coder/code-server
1
1
Fork 0
mirror of https://github.com/coder/code-server.git synced 2024-11-22 11:12:09 +03:00
Code Issues Packages Projects Releases Wiki Activity
fc6064dcd3
code-server/docs/SECURITY.md
Olivier Benz fc6064dcd3
Update Code to 1.94.2 (#7026) 
* Update Code to 1.94.2

* Convert from yarn to npm

This is to match VS Code.  We were already partially using npm for the
releases so this is some nice alignment.

* Update caniuse-lite

This was complaining on every unit test.

* Update eslint

I was having a bunch of dependency conflicts and eslint seemed to be the
culprit so I just removed it and set it up again, since it seems things
have changed quite a bit.

* Update test dependencies

I was getting oom when running the unit tests...updating seems to work.

* Remove package.json `scripts` property in release

The new pre-install script was being included, which is dev-only.

This was always the intent; did not realize jq's merge was recursive.

* Remove jest and devDependencies in release as well

* Update test extension dependencies

This appears to be conflicting with the root dependencies.

* Fix playwright exec

npm does not let you run binaries like yarn does, as far as I know.

* Fix import of server-main.js

* Fix several tests by waiting for selectors
2024-10-17 20:32:21 -08:00

1.5 KiB
Raw Blame History

Security Policy

Coder and the code-server team want to keep the code-server project secure and safe for end-users.

Tools

We use the following tools to help us stay on top of vulnerability mitigation.

  • dependabot
    • Submits pull requests to upgrade dependencies. We use dependabot's version upgrades as well as security updates.
  • code-scanning
    • CodeQL
      • Semantic code analysis engine that runs on a regular schedule (see codeql-analysis.yml)
    • trivy
      • Comprehensive vulnerability scanner that runs on PRs into the default branch and scans both our container image and repository code (see trivy-scan-repo and trivy-scan-image jobs in build.yaml)
  • npm audit
    • Audits NPM dependencies.

Supported Versions

Coder sponsors the development and maintenance of the code-server project. We will fix security issues within 90 days of receiving a report and publish the fix in a subsequent release. The code-server project does not provide backports or patch releases for security issues at this time.

Version Supported
Latest

Reporting a Vulnerability

To report a vulnerability, please send an email to security[@]coder.com, and our security team will respond to you.