You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Code-server Version is Wrong in CLI and /usr/lib/code-server/lib/vscode/package.json that causes latest code-server version to be Marked vulnerable by Twistlock
#7183
Closed
1 of 2 tasks
kamal-rahimi opened this issue
Jan 27, 2025
· 1 comment
The code-server version information does not seem to be correct which causes latest code-server version to be Marked vulnerable by Twistlock. Moe specifically, the package.json file at /usr/lib/code-server/lib/vscode/package.json shows code-server version to be 1.96.2
Steps to Reproduce
Install latest version of code-server on Ubuntu (any version)
Verify code-sever version$ code-server -v 4.96.2 08cbdfbdf11925e8a14ee03de97b942bba7e8a94 with Code 1.96.2
Is there an existing issue for this?
OS/Web Information
The code-server version information does not seem to be correct which causes latest code-server version to be Marked vulnerable by Twistlock. Moe specifically, the package.json file at
/usr/lib/code-server/lib/vscode/package.json
shows code-server version to be 1.96.2Steps to Reproduce
$ code-server -v 4.96.2 08cbdfbdf11925e8a14ee03de97b942bba7e8a94 with Code 1.96.2
/usr/lib/code-server/lib/vscode/package.json
:$ cat /usr/lib/code-server/lib/vscode/package.json { "name": "code-server", "version": "1.96.2", "private": true, "dependencies": { "@microsoft/1ds-core-js": "^3.2.13", "@microsoft/1ds-post-js": "^3.2.13", "@parcel/watcher": "2.1.0", "@vscode/deviceid": "^0.1.1", "@vscode/iconv-lite-umd": "0.7.0", "@vscode/proxy-agent": "^0.27.0", "@vscode/ripgrep": "^1.15.9", "@vscode/spdlog": "^0.15.0", "@vscode/tree-sitter-wasm": "^0.0.4", "@vscode/vscode-languagedetection": "1.0.21", "@vscode/windows-process-tree": "^0.6.0", "@vscode/windows-registry": "^1.1.0", "@xterm/addon-clipboard": "^0.2.0-beta.53", "@xterm/addon-image": "^0.9.0-beta.70", "@xterm/addon-ligatures": "^0.10.0-beta.70", "@xterm/addon-search": "^0.16.0-beta.70", "@xterm/addon-serialize": "^0.14.0-beta.70", "@xterm/addon-unicode11": "^0.9.0-beta.70", "@xterm/addon-webgl": "^0.19.0-beta.70", "@xterm/headless": "^5.6.0-beta.70", "@xterm/xterm": "^5.6.0-beta.70", "cookie": "^0.7.0", "http-proxy-agent": "^7.0.0", "https-proxy-agent": "^7.0.2", "jschardet": "3.1.4", "kerberos": "2.1.1", "minimist": "^1.2.6", "native-watchdog": "^1.4.1", "node-pty": "^1.1.0-beta22", "tas-client-umd": "0.2.0", "vscode-oniguruma": "1.7.0", "vscode-regexpp": "^3.1.0", "vscode-textmate": "9.1.0", "yauzl": "^3.0.0", "yazl": "^2.4.3" }, "overrides": { "node-gyp-build": "4.8.1", "[email protected]": { "node-addon-api": "7.1.0" }, "@parcel/[email protected]": { "node-addon-api": "7.1.0" } }, "type": "module" }
Expected
The package version in
/usr/lib/code-server/lib/vscode/package.json
should be4.96.2
Actual
The package version in
/usr/lib/code-server/lib/vscode/package.json
should be1.96.2
Logs
Screenshot/Video
No response
Does this bug reproduce in native VS Code?
No, this works as expected in native VS Code
Does this bug reproduce in GitHub Codespaces?
I did not test GitHub Codespaces
Are you accessing code-server over a secure context?
Notes
No response
The text was updated successfully, but these errors were encountered: