Release notes
Sourced from github.com/coder/coder/v2's releases.
v2.20.0
Changelog
[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our latest stable release while we refine this version. Learn more about our Release Schedule.
BREAKING CHANGES
- Enforce agent names be case-insensitive-unique per-workspace (#16614, 3fddfef87) (
@ethanndickson)- Enforce regex for agent names (#16641, 9469b7829) (
@deansheather)Underscores and trailing, leading and double hyphens are now blocked in agent names.
Features
Organizations have reached general availability and Workspace Presets are available in beta. Read more about how to get started with these features in our monthly changelog.
- Orgs IDP sync - add combobox to select claim field value when sync field is set (#16335, 7f44189ed) (
@jaaydenh)Improves UX of entering IDP sync claims via the dashboard.
- Show warning on unrecognized idp org mapping claims (#16478, bcfeb726d) (
@aslilac)- Show warning on unrecognized idp group and role mapping claims (#16485, 323559ba8) (
@aslilac)
- Add combobox for selecting claim field value for group/role idp sync (#16459, 7076c4e4a) (
@jaaydenh)Automatically detects IDP claims once a provider is configured for entry in the dashboard.
- Improve resources_monitoring for OOM & OOD monitoring (#16241, 7cbd77fd9) (
@defelmnq)- Integrate agentAPI with resources monitoring logic (#16438, bc609d005) (
@defelmnq)Adds "resource alerts" as a native notification. Set thresholds on memory, disk to alert users when their workspaces are running low on resources.
- Add agentapi endpoint to report connections for audit (#16507, b07b33ec9) (
@mafredri)- Add workspace agent connect and app open audit types (#16493, b5329ae1c) (
@mafredri)Administrators and Auditors may now see agent connections and app opens in the audit log.
- Add notifications troubleshooting tab (#16650, e8a7b7e8c) (
@mtojek)- Add CLI tool to send a test notification (#16611, d2419c89a) (
@DanielleMaywood)
- Support the OAuth2 device flow with GitHub for signing in (#16585, 8c5e7007c) (
@hugodutka)- Show dialog with a redirect if permissions are required (#16661, 39f42bc11) (
@brettkolodny)- Enable soft delete for organizations (#16584, 546a549dc) (
@jaaydenh)Previously, administrators could not delete organizations, even if all contained resources were removed or deleted. This resolves that issue and allows administrators to clean up organizations.
- Implement sign up with GitHub for the first user (#16629, 67d89bb10) (
@hugodutka)- Enable GitHub OAuth2 login by default on new deployments (#16662, d3a56ae3e) (
@hugodutka)Users may now sign up with Github on a fresh deployment of Coder.
- Extend
OverrideVSCodeConfigsto support additional VS Code IDEs (#16654, 763921bc6) (@matifali)- Add provisioner tags field on template creation (#16656, 38ad8d1f3) (
@BrunoQuaresma)- Include winres metadata in Windows binaries (#16742, 36186bbb7)
- Implement WorkspaceCreationBan organization role (#16786, 4633658d5) (
@Emyrk)Allows administrators to assign the native "Workspace creation ban" to users and prevent them from creating workspaces.
- Agent: Add container list handler (#16346, 31b1ff7d3) (
@johnstcn)This PR adds an API endpoint to coderd
/api/v2/workspaceagents/:id/containersthat allows listing containers visible to the agent. Optional filtering by labels is supported.- Agent: Add
CODER_AGENT_DEVCONTAINERS_ENABLEoption (#16525, 35901028d) (@johnstcn)
... (truncated)
Commits
03b5012feat: update default audit log avatar (cherry-pick #16774) (#16805)a5eb06efix: add org role read perm to site template admins and auditors (cherry-pick...8aec4f2chore: create collapsible summary component (cherry-pick #16705) (#16794)e54e31echore: add an unassign action for roles (cherry-pick #16728) (#16791)32dc903fix: allow viewOrgRoles for custom roles page (cherry-pick #16722) (#16789)7381f9achore: warn user without permissions to view org members (cherry-pick #16721)...4633658feat: implement WorkspaceCreationBan org role (cherry-pick #16686) (#16786)6da3c9dfix: allow orgs with default github provider (cherry-pick #16755) (#16784)99a5d72docs: suggest disabling the default GitHub OAuth2 provider on k8s (cherry-pic...fc0db40docs: document default GitHub OAuth2 configuration and device flow (2.20) (#1...- Additional commits viewable in compare view
Most Recent Ignore Conditions Applied to This Pull Request
| Dependency Name | Ignore Conditions | | --- | --- | | github.com/coder/coder/v2 | [>= 2.15.0.a, < 2.15.1] | | github.com/coder/coder/v2 | [>= 2.18.0.a, < 2.18.1] |Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from actions/setup-go's releases.
v5.4.0
What's Changed
Dependency updates :
- Upgrade semver from 7.6.0 to 7.6.3 by
@dependabotin actions/setup-go#535- Upgrade eslint-config-prettier from 8.10.0 to 10.0.1 by
@dependabotin actions/setup-go#536- Upgrade
@action/cachefrom 4.0.0 to 4.0.2 by@aparnajyothi-yin actions/setup-go#568- Upgrade undici from 5.28.4 to 5.28.5 by
@dependabotin actions/setup-go#541New Contributors
@aparnajyothi-ymade their first contribution in actions/setup-go#568Full Changelog: https://github.com/actions/setup-go/compare/v5...v5.4.0
Commits
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/coder/coder/v2's releases.
v2.20.2
Changelog
[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our latest stable release while we refine this version. Learn more about our Release Schedule.
Bug fixes
- Hide deleted users from org members query (#16830, 3569e56cf) (
@aslilac)- Fix deployment settings navigation issues (#16780, 8a3ebaca0) (
@aslilac)Compare:
v2.20.1...v2.20.2Container image
docker pull ghcr.io/coder/coder:v2.20.2Install/upgrade
Refer to our docs to install or upgrade Coder, or use a release asset below.
v2.20.1
Changelog
[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our latest stable release while we refine this version. Learn more about our Release Schedule.
Bug fixes
- Remove provisioners from deployment sidebar (#16927, bdd7794e8)
- Prevent audit log search from crashing with regular use (#16944, dba881fc7)
Compare:
v2.20.0...v2.20.1Container image
docker pull ghcr.io/coder/coder:v2.20.1Install/upgrade
Refer to our docs to install or upgrade Coder, or use a release asset below.
Commits
8a3ebacfix: fix deployment settings navigation issues (cherry-pick #16780) (#16790)3569e56fix: hide deleted users from org members query (cherry-pick #16830) (#16832)dba881ffix: fix audit log search (cherry-pick #16944) (#16945)b615a35chore: use org-scoped roles for organization user e2e tests (cherry-pick #166...bdd7794fix: remove provisioners from deployment sidebar (cherry-pick #16717) (#16927)- See full diff in compare view
Most Recent Ignore Conditions Applied to This Pull Request
| Dependency Name | Ignore Conditions | | --- | --- | | github.com/coder/coder/v2 | [>= 2.15.0.a, < 2.15.1] | | github.com/coder/coder/v2 | [>= 2.18.0.a, < 2.18.1] |Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/hashicorp/terraform-plugin-testing's releases.
v1.12.0
NOTES:
- all: This Go module has been updated to Go 1.23 per the Go support policy. It is recommended to review the Go 1.23 release notes before upgrading. Any consumers building on earlier Go versions may experience errors. (#454)
FEATURES:
- knownvalue: added function checks for custom validation of resource attribute or output values. (#412)
ENHANCEMENTS:
- knownvalue: Updated the
ObjectExacterror message to report extra/missing attributes from the actual object. (#451)- plancheck: Improved the unknown value plan check error messages to include a known value if one exists. (#450)
BUG FIXES:
- plancheck: Fixed bug with all unknown value plan checks where a valid path would return a "path not found" error. (#450)
Changelog
Sourced from github.com/hashicorp/terraform-plugin-testing's changelog.
1.12.0 (March 18, 2025)
NOTES:
- all: This Go module has been updated to Go 1.23 per the Go support policy. It is recommended to review the Go 1.23 release notes before upgrading. Any consumers building on earlier Go versions may experience errors. (#454)
FEATURES:
- knownvalue: added function checks for custom validation of resource attribute or output values. (#412)
ENHANCEMENTS:
- knownvalue: Updated the
ObjectExacterror message to report extra/missing attributes from the actual object. (#451)- plancheck: Improved the unknown value plan check error messages to include a known value if one exists. (#450)
BUG FIXES:
- plancheck: Fixed bug with all unknown value plan checks where a valid path would return a "path not found" error. (#450)
Commits
1ffb3e0Update changelogb0b505eplancheck: Include known value in error message when asserting an unknown val...41b2d19Add the missing/extra attribute names to the error message for `knownvalue.Ob...b505110build(deps): Bump github.com/hashicorp/go-cty from 1.4.1 to 1.5.0 (#457)b940385chore: Update minimum Go version in module (#454)96ff574knownvalue: Introduce function checks for primitive types (#412)5f414d2Result of tsccr-helper -log-level=info gha update -latest .github/ (#447)2113550chore: FIx golangci linters (#446)13c4fb0build(deps): Bump github.com/google/go-cmp from 0.6.0 to 0.7.0 (#437)9a146e5build(deps): Bump github.com/hashicorp/terraform-plugin-sdk/v2 (#433)- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/docker/docker's releases.
v28.0.4
28.0.4
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Bug fixes and enhancements
- Fix a regression causing
docker pull/pushto fail when interacting with a private repository. docker/cli#5964v28.0.3
28.0.3
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Bug fixes and enhancements
- Fix
docker runtruncating theSTDOUT/STDERRprematurely when the container exits before the data is consumed. docker/cli#5957Packaging updates
- Update BuildKit to v0.20.2. moby/moby#49698
- Update
runcto v1.2.6 (static packages only). moby/moby#49682- Update containerd to v1.7.26. docker/containerd-packaging#409
v28.0.2
28.0.2
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Bug fixes and enhancements
- Fix CLI-specific attributes (
docker.cli.*) being unintentionally passed to downstream OTel services. docker/cli#5842- Fix an issue where user-specified
OTEL_RESOURCE_ATTRIBUTESwere being overridden by CLI's internal telemetry attributes. The CLI now properly merges user-specified attributes with internal ones, allowing both to coexist. docker/cli#5842- Fix daemon failing to start on Windows when a container created before v28.0.0 was present. moby/moby#49626
- Fix possible error on
docker buildx prunewith the--min-free-space. moby/moby#49623- Fix spurious
io: read/write on closed pipeerror in the daemon log when closing container. moby/moby#49590- Fix the Docker daemon failing too early if the containerd socket isn't immediately available. moby/moby#49603
- Mask Linux thermal interrupt info in a container's
/procand/sysby default. moby/moby#49560- Update
contrib/check-config.shto check for more kernel modules related to iptables. moby/moby#49622- containerd image store: Fix integer overflow in User ID handling passed via
--user. moby/moby#49652- containerd image store: Fix spurious
reference for unknown type: application/vnd.in-toto+jsonwarning being logged to the daemon's log. moby/moby#49652
... (truncated)
Commits
6430e49Merge pull request #49700 from vvoland/missing-buildtagscc90726Add missing go1.22 build constraints330857aMerge pull request #49698 from jsternberg/buildkit-0.20.22fce935vendor: github.com/moby/buildkit v0.20.2ecb03c4Merge pull request #49691 from thaJeztah/bump_selinuxaccda31Merge pull request #49562 from thaJeztah/switch_cgroups6a0f71cMerge pull request #49686 from thaJeztah/attach_nitse2011afMerge pull request #49692 from thaJeztah/rm_aliases3e957c6remove some redundant import-aliases4db84b1switch to github.com/opencontainers/cgroups- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from crazy-max/ghaction-import-gpg's releases.
