Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Code-server Version is Wrong in CLI and /usr/lib/code-server/lib/vscode/package.json that causes latest code-server version to be Marked vulnerable by Twistlock #7183

Closed
1 of 2 tasks
kamal-rahimi opened this issue Jan 27, 2025 · 1 comment
Labels
bug Something isn't working triage This issue needs to be triaged by a maintainer

Comments

@kamal-rahimi
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

OS/Web Information

The code-server version information does not seem to be correct which causes latest code-server version to be Marked vulnerable by Twistlock. Moe specifically, the package.json file at /usr/lib/code-server/lib/vscode/package.json shows code-server version to be 1.96.2

Steps to Reproduce

  1. Install latest version of code-server on Ubuntu (any version)
  2. Verify code-sever version$ code-server -v 4.96.2 08cbdfbdf11925e8a14ee03de97b942bba7e8a94 with Code 1.96.2
  3. Check code-server version in /usr/lib/code-server/lib/vscode/package.json: $ cat /usr/lib/code-server/lib/vscode/package.json { "name": "code-server", "version": "1.96.2", "private": true, "dependencies": { "@microsoft/1ds-core-js": "^3.2.13", "@microsoft/1ds-post-js": "^3.2.13", "@parcel/watcher": "2.1.0", "@vscode/deviceid": "^0.1.1", "@vscode/iconv-lite-umd": "0.7.0", "@vscode/proxy-agent": "^0.27.0", "@vscode/ripgrep": "^1.15.9", "@vscode/spdlog": "^0.15.0", "@vscode/tree-sitter-wasm": "^0.0.4", "@vscode/vscode-languagedetection": "1.0.21", "@vscode/windows-process-tree": "^0.6.0", "@vscode/windows-registry": "^1.1.0", "@xterm/addon-clipboard": "^0.2.0-beta.53", "@xterm/addon-image": "^0.9.0-beta.70", "@xterm/addon-ligatures": "^0.10.0-beta.70", "@xterm/addon-search": "^0.16.0-beta.70", "@xterm/addon-serialize": "^0.14.0-beta.70", "@xterm/addon-unicode11": "^0.9.0-beta.70", "@xterm/addon-webgl": "^0.19.0-beta.70", "@xterm/headless": "^5.6.0-beta.70", "@xterm/xterm": "^5.6.0-beta.70", "cookie": "^0.7.0", "http-proxy-agent": "^7.0.0", "https-proxy-agent": "^7.0.2", "jschardet": "3.1.4", "kerberos": "2.1.1", "minimist": "^1.2.6", "native-watchdog": "^1.4.1", "node-pty": "^1.1.0-beta22", "tas-client-umd": "0.2.0", "vscode-oniguruma": "1.7.0", "vscode-regexpp": "^3.1.0", "vscode-textmate": "9.1.0", "yauzl": "^3.0.0", "yazl": "^2.4.3" }, "overrides": { "node-gyp-build": "4.8.1", "[email protected]": { "node-addon-api": "7.1.0" }, "@parcel/[email protected]": { "node-addon-api": "7.1.0" } }, "type": "module" }

Expected

The package version in /usr/lib/code-server/lib/vscode/package.json should be 4.96.2

Actual

The package version in /usr/lib/code-server/lib/vscode/package.json should be 1.96.2

Logs

Screenshot/Video

No response

Does this bug reproduce in native VS Code?

No, this works as expected in native VS Code

Does this bug reproduce in GitHub Codespaces?

I did not test GitHub Codespaces

Are you accessing code-server over a secure context?

  • I am using a secure context.

Notes

No response

@kamal-rahimi kamal-rahimi added bug Something isn't working triage This issue needs to be triaged by a maintainer labels Jan 27, 2025
@code-asher
Copy link
Member

I believe this is a duplicate of #7071

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working triage This issue needs to be triaged by a maintainer
Projects
None yet
Development

No branches or pull requests

2 participants