chore: bump eslint from 9.39.3 to 10.4.0

Bumps [eslint](https://github.com/eslint/eslint) from 9.39.3 to 10.4.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](https://github.com/eslint/eslint/compare/v9.39.3...v10.4.0) --- updated-dependencies: - dependency-name: eslint dependency-version: 10.2.1 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
2026-06-27 20:37:39 +02:00 · 2026-05-28 18:29:13 +00:00
22 changed files with 318 additions and 376 deletions
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -159,7 +159,7 @@ jobs:
          git config --global user.email opensource@coder.com
          git checkout -b "helm/$VERSION"
          git add .
-          git commit -m "Update Helm chart and changelog with $VERSION"
+          git commit -m "Update to $VERSION"
          git push -u origin "$(git branch --show)"
          gh pr create \
            --repo coder/code-server \
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -39,6 +39,9 @@ jobs:
          - npm_arch: arm64
            vscode_arch: arm64
            package_arch: arm64
+          - npm_arch: arm
+            vscode_arch: armhf
+            package_arch: armv7l

    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -69,12 +72,10 @@ jobs:
          curl -sSfL https://github.com/goreleaser/nfpm/releases/download/v2.3.1/nfpm_2.3.1_`uname -s`_`uname -m`.tar.gz | tar -C ~/.local/bin -zxv nfpm
          echo "$HOME/.local/bin" >> $GITHUB_PATH

-      - name: Strip update/ and v from tag and set major version
+      - name: Strip update/ and v from tag
        run: |
          version=${TAG#update/}
-          version=${version#v}
-          version=4${version:1}
-          echo "VERSION=$version" >> $GITHUB_ENV
+          echo "VERSION=${version#v}" >> $GITHUB_ENV

      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
@@ -147,7 +148,7 @@ jobs:
    env:
      VSCODE_TARGET: ${{ matrix.vscode_target }}
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      TAG: ${{ inputs.version || github.event.pull_request.head.ref || github.ref_name }}
+      TAG: ${{ inputs.version || github.ref_name }}
      # Ensure native modules are built from source to avoid prebuilds.
      npm_config_build_from_source: true

@@ -163,12 +164,10 @@ jobs:
          curl -sSfL https://github.com/goreleaser/nfpm/releases/download/v2.3.1/nfpm_2.3.1_`uname -s`_`uname -m`.tar.gz | tar -C ~/.local/bin -zxv nfpm
          echo "$HOME/.local/bin" >> $GITHUB_PATH

-      - name: Strip update/ and v from tag and set major version
+      - name: Strip update/ and v from tag
        run: |
          version=${TAG#update/}
-          version=${version#v}
-          version=4${version:1}
-          echo "VERSION=$version" >> $GITHUB_ENV
+          echo "VERSION=${version#v}" >> $GITHUB_ENV

      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
--- a/.node-version
+++ b/.node-version
@@ -1 +1 @@
-24.15.0
+22.22.1
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -22,56 +22,6 @@ Code v99.99.999

 ## Unreleased

-Code v1.124.2
-
-### Security
-
- Strip code-server's session token from the cookie before proxying to a local
-  port. Previously, when you used built-in password authentication, the cookie
-  would be sent to the local proxied port, which meant if the service was
-  malicious and not already running as your code-server user it could use the
-  cookie to log into code-server and execute commands as your code-server user.
-
-### Changed
-
- Update to Code 1.124.2
-
-## [4.123.0](https://github.com/coder/code-server/releases/tag/v4.123.0) - 2026-06-03
-
-Code v1.123.0
-
-### Changed
-
- Update to Code 1.123.0
- Microsoft dropped support for armhf remotes so there will no longer be any
-  builds for armhf.
-
-## [4.122.1](https://github.com/coder/code-server/releases/tag/v4.122.1) - 2026-06-02
-
-Code v1.122.1
-
-### Changed
-
- Update to Code 1.122.1
-
-## [4.122.0](https://github.com/coder/code-server/releases/tag/v4.122.0) - 2026-05-29
-
-Code v1.122.0
-
-### Changed
-
- Update to Code 1.122.0
-
-### Fixed
-
- `--app-name` will now affect window titles within the editor (it is now used
-  as the value for `${appName}` in the title template) as well as some other
-  places like the help > about dialog.
-
-### Added
-
- App name can now be set with the `CODE_SERVER_APP_NAME` environment variable.
-
 ## [4.121.0](https://github.com/coder/code-server/releases/tag/v4.121.0) - 2026-05-20

 Code v1.121.0
--- a/ci/build/build-release.sh
+++ b/ci/build/build-release.sh
@@ -128,9 +128,7 @@ bundle_vscode() {

  # Merge the package.json for the web/remote server so we can include
  # dependencies, since we want to ship this via NPM.
-  # Also override the name to prevent vulnerability scanners from
-  # misidentifying this package as VS Code (see #7071).
-  jq --slurp '.[0] * .[1] | .name = "code-oss-dev"' \
+  jq --slurp '.[0] * .[1]' \
    "$VSCODE_SRC_PATH/remote/package.json" \
    "$VSCODE_OUT_PATH/package.json" > "$VSCODE_OUT_PATH/package.json.merged"
  mv "$VSCODE_OUT_PATH/package.json.merged" "$VSCODE_OUT_PATH/package.json"
--- a/ci/build/update-repo.sh
+++ b/ci/build/update-repo.sh
@@ -2,65 +2,16 @@

 set -Eeuo pipefail

-# Given versions $1 and $2 figure out the first component that is different
-# (major, minor, patch).
-function find_version_diff() {
-  # shellcheck disable=SC2206
-  local a=( ${1//./ } )
-  # shellcheck disable=SC2206
-  local b=( ${2//./ } )
-
-  if [[ ${a[0]} != "${b[0]}" ]] ; then
-    echo major
-  elif [[ ${a[1]} != "${b[1]}" ]] ; then
-    echo minor
-  else
-    echo patch
-  fi
-}
-
-# Bump $1 by the bump type (major, minor, patch) in $2.
-function bump_version() {
-  # shellcheck disable=SC2206
-  local a=( ${1//./ } )
-  case $2 in
-    major)
-      ((a[0]++))
-      a[1]=0
-      a[2]=0
-      ;;
-    minor)
-      ((a[1]++))
-      a[2]=0
-      ;;
-    *)
-      ((a[2]++))
-      ;;
-  esac
-  echo "${a[0]}.${a[1]}.${a[2]}"
-}
-
 function update_helm() {
-  local chart_version
-  chart_version=$(yq .version ci/helm-chart/Chart.yaml)
-  local app_version
-  app_version=$(yq .appVersion ci/helm-chart/Chart.yaml)
-  local image_version
-  image_version=$(yq .image.tag ci/helm-chart/values.yaml)
+  local current
+  current=$(yq .version ci/helm-chart/Chart.yaml)
+  local next
+  next=$(semver "$current" -i minor)
+  echo "Bumping version from $current to $next..."
+  sed -i.bak "s/^version: $current\$/version: $next/" ci/helm-chart/Chart.yaml

-  local bump_type
-  bump_type=$(find_version_diff "$app_version" "$version")
-  local chart_version_bump
-  chart_version_bump=$(bump_version "$chart_version" "$bump_type")
-
-  # Use sed to replace because yq will reformat.
-  echo "Bumping version from $chart_version to $chart_version_bump..."
-  sed -i.bak "s/^version: $chart_version\$/version: $chart_version_bump/" ci/helm-chart/Chart.yaml
-
-  echo "Bumping app version from $app_version to $version..."
+  echo "Setting app version and image to $version..."
  sed -i.bak "s/^appVersion: .\+\$/appVersion: $version/" ci/helm-chart/Chart.yaml
-
-  echo "Bumping image version from $image_version to $version..."
  sed -i.bak "s/^  tag: .\+\$/  tag: '$version'/" ci/helm-chart/values.yaml
 }

@@ -86,8 +37,7 @@ function main() {
    "Update changelog" "update_changelog"
  )

-  # Even if a step failed, still output the last checkmark.
-  run-steps "${steps[@]}" || true
+  run-steps "${steps[@]}"

  # This step is always manual.
  echo "- [ ] https://github.com/coder/code-server-aur/pulls" >> .cache/checklist
--- a/ci/build/update-vscode.sh
+++ b/ci/build/update-vscode.sh
@@ -146,8 +146,7 @@ function main() {
    "Add changelog note" "add_changelog"
  )

-  # Even if a step failed, still output the last checkmark.
-  run-steps "${steps[@]}" || true
+  run-steps "${steps[@]}"

  # This step is always manual.
  echo "- [ ] Verify changelog" >> .cache/checklist
--- a/ci/helm-chart/Chart.yaml
+++ b/ci/helm-chart/Chart.yaml
@@ -15,9 +15,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 3.38.0
+version: 3.36.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 4.123.0
+appVersion: 4.121.0
--- a/ci/helm-chart/values.yaml
+++ b/ci/helm-chart/values.yaml
@@ -6,7 +6,7 @@ replicaCount: 1

 image:
  repository: codercom/code-server
-  tag: '4.123.0'
+  tag: '4.121.0'
  pullPolicy: Always