v6.3.0
- Bump openpgp from 5.11.2 to 6.1.0 in crazy-max/ghaction-import-gpg#215
- Bump cross-spawn from 7.0.3 to 7.0.6 in crazy-max/ghaction-import-gpg#212
Full Changelog: https://github.com/crazy-max/ghaction-import-gpg/compare/v6.2.0...v6.3.0
Commits
e89d409Merge pull request #215 from crazy-max/dependabot/npm_and_yarn/openpgp-6.1.09239589fix README177db9dchore: update generated content78b11f3build(deps): bump openpgp from 5.11.2 to 6.1.0bc96911Merge pull request #218 from crazy-max/bake-v6b70aa9bci: update bake-action to v6d690cc9Merge pull request #212 from crazy-max/dependabot/npm_and_yarn/cross-spawn-7.0.69e887f4Merge pull request #211 from crazy-max/dependabot/github_actions/codecov/code...442980bci: fix deprecated codecov inputa0098b6Merge pull request #217 from crazy-max/gha-perms- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from goreleaser/goreleaser-action's releases.
v6.3.0
- Bump undici from 5.28.3 to 5.28.5 in goreleaser/goreleaser-action#488
Full Changelog: https://github.com/goreleaser/goreleaser-action/compare/v6.2.1...v6.3.0
Commits
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Commits
e1fcd82html: properly handle trailing solidus in unquoted attribute value in foreign...ebed060internal/http3: fix build of tests with GOEXPERIMENT=nosynctest1f1fa29publicsuffix: regenerate table1215081http2: improve error when server sends HTTP/1312450ehtml: ensure <search> tag closes <p> and update tests09731f9http2: improve handling of lost PING in Server55989e2http2/h2c: use ResponseController for hijacking connections2914f46websocket: re-recommend gorilla/websocket- See full diff in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/docker/docker's releases.
v28.1.1
28.1.1
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Bug fixes and enhancements
- Fix
dockerd-rootless-setuptool.shincorrectly reporting missingiptables. moby/moby#49833- containerd image store: Fix a potential daemon crash when using
docker loadwith archives containing zero-size tar headers. moby/moby#49837Packaging updates
- Update Buildx to v0.23.0. docker/docker-ce-packaging#1185
- Update Compose to v2.35.1. docker/docker-ce-packaging#1188
Networking
- Add a warning to a container's
/etc/resolv.confwhen no upstream DNS servers were found. moby/moby#49827v28.1.0
28.1.0
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
- docker/cli, 28.1.0 milestone
- moby/moby, 28.1.0 milestone
- Changes to the Engine API, see API version history.
New
- Add
docker bakesub-command as alias fordocker buildx bake. docker/cli#5947- Experimental: add a new
--use-api-socketflag ondocker runanddocker createto enable access to Docker socket from inside a container and to share credentials from the host with the container. docker/cli#5858docker image inspectnow supports a--platformflag to inspect a specific platform of a multi-platform image. docker/cli#5934Bug fixes and enhancements
- Add CLI shell-completion for context names. docker/cli#6016
- Fix
docker images --treenot including non-container images content size in the total image content size. docker/cli#6000- Fix
docker loadnot preserving replaced images. moby/moby#49650- Fix
docker loginhints when logging in to a custom registry. docker/cli#6015- Fix
docker statsnot working properly on machines with high CPU core count. moby/moby#49734- Fix a regression causing
docker pull/pushto fail when interacting with a private repository. docker/cli#5964- Fix an issue preventing rootless Docker setup on a host with no
ip_tableskernel module. moby/moby#49727- Fix an issue that could lead to unwanted iptables rules being restored and never deleted following a firewalld reload. moby/moby#49728
- Improve CLI completion of
docker service scale. docker/cli#5968docker images --treenow hides both untagged and dangling images by default. docker/cli#5924docker system infowill provide an exit code if a connection cannot be established to the Docker daemon. docker/cli#5918
... (truncated)
Commits
01f442bMerge pull request #49588 from thaJeztah/bump_go_build_tagse03c0f0Merge pull request #49834 from thaJeztah/cleanup_ignore8dde918Merge pull request #49837 from thaJeztah/bump_containerd_2.0.5e70ce7aMerge pull request #49833 from vvoland/rootless-iptables-checkfc8361cvendor: github.com/containerd/containerd v2.0.562f51e4vendor: golang.org/x/oauth2 v0.29.0bbbb003cleanup ignore filesead379acontrib/rootless-setuptool: Fix iptables detection7c52c4dupdate go:build tags to go1.23 to align with vendor.mod6573a13Merge pull request #49827 from robmry/warn_no_ext_nameservers- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from actions/setup-go's releases.
v5.5.0
What's Changed
Bug fixes:
- Update self-hosted environment validation by
@priyagupta108in actions/setup-go#556- Add manifest validation and improve error handling by
@priyagupta108in actions/setup-go#586- Update template link by
@jsorefin actions/setup-go#527Dependency updates:
- Upgrade
@action/cachefrom 4.0.2 to 4.0.3 by@aparnajyothi-yin actions/setup-go#574- Upgrade
@actions/globfrom 0.4.0 to 0.5.0 by@dependabotin actions/setup-go#573- Upgrade ts-jest from 29.1.2 to 29.3.2 by
@dependabotin actions/setup-go#582- Upgrade eslint-plugin-jest from 27.9.0 to 28.11.0 by
@dependabotin actions/setup-go#537New Contributors
@jsorefmade their first contribution in actions/setup-go#527Full Changelog: https://github.com/actions/setup-go/compare/v5...v5.5.0
Commits
d35c59achore: update discussions url (#527)29694d7Add manifest validation and improve error handling (#586)78535ddBump eslint-plugin-jest from 27.9.0 to 28.11.0 (#537)bb65d88Bump ts-jest from 29.1.2 to 29.3.2 (#582)7f17e83Bump@actions/globfrom 0.4.0 to 0.5.0 (#573)dca8468Update self-hosted environment validation and bump undici version (#556)691cc35upgrade actions/cache to 4.0.3 (#574)- See full diff in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/coder/coder/v2's releases.
v2.21.3
Changelog
[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our latest stable release while we refine this version. Learn more about our Release Schedule.
Bug fixes
- Remove site wide perms from creating a workspace (#17296, 3fa1030b7) (
@Emyrk)- Add path & method labels to prometheus metrics for current requests (#17362, 1d2af9ccc) (
@ibetitsmike)- Log long-lived connections acceptance (#17219, 991d38c53) (
@ibetitsmike)- Extend request logs with auth & DB info (#17497, f8d3fbf53) (
@ibetitsmike)- Reduce excessive logging when database is unreachable (#17363, 9ea3910b2) (
@dannykopping)- Log correct error on drpc connection close error (#17265, b1ccf4800) (
@aaronlehmann)- Don't attempt to insert empty terraform plans into the database (cherry-pick #17426) (#17486, 9b3c7d7af) (
@aslilac)- Don't show promote button for members (#17511, 1e8ac6c26) (
@BrunoQuaresma)- Prevent null loading sync settings (#17430, b760f1d3a) (
@Emyrk)Fixes an issue causing front end to not load under certain condition.
Compare:
v2.21.0...v2.21.3Container image
docker pull ghcr.io/coder/coder:v2.21.3Install/upgrade
Refer to our docs to install or upgrade Coder, or use a release asset below.
Commits
bd1ef88chore: apply Dockerfile architecture fix (#17603)1e8ac6cfix: don't show promote button for members (cherry-pick #17511) (#17513)b8ffc29fix(examples/templates/kubernetes-devcontainer): update coder provider (cherr...edb0b0bfix(examples/templates/docker-devcontainer): update folder path and provider ...2d5d5adfix(examples/templates/kubernetes-devcontainer): update coder provider (cherr...2d622eerevert: "feat(coderd/notifications): group workspace build failure report (ch...6f799bbfix(scripts/release): handle cherry-pick bot titles in check commit metadata ...9b3c7d7fix: don't attempt to insert empty terraform plans into the database (cherry-...b760f1dchore: prevent null loading sync settings (cherry-pick #17430) (#17433)f8d3fbffeat: extend request logs with auth & DB info (#17497)- Additional commits viewable in compare view
Most Recent Ignore Conditions Applied to This Pull Request
| Dependency Name | Ignore Conditions | | --- | --- | | github.com/coder/coder/v2 | [>= 2.15.0.a, < 2.15.1] | | github.com/coder/coder/v2 | [>= 2.18.0.a, < 2.18.1] |Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/hashicorp/terraform-plugin-go's releases.
v0.27.0
NOTES:
- tfprotov5+tfprotov6: An upcoming release will require the
GetResourceIdentitySchemasandUpgradeResourceIdentityimplementations as part ofProviderServer. (#476)- all: This Go module has been updated to Go 1.23 per the Go support policy. It is recommended to review the Go 1.23 release notes before upgrading. Any consumers building on earlier Go versions may experience errors. (#491)
FEATURES:
- tfprotov5+tfprotov6: Upgraded protocols and added types to support the new resource identity feature (#476)
- Add WithManagedDebugEnvFilePath() option that allows writing TF_REATTACH_PROVIDERS to an environment file (#484)
v0.27.0-alpha.1
NOTES:
- This alpha pre-release contains the protocol definitions for managed resource identity, which can used with Terraform v1.12.0-alpha20250312, to store and read identity data during plan and apply workflows. (#476)
- all: This Go module has been updated to Go 1.23 per the Go support policy. It is recommended to review the Go 1.23 release notes before upgrading. Any consumers building on earlier Go versions may experience errors. (#491)
Changelog
Sourced from github.com/hashicorp/terraform-plugin-go's changelog.
