-jest": "^27.0.7",
    "wtfnode": "^0.9.1"
  },
--- a/test/unit/node/heart.test.ts
+++ b/test/unit/node/heart.test.ts
@@ -1,10 +1,9 @@
 import { logger } from "@coder/logger"
 import { readFile, writeFile, stat, utimes } from "fs/promises"
 import { setImmediate } from "timers"
 import { Heart } from "../../../src/node/heart"
 import { clean, mockLogger, tmpdir } from "../../utils/helpers"
 const mockIsActive = (resolveTo: boolean) => jest.fn().mockResolvedValue(resolveTo)
 describe("Heart", () => {
  const testName = "heartTests"
  let testDir = ""
@@ -15,12 +14,15 @@ describe("Heart", () => {
    await clean(testName)
    testDir = await tmpdir(testName)
  })
-  beforeEach(() => {
+
    heart = new Heart(`${testDir}/shutdown.txt`, mockIsActive(true))
  })
  afterAll(() => {
    jest.restoreAllMocks()
  })
  beforeEach(() => {
    heart = new Heart(`${testDir}/shutdown.txt`, jest.fn().mockResolvedValue(true))
  })
  afterEach(() => {
    jest.resetAllMocks()
    jest.useRealTimers()
@@ -28,6 +30,7 @@ describe("Heart", () => {
      heart.dispose()
    }
  })
  it("should write to a file when given a valid file path", async () => {
    // Set up heartbeat file with contents
    const text = "test"
@@ -42,7 +45,7 @@ describe("Heart", () => {
    expect(fileContents).toBe(text)
-    heart = new Heart(pathToFile, mockIsActive(true))
+    heart = new Heart(pathToFile, jest.fn().mockResolvedValue(true))
    await heart.beat()
    // Check that the heart wrote to the heartbeatFilePath and overwrote our text
    const fileContentsAfterBeat = await readFile(pathToFile, { encoding: "utf8" })
@@ -51,31 +54,30 @@ describe("Heart", () => {
    const fileStatusAfterEdit = await stat(pathToFile)
    expect(fileStatusAfterEdit.mtimeMs).toBeGreaterThan(0)
  })
  it("should log a warning when given an invalid file path", async () => {
-    heart = new Heart(`fakeDir/fake.txt`, mockIsActive(false))
+    heart = new Heart(`fakeDir/fake.txt`, jest.fn().mockResolvedValue(false))
    await heart.beat()
    expect(logger.warn).toHaveBeenCalled()
  })
  it("should be active after calling beat", async () => {
    await heart.beat()
    const isAlive = heart.alive()
    expect(isAlive).toBe(true)
  })
  it("should not be active after dispose is called", () => {
    heart.dispose()
    const isAlive = heart.alive()
    expect(isAlive).toBe(false)
  })
  it("should beat twice without warnings", async () => {
-    // Use fake timers so we can speed up setTimeout
+    heart = new Heart(`${testDir}/hello.txt`, jest.fn().mockResolvedValue(true))
    jest.useFakeTimers()
    heart = new Heart(`${testDir}/hello.txt`, mockIsActive(true))
    await heart.beat()
    // we need to speed up clocks, timeouts
    // call heartbeat again (and it won't be alive I think)
    // then assert no warnings were called
    jest.runAllTimers()
    expect(logger.warn).not.toHaveBeenCalled()
  })
@@ -84,40 +86,48 @@ describe("Heart", () => {
 describe("heartbeatTimer", () => {
  const testName = "heartbeatTimer"
  let testDir = ""
  beforeAll(async () => {
    await clean(testName)
    testDir = await tmpdir(testName)
    mockLogger()
  })
  afterAll(() => {
    jest.restoreAllMocks()
  })
  beforeEach(() => {
    jest.useFakeTimers()
  })
  afterEach(() => {
    jest.resetAllMocks()
    jest.clearAllTimers()
    jest.useRealTimers()
  })
  it("should call isActive when timeout expires", async () => {
-    const isActive = true
+    const mockIsActive = jest.fn().mockResolvedValue(true)
    const mockIsActive = jest.fn().mockResolvedValue(isActive)
    const heart = new Heart(`${testDir}/shutdown.txt`, mockIsActive)
    await heart.beat()
    jest.advanceTimersByTime(60 * 1000)
    expect(mockIsActive).toHaveBeenCalled()
  })
  it("should log a warning when isActive rejects", async () => {
-    const errorMsg = "oh no"
+    const error = new Error("oh no")
    const error = new Error(errorMsg)
    const mockIsActive = jest.fn().mockRejectedValue(error)
    const heart = new Heart(`${testDir}/shutdown.txt`, mockIsActive)
    await heart.beat()
    jest.advanceTimersByTime(60 * 1000)
    expect(mockIsActive).toHaveBeenCalled()
-    expect(logger.warn).toHaveBeenCalledWith(errorMsg)
+
    // The timer callback waits on mockIsActive, so we need to yield to let the
    // callback finish.