 # Specifies one or more secrets to be used when pulling images from a
--- a/lib/vscode
+++ b/lib/vscode
--- a/package-lock.json
+++ b/package-lock.json
@@ -13,7 +13,6 @@
        "@coder/logger": "^3.0.1",
        "argon2": "^0.44.0",
        "compression": "^1.7.4",
-        "cookie": "^1.1.1",
        "cookie-parser": "^1.4.6",
        "env-paths": "^2.2.1",
        "express": "^5.0.1",
@@ -53,7 +52,7 @@
        "@types/trusted-types": "^2.0.4",
        "@types/ws": "^8.5.5",
        "doctoc": "^2.2.1",
-        "eslint": "^9.12.0",
+        "eslint": "^10.4.0",
        "eslint-config-prettier": "^10.1.8",
        "eslint-import-resolver-typescript": "^4.4.4",
        "eslint-plugin-import": "^2.28.1",
@@ -201,31 +200,83 @@
      }
    },
    "node_modules/@eslint/config-array": {
-      "version": "0.21.1",
-      "resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.21.1.tgz",
-      "integrity": "sha512-aw1gNayWpdI/jSYVgzN5pL0cfzU02GT3NBpeT/DXbx1/1x7ZKxFPd9bwrzygx/qiwIQiJ1sw/zD8qY/kRvlGHA==",
+      "version": "0.23.5",
+      "resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.23.5.tgz",
+      "integrity": "sha512-Y3kKLvC1dvTOT+oGlqNQ1XLqK6D1HU2YXPc52NmAlJZbMMWDzGYXMiPRJ8TYD39muD/OTjlZmNJ4ib7dvSrMBA==",
      "dev": true,
      "license": "Apache-2.0",
      "dependencies": {
-        "@eslint/object-schema": "^2.1.7",
+        "@eslint/object-schema": "^3.0.5",
        "debug": "^4.3.1",
-        "minimatch": "^3.1.2"
+        "minimatch": "^10.2.4"
      },
      "engines": {
-        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+        "node": "^20.19.0 || ^22.13.0 || >=24"
+      }
+    },
+    "node_modules/@eslint/config-array/node_modules/balanced-match": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz",
+      "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "18 || 20 || >=22"
+      }
+    },
+    "node_modules/@eslint/config-array/node_modules/brace-expansion": {
+      "version": "5.0.6",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
+      "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^4.0.2"
+      },
+      "engines": {
+        "node": "18 || 20 || >=22"
+      }
+    },
+    "node_modules/@eslint/config-array/node_modules/minimatch": {
+      "version": "10.2.5",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz",
+      "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
+      "dependencies": {
+        "brace-expansion": "^5.0.5"
+      },
+      "engines": {
+        "node": "18 || 20 || >=22"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
      }
    },
    "node_modules/@eslint/config-helpers": {
-      "version": "0.4.2",
-      "resolved": "https://registry.npmjs.org/@eslint/config-helpers/-/config-helpers-0.4.2.tgz",
-      "integrity": "sha512-gBrxN88gOIf3R7ja5K9slwNayVcZgK6SOUORm2uBzTeIEfeVaIhOpCtTox3P6R7o2jLFwLFTLnC7kU/RGcYEgw==",
+      "version": "0.6.0",
+      "resolved": "https://registry.npmjs.org/@eslint/config-helpers/-/config-helpers-0.6.0.tgz",
+      "integrity": "sha512-ii6Bw9jJ2zi2cWA2Z+9/QZ/+3DX6kwaV5Q986D/CdP3Lap3w/pgQZ373FV7byY/i7L4IRH/G43I5dz1ClsCbpA==",
      "dev": true,
      "license": "Apache-2.0",
      "dependencies": {
-        "@eslint/core": "^0.17.0"
+        "@eslint/core": "^1.2.1"
      },
      "engines": {
-        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+        "node": "^20.19.0 || ^22.13.0 || >=24"
+      }
+    },
+    "node_modules/@eslint/config-helpers/node_modules/@eslint/core": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/@eslint/core/-/core-1.2.1.tgz",
+      "integrity": "sha512-MwcE1P+AZ4C6DWlpin/OmOA54mmIZ/+xZuJiQd4SyB29oAJjN30UW9wkKNptW2ctp4cEsvhlLY/CsQ1uoHDloQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@types/json-schema": "^7.0.15"
+      },
+      "engines": {
+        "node": "^20.19.0 || ^22.13.0 || >=24"
      }
    },
    "node_modules/@eslint/core": {
@@ -292,27 +343,40 @@
      }
    },
    "node_modules/@eslint/object-schema": {
-      "version": "2.1.7",
-      "resolved": "https://registry.npmjs.org/@eslint/object-schema/-/object-schema-2.1.7.tgz",
-      "integrity": "sha512-VtAOaymWVfZcmZbp6E2mympDIHvyjXs/12LqWYjVw6qjrfF+VK+fyG33kChz3nnK+SU5/NeHOqrTEHS8sXO3OA==",
+      "version": "3.0.5",
+      "resolved": "https://registry.npmjs.org/@eslint/object-schema/-/object-schema-3.0.5.tgz",
+      "integrity": "sha512-vqTaUEgxzm+YDSdElad6PiRoX4t8VGDjCtt05zn4nU810UIx/uNEV7/lZJ6KwFThKZOzOxzXy48da+No7HZaMw==",
      "dev": true,
      "license": "Apache-2.0",
      "engines": {
-        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+        "node": "^20.19.0 || ^22.13.0 || >=24"
      }
    },
    "node_modules/@eslint/plugin-kit": {
-      "version": "0.4.1",
-      "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.4.1.tgz",
-      "integrity": "sha512-43/qtrDUokr7LJqoF2c3+RInu/t4zfrpYdoSDfYyhg52rwLV6TnOvdG4fXm7IkSB3wErkcmJS9iEhjVtOSEjjA==",
+      "version": "0.7.1",
+      "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.7.1.tgz",
+      "integrity": "sha512-rZAP3aVgB9ds9KOeUSL+zZ21hPmo8dh6fnIFwRQj5EAZl9gzR7wxYbYXYysAM8CTqGmUGyp2S4kUdV17MnGuWQ==",
      "dev": true,
      "license": "Apache-2.0",
      "dependencies": {
-        "@eslint/core": "^0.17.0",
+        "@eslint/core": "^1.2.1",
        "levn": "^0.4.1"
      },
      "engines": {
-        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+        "node": "^20.19.0 || ^22.13.0 || >=24"
+      }
+    },
+    "node_modules/@eslint/plugin-kit/node_modules/@eslint/core": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/@eslint/core/-/core-1.2.1.tgz",
+      "integrity": "sha512-MwcE1P+AZ4C6DWlpin/OmOA54mmIZ/+xZuJiQd4SyB29oAJjN30UW9wkKNptW2ctp4cEsvhlLY/CsQ1uoHDloQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@types/json-schema": "^7.0.15"
+      },
+      "engines": {
+        "node": "^20.19.0 || ^22.13.0 || >=24"
      }
    },
    "node_modules/@humanfs/core": {
@@ -587,6 +651,13 @@
        "@types/eslint": "*"
      }
    },
+    "node_modules/@types/esrecurse": {
+      "version": "4.3.1",
+      "resolved": "https://registry.npmjs.org/@types/esrecurse/-/esrecurse-4.3.1.tgz",
+      "integrity": "sha512-xJBAbDifo5hpffDBuHl0Y8ywswbiAp/Wi7Y/GtAgSlZyIABppyurxVueOPE8LUQOxdlgi6Zqce7uoEpqNTeiUw==",
+      "dev": true,
+      "license": "MIT"
+    },
    "node_modules/@types/estree": {