0.27.0 (May 16, 2025)
NOTES:
- tfprotov5+tfprotov6: An upcoming release will require the
GetResourceIdentitySchemasandUpgradeResourceIdentityimplementations as part ofProviderServer. (#476)- all: This Go module has been updated to Go 1.23 per the Go support policy. It is recommended to review the Go 1.23 release notes before upgrading. Any consumers building on earlier Go versions may experience errors. (#491)
FEATURES:
- tfprotov5+tfprotov6: Upgraded protocols and added types to support the new resource identity feature (#476)
- Add WithManagedDebugEnvFilePath() option that allows writing TF_REATTACH_PROVIDERS to an environment file (#484)
0.27.0-alpha.1 (March 18, 2025)
NOTES:
- This alpha pre-release contains the protocol definitions for managed resource identity, which can used with Terraform v1.12.0-alpha20250312, to store and read identity data during plan and apply workflows. (#476)
- all: This Go module has been updated to Go 1.23 per the Go support policy. It is recommended to review the Go 1.23 release notes before upgrading. Any consumers building on earlier Go versions may experience errors. (#491)
Commits
2030c6cUpdate changelog2f2273abuild(deps): Bump google.golang.org/grpc from 1.72.0 to 1.72.1 (#509)6eb70a1build(deps): Bump golangci/golangci-lint-action from 7.0.0 to 8.0.0 (#507)8327e4dbuild(deps): Bump actions/setup-go from 5.4.0 to 5.5.0 (#508)d87b67agithub: Use Dependabot to keep Actions updated (#506)06b9064Add catalog metadata (META.d) (#505)74cf1cemove changelogs (#504)7df6e42build(deps): Bump google.golang.org/grpc from 1.71.1 to 1.72.0 (#503)af2d5d6build(deps): Bump golang.org/x/net from 0.37.0 to 0.38.0 in /tools (#502)ee6e52bbuild(deps): Bump github.com/hashicorp/terraform-registry-address (#501)- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/hashicorp/terraform-plugin-testing's releases.
v1.13.0
NOTES:
- reduced the volume of DEBUG-level logging to make it easier to visually scan debug output (#463)
FEATURES:
- ImportState: Added support for testing plannable import via Terraform configuration. Configuration is used from the previous test step if available.
Config,ConfigFile, andConfigDirectorycan also be used directly withImportStateif needed. (#442)- ImportState: Added
ImportStateKindto control which method of import theImportStatetest step uses.ImportCommandWithID(default, same behavior as today) ,ImportBlockWithID, andImportBlockWithResourceIdentity. (#442)- ImportState: Added
ImportStateConfigExactto opt-out of new import config generation for plannable import. (#494)- statecheck: Added
ExpectIdentityValueMatchesStatestate check to assert that an identity value matches a state value at the same path. (#503)- statecheck: Added
ExpectIdentityValueMatchesStateAtPathstate check to assert that an identity value matches a state value at different paths. (#503)ENHANCEMENTS:
- statecheck: Added
ExpectIdentityValuestate check, which asserts a specified attribute value of a managed resource identity in state. (#468)- statecheck: Added
ExpectIdentitystate check, which asserts all data of a managed resource identity in state. (#470)- Adds
AdditionalCLIOptions.PlanOptions.NoRefreshto testterraform plan -refresh=false(#490)v1.13.0-beta.1
BREAKING CHANGES:
- importstate:
ImportStatePersistandImportStateVerifyare not supported for plannable import (ImportBlockWith*) and will return an error (#476)- importstate: renamed
ImportStateWithIdtoImportStateWithIDand renamedImportCommandWithIdtoImportCommandWithID. (#465)NOTES:
- This beta pre-release adds support for managed resource identity, which can be used with Terraform v1.12.0-beta2. Acceptance tests can use the
ImportBlockWithResourceIdentitykind to exercise the import of a managed resource using its resource identity object values instead of using a string identifier. (#480)BUG FIXES:
- importstate: plannable import (
ImportBlockWith*) fixed for a resource with a dependency (#476)v1.13.0-alpha.1
NOTES:
- This alpha pre-release contains testing utilities for managed resource identity, which can be used with
Terraform v1.12.0-alpha20250319, to assert identity data stored during apply workflows. A managed resource in a provider can read/store identity data using theterraform-plugin-framework@v1.15.0-alpha.1orterraform-plugin-sdk/v2@v2.37.0-alpha.1Go modules. To assert identity data stored by a provider in state, use thestatecheck.ExpectIdentitystate check. (#470)
Changelog
Sourced from github.com/hashicorp/terraform-plugin-testing's changelog.
1.13.0 (May 16, 2025)
NOTES:
- reduced the volume of DEBUG-level logging to make it easier to visually scan debug output (#463)
FEATURES:
- ImportState: Added support for testing plannable import via Terraform configuration. Configuration is used from the previous test step if available.
Config,ConfigFile, andConfigDirectorycan also be used directly withImportStateif needed. (#442)- ImportState: Added
ImportStateKindto control which method of import theImportStatetest step uses.ImportCommandWithID(default, same behavior as today) ,ImportBlockWithID, andImportBlockWithResourceIdentity. (#442)- ImportState: Added
ImportStateConfigExactto opt-out of new import config generation for plannable import. (#494)- statecheck: Added
ExpectIdentityValueMatchesStatestate check to assert that an identity value matches a state value at the same path. (#503)- statecheck: Added
ExpectIdentityValueMatchesStateAtPathstate check to assert that an identity value matches a state value at different paths. (#503)ENHANCEMENTS:
- statecheck: Added
ExpectIdentityValuestate check, which asserts a specified attribute value of a managed resource identity in state. (#468)- statecheck: Added
ExpectIdentitystate check, which asserts all data of a managed resource identity in state. (#470)- Adds
AdditionalCLIOptions.PlanOptions.NoRefreshto testterraform plan -refresh=false(#490)1.13.0-beta.1 (April 18, 2025)
BREAKING CHANGES:
- importstate:
ImportStatePersistandImportStateVerifyare not supported for plannable import (ImportBlockWith*) and will return an error (#476)- importstate: renamed
ImportStateWithIdtoImportStateWithIDand renamedImportCommandWithIdtoImportCommandWithID. (#465)NOTES:
- This beta pre-release adds support for managed resource identity, which can be used with Terraform v1.12.0-beta2. Acceptance tests can use the
ImportBlockWithResourceIdentitykind to exercise the import of a managed resource using its resource identity object values instead of using a string identifier. (#480)BUG FIXES:
- importstate: plannable import (
ImportBlockWith*) fixed for a resource with a dependency (#476)1.13.0-alpha.1 (March 27, 2025)
NOTES:
- This alpha pre-release contains testing utilities for managed resource identity, which can be used with
Terraform v1.12.0-alpha20250319, to assert identity data stored during apply workflows. A managed resource in a provider can read/store identity data using theterraform-plugin-framework@v1.15.0-alpha.1orterraform-plugin-sdk/v2@v2.37.0-alpha.1Go modules. To assert identity data stored by a provider in state, use thestatecheck.ExpectIdentitystate check. (#470)
Commits
175139dUpdate changelogc748d53build(deps): Bump github.com/hashicorp/terraform-plugin-sdk/v2 (#509)0060a87ResourceIdentity: Switch to using plan instead of applied state for asserting...8b8c33astatecheck: Add new resource identity / state comparison checks (#503)fc2179dbuild(deps): Bump actions/setup-go from 5.4.0 to 5.5.0 (#506)a8b1366build(deps): Bump golangci/golangci-lint-action from 7.0.0 to 8.0.0 (#507)28cd0fdgithub: Use Dependabot to keep Actions updated (#504)07dca39build(deps): Bump github.com/hashicorp/terraform-json (#505)fdfdcd7update changelogs (#500)26e8554Update CODEOWNERS (#501)- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/hashicorp/terraform-plugin-framework's releases.
v1.15.0
NOTES:
- all: This Go module has been updated to Go 1.23 per the Go support policy. It is recommended to review the Go 1.23 release notes before upgrading. Any consumers building on earlier Go versions may experience errors. (#1114)
- all: This release contains a new interface and package for implmenting managed resource identity. Resource identity is data that is defined by a separate schema and is stored alongside resource state. Identity data is used by Terrform to uniquely identify a remote object and is meant to be immutable during the remote object's lifecycle. Resources that support identity can now be imported using the
identityattribute in Terraform configurationimportblocks, available in Terraform v1.12+. Theresource.ResourceWithIdentityinterface can be implemented to support identity by defining an identity schema. Once the identity schema is defined, you can read and store identity data in the state file via the newIdentityfields in the response objects on the resource CRUD methods. (#1112)FEATURES:
- tfsdk: Added
ResourceIdentitystruct to represent managed resource identity data. (#1112)- resource/identityschema: New package for implementing managed resource identity schemas. (#1107)
- resource: Added new
ImportStatePassthroughWithIdentityhelper that can support both identity and ID importing via a single field. (#1134)- resource: Added
ResourceWithIdentityinterface for implementing managed resource identity. (#1107)ENHANCEMENTS:
- resource: Updated
Create,Update,Read, andDeleterequest and response objects to support the passing of identity data. (#1112)- resource: Updated
ImportStatemethod to allow importing by resource identity and returning identity data from import response. (#1126)v1.15.0-beta.1
NOTES:
- This beta pre-release continues the implementation of managed resource identity, which should now be used with Terraform v1.12.0-beta1. Managed resources now can support import by identity during plan and apply workflows. Managed resources that already support import via the
resource.ResourceWithImportStateinterface will automatically pass-through identity data to theReadmethod. TheRequiredForImportandOptionalForImportfields on the identity schema can be used to control the validation that Terraform core will apply to the import config block. (#1126)v1.15.0-alpha.1
NOTES:
- all: This Go module has been updated to Go 1.23 per the Go support policy. It is recommended to review the Go 1.23 release notes before upgrading. Any consumers building on earlier Go versions may experience errors. (#1114)
- This alpha pre-release contains an initial implementation for managed resource identity, which can used with Terraform v1.12.0-alpha20250312, to store and read identity data during plan and apply workflows. A managed resource identity can be used by implementing the optional
resource.ResourceWithIdentityinterface and defining an identity schema. Once the identity schema is defined, you can read and store identity data in the state file via the newIdentityfields in the response objects on the resource CRUD methods. (#1112)
Changelog
Sourced from github.com/hashicorp/terraform-plugin-framework's changelog.