    await new Promise((resolve) => setImmediate(resolve))
    expect(logger.warn).toHaveBeenCalledWith(error.message)
  })
 })
@@ -125,38 +135,54 @@ describe("stateChange", () => {
  const testName = "stateChange"
  let testDir = ""
  let heart: Heart
  beforeAll(async () => {
    await clean(testName)
    testDir = await tmpdir(testName)
    mockLogger()
  })
  afterAll(() => {
    jest.restoreAllMocks()
  })
  beforeEach(() => {
    jest.useFakeTimers()
  })
  afterEach(() => {
    jest.resetAllMocks()
    jest.useRealTimers()
    if (heart) {
      heart.dispose()
    }
  })
  it("should change to alive after a beat", async () => {
-    heart = new Heart(`${testDir}/shutdown.txt`, mockIsActive(true))
+    const mockIsActive = jest.fn().mockResolvedValue(true)
    heart = new Heart(`${testDir}/shutdown.txt`, mockIsActive)
    const mockOnChange = jest.fn()
    heart.onChange(mockOnChange)
    await heart.beat()
    expect(mockOnChange.mock.calls[0][0]).toBe("alive")
  })
-  it.only("should change to expired when not active", async () => {
+
-    jest.useFakeTimers()
+  it("should change to expired when not active", async () => {
-    heart = new Heart(`${testDir}/shutdown.txt`, () => new Promise((resolve) => resolve(false)))
+    const mockIsActive = jest.fn().mockResolvedValue(false)
    heart = new Heart(`${testDir}/shutdown.txt`, mockIsActive)
    const mockOnChange = jest.fn()
    heart.onChange(mockOnChange)
    await heart.beat()
-    await jest.advanceTimersByTime(60 * 1000)
+    await heart.beat()
    jest.advanceTimersByTime(60 * 1000)
    expect(mockIsActive).toHaveBeenCalled()
    // The timer callback waits on the isActive promise, so we need to yield to
    // let the callback finish.
    await new Promise((resolve) => setImmediate(resolve))
    expect(mockOnChange.mock.calls[1][0]).toBe("expired")
    jest.clearAllTimers()
    jest.useRealTimers()
  })
 })
--- a/test/unit/node/proxy.test.ts
+++ b/test/unit/node/proxy.test.ts
@@ -1,15 +1,12 @@
 import * as express from "express"
 import * as http from "http"
 import nodeFetch from "node-fetch"
 import { HttpCode } from "../../../src/common/http"
 import { proxy } from "../../../src/node/proxy"
 import { wss, Router as WsRouter } from "../../../src/node/wsRouter"
-import { getAvailablePort, mockLogger } from "../../utils/helpers"
+import { mockLogger } from "../../utils/helpers"
 import * as httpserver from "../../utils/httpserver"
 import * as integration from "../../utils/integration"
 describe("proxy", () => {
-  const nhooyrDevServer = new httpserver.HttpServer()
+  const proxyTarget = new httpserver.HttpServer()
  const wsApp = express.default()
  const wsRouter = WsRouter()
  let codeServer: httpserver.HttpServer | undefined
@@ -19,21 +16,22 @@ describe("proxy", () => {
  beforeAll(async () => {
    wsApp.use("/", wsRouter.router)
-    await nhooyrDevServer.listen((req, res) => {
+    await proxyTarget.listen((req, res) => {
      e(req, res)
    })
-    nhooyrDevServer.listenUpgrade(wsApp)
+    proxyTarget.listenUpgrade(wsApp)
-    proxyPath = `/proxy/${nhooyrDevServer.port()}/wsup`
+    proxyPath = `/proxy/${proxyTarget.port()}/wsup`
    absProxyPath = proxyPath.replace("/proxy/", "/absproxy/")
  })
  afterAll(async () => {
-    await nhooyrDevServer.dispose()
+    await proxyTarget.dispose()
  })
  beforeEach(() => {
    e = express.default()
    mockLogger()
    delete process.env.PASSWORD
  })
  afterEach(async () => {
@@ -283,65 +281,42 @@ describe("proxy", () => {
    const resp = await codeServer.fetch(proxyPath, { method: "OPTIONS" })
    expect(resp.status).toBe(200)
  })
 })
-// NOTE@jsjoeio
+  it("should return a 500 when no target is running ", async () => {
-// Both this test suite and the one above it are very similar
+    const target = new httpserver.HttpServer()
-// The main difference is this one uses http and node-fetch
+    await target.listen(() => {})
-// and specifically tests the proxy in isolation vs. using
+    const port = target.port()
-// the httpserver abstraction we've built.