      "version": "1.0.8",
      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz",
@@ -969,9 +1040,9 @@
      }
    },
    "node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": {
-      "version": "5.0.6",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
-      "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
+      "version": "5.0.5",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
+      "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
@@ -1416,22 +1487,6 @@
        "remove-markdown": "^0.6.2"
      }
    },
-    "node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
    "node_modules/arg": {
      "version": "4.1.3",
      "resolved": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz",
@@ -1640,9 +1695,9 @@
      "license": "MIT"
    },
    "node_modules/basic-ftp": {
-      "version": "5.3.1",
-      "resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.3.1.tgz",
-      "integrity": "sha512-bopVNp6ugyA150DDuZfPFdt1KZ5a94ZDiwX4hMgZDzF+GttD80lEy8kj98kbyhLXnPvhtIo93mdnLIjpCAeeOw==",
+      "version": "5.3.0",
+      "resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.3.0.tgz",
+      "integrity": "sha512-5K9eNNn7ywHPsYnFwjKgYH8Hf8B5emh7JKcPaVjjrMJFQQwGpwowEnZNEtHs7DfR7hCZsmaK3VA4HUK0YarT+w==",
      "license": "MIT",
      "engines": {
        "node": ">=10.0.0"
@@ -1783,23 +1838,6 @@
        "url": "https://github.com/sponsors/wooorm"
      }
    },
-    "node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
-      }
-    },
    "node_modules/character-entities": {
      "version": "1.2.4",
      "resolved": "https://registry.npmjs.org/character-entities/-/character-entities-1.2.4.tgz",
@@ -1842,26 +1880,6 @@
        "node": "*"
      }
    },
-    "node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
-      "dev": true,
-      "license": "MIT"
-    },
    "node_modules/compressible": {
      "version": "2.0.18",
      "resolved": "https://registry.npmjs.org/compressible/-/compressible-2.0.18.tgz",
@@ -1937,16 +1955,12 @@
      }
    },
    "node_modules/cookie": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/cookie/-/cookie-1.1.1.tgz",
-      "integrity": "sha512-ei8Aos7ja0weRpFzJnEA9UHJ/7XQmqglbRwnf2ATjcB9Wq874VKH9kfjjirM6UhU2/E5fFYadylyhFldcqSidQ==",
+      "version": "0.7.2",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz",
+      "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==",
      "license": "MIT",
      "engines": {
-        "node": ">=18"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/express"
+        "node": ">= 0.6"
      }
    },
    "node_modules/cookie-parser": {
@@ -1962,15 +1976,6 @@
        "node": ">= 0.8.0"
      }
    },
-    "node_modules/cookie-parser/node_modules/cookie": {
-      "version": "0.7.2",
-      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz",
-      "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==",
-      "license": "MIT",
-      "engines": {
-        "node": ">= 0.6"
-      }
-    },
    "node_modules/cookie-signature": {
      "version": "1.0.6",
      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
@@ -2534,33 +2539,30 @@
      }
    },
    "node_modules/eslint": {
-      "version": "9.39.3",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.39.3.tgz",
-      "integrity": "sha512-VmQ+sifHUbI/IcSopBCF/HO3YiHQx/AVd3UVyYL6weuwW+HvON9VYn5l6Zl1WZzPWXPNZrSQpxwkkZ/VuvJZzg==",
+      "version": "10.4.0",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-10.4.0.tgz",
+      "integrity": "sha512-loXy6bWOoP3EP6JA7jo6p5jMpBJmHmsNZM5SFRHLdh1MGOPurMnNBj4ZlAbaqUAaQWbCr7jHV4P7gzAyryZWkQ==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "@eslint-community/eslint-utils": "^4.8.0",
-        "@eslint-community/regexpp": "^4.12.1",
-        "@eslint/config-array": "^0.21.1",
-        "@eslint/config-helpers": "^0.4.2",
-        "@eslint/core": "^0.17.0",
-        "@eslint/eslintrc": "^3.3.1",
-        "@eslint/js": "9.39.3",
-        "@eslint/plugin-kit": "^0.4.1",
+        "@eslint-community/regexpp": "^4.12.2",
+        "@eslint/config-array": "^0.23.5",
+        "@eslint/config-helpers": "^0.6.0",
+        "@eslint/core": "^1.2.1",
+        "@eslint/plugin-kit": "^0.7.1",
        "@humanfs/node": "^0.16.6",
        "@humanwhocodes/module-importer": "^1.0.1",
        "@humanwhocodes/retry": "^0.4.2",
        "@types/estree": "^1.0.6",
-        "ajv": "^6.12.4",
-        "chalk": "^4.0.0",
+        "ajv": "^6.14.0",
        "cross-spawn": "^7.0.6",
        "debug": "^4.3.2",
        "escape-string-regexp": "^4.0.0",
-        "eslint-scope": "^8.4.0",
-        "eslint-visitor-keys": "^4.2.1",
-        "espree": "^10.4.0",
-        "esquery": "^1.5.0",
+        "eslint-scope": "^9.1.2",
+        "eslint-visitor-keys": "^5.0.1",
+        "espree": "^11.2.0",
+        "esquery": "^1.7.0",
        "esutils": "^2.0.2",
        "fast-deep-equal": "^3.1.3",
        "file-entry-cache": "^8.0.0",
@@ -2570,8 +2572,7 @@
        "imurmurhash": "^0.1.4",
        "is-glob": "^4.0.0",
        "json-stable-stringify-without-jsonify": "^1.0.1",
-        "lodash.merge": "^4.6.2",
-        "minimatch": "^3.1.2",
+        "minimatch": "^10.2.4",
        "natural-compare": "^1.4.0",
        "optionator": "^0.9.3"
      },
@@ -2579,7 +2580,7 @@
        "eslint": "bin/eslint.js"
      },
      "engines": {
-        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+        "node": "^20.19.0 || ^22.13.0 || >=24"
      },
      "funding": {
        "url": "https://eslint.org/donate"
@@ -2805,17 +2806,19 @@
      }
    },
    "node_modules/eslint-scope": {
-      "version": "8.4.0",
-      "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-8.4.0.tgz",
-      "integrity": "sha512-sNXOfKCn74rt8RICKMvJS7XKV/Xk9kA7DyJr8mJik3S7Cwgy3qlkkmyS2uQB3jiJg6VNdZd/pDBJu0nvG2NlTg==",
+      "version": "9.1.2",
+      "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-9.1.2.tgz",
+      "integrity": "sha512-xS90H51cKw0jltxmvmHy2Iai1LIqrfbw57b79w/J7MfvDfkIkFZ+kj6zC3BjtUwh150HsSSdxXZcsuv72miDFQ==",
      "dev": true,
      "license": "BSD-2-Clause",
      "dependencies": {
+        "@types/esrecurse": "^4.3.1",
+        "@types/estree": "^1.0.8",
        "esrecurse": "^4.3.0",
        "estraverse": "^5.2.0"
      },
      "engines": {
-        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+        "node": "^20.19.0 || ^22.13.0 || >=24"