1.15.0 (May 16, 2025)
NOTES:
- all: This Go module has been updated to Go 1.23 per the Go support policy. It is recommended to review the Go 1.23 release notes before upgrading. Any consumers building on earlier Go versions may experience errors. (#1114)
- all: This release contains a new interface and package for implmenting managed resource identity. Resource identity is data that is defined by a separate schema and is stored alongside resource state. Identity data is used by Terrform to uniquely identify a remote object and is meant to be immutable during the remote object's lifecycle. Resources that support identity can now be imported using the
identityattribute in Terraform configurationimportblocks, available in Terraform v1.12+. Theresource.ResourceWithIdentityinterface can be implemented to support identity by defining an identity schema. Once the identity schema is defined, you can read and store identity data in the state file via the newIdentityfields in the response objects on the resource CRUD methods. (#1112)FEATURES:
- tfsdk: Added
ResourceIdentitystruct to represent managed resource identity data. (#1112)- resource/identityschema: New package for implementing managed resource identity schemas. (#1107)
- resource: Added new
ImportStatePassthroughWithIdentityhelper that can support both identity and ID importing via a single field. (#1134)- resource: Added
ResourceWithIdentityinterface for implementing managed resource identity. (#1107)ENHANCEMENTS:
- resource: Updated
Create,Update,Read, andDeleterequest and response objects to support the passing of identity data. (#1112)- resource: Updated
ImportStatemethod to allow importing by resource identity and returning identity data from import response. (#1126)1.15.0-beta.1 (April 15, 2025)
NOTES:
- This beta pre-release continues the implementation of managed resource identity, which should now be used with Terraform v1.12.0-beta1. Managed resources now can support import by identity during plan and apply workflows. Managed resources that already support import via the
resource.ResourceWithImportStateinterface will automatically pass-through identity data to theReadmethod. TheRequiredForImportandOptionalForImportfields on the identity schema can be used to control the validation that Terraform core will apply to the import config block. (#1126)1.15.0-alpha.1 (March 18, 2025)
NOTES:
- all: This Go module has been updated to Go 1.23 per the Go support policy. It is recommended to review the Go 1.23 release notes before upgrading. Any consumers building on earlier Go versions may experience errors. (#1114)
- This alpha pre-release contains an initial implementation for managed resource identity, which can used with Terraform v1.12.0-alpha20250312, to store and read identity data during plan and apply workflows. A managed resource identity can be used by implementing the optional
resource.ResourceWithIdentityinterface and defining an identity schema. Once the identity schema is defined, you can read and store identity data in the state file via the newIdentityfields in the response objects on the resource CRUD methods. (#1112)
Commits
acbc06aUpdate changelog57021a4build(deps): Bump github.com/hashicorp/terraform-plugin-go (#1145)fc240f1ResourceIdentity: Validate that identities do not change after Terraform stor...e43fb0bbuild(deps): Bump actions/setup-go from 5.4.0 to 5.5.0 (#1142)77d7476build(deps): Bump golangci/golangci-lint-action from 7.0.0 to 8.0.0 (#1143)68d7b53github: Use Dependabot to keep Actions updated (#1141)e1d72e4Resource Identity: Add the UpgradeRPC for resource identity (#1135)5c1ab2dPrep changelogs forv1.15.0release (#1138)24e7ad7Add catalog metadata (META.d) (#1139)17f1fafresource: Add identity to DeleteRequest (#1132)- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/hashicorp/terraform-plugin-framework-validators's releases.
v0.18.0
NOTES:
- all: This Go module has been updated to Go 1.23 per the Go support policy. It is recommended to review the Go 1.23 release notes before upgrading. Any consumers building on earlier Go versions may experience errors. (#276)
BUG FIXES:
- all: Fixed bug with PreferWriteOnlyAttribute validator not running when client is capable of using write-only attributes. (#287)
Changelog
Sourced from github.com/hashicorp/terraform-plugin-framework-validators's changelog.
0.18.0 (May 13, 2025)
NOTES:
- all: This Go module has been updated to Go 1.23 per the Go support policy. It is recommended to review the Go 1.23 release notes before upgrading. Any consumers building on earlier Go versions may experience errors. (#276)
BUG FIXES:
- all: Fixed bug with PreferWriteOnlyAttribute validator not running when client is capable of using write-only attributes. (#287)
Commits
376e046Update changelog99af944Add catalog metadata (META.d) (#288)38236c3internal/schemavalidator: Fix prefer write-only validators request mapping (#...65e3539build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 in /tools (#284)1778121SEC-090: Automated trusted workflow pinning (2025-04-07) (#281)8499912Result of tsccr-helper -log-level=info gha update -latest .github/ (#279)b91a5cfbuild(deps): bump github.com/golang-jwt/jwt/v4 in /tools (#278)ff0de3ebuild(deps): bump github.com/hashicorp/copywrite in /tools (#277)13b75cdchore: Update minimum Go version in module (#276)8c1561fResult of tsccr-helper -log-level=info gha update -latest .github/ (#273)- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/hashicorp/terraform-plugin-go's releases.
v0.28.0
BREAKING CHANGES:
- tfprotov5+tfprotov6: Removed temporary
ProviderServerWithResourceIdentityinterface type. UseProviderServerinstead. (#516)- tfprotov5+tfprotov6:
GetResourceIdentitySchemasandUpgradeResourceIdentityRPC calls are now required inProviderServerandResourceServer. Implementations that don't support resource identity can return empty responses from theGetResourceIdentitySchemasmethod and an error message theUpgradeResourceIdentitymethod. (#516)NOTES:
- all: To prevent compilation errors, ensure your Go module is updated to at least terraform-plugin-framework@v1.15.0, terraform-plugin-mux@v0.20.0, terraform-plugin-sdk/v2@v2.37.0, and terraform-plugin-testing@v1.13.0 before upgrading this dependency. (#516)
Changelog
Sourced from github.com/hashicorp/terraform-plugin-go's changelog.
0.28.0 (May 21, 2025)
BREAKING CHANGES:
- tfprotov5+tfprotov6: Removed temporary
ProviderServerWithResourceIdentityinterface type. UseProviderServerinstead. (#516)- tfprotov5+tfprotov6:
GetResourceIdentitySchemasandUpgradeResourceIdentityRPC calls are now required inProviderServerandResourceServer. Implementations that don't support resource identity can return empty responses from theGetResourceIdentitySchemasmethod and an error message theUpgradeResourceIdentitymethod. (#516)NOTES:
- all: To prevent compilation errors, ensure your Go module is updated to at least terraform-plugin-framework@v1.15.0, terraform-plugin-mux@v0.20.0, terraform-plugin-sdk/v2@v2.37.0, and terraform-plugin-testing@v1.13.0 before upgrading this dependency. (#516)
Commits
3fd901bUpdate changelog68ac8c5all: Remove temporaryProviderServerWithResourceIdentityinterface (#516)0c51a41Revert "Add protobuf support for list messages and rpcs (#512)" (#515)f412d39Add protobuf support for list messages and rpcs (#512)8c53222Create pull_request_template.md (#511)- See full diff in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/hashicorp/terraform-plugin-testing's releases.
v1.13.1
BUG FIXES:
- echoprovider: Fixed bug where Terraform v1.12+ would return an error message indicating the provider doesn't support
GetResourceIdentitySchemas. (#512)
Changelog
Sourced from github.com/hashicorp/terraform-plugin-testing's changelog.
1.13.1 (May 21, 2025)
BUG FIXES:
- echoprovider: Fixed bug where Terraform v1.12+ would return an error message indicating the provider doesn't support
GetResourceIdentitySchemas. (#512)
Commits
f8212c0Update changelogf86f169echoprovider: Fix bug where Terraform v1.12.1 would return an error indicatin...549959bCreate pull_request_template.md (#508)- See full diff in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/hashicorp/terraform-plugin-testing's releases.
v1.13.2
BUG FIXES:
Changelog
Sourced from github.com/hashicorp/terraform-plugin-testing's changelog.
1.13.2 (June 11, 2025)
BUG FIXES:
Commits
1911214Update changelog2d87e3dimportstate: Fixed bug where prior test config is not used forConfigFileo...baee5c6importstate: UseExpectNonEmptyPlanfield to ignore no-op assertion for imp...40e7749build(deps): Bump github.com/cloudflare/circl from 1.6.0 to 1.6.1 (#524)e0e40e8build(deps): Bump github.com/cloudflare/circl in /tools (#523)a15aaafbuild(deps): Bump golang.org/x/crypto from 0.38.0 to 0.39.0 (#521)4333746build(deps): Bump github.com/cli/go-gh/v2 in /tools (#517)f93511ebuild(deps): Bump github.com/hashicorp/terraform-plugin-go (#515)ae7eb88build(deps): Bump github.com/zclconf/go-cty from 1.16.2 to 1.16.3 (#511)- See full diff in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/coder/coder/v2's releases.
v2.23.1
Changelog
[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our latest stable release while we refine this version. Learn more about our Release Schedule.
Chores
- Revert breaking changes relating to WorkspaceOwnerName (#18304, b906c16b3)
Compare:
v2.23.0...v2.23.1Container image
docker pull ghcr.io/coder/coder:v2.23.1Install/upgrade
Refer to our docs to install or upgrade Coder, or use a release asset below.
Commits
b906c16chore: revert breaking changes relating to WorkspaceOwnerName (#18304)- See full diff in compare view
Most Recent Ignore Conditions Applied to This Pull Request
| Dependency Name | Ignore Conditions | | --- | --- | | github.com/coder/coder/v2 | [>= 2.15.0.a, < 2.15.1] | | github.com/coder/coder/v2 | [>= 2.18.0.a, < 2.18.1] |Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/docker/docker's releases.
28.2.2
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Bug fixes and enhancements
- containerd image store: Fix a regression causing
docker build --pushto fail. This reverts the fix fordocker buildnot persisting overridden images as dangling. moby/moby#50105Networking
- When creating the iptables
DOCKER-USERchain, do not add an explicitRETURNrule, allowing users to append as well as insert their own rules. Existing rules are not removed on upgrade, but it won't be replaced after a reboot. moby/moby#5009828.2.1
Packaging updates
- Fix packaging regression in v28.2.0 which broke creating the
dockergroup/user on fresh installations. docker-ce-packaging#120928.2.0
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
- docker/cli, 28.2.0 milestone
- moby/moby, 28.2.0 milestone
- Deprecated and removed features, see Deprecated Features.
- Changes to the Engine API, see API version history.
[!NOTE] RHEL packages are currently not available and will be released later.