+    target.dispose()
-//
+    codeServer = await integration.setup(["--auth=none"], "")
-// Leaving this as a separate test suite for now because
+    const resp = await codeServer.fetch(`/proxy/${port}/wsup`)
-// we may consider refactoring the httpserver abstraction
+    expect(resp.status).toBe(HttpCode.ServerError)
-// in the future.
+    expect(resp.statusText).toBe("Internal Server Error")
-//
+  })
 // If you're writing a test specifically for code in
 // src/node/proxy.ts, you should probably add it to
 // this test suite.
 describe("proxy (standalone)", () => {
  let URL = ""
  let PROXY_URL = ""
  let testServer: http.Server
  let proxyTarget: http.Server
-  beforeEach(async () => {
+  it("should strip token cookie", async () => {
-    const PORT = await getAvailablePort()
+    const token = "my-super-secure-token"
-    const PROXY_PORT = await getAvailablePort()
+    process.env.HASHED_PASSWORD = token
-    URL = `http://localhost:${PORT}`
+    codeServer = await integration.setup(["--auth=password"])
-    PROXY_URL = `http://localhost:${PROXY_PORT}`
+
-    // Define server and a proxy server
+    // Set up a listener that just prints the cookies it got.
-    testServer = http.createServer((req, res) => {
+    e.get("/wsup/cookies", (req, res) => {
-      proxy.web(req, res, {
+      res.writeHead(HttpCode.Ok, { "Content-Type": "text/plain" })
-        target: PROXY_URL,
+      res.end(req.headers.cookie)
      })
    })
-    proxyTarget = http.createServer((req, res) => {
+    // Send the token along with other cookies which should be preserved.
-      res.writeHead(200, { "Content-Type": "text/plain" })
+    // Encode one to make sure they are being re-encoded properly.
-      res.end()
+    const value = "hello=there"
    const encodedValue = encodeURIComponent(value)
    const resp = await codeServer.fetch(proxyPath + "/cookies", {
      headers: {
        cookie: `cookie1=${encodedValue}; code-server-session=${token}; cookie2=hello;`,
      },
    })
-    // Start both servers
+    // The proxied listener should not have printed the code-server token.
    proxyTarget.listen(PROXY_PORT)
    testServer.listen(PORT)
  })
  afterEach(async () => {
    testServer.close()
    proxyTarget.close()
  })
  it("should return a 500 when proxy target errors ", async () => {
    // Close the proxy target so that proxy errors
    proxyTarget.close()
    const errorResp = await nodeFetch(`${URL}/error`)
    expect(errorResp.status).toBe(HttpCode.ServerError)
    expect(errorResp.statusText).toBe("Internal Server Error")
  })
  it("should proxy correctly", async () => {
    const resp = await nodeFetch(`${URL}/route`)
    expect(resp.status).toBe(200)
-    expect(resp.statusText).toBe("OK")
+    const text = await resp.text()
    expect(text).toBe(`cookie1=${encodedValue}; cookie2=hello`)
  })
 })
Author	SHA1	Message	Date
cdrci	e13a8bef0b	Update Helm chart and changelog with 4.125.0	2026-06-18 04:05:30 +00:00
cdrci	fade53fcaf	Update Code to 1.125.0 (#7861 )	2026-06-17 10:51:01 -08:00
dependabot[bot]	804ba5bfce	Bump codecov/codecov-action from 6.0.1 to 7.0.0 (#7853 )	2026-06-16 12:02:46 -08:00
dependabot[bot]	9545b26036	Bump awalsh128/cache-apt-pkgs-action from 1.6.0 to 1.6.1 (#7855 )	2026-06-16 12:01:52 -08:00
dependabot[bot]	2ef530ce11	Bump actions/cache from 4.3.0 to 5.0.5 (#7856 )	2026-06-16 12:01:11 -08:00
dependabot[bot]	8009d3c360	Bump typescript-eslint from 8.56.1 to 8.61.1 (#7857 )	2026-06-16 11:53:49 -08:00
dependabot[bot]	4ae1fc202e	Bump doctoc from 2.3.0 to 2.5.0 (#7858 )	2026-06-16 11:52:36 -08:00
dependabot[bot]	a59c3ab990	Bump github/codeql-action from 4.35.4 to 4.36.2 (#7860 )	2026-06-16 11:51:47 -08:00
dependabot[bot]	a7f457046f	Bump actions/checkout from 6.0.2 to 6.0.3 (#7852 )	2026-06-16 11:51:19 -08:00