      },
      "funding": {
        "url": "https://opencollective.com/eslint"
@@ -2834,6 +2837,89 @@
        "url": "https://opencollective.com/eslint"
      }
    },
+    "node_modules/eslint/node_modules/@eslint/core": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/@eslint/core/-/core-1.2.1.tgz",
+      "integrity": "sha512-MwcE1P+AZ4C6DWlpin/OmOA54mmIZ/+xZuJiQd4SyB29oAJjN30UW9wkKNptW2ctp4cEsvhlLY/CsQ1uoHDloQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@types/json-schema": "^7.0.15"
+      },
+      "engines": {
+        "node": "^20.19.0 || ^22.13.0 || >=24"
+      }
+    },
+    "node_modules/eslint/node_modules/balanced-match": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz",
+      "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "18 || 20 || >=22"
+      }
+    },
+    "node_modules/eslint/node_modules/brace-expansion": {
+      "version": "5.0.6",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
+      "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^4.0.2"
+      },
+      "engines": {
+        "node": "18 || 20 || >=22"
+      }
+    },
+    "node_modules/eslint/node_modules/eslint-visitor-keys": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-5.0.1.tgz",
+      "integrity": "sha512-tD40eHxA35h0PEIZNeIjkHoDR4YjjJp34biM0mDvplBe//mB+IHCqHDGV7pxF+7MklTvighcCPPZC7ynWyjdTA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "engines": {
+        "node": "^20.19.0 || ^22.13.0 || >=24"
+      },
+      "funding": {
+        "url": "https://opencollective.com/eslint"
+      }
+    },
+    "node_modules/eslint/node_modules/espree": {
+      "version": "11.2.0",
+      "resolved": "https://registry.npmjs.org/espree/-/espree-11.2.0.tgz",
+      "integrity": "sha512-7p3DrVEIopW1B1avAGLuCSh1jubc01H2JHc8B4qqGblmg5gI9yumBgACjWo4JlIc04ufug4xJ3SQI8HkS/Rgzw==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "dependencies": {
+        "acorn": "^8.16.0",
+        "acorn-jsx": "^5.3.2",
+        "eslint-visitor-keys": "^5.0.1"
+      },
+      "engines": {
+        "node": "^20.19.0 || ^22.13.0 || >=24"
+      },
+      "funding": {
+        "url": "https://opencollective.com/eslint"
+      }
+    },
+    "node_modules/eslint/node_modules/minimatch": {
+      "version": "10.2.5",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz",
+      "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
+      "dependencies": {
+        "brace-expansion": "^5.0.5"
+      },
+      "engines": {
+        "node": "18 || 20 || >=22"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
    "node_modules/espree": {
      "version": "10.4.0",
      "resolved": "https://registry.npmjs.org/espree/-/espree-10.4.0.tgz",
@@ -2967,15 +3053,6 @@
        "url": "https://opencollective.com/express"
      }
    },
-    "node_modules/express/node_modules/cookie": {
-      "version": "0.7.2",
-      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz",
-      "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==",
-      "license": "MIT",
-      "engines": {
-        "node": ">= 0.6"
-      }
-    },
    "node_modules/express/node_modules/cookie-signature": {
      "version": "1.2.2",
      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.2.2.tgz",
@@ -3387,16 +3464,6 @@
        "url": "https://github.com/sponsors/ljharb"
      }
    },
-    "node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": ">=8"
-      }
-    },
    "node_modules/has-property-descriptors": {
      "version": "1.0.2",
      "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz",
@@ -4153,19 +4220,9 @@
      "license": "ISC"
    },
    "node_modules/js-yaml": {
-      "version": "4.2.0",
-      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.2.0.tgz",
-      "integrity": "sha512-ePWsvanv0DWuDRsW8dnt+R4jQ31SCRCQ7hhNcPXZPsoBZiemuZNYGf7adZdqX2D86j6rvKp3RpCxVTSb8WQlOw==",
-      "funding": [
-        {
-          "type": "github",
-          "url": "https://github.com/sponsors/puzrin"
-        },
-        {
-          "type": "github",
-          "url": "https://github.com/sponsors/nodeca"
-        }
-      ],
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+      "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
      "license": "MIT",
      "dependencies": {
        "argparse": "^2.0.1"
@@ -4263,13 +4320,6 @@
        "url": "https://github.com/sponsors/sindresorhus"
      }
    },
-    "node_modules/lodash.merge": {
-      "version": "4.6.2",
-      "resolved": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz",
-      "integrity": "sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==",
-      "dev": true,
-      "license": "MIT"
-    },
    "node_modules/longest-streak": {
      "version": "2.0.4",
      "resolved": "https://registry.npmjs.org/longest-streak/-/longest-streak-2.0.4.tgz",
@@ -5937,19 +5987,6 @@
        "url": "https://github.com/sponsors/sindresorhus"
      }
    },
-    "node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "has-flag": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
    "node_modules/supports-preserve-symlinks-flag": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz",
@@ -6646,9 +6683,9 @@
      "license": "ISC"
    },
    "node_modules/ws": {
-      "version": "8.21.0",
-      "resolved": "https://registry.npmjs.org/ws/-/ws-8.21.0.tgz",
-      "integrity": "sha512-Vsp28b7DRcimFQvrqu2Wek3z1iYxDCWqHYB8Qsnk/S4RfaCQzPGPyBNuVjJV3cd6UiKtUtp6sNM77gWvzcCH+g==",
+      "version": "8.20.1",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.1.tgz",
+      "integrity": "sha512-It4dO0K5v//JtTXuPkfEOaI3uUN87iYPnqo/ZzqCoG3g8uhA66QUMs/SrM0YK7/NAu+r4LMh/9dq2A7k+rHs+w==",
      "license": "MIT",
      "engines": {
        "node": ">=10.0.0"
--- a/package.json
+++ b/package.json
@@ -54,7 +54,7 @@
    "@types/trusted-types": "^2.0.4",
    "@types/ws": "^8.5.5",
    "doctoc": "^2.2.1",
-    "eslint": "^9.12.0",
+    "eslint": "^10.4.0",
    "eslint-config-prettier": "^10.1.8",
    "eslint-import-resolver-typescript": "^4.4.4",
    "eslint-plugin-import": "^2.28.1",
@@ -70,7 +70,6 @@
    "@coder/logger": "^3.0.1",
    "argon2": "^0.44.0",
    "compression": "^1.7.4",
-    "cookie": "^1.1.1",
    "cookie-parser": "^1.4.6",
    "env-paths": "^2.2.1",
    "express": "^5.0.1",
--- a/patches/app-name.diff
+++ b/patches/app-name.diff
@@ -20,7 +20,7 @@ Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
 
