Merge branch 'main' into main

SongXiaoXi · web-flow · commit 320559f617f0 · 2025-02-12T10:48:32.000+08:00
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -188,7 +188,7 @@ jobs:
         run: npm run test:unit
 
       - name: Upload coverage report to Codecov
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v5
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
         if: success()
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -71,7 +71,7 @@ jobs:
       - run: npm run test:integration
 
       - name: Upload coverage report to Codecov
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v5
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
         if: success()
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
@@ -51,7 +51,7 @@ jobs:
           fetch-depth: 0
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2
+        uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0
         with:
           scan-type: "fs"
           scan-ref: "."
diff --git a/.github/workflows/trivy-docker.yaml b/.github/workflows/trivy-docker.yaml
@@ -51,7 +51,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Run Trivy vulnerability scanner in image mode
-        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2
+        uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0
         with:
           image-ref: "docker.io/codercom/code-server:latest"
           ignore-unfixed: true
diff --git a/docs/guide.md b/docs/guide.md
@@ -271,9 +271,9 @@ should see OSSStatus: 9836 in the browser console.
 If you want to use external authentication mechanism (e.g., Sign in with
 Google), you can do this with a reverse proxy such as:
 
-- [Pomerium](https://www.pomerium.io/guides/code-server.html)
-- [oauth2_proxy](https://github.com/pusher/oauth2_proxy)
-- [Cloudflare Access](https://teams.cloudflare.com/access)
+- [Pomerium](https://www.pomerium.com/docs/guides/code-server.html)
+- [oauth2-proxy](https://oauth2-proxy.github.io/oauth2-proxy/)
+- [Cloudflare Access](https://www.cloudflare.com/zero-trust/products/access/)
 
 ## HTTPS and self-signed certificates
 
diff --git a/package-lock.json b/package-lock.json
diff --git a/src/node/main.ts b/src/node/main.ts
@@ -9,6 +9,7 @@ import { commit, version, vsRootPath } from "./constants"
 import { register } from "./routes"
 import { VSCodeModule } from "./routes/vscode"
 import { isDirectory, open } from "./util"
+import * as os from "os"
 
 /**
  * Return true if the user passed an extension-related VS Code flag.
@@ -51,7 +52,11 @@ export const runCodeCli = async (args: DefaultedArgs): Promise<void> => {
   try {
     // See vscode.loadVSCode for more on this jank.
     process.env.CODE_SERVER_PARENT_PID = process.pid.toString()
-    const modPath = path.join(vsRootPath, "out/server-main.js")
+    let modPath = path.join(vsRootPath, "out/server-main.js")
+    if (os.platform() === "win32") {
+      // On Windows, absolute paths of ESM modules must be a valid file URI.
+      modPath = "file:///" + modPath.replace(/\\/g, "/")
+    }
     const mod = (await eval(`import("${modPath}")`)) as VSCodeModule
     const serverModule = await mod.loadCodeWithNls()
     await serverModule.spawnCli(await toCodeArgs(args))
diff --git a/src/node/routes/vscode.ts b/src/node/routes/vscode.ts
@@ -5,6 +5,7 @@ import { promises as fs } from "fs"
 import * as http from "http"
 import * as net from "net"
 import * as path from "path"
+import * as os from "os"
 import { WebsocketRequest } from "../../../typings/pluginapi"
 import { logError } from "../../common/util"
 import { CodeArgs, toCodeArgs } from "../cli"
@@ -58,7 +59,11 @@ async function loadVSCode(req: express.Request): Promise<IVSCodeServerAPI> {
   // which will also require that we switch to ESM, since a hybrid approach
   // breaks importing `rotating-file-stream` for some reason.  To work around
   // this, use `eval` for now, but we should consider switching to ESM.
-  const modPath = path.join(vsRootPath, "out/server-main.js")
+  let modPath = path.join(vsRootPath, "out/server-main.js")
+  if (os.platform() === "win32") {
+    // On Windows, absolute paths of ESM modules must be a valid file URI.
+    modPath = "file:///" + modPath.replace(/\\/g, "/")
+  }
   const mod = (await eval(`import("${modPath}")`)) as VSCodeModule
   const serverModule = await mod.loadCodeWithNls()
   return serverModule.createServer(null, {