New
- Add
{{.Platform}}as formatting option fordocker psto show the platform of the image the container is running. docker/cli#6042- Add support for relative parent paths (
../) on bind mount sources when usingdocker run/createwith-v/--volumeor--mount type=bindoptions. docker/cli#4966- CDI is now enabled by default. moby/moby#49963
- Show discovered CDI devices in
docker info. docker/cli#6078docker image rm: add--platformoption to remove a variant from multi-platform images. docker/cli#6109- containerd image store: Initial BuildKit support for building Windows container images on Windows (requires an opt-in with
DOCKER_BUILDKIT=1). moby/moby#49740Bug fixes and enhancements
- Add a new log option for fluentd log driver (
fluentd-write-timeout), which enables specifying write timeouts for fluentd connections. moby/moby#49911- Add support for
DOCKER_AUTH_CONFIGfor the experimental--use-api-socketoption. docker/cli#6019- Fix
docker execwaiting for 10 seconds if a non-existing user or group was specified. moby/moby#49868- Fix
docker swarm initignoringcacertoption of--external-ca. docker/cli#5995- Fix an issue where the CLI would not correctly save the configuration file (
~/.docker/config.json) if it was a relative symbolic link. docker/cli#5282- Fix containers with
--restart alwayspolicy using CDI devices failing to start on daemon restart. moby/moby#49990
... (truncated)
Commits
45873beMerge pull request #50105 from jsternberg/revert-build-dangling7994426Revert "containerd: images overridden by a build are kept dangling"f144264Merge pull request #50090 from corhere/libn/overlay-netip768cfaeMerge pull request #50050 from robmry/nftables_internal_dnsd3289ddAdd nftables NAT rules for internal DNS resolver7a0bf74Merge pull request #50038 from ctalledo/fix-for-50037b43afbfMerge pull request #50098 from robmry/remove_docker-user_return_rulec299ba3Update worker.Platforms() in builder-next worker.0e2cc22Merge pull request #50049 from robmry/nftables_env_var_enablee37efd4Merge pull request #50068 from mmorel-35/github.com/containerd/errdefs- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/go-chi/chi/v5's releases.
v5.2.2
What's Changed
- Use strings.Cut in a few places by
@JRaspassin go-chi/chi#971- Fix non-constant format strings in t.Fatalf by
@JRaspassin go-chi/chi#972- Apply fieldalignment fixes to optimize struct memory layout by
@pixel365in go-chi/chi#974- go 1.24 by
@pkieltykain go-chi/chi#977- chore: delint ioutil usage by
@costelain go-chi/chi#962- Fixed typo in Router interface definition by
@mithileshgupta12in go-chi/chi#958- Add support for TinyGo by
@efraimbartin go-chi/chi#978- Exclude middleware/profiler.go in TinyGo, as there's no net/http/pprof pkg by
@cxjavain go-chi/chi#982- Make use of strings.Cut by
@scopin go-chi/chi#1005- Change install command format to code block by
@sglkcin go-chi/chi#1001- Correct documentation by
@mrdominoin go-chi/chi#992Security fix
- Fixes GHSA-vrw8-fxc6-2r93 - "Host Header Injection Leads to Open Redirect in RedirectSlashes" commit
- a lower-severity Open Redirect that can't be exploited in browser or email client, as it requires manipulation of a Host header
- reported by Anuraag Baishya,
@anuraagbaishya. Thank you!New Contributors
@pixel365made their first contribution in go-chi/chi#974@mithileshgupta12made their first contribution in go-chi/chi#958@efraimbartmade their first contribution in go-chi/chi#978@cxjavamade their first contribution in go-chi/chi#982@sglkcmade their first contribution in go-chi/chi#1001@mrdominomade their first contribution in go-chi/chi#992Full Changelog: https://github.com/go-chi/chi/compare/v5.2.1...v5.2.2
v5.2.1
⚠️ Chi supports Go 1.20+
Starting this release, we will now support the four most recent major versions of Go. See go-chi/chi#963 for related discussion.
What's Changed
- Support the four most recent major versions of Go by
@VojtechVitekin go-chi/chi#969Full Changelog: https://github.com/go-chi/chi/compare/v5.2.0...v5.2.1
v5.2.0
What's Changed
- update credits section to link to goji license by
@pkieltykain go-chi/chi#944- go 1.23 by
@pkieltykain go-chi/chi#945- Make Context.RoutePattern() nil-safe by
@gaiaz-iusipovin go-chi/chi#927- govet: Fix non-constant format string by
@marcofranssenin go-chi/chi#952- Add
FindtoRoutesinterface by@joeriddlesin go-chi/chi#872- Fix grammar error by
@AntonC9018in go-chi/chi#917feat(): add CF-Connecting-IP by@n33pmin go-chi/chi#908
Revert "feat(): add CF-Connecting-IP" by@VojtechVitekin go-chi/chi#966
... (truncated)
Commits
23c395fCorrect documentation (#992)5516d14docs: change install code to code block (#1001)e235052Make use of strings.Cut (#1005)1be7ad9Merge commit from forkd7034fdExclude profiler when use tinygo (#982)d047034support tinygo (#978)fe2c065Fixed the typo (#958)1aae5b2chore: delint ioutil usage (#962)c6225e3go 1.24 (#977)e846b83Apply fieldalignment fixes to optimize struct memory layout (#974)- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/docker/docker's releases.
28.3.0
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
- docker/cli, 28.3.0 milestone
- moby/moby, 28.3.0 milestone
- Deprecated and removed features, see Deprecated Features.
- Changes to the Engine API, see API version history.
New
- Add support for AMD GPUs in
docker run --gpus. moby/moby#49952- Use
DOCKER_AUTH_CONFIGas a credential store. docker/cli#6008Bug fixes and enhancements
- Ensure that the state of the container in the daemon database (used by /containers/json API) is up to date when the container is stopped using the /containers/{id}/stop API (before response of API). moby/moby#50136
- Fix
docker image inspect inspectomitting empty fields. moby/moby#50135- Fix
docker images --treenot marking images as in-use when the containerd image store is disabled. docker/cli#6140- Fix
docker pull/pushhang in non-interactive when authentication is required caused by prompting for login credentials. docker/cli#6141- Fix a potential resource leak when a node leaves a Swarm. moby/moby#50115
- Fix a regression where a login prompt on
docker pullwould show Docker Hub-specific hints when logging in on other registries. docker/cli#6135- Fix an issue where all new tasks in the Swarm could get stuck in the PENDING state forever after scaling up a service with placement preferences. moby/moby#50211
- Remove an undocumented, hidden, top-level
docker removecommand that was accidentally introduced in Docker 23.0. docker/cli#6144- Validate registry-mirrors configuration as part of
dockerd --validateand improve error messages for invalid mirrors. moby/moby#50240dockerd-rootless-setuptool.sh: Fix the script from silently returning with no error message when subuid/subgid system requirements are not satisfied. moby/moby#50059- containerd image store: Fix
docker pushnot creating a tag on the remote repository. moby/moby#50199- containerd image store: Improve handling of errors returned by the token server during
docker pull/push. moby/moby#50176Packaging updates
- Allow customizing containerd service name for OpenRC. moby/moby#50156
- Update BuildKit to v0.23.1. moby/moby#50243
- Update Buildx to v0.25.0. docker/docker-ce-packaging#1217
- Update Compose to v2.37.2. docker/docker-ce-packaging#1219
- Update Docker Model CLI plugin to v0.1.30. docker/docker-ce-packaging#1218
- Update Go runtime to 1.24.4. docker/docker-ce-packaging#1213, moby/moby#50153, docker/cli#6124
Networking
- Revert Swarm related changes added in 28.2.x builds, due to a regression reported in moby/moby#50129. moby/moby#50169
- Revert: Fix an issue where
docker network inspect --verbosecould sometimes crash the daemon (moby/moby#49937).- Revert: Fix an issue where the load-balancer IP address for an overlay network would not be released in certain cases if the Swarm was lacking an ingress network (moby/moby#49948).
- Revert: Improve the reliability of NetworkDB in busy clusters and lossy networks (moby/moby#49932).
- Revert: Improvements to the reliability and convergence speed of NetworkDB (moby/moby#49939).
- Fix an issue that could cause container startup to fail, or lead to failed UDP port mappings, when some container ports are mapped to
0.0.0.0and others are mapped to specific host addresses. moby/moby#50054- The
network inspectresponse for an overlay network now reports thatEnableIPv4is true. moby/moby#50147- Windows: Improve daemon startup time in cases where the host has networks of type
"Mirrored". moby/moby#50155- Windows: Make sure
docker system pruneanddocker network pruneonly remove networks created by Docker. moby/moby#50154
... (truncated)
Commits
265f709Merge pull request #50247 from vvoland/50245-28.xb2a9318docs: cut api docs for v1.51b3e2e22Merge pull request #50244 from vvoland/50177-28.xc571cd8Merge pull request #50243 from vvoland/50238-28.x8c713c1gha: lower timeouts on "build" and "merge" steps539c115Merge pull request #50240 from thaJeztah/28.x_backport_validate_mirrors8e7ea47vendor: update buildkit to v0.23.1222baf4vendor: github.com/moby/buildkit v0.23.01627e82Merge pull request #50241 from thaJeztah/28.x_backport_update_cgroups4070ebdMerge pull request #50242 from thaJeztah/28.x_backport_fix_event_ordering- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/coder/coder/v2's releases.
v2.24.1
Changelog
[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our latest stable release while we refine this version. Learn more about our Release Schedule.
Bug fixes
- Fix tasks becoming unusable when no workspace preset is defined in corresponding template (#18723, 5059c23b4) (
@hugodutka)- Fix task sidebar not displaying apps without health check (#18687, f97bd76bb) (
@hugodutka)Compare:
v2.24.0...v2.24.1Container image
docker pull ghcr.io/coder/coder:v2.24.1Install/upgrade
Refer to our docs to install or upgrade Coder, or use a release asset below.
v2.24.0
Changelog
[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our latest stable release while we refine this version. Learn more about our Release Schedule.
BREAKING CHANGES
- Change
updatebuild to stop workspaces before starting (#18425, 49fcffc26) (@johnstcn)⚠ Modifies the behavior when updating a workspace. Previously, a workspace
updatewould triggger astartbuild, re-creating the agent and updating any existing compute resources in-place. This change has workspace updates explicitly trigger astopbuild with a subsequentstartbuild. This was implemented to fix pre-builds and improve consistency. Read more here.
- CLI: Modifies
coder updateto stop the workspace if already running.- Dashboard: Modifies "update" button to always stop the workspace if already running.
- CLI: enforce selection for multiple agents rather than use randomness (#18427, bacdc2888) (
@mafredri)This only impacts the flow for our new devcontainer integration, and existing users will not see changes to behavior.
SECURITY CHANGES
- Both Coder v2.23 and Coder v2.24 now handle OIDC refresh tokens (#17878). If users are being logged out of OIDC after short intervals (e.g. 1 hour), ensure you have properly configured OIDC refresh tokens
Features
We'll be exploring the details of major features included in this release in our first product launch event next week. Subscribe using this link to learn more.