 	/* ----- server setup ----- */
 
-@@ -124,6 +125,7 @@ export interface ServerParsedArgs {
+@@ -120,6 +121,7 @@ export interface ServerParsedArgs {
 	'disable-getting-started-override'?: boolean,
 	'locale'?: string
 	'link-protection-trusted-domains'?: string[],
--- a/patches/base-path.diff
+++ b/patches/base-path.diff
@@ -263,7 +263,7 @@ Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench.ts
 	}
 
 	private startListening(): void {
-@@ -590,17 +591,6 @@ class WorkspaceProvider implements IWork
+@@ -584,17 +585,6 @@ class WorkspaceProvider implements IWork
 	}
 }
 
@@ -281,7 +281,7 @@ Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench.ts
 (function () {
 
 	// Find config by checking for DOM
-@@ -610,8 +600,8 @@ function readCookie(name: string): strin
+@@ -604,8 +594,8 @@ function readCookie(name: string): strin
 	if (!configElement || !configElementAttribute) {
 		throw new Error('Missing web configuration element');
 	}
--- a/patches/copilot.diff
+++ b/patches/copilot.diff
@@ -2,8 +2,8 @@ Index: code-server/lib/vscode/build/gulpfile.extensions.ts
 ===================================================================
 --- code-server.orig/lib/vscode/build/gulpfile.extensions.ts
 +++ code-server/lib/vscode/build/gulpfile.extensions.ts
-@@ -291,6 +291,29 @@ export const compileCopilotExtensionBuil
- task.task(compileCopilotExtensionBuildTask);
+@@ -294,6 +294,29 @@ export const compileCopilotExtensionBuil
+ gulp.task(compileCopilotExtensionBuildTask);
 
 /**
 + * Compiles the built-in copilot extension with proper `.vscodeignore` filtering
@@ -26,7 +26,7 @@ Index: code-server/lib/vscode/build/gulpfile.extensions.ts
 +		return Promise.resolve();
 +	})
 +));
-+task.task(compileCopilotExtensionFullBuildTask);
+gulp.task(compileCopilotExtensionFullBuildTask);
 +
 +/**
  * Compiles the extensions for the build.
@@ -36,15 +36,15 @@ Index: code-server/lib/vscode/build/lib/extensions.ts
 ===================================================================
 --- code-server.orig/lib/vscode/build/lib/extensions.ts
 +++ code-server/lib/vscode/build/lib/extensions.ts
-@@ -21,6 +21,7 @@ import { getProductionDependencies } fro
+@@ -24,6 +24,7 @@ import { getProductionDependencies } fro
 import { type IExtensionDefinition, getExtensionStream } from './builtInExtensions.ts';
 import { fetchUrls, fetchGithub } from './fetch.ts';
 import { createTsgoStream, spawnTsgo } from './tsgo.ts';
 +import { prepareBuiltInCopilotRipgrepShim } from './copilot.ts';
- import watcher from './watch/index.ts';
+ import vzip from 'gulp-vinyl-zip';
 
 import { createRequire } from 'module';
-@@ -483,6 +484,116 @@ export function packageCopilotExtensionS
+@@ -492,6 +493,116 @@ export function packageCopilotExtensionS
 	).pipe(util2.setExecutableBit(['**/*.sh']));
 }
 
--- a/patches/disable-builtin-ext-update.diff
+++ b/patches/disable-builtin-ext-update.diff
@@ -7,7 +7,7 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/extensions/browser/extens
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/contrib/extensions/browser/extensionsWorkbenchService.ts
 +++ code-server/lib/vscode/src/vs/workbench/contrib/extensions/browser/extensionsWorkbenchService.ts
-@@ -345,6 +345,10 @@ export class Extension implements IExten
+@@ -342,6 +342,10 @@ export class Extension implements IExten
 			if (this.type === ExtensionType.System && this.productService.quality === 'stable' && !this.productService.builtInExtensionsEnabledWithAutoUpdates?.some(id => id.toLowerCase() === this.identifier.id.toLowerCase())) {
 				return false;
 			}
--- a/patches/display-language.diff
+++ b/patches/display-language.diff
@@ -18,7 +18,7 @@ Index: code-server/lib/vscode/src/vs/server/node/serverServices.ts
 import { ProtocolConstants } from '../../base/parts/ipc/common/ipc.net.js';
 import { IConfigurationService } from '../../platform/configuration/common/configuration.js';
 import { ConfigurationService } from '../../platform/configuration/common/configurationService.js';
-@@ -359,6 +359,9 @@ export async function setupServerService
+@@ -358,6 +358,9 @@ export async function setupServerService
 
 		socketServer.registerChannel('mcpManagement', new McpManagementChannel(mcpManagementService, (ctx: RemoteAgentConnectionContext) => getUriTransformer(ctx.remoteAuthority)));
 
--- a/patches/proxy-uri.diff
+++ b/patches/proxy-uri.diff
@@ -104,7 +104,7 @@ Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench.ts
 import type { IURLCallbackProvider } from '../../../workbench/services/url/browser/urlService.js';
 import { create } from '../../../workbench/workbench.web.main.internal.js';
 
-@@ -612,6 +613,39 @@ class WorkspaceProvider implements IWork
+@@ -606,6 +607,39 @@ class WorkspaceProvider implements IWork
 		settingsSyncOptions: config.settingsSyncOptions ? { enabled: config.settingsSyncOptions.enabled, } : undefined,
 		workspaceProvider: WorkspaceProvider.create(config),
 		urlCallbackProvider: new LocalStorageURLCallbackProvider(config.callbackRoute),
--- a/patches/sourcemaps.diff
+++ b/patches/sourcemaps.diff
@@ -6,7 +6,7 @@ Index: code-server/lib/vscode/build/gulpfile.reh.ts
 ===================================================================
 --- code-server.orig/lib/vscode/build/gulpfile.reh.ts
 +++ code-server/lib/vscode/build/gulpfile.reh.ts
-@@ -296,10 +296,15 @@ function packageTask(type: string, platf
+@@ -261,10 +261,15 @@ function packageTask(type: string, platf
 	const destination = path.join(BUILD_ROOT, destinationFolderName);
 
 	return () => {
--- a/patches/webview.diff
+++ b/patches/webview.diff
@@ -41,7 +41,7 @@ Index: code-server/lib/vscode/src/vs/workbench/services/environment/browser/envi
 ===================================================================
 --- code-server.orig/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
 +++ code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
-@@ -226,7 +226,7 @@ export class BrowserWorkbenchEnvironment
+@@ -223,7 +223,7 @@ export class BrowserWorkbenchEnvironment
 
 	@memoize
 	get webviewExternalEndpoint(): string {
@@ -70,8 +70,8 @@ Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index
 	<meta charset="UTF-8">
 
 	<meta http-equiv="Content-Security-Policy"
-		content="default-src 'none'; script-src 'sha256-nXjtuhBilO++r8hfxl5VjEScSmdm07wDAk6jw228DgM=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
-+		content="default-src 'none'; script-src 'sha256-A6/szVNdTzyi4hDa+9OLbzS8tSd2iUV4CqimLNWex2Y=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
+-		content="default-src 'none'; script-src 'sha256-q+WTr+fBXpLLE3++yWNaxT6BTWQtsKscoeIlynBRk4E=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
+		content="default-src 'none'; script-src 'sha256-m1DlJtsIJd46QuWYNcsaYIG1xI+9FyjKQu+cfp+zq5Q=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
 
 	<!-- Disable pinch zooming -->
 	<meta name="viewport"
--- a/src/node/proxy.ts
+++ b/src/node/proxy.ts
@@ -1,7 +1,5 @@
-import * as cookie from "cookie"
-import type { Request } from "express"
 import proxyServer from "http-proxy"
-import { getCookieSessionName, HttpCode } from "../common/http"
+import { HttpCode } from "../common/http"

 export const proxy = proxyServer.createProxyServer({})

@@ -20,19 +18,6 @@ proxy.on("error", (error, _, res) => {
  }
 })