Asher	25e847dc94	Update Playwright	2026-06-16 11:33:33 -08:00
Asher	e1c839fb1d	Slightly improve heart tests - Get rid of the global isActive mock; in particular the way it shadows local ones seemed sketchy. - No need for requireActual from my testing. - Reword the comment for why we need setImmediate. - Add the setImmediate to another test that seemed to only pass because of an await on the timer call which is not actually a promise but had the side effect of yielding. - Always set fake/real timers in the before/after handlers and never in individual tests.	2026-06-16 11:27:53 -08:00
YONGJAE LEE (이용재)	7dfd68589a	fix: re-enable skipped Heart tests and make non-asserting checks assert (#7845 )	2026-06-16 09:58:42 -08:00
Asher	72086edbdb	Remove Windows npm installation recommendation We need to properly support Windows before we can recommend any method of installation, including npm.	2026-06-16 09:45:30 -08:00
Asher	7617ab2b92	Update AUR commit message to match code-server's	2026-06-16 09:45:30 -08:00
Asher	d31d0347cf	Remove Dependabot commit prefix The changelog is manually curated so the prefixes are noise.	2026-06-16 09:45:30 -08:00
dependabot[bot]	5dca609c2a	chore: bump i18next from 25.8.13 to 26.3.1 (#7828 )	2026-06-16 09:38:09 -08:00
dependabot[bot]	87ac56bf8c	chore: bump softprops/action-gh-release from 1 to 3 (#7774 )	2026-06-16 09:37:41 -08:00
dependabot[bot]	a056406eff	chore: bump form-data in /test (#7848 )	2026-06-16 17:35:17 +00:00
dependabot[bot]	24811a6269	chore: bump docker/setup-buildx-action from 4.0.0 to 4.1.0 (#7829 )	2026-06-16 17:16:41 +00:00
dependabot[bot]	53ed1e30d2	chore: bump docker/setup-qemu-action from 4.0.0 to 4.1.0 (#7830 )	2026-06-16 09:04:01 -08:00
dependabot[bot]	7393d50b09	chore: bump awalsh128/cache-apt-pkgs-action from 1.5.3 to 1.6.0 (#7832 )	2026-06-16 09:03:28 -08:00
dependabot[bot]	f7663cc34c	chore: bump codecov/codecov-action from 5.5.4 to 6.0.1 (#7833 )	2026-06-16 09:02:59 -08:00
dependabot[bot]	71ba0191f2	chore: bump globals from 16.5.0 to 17.6.0 (#7831 )	2026-06-16 08:59:54 -08:00
cdrci	19be49ebe4	Update Helm chart and changelog with 4.124.2 (#7851 ) Co-authored-by: cdrci <opensource@coder.com>	2026-06-16 07:57:28 -08:00
cdrci	9fe7eb79d5	Update Code to 1.124.2 (#7846 )	2026-06-15 22:28:49 -08:00
Asher	1ccd4f04d2	Update brace-expansion, js-yaml, and ws	2026-06-15 16:42:17 -08:00
Asher	364cf99338	Strip token from cookies before proxying Since this functionality requires information placed onto the request by code-server (req.args) and Express (req.cookies), move the standalone tests into the integration tests as the proxy can no longer run correctly on its own without that context. We could strip the header elsewhere or refactor in some way (pass in a callback function for the stripping or something) but this seems like the simplest and safest place at the moment to ensure we catch all uses of the proxy. In any case, I think it does lend more confidence to know we are testing the proxy the way it will be used in practice. The downside is some additional complexity when setting up tests, but at the moment I do not think that exchange is overly burdensome.	2026-06-15 16:42:17 -08:00
ka-ishimoto	92a7dce46f	Fix false positive CVE alerts by setting package name to code-oss-dev (#7839 ) The VS Code build process sets the bundled lib/vscode/package.json name to "code-server" (from product.json nameShort), causing vulnerability scanners to misidentify it and flag non-applicable CVEs. Override the name to "code-oss-dev" in build-release.sh after merging package.json. Fixes #7071 Signed-off-by: ka-ishimoto <ka-ishimoto@kddi.com>	2026-06-10 11:59:45 -08:00
cdrci	d0d53d924e	Update Helm chart and changelog with 4.123.0 (#7838 )	2026-06-04 10:50:04 -08:00