Coder tasks allow users to execute long-running jobs using templates in the Coder dashboard. This is often used to manage agentic tasks with tools like Claude Code. See more in our agentic AI documentation.
... (truncated)
Commits
f97bd76fix: handle task sidebar app health check disabled correctly (cherry-pick #18...5059c23fix: handle null response from the template presets endpoint (cherry-pick #18...e5a74a7chore: pull in cherry picks for v2.24 (#18674)de494d0feat: add Coder registry links to template creation and editing (cherry-pick ...7747924fix: stop tearing down non-TTY processes on SSH session end (cherry-pick #186...4a61bbechore: bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 (cherry-p...79c666bfix(vpn): avoid setting session token header twice (#18524)288ec77feat: add workspace build status to task page (#18520)a8e2c75chore: update Coder icons to reflect new branding (#18517)fe22b2cchore: update coder/preview dependency to v1.0.1 (#18550)- Additional commits viewable in compare view
Most Recent Ignore Conditions Applied to This Pull Request
| Dependency Name | Ignore Conditions | | --- | --- | | github.com/coder/coder/v2 | [>= 2.15.0.a, < 2.15.1] | | github.com/coder/coder/v2 | [>= 2.18.0.a, < 2.18.1] |Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/hashicorp/terraform-plugin-docs's releases.
v0.22.0
BREAKING CHANGES:
- generate: The
.ProviderShortNametemplate function now uses the rendered provider name to derive the provider short name. Users that pass in the--rendered-provider-nameflag might see a different output for this function (#492)NOTES:
- generate: Generated import documentation will now contain more information about which methods are supported by the provider (CLI command, config by ID, config by identity). (#495)
FEATURES:
- generate: Added support for defining import example file (
import-by-string-id.tf) using Terraform configuration and theidattribute (#472)- generate: Added support for defining import example file (
import-by-identity.tf) using Terraform configuration and theidentityattribute (managed resource identity) (#496)ENHANCEMENTS:
- validate: Add
allowed-guide-subcategoriesandallowed-resource-subcategoriesto provide a list of allowed subcategories (#456)- validate: Add
allowed-guide-subcategories-fileandallowed-resource-subcategories-fileto provide a file containing a list of allowed subcategories (#456)- generate: Default resource and function templates now use
.RenderedProviderNameinstead of.ProviderName(#492)- generate: Remove trailing whitespace from default function template when
.HasVariadicevaluates to false (#489)BUG FIXES:
Changelog
Sourced from github.com/hashicorp/terraform-plugin-docs's changelog.
0.22.0 (July 01, 2025)
BREAKING CHANGES:
- generate: The
.ProviderShortNametemplate function now uses the rendered provider name to derive the provider short name. Users that pass in the--rendered-provider-nameflag might see a different output for this function (#492)NOTES:
- generate: Generated import documentation will now contain more information about which methods are supported by the provider (CLI command, config by ID, config by identity). (#495)
FEATURES:
- generate: Added support for defining import example file (
import-by-string-id.tf) using Terraform configuration and theidattribute (#472)- generate: Added support for defining import example file (
import-by-identity.tf) using Terraform configuration and theidentityattribute (managed resource identity) (#496)ENHANCEMENTS:
- validate: Add
allowed-guide-subcategoriesandallowed-resource-subcategoriesto provide a list of allowed subcategories (#456)- validate: Add
allowed-guide-subcategories-fileandallowed-resource-subcategories-fileto provide a file containing a list of allowed subcategories (#456)- generate: Default resource and function templates now use
.RenderedProviderNameinstead of.ProviderName(#492)- generate: Remove trailing whitespace from default function template when
.HasVariadicevaluates to false (#489)BUG FIXES:
Commits
0be94a7Update changelog5db5509generate: Add support for import configuration examples withidentity+ sch...3b9b212generate: Add support forimportconfiguration examples with theidattri...31cddc7Revert "Bump github.com/yuin/goldmark from 1.7.7 to 1.7.12 (#484)" (#498)9ff8b91Dependabot: Single weekly PR for GH Actions, Single PR for terraform-plugin-*...0367702Generate: Use rendered provider name instead of provider name in default temp...8b2645dBump github.com/yuin/goldmark from 1.7.7 to 1.7.12 (#484)2f25d2cfix: remove double newlines when no variadic argument (#489)2ffec57Remove subcategory field from frontmatter in default provider template. (#446)20d5937Bump github.com/cloudflare/circl from 1.6.0 to 1.6.1 (#491)- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/docker/docker's releases.
28.3.1
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
- docker/cli, 28.3.1 milestone
- moby/moby, 28.3.1 milestone
- Deprecated and removed features, see Deprecated Features.
- Changes to the Engine API, see API version history.
Packaging updates
- Update BuildKit to v0.23.2. moby/moby#50309
- Update Compose to v2.38.1. docker/docker-ce-packaging#1221
- Update Model to v0.1.32 which adds the support for the new top-level
models:key in Docker Compose. docker/docker-ce-packaging#1222
Commits
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/docker/docker's releases.
28.3.2
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
- docker/cli, 28.3.2 milestone
- moby/moby, 28.3.2 milestone
- Deprecated and removed features, see Deprecated Features.
- Changes to the Engine API, see API version history.
Bug fixes and enhancements
- Fix
--use-api-socketnot working correctly when targeting a remote daemon. docker/cli#6157- Fix stray "otel error" logs being printed if debug logging is enabled. docker/cli#6160
- Quote SSH arguments when connecting to a remote daemon over an SSH connection to avoid unexpected expansion. docker/cli#6147
- Warn when
DOCKER_AUTH_CONFIGis set duringdocker loginanddocker logout. docker/cli#6163Packaging updates
- Update Compose to v2.38.2. docker/docker-ce-packaging#1225
- Update Docker Model CLI plugin to v0.1.33. docker/docker-ce-packaging#1227
- Update Go runtime to 1.24.5. moby/moby#50354
Commits
e77ff99Merge pull request #50354 from vvoland/50353-28.x6e3cf7fMerge pull request #50351 from vvoland/50179-28.x38c0abfupdate to go1.24.53b7d703Merge pull request #50352 from vvoland/50347-28.xd14a60fMerge pull request #50348 from vvoland/50314-28.xda65c86Merge pull request #50350 from vvoland/50333-28.x76fbfe9Merge pull request #50349 from vvoland/50255-28.xbfade89integration/networking: increase context timeout for attacha818cfdgha: run windows 2025 on PRs, 2022 scheduled653777agha: update to windows 2022 / 2025- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from actions/checkout's releases.
v4.3.0
What's Changed
- docs: update README.md by
@motssin actions/checkout#1971- Add internal repos for checking out multiple repositories by
@mouismailin actions/checkout#1977- Documentation update - add recommended permissions to Readme by
@benwellsin actions/checkout#2043- Adjust positioning of user email note and permissions heading by
@joshmgrossin actions/checkout#2044- Update README.md by
@nebuk89in actions/checkout#2194- Update CODEOWNERS for actions by
@TingluoHuangin actions/checkout#2224- Update package dependencies by
@salmanmkcin actions/checkout#2236- Prepare release v4.3.0 by
@salmanmkcin actions/checkout#2237New Contributors
@motssmade their first contribution in actions/checkout#1971@mouismailmade their first contribution in actions/checkout#1977@benwellsmade their first contribution in actions/checkout#2043@nebuk89made their first contribution in actions/checkout#2194@salmanmkcmade their first contribution in actions/checkout#2236Full Changelog: https://github.com/actions/checkout/compare/v4...v4.3.0
Changelog
Sourced from actions/checkout's changelog.
Changelog
V4.3.0
- docs: update README.md by
@motssin actions/checkout#1971- Add internal repos for checking out multiple repositories by
@mouismailin actions/checkout#1977- Documentation update - add recommended permissions to Readme by
@benwellsin actions/checkout#2043- Adjust positioning of user email note and permissions heading by
@joshmgrossin actions/checkout#2044- Update README.md by
@nebuk89in actions/checkout#2194- Update CODEOWNERS for actions by
@TingluoHuangin actions/checkout#2224- Update package dependencies by
@salmanmkcin actions/checkout#2236v4.2.2
url-helper.tsnow leverages well-known environment variables by@jww3in actions/checkout#1941- Expand unit test coverage for
isGhesby@jww3in actions/checkout#1946v4.2.1
- Check out other refs/* by commit if provided, fall back to ref by
@orhantoyin actions/checkout#1924v4.2.0
- Add Ref and Commit outputs by
@lucacomein actions/checkout#1180- Dependency updates by
@dependabot- actions/checkout#1777, actions/checkout#1872v4.1.7
- Bump the minor-npm-dependencies group across 1 directory with 4 updates by
@dependabotin actions/checkout#1739- Bump actions/checkout from 3 to 4 by
@dependabotin actions/checkout#1697- Check out other refs/* by commit by
@orhantoyin actions/checkout#1774- Pin actions/checkout's own workflows to a known, good, stable version. by
@jww3in actions/checkout#1776v4.1.6
- Check platform to set archive extension appropriately by
@cory-millerin actions/checkout#1732v4.1.5
- Update NPM dependencies by
@cory-millerin actions/checkout#1703- Bump github/codeql-action from 2 to 3 by
@dependabotin actions/checkout#1694- Bump actions/setup-node from 1 to 4 by
@dependabotin actions/checkout#1696- Bump actions/upload-artifact from 2 to 4 by
@dependabotin actions/checkout#1695- README: Suggest
user.emailto be41898282+github-actions[bot]@users.noreply.github.comby@cory-millerin actions/checkout#1707v4.1.4
- Disable
extensions.worktreeConfigwhen disablingsparse-checkoutby@jww3in actions/checkout#1692- Add dependabot config by
@cory-millerin actions/checkout#1688- Bump the minor-actions-dependencies group with 2 updates by
@dependabotin actions/checkout#1693- Bump word-wrap from 1.2.3 to 1.2.5 by
@dependabotin actions/checkout#1643v4.1.3
- Check git version before attempting to disable
sparse-checkoutby@jww3in actions/checkout#1656- Add SSH user parameter by
@cory-millerin actions/checkout#1685- Update
actions/checkoutversion inupdate-main-version.ymlby@jww3in actions/checkout#1650
... (truncated)
Commits
08eba0bPrepare release v4.3.0 (#2237)631c7dcUpdate package dependencies (#2236)8edcb1bUpdate CODEOWNERS for actions (#2224)09d2acaUpdate README.md (#2194)85e6279Adjust positioning of user email note and permissions heading (#2044)009b9aeDocumentation update - add recommended permissions to Readme (#2043)cbb7224Update README.md (#1977)3b9b8c8docs: update README.md (#1971)- See full diff in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Commits
42faf79Merge pull request #138 from thaJeztah/sockets_move_unix_options9ffab7esockets: make NewUnixSocket, WithChown, WithChmod unix-only6bb1d15Merge pull request #135 from thaJeztah/rename_test_filesb6c843dsockets: rename files to be considered test files80898b6Merge pull request #133 from thaJeztah/deprecate_socket_dialpipea4399e5socket: deprecate DialPipeb071e04Merge pull request #128 from thaJeztah/remove_old_cyphers578bfdeMerge pull request #132 from thaJeztah/optimize_ParsePortSpecdeccd71tlsconfig: align client and server defaults, remove weak CBC ciphers30b91c8nat: ParsePortSpec: combine some conditions- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/coder/coder/v2's releases.
v2.25.1
Changelog
[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our latest stable release while we refine this version. Learn more about our Release Schedule.