-// Strip the code-server cookie if it exists to avoid transmitting the cookie
-// to potentially malicious local ports.
-proxy.on("proxyReq", (preq, req) => {
-  const cookieSessionName = getCookieSessionName((req as Request).args["cookie-suffix"])
-  preq.setHeader(
-    "Cookie",
-    cookie.stringifyCookie({
-      ...(req as Request).cookies,
-      [cookieSessionName]: undefined,
-    }),
-  )
-})
-
 // Intercept the response to rewrite absolute redirects against the base path.
 // Is disabled when the request has no base path which means /absproxy is in use.
 proxy.on("proxyRes", (res, req) => {
--- a/test/unit/node/proxy.test.ts
+++ b/test/unit/node/proxy.test.ts
@@ -1,12 +1,15 @@
 import * as express from "express"
+import * as http from "http"
+import nodeFetch from "node-fetch"
 import { HttpCode } from "../../../src/common/http"
+import { proxy } from "../../../src/node/proxy"
 import { wss, Router as WsRouter } from "../../../src/node/wsRouter"
-import { mockLogger } from "../../utils/helpers"
+import { getAvailablePort, mockLogger } from "../../utils/helpers"
 import * as httpserver from "../../utils/httpserver"
 import * as integration from "../../utils/integration"

 describe("proxy", () => {
-  const proxyTarget = new httpserver.HttpServer()
+  const nhooyrDevServer = new httpserver.HttpServer()
  const wsApp = express.default()
  const wsRouter = WsRouter()
  let codeServer: httpserver.HttpServer | undefined
@@ -16,22 +19,21 @@ describe("proxy", () => {

  beforeAll(async () => {
    wsApp.use("/", wsRouter.router)
-    await proxyTarget.listen((req, res) => {
+    await nhooyrDevServer.listen((req, res) => {
      e(req, res)
    })
-    proxyTarget.listenUpgrade(wsApp)
-    proxyPath = `/proxy/${proxyTarget.port()}/wsup`
+    nhooyrDevServer.listenUpgrade(wsApp)
+    proxyPath = `/proxy/${nhooyrDevServer.port()}/wsup`
    absProxyPath = proxyPath.replace("/proxy/", "/absproxy/")
  })

  afterAll(async () => {
-    await proxyTarget.dispose()
+    await nhooyrDevServer.dispose()
  })

  beforeEach(() => {
    e = express.default()
    mockLogger()
-    delete process.env.PASSWORD
  })

  afterEach(async () => {
@@ -281,42 +283,65 @@ describe("proxy", () => {
    const resp = await codeServer.fetch(proxyPath, { method: "OPTIONS" })
    expect(resp.status).toBe(200)
  })
+})

-  it("should return a 500 when no target is running ", async () => {
-    const target = new httpserver.HttpServer()
-    await target.listen(() => {})
-    const port = target.port()
-    target.dispose()
-    codeServer = await integration.setup(["--auth=none"], "")
-    const resp = await codeServer.fetch(`/proxy/${port}/wsup`)
-    expect(resp.status).toBe(HttpCode.ServerError)
-    expect(resp.statusText).toBe("Internal Server Error")
+// NOTE@jsjoeio
+// Both this test suite and the one above it are very similar
+// The main difference is this one uses http and node-fetch
+// and specifically tests the proxy in isolation vs. using
+// the httpserver abstraction we've built.
+//
+// Leaving this as a separate test suite for now because
+// we may consider refactoring the httpserver abstraction
+// in the future.
+//
+// If you're writing a test specifically for code in
+// src/node/proxy.ts, you should probably add it to
+// this test suite.
+describe("proxy (standalone)", () => {
+  let URL = ""
+  let PROXY_URL = ""
+  let testServer: http.Server
+  let proxyTarget: http.Server
+
+  beforeEach(async () => {
+    const PORT = await getAvailablePort()
+    const PROXY_PORT = await getAvailablePort()
+    URL = `http://localhost:${PORT}`
+    PROXY_URL = `http://localhost:${PROXY_PORT}`
+    // Define server and a proxy server
+    testServer = http.createServer((req, res) => {
+      proxy.web(req, res, {
+        target: PROXY_URL,
+      })
+    })
+
+    proxyTarget = http.createServer((req, res) => {
+      res.writeHead(200, { "Content-Type": "text/plain" })
+      res.end()
+    })
+
+    // Start both servers
+    proxyTarget.listen(PROXY_PORT)
+    testServer.listen(PORT)
  })

-  it("should strip token cookie", async () => {
-    const token = "my-super-secure-token"
-    process.env.HASHED_PASSWORD = token
-    codeServer = await integration.setup(["--auth=password"])
+  afterEach(async () => {
+    testServer.close()
+    proxyTarget.close()
+  })

-    // Set up a listener that just prints the cookies it got.
-    e.get("/wsup/cookies", (req, res) => {
-      res.writeHead(HttpCode.Ok, { "Content-Type": "text/plain" })
-      res.end(req.headers.cookie)
-    })
+  it("should return a 500 when proxy target errors ", async () => {
+    // Close the proxy target so that proxy errors
+    proxyTarget.close()
+    const errorResp = await nodeFetch(`${URL}/error`)
+    expect(errorResp.status).toBe(HttpCode.ServerError)
+    expect(errorResp.statusText).toBe("Internal Server Error")
+  })

-    // Send the token along with other cookies which should be preserved.
-    // Encode one to make sure they are being re-encoded properly.
-    const value = "hello=there"
-    const encodedValue = encodeURIComponent(value)
-    const resp = await codeServer.fetch(proxyPath + "/cookies", {
-      headers: {
-        cookie: `cookie1=${encodedValue}; code-server-session=${token}; cookie2=hello;`,
-      },
-    })
-
-    // The proxied listener should not have printed the code-server token.
+  it("should proxy correctly", async () => {
+    const resp = await nodeFetch(`${URL}/route`)
    expect(resp.status).toBe(200)
-    const text = await resp.text()
-    expect(text).toBe(`cookie1=${encodedValue}; cookie2=hello`)
+    expect(resp.statusText).toBe("OK")
  })
 })
@@ -1 +1 @@
 .15.0
 .22.1