Bug fixes
- Upgrade to 1.24.6 to fix race in lib/pq queries (#19214) (#19218, 079328d87)
⚠ Resolves CVE-2025-47907, details can be found here in golang/go. Additionally, see our blog about this vulnerability.
Compare:
v2.25.0...v2.25.1Container image
docker pull ghcr.io/coder/coder:v2.25.1Install/upgrade
Refer to our docs to install or upgrade Coder, or use a release asset below.
v2.25.0
Changelog
[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our latest stable release while we refine this version. Learn more about our Release Schedule.
BREAKING CHANGES
- Route connection logs to Connection log instead of Audit log (#18340, 08e17a07f) (
@ethanndickson)Connections to workspaces (via SSH, workspace apps, or browser port-forwarding) will no longer create entries in the audit log. Those events will now be included in the 'Connection Log'. Please see the 'Connection Log' page in the dashboard, and the Connection Log documentation for details. Those with permission to view the Audit Log will also be able to view the Connection Log. The new Connection Log has the same licensing restrictions as the Audit Log, and requires a Premium Coder deployment.
- Delete old connection events from audit log (#18735, f42de9fe1) (
@ethanndickson)With new connection events appearing in the Connection Log, connection events older than 90 days will now be deleted from the Audit Log. If you require this legacy data, we recommend querying it from the REST API or making a backup of the database/these events before upgrading your Coder deployment. Please see the PR for details on what exactly will be deleted. Note: There are currently no plans to delete connection events from the Connection Log.
- Add ability to cancel pending workspace build (#18713, 8202514ce) (
@kacpersaw)CancelWorkspaceBuild method in codersdk now accepts an optional
requestparameter.- Use devcontainer ID when rebuilding a devcontainer (#18604, f2d229eed) (
@DanielleMaywood)Minor breaking change for workspaces enabled by our devcontainer integration. Allows rebuilding a devcontainer without a valid devcontainer ID.
- CLI: Add CLI support for creating workspace with presets (#18912, b975d6d9b) (
@ssncferreira)This breaking change impacts the
coder createCLI command only for templates which contain presets.It introduces a
--presetflag to the create command, which modifies the behavior when no preset is explicitly provided:
- If the template includes presets and a default preset, the default will be automatically applied. The user will be notified, but not prompted.
- If the template includes presets without a default, the user will be prompted to choose a preset.
This breaks existing workflows for templates with presets that:
- Expect the create command to proceed without applying a preset
- Rely on non-interactive scripts or automated workflows, which will now fail or hang due to unexpected prompts
... (truncated)
Commits
3bf6a00chore: revert CLI binary publishing for releases.coder.com (#19236)9eb5fc6chore: fix CLI binary publishing for releases.coder.com (#19230)079328dfix: upgrade to 1.24.6 to fix race in lib/pq queries (#19214) (#19218)e68ffe8ci: bump xcode version to 16.1.0 (#19125) (#19221)e6ec957Cherry-pick for release 2.25 (#19169)f1cf81cchore: add openai icon (cherry-pick #19118) (#19176)4bced62chore: add site/ CODEOWNERS (#19086)3a3972cchore: add catalog-info.yaml for backstage integration (#19085)558e25dfeat: support shift+enter in terminal (#19021)71738f6feat(site): support icon and description in preset (#19063)- Additional commits viewable in compare view
Most Recent Ignore Conditions Applied to This Pull Request
| Dependency Name | Ignore Conditions | | --- | --- | | github.com/coder/coder/v2 | [>= 2.15.0.a, < 2.15.1] | | github.com/coder/coder/v2 | [>= 2.18.0.a, < 2.18.1] |Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/hashicorp/terraform-plugin-framework's releases.
v1.15.1
BUG FIXES:
- all: Fixed bug with
UseStateForUnknownwhere known null state values were not preserved during update plans. (#1117)
Changelog
Sourced from github.com/hashicorp/terraform-plugin-framework's changelog.
1.15.1 (July 31, 2025)
BUG FIXES:
- all: Fixed bug with
UseStateForUnknownwhere known null state values were not preserved during update plans. (#1117)
Commits
4781d13Update changeloga3a4370all: AdjustUseStateForUnknownplan modifiers to preserve known null state ...- See full diff in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/docker/docker's releases.
v28.3.3
28.3.3
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Security
This release fixes an issue where, after a firewalld reload, published container ports could be accessed directly from the local network, even when they were intended to be accessible only via a loopback address. CVE-2025-54388 / GHSA-x4rx-4gw3-53p4 / moby/moby#50506.
Packaging updates
- Update Buildx to v0.26.1. docker/docker-ce-packaging#1230
- Update Compose to v2.39.1. docker/docker-ce-packaging#1234
- Update Docker Model CLI plugin to v0.1.36. docker/docker-ce-packaging#1233
Go SDK
- cli/command/formatter: add
TrunateID()utility as alternative forgithub.com/docker/docker/pkg/stringid.TrunateID(). docker/cli#6180
Commits
bea959cMerge pull request #50506 from robmry/backport-28.x/fix_firewalld_reload3e9ff78bridge: Reapply endpoint iptables rules on firewalld reload29ed80abridge: Trigger firewalld reload during bridge integration testsda489a1Merge pull request #50478 from thaJeztah/28.x_backport_gha_bump_bkf173e45Merge pull request #50480 from austinvazquez/cherry-pick-ea29dffaa541289591aa...e4b1f89daemon/server: remove compatibility with API v1.4 auth-config on push0c9e14dhack/buildkit-ref: temporarily bump BuildKit to head of v0.23 branchbf6d688Merge pull request #50471 from austinvazquez/cherry-pick-b1ce0c89f0214cc6711c...4205776client: always send (empty) body on push- See full diff in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/go-viper/mapstructure/v2's releases.
v2.4.0
What's Changed
- refactor: replace interface{} with any by
@sagikazarmarkin go-viper/mapstructure#115- build(deps): bump github/codeql-action from 3.29.0 to 3.29.2 by
@dependabot[bot] in go-viper/mapstructure#114- Generic tests by
@sagikazarmarkin go-viper/mapstructure#118- Fix godoc reference link in README.md by
@peczenyjin go-viper/mapstructure#107- feat: add StringToTimeLocationHookFunc to convert strings to *time.Location by
@ErfanMomeniiiin go-viper/mapstructure#117- feat: add back previous StringToSlice as a weak function by
@sagikazarmarkin go-viper/mapstructure#119New Contributors
@ErfanMomeniiimade their first contribution in go-viper/mapstructure#117Full Changelog: https://github.com/go-viper/mapstructure/compare/v2.3.0...v2.4.0
Commits
b9794a5Merge pull request #119 from go-viper/string-to-weak-slice17cdcb0feat: add back previous StringToSlice as a weak function3caca36Merge pull request #117 from ErfanMomeniii/main9a861bcMerge pull request #107 from peczenyj/patch-286ed5b5refactor: updateace5b4echore: add interface any linter1a4f1aeMerge pull request #118 from go-viper/generic-testsa268909fix: lint17f1fd4test: add more commentsb48c856test: expand tests- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/stretchr/testify's releases.
v1.11.0
What's Changed
Functional Changes
v1.11.0 Includes a number of performance improvements.
- Call stack perf change for CallerInfo by
@mikeauclairin stretchr/testify#1614- Lazily render mock diff output on successful match by
@mikeauclairin stretchr/testify#1615- assert: check early in Eventually, EventuallyWithT, and Never by
@cszczepaniakin stretchr/testify#1427- assert: add IsNotType by
@bartventerin stretchr/testify#1730- assert.JSONEq: shortcut if same strings by
@dolmenin stretchr/testify#1754- assert.YAMLEq: shortcut if same strings by
@dolmenin stretchr/testify#1755- assert: faster and simpler isEmpty using reflect.Value.IsZero by
@dolmenin stretchr/testify#1761- suite: faster methods filtering (internal refactor) by
@dolmenin stretchr/testify#1758Fixes
- assert.ErrorAs: log target type by
@craig65535in stretchr/testify#1345- Fix failure message formatting for Positive and Negative asserts in stretchr/testify#1062
- Improve ErrorIs message when error is nil but an error was expected by
@tsioftasin stretchr/testify#1681- fix Subset/NotSubset when calling with mixed input types by
@siliconbrainin stretchr/testify#1729- Improve ErrorAs failure message when error is nil by
@ccoVeillein stretchr/testify#1734- mock.AssertNumberOfCalls: improve error msg by
@3scalationin stretchr/testify#1743Documentation, Build & CI
- docs: Fix typo in README by
@alexandearin stretchr/testify#1688- Replace deprecated io/ioutil with io and os by
@alexandearin stretchr/testify#1684- Document consequences of calling t.FailNow() by
@greg0irein stretchr/testify#1710- chore: update docs for Unset #1621 by
@techfgin stretchr/testify#1709- README: apply gofmt to examples by
@alexandearin stretchr/testify#1687- refactor: use %q and %T to simplify fmt.Sprintf by
@alexandearin stretchr/testify#1674- Propose Christophe Colombier (ccoVeille) as approver by
@brackendawsonin stretchr/testify#1716- Update documentation for the Error function in assert or require package by
@architagrin stretchr/testify#1675- assert: remove deprecated build constraints by
@alexandearin stretchr/testify#1671- assert: apply gofumpt to internal test suite by
@ccoVeillein stretchr/testify#1739- CI: fix shebang in .ci.*.sh scripts by
@dolmenin stretchr/testify#1746- assert,require: enable parallel testing on (almost) all top tests by
@dolmenin stretchr/testify#1747- suite.Passed: add one more status test report by
@Ararsa-Deresein stretchr/testify#1706- Add Helper() method in internal mocks and assert.CollectT by
@dolmenin stretchr/testify#1423- assert.Same/NotSame: improve usage of Sprintf by
@ccoVeillein stretchr/testify#1742- mock: enable parallel testing on internal testsuite by
@dolmenin stretchr/testify#1756- suite: cleanup use of 'testing' internals at runtime by
@dolmenin stretchr/testify#1751- assert: check test failure message for Empty and NotEmpty by
@ccoVeillein stretchr/testify#1745- deps: fix dependency cycle with objx (again) by
@dolmenin stretchr/testify#1567- assert.Empty: comprehensive doc of "Empty"-ness rules by
@dolmenin stretchr/testify#1753- doc: improve godoc of top level 'testify' package by
@dolmenin stretchr/testify#1760- assert.ErrorAs: simplify retrieving the type name by
@ccoVeillein stretchr/testify#1740- assert.EqualValues: improve test coverage to 100% by
@dolmenin stretchr/testify#1763- suite.Run: simplify running of Setup/TeardownSuite by
@renzoarreazain stretchr/testify#1769- assert.CallerInfo: micro optimization by using LastIndexByte by
@dolmenin stretchr/testify#1767- assert.CallerInfo: micro cleanup by
@dolmenin stretchr/testify#1768- assert: refactor TestFileExists and TestDirExists tests to enable parallel testing by
@dolmenin stretchr/testify#1766
... (truncated)
Commits
b7801fbMerge pull request #1778 from stretchr/dependabot/github_actions/actions/chec...69831f3build(deps): bump actions/checkout from 4 to 5a53be35Improve captureTestingT helperaafb604mock: improve formatting of error message7218e03improve error msg929a212Merge pull request #1758 from stretchr/dolmen/suite-faster-method-filteringbc7459esuite: faster filtering of methods (-testify.m)7d37b5csuite: refactor methodFilterc58bc90Merge pull request #1764 from stretchr/dolmen/suite-refactor-stats-for-readab...87101a6suite.Run: refactor handling of stats- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/hashicorp/terraform-plugin-testing's releases.
v1.13.3
NOTES:
- Adds an opt-in compatibility flag for config mode tests to unlock upgrade from v1.5.1 to latest for specific providers. (#496)
Changelog
Sourced from github.com/hashicorp/terraform-plugin-testing's changelog.
1.13.3 (August 15, 2025)
NOTES:
- Adds an opt-in compatibility flag for config mode tests to unlock upgrade from v1.5.1 to latest for specific providers. (#496)
Commits
1c1031cUpdate changelogc569860helper/resource: compatibility refresh after config mode test step (#496) (#538)- See full diff in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from goreleaser/goreleaser-action's releases.
v6.4.0
What's Changed
- ci: set contents read as default workflow permissions by
@crazy-maxin goreleaser/goreleaser-action#494- fix: support .config directory for goreleaser config files by
@haya14busain goreleaser/goreleaser-action#500- chore(deps): bump semver from 7.7.1 to 7.7.2 by
@dependabot[bot] in goreleaser/goreleaser-action#495- chore(deps): bump brace-expansion from 1.1.11 to 1.1.12 by
@dependabot[bot] in goreleaser/goreleaser-action#498- fix: do not get releases.json if version is specific by
@caarlos0in goreleaser/goreleaser-action#502- chore(deps): bump undici from 5.28.5 to 5.29.0 by
@dependabot[bot] in goreleaser/goreleaser-action#496- feat: retry downloading releases json by
@caarlos0in goreleaser/goreleaser-action#503New Contributors
@haya14busamade their first contribution in goreleaser/goreleaser-action#500Full Changelog: https://github.com/goreleaser/goreleaser-action/compare/v6.3.0...v6.4.0
Commits
e435ccdfeat: retry downloading releases json (#503)2ff5850chore(deps): bump undici from 5.28.5 to 5.29.0 (#496)9a6cd01fix: do not get releases.json if version is specific (#502)a386515chore(deps): bump brace-expansion from 1.1.11 to 1.1.12 (#498)ca48102chore(deps): bump semver from 7.7.1 to 7.7.2 (#495)0931acffix: support .config directory for goreleaser config files (#500)90c43f2ci: set contents read as default workflow permissions (#494)- See full diff in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from actions/checkout's releases.
v5.0.0
What's Changed
- Update actions checkout to use node 24 by
@salmanmkcin actions/checkout#2226- Prepare v5.0.0 release by
@salmanmkcin actions/checkout#2238⚠️ Minimum Compatible Runner Version
v2.327.1
Release NotesMake sure your runner is updated to this version or newer to use this release.
Full Changelog: https://github.com/actions/checkout/compare/v4...v5.0.0
Changelog
Sourced from actions/checkout's changelog.
Changelog
V5.0.0
- Update actions checkout to use node 24 by
@salmanmkcin actions/checkout#2226V4.3.0
- docs: update README.md by
@motssin actions/checkout#1971- Add internal repos for checking out multiple repositories by
@mouismailin actions/checkout#1977- Documentation update - add recommended permissions to Readme by
@benwellsin actions/checkout#2043- Adjust positioning of user email note and permissions heading by
@joshmgrossin actions/checkout#2044- Update README.md by
@nebuk89in actions/checkout#2194- Update CODEOWNERS for actions by
@TingluoHuangin actions/checkout#2224- Update package dependencies by
@salmanmkcin actions/checkout#2236v4.2.2
url-helper.tsnow leverages well-known environment variables by@jww3in actions/checkout#1941- Expand unit test coverage for
isGhesby@jww3in actions/checkout#1946v4.2.1
- Check out other refs/* by commit if provided, fall back to ref by
@orhantoyin actions/checkout#1924v4.2.0
- Add Ref and Commit outputs by
@lucacomein actions/checkout#1180- Dependency updates by
@dependabot- actions/checkout#1777, actions/checkout#1872v4.1.7
- Bump the minor-npm-dependencies group across 1 directory with 4 updates by
@dependabotin actions/checkout#1739- Bump actions/checkout from 3 to 4 by
@dependabotin actions/checkout#1697- Check out other refs/* by commit by
@orhantoyin actions/checkout#1774- Pin actions/checkout's own workflows to a known, good, stable version. by
@jww3in actions/checkout#1776v4.1.6
- Check platform to set archive extension appropriately by
@cory-millerin actions/checkout#1732v4.1.5
- Update NPM dependencies by
@cory-millerin actions/checkout#1703- Bump github/codeql-action from 2 to 3 by
@dependabotin actions/checkout#1694- Bump actions/setup-node from 1 to 4 by
@dependabotin actions/checkout#1696- Bump actions/upload-artifact from 2 to 4 by
@dependabotin actions/checkout#1695- README: Suggest
user.emailto be41898282+github-actions[bot]@users.noreply.github.comby@cory-millerin actions/checkout#1707v4.1.4
- Disable
extensions.worktreeConfigwhen disablingsparse-checkoutby@jww3in actions/checkout#1692- Add dependabot config by
@cory-millerin actions/checkout#1688- Bump the minor-actions-dependencies group with 2 updates by
@dependabotin actions/checkout#1693- Bump word-wrap from 1.2.3 to 1.2.5 by
@dependabotin actions/checkout#1643v4.1.3
... (truncated)
Commits
08c6903Prepare v5.0.0 release (#2238)9f26565Update actions checkout to use node 24 (#2226)- See full diff in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/coder/coder/v2's releases.
v2.25.2
Stable (since September 04, 2025)
Changelog
Security Fixes
- Expire token for prebuilds user when regenerating session token (#19667) (#19668, ec660907f) (
@johnstcn)⚠ Fixes an issue allowing previously authenticated users to claim prebuilt workspaces created from templates using the
coder-loginmodule. Read more in our GHSA for this vulnerability.- Server: Add audit log on creating a new session key (#19672) (#19684, a79adb155) (
@johnstcn)Adds an audit log entry when an API key is created via
coder login.Bug Fixes
- Fix GCP service accounts (#19312) (#19315, d324cf7fa) (
@ethanndickson)Compare:
v2.25.1...v2.25.2Container image
docker pull ghcr.io/coder/coder:v2.25.2Install/upgrade
Refer to our docs to install or upgrade Coder, or use a release asset below.
Commits
f51e22dfix: pin pg_dump version when generating schema (#19696) (#19697)a79adb1fix(coderd): add audit log on creating a new session key (#19672) (#19684)ec66090fix: expire token for prebuilds user when regenerating session token (#19667)...ee80509chore: update the slim binaries upload from the build directory to the GCS bu...ed39f4cchore: fix typo in clientNetcheckSummary for support bundle command (#19482)d324cf7ci: fix gcp service accounts (#19312) (#19315)- See full diff in compare view
Most Recent Ignore Conditions Applied to This Pull Request
| Dependency Name | Ignore Conditions | | --- | --- | | github.com/coder/coder/v2 | [>= 2.15.0.a, < 2.15.1] | | github.com/coder/coder/v2 | [>= 2.18.0.a, < 2.18.1] |Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/hashicorp/terraform-plugin-docs's releases.
v0.24.0
FEATURES:
- generate: Support multiple configuration example files in default templates (#508)
- generate/migrate/validate: Add support for list resources (#528)
v0.23.0
FEATURES:
Changelog
Sourced from github.com/hashicorp/terraform-plugin-docs's changelog.
0.24.0 (October 13, 2025)
FEATURES:
- generate: Support multiple configuration example files in default templates (#508)
- generate/migrate/validate: Add support for list resources (#528)
0.23.0 (September 17, 2025)
FEATURES:
Commits
954fc54Update changelog347dc6cbuild(deps): bump golang.org/x/text from 0.29.0 to 0.30.0 (#529)0fe8159generate: Update action docs to support multiple examples (#527)6ddafb7Add support for generating docs for list-resources (#528)6975416feat(generate): Support multiple configuration example files in default templ...df10e95chore: extract types for templates (#517)157a6a9chore: Fix CI to run on public forks (#526)a4a7122build(deps): bump github.com/hashicorp/terraform-json (#524)6a88399build(deps): bump github.com/hashicorp/terraform-exec (#525)e4e5f4cUpdate changelog- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/stretchr/testify's releases.
v1.11.1
This release fixes #1785 introduced in v1.11.0 where expected argument values implementing the stringer interface (
String() string) with a method which mutates their value, when passed to mock.Mock.On (m.On("Method", <expected>).Return()) or actual argument values passed to mock.Mock.Called may no longer match one another where they previously did match. The behaviour prior to v1.11.0 where the stringer is always called is restored. Future testify releases may not call the stringer method at all in this case.What's Changed
- Backport #1786 to release/1.11: mock: revert to pre-v1.11.0 argument matching behavior for mutating stringers by
@brackendawsonin stretchr/testify#1788Full Changelog: https://github.com/stretchr/testify/compare/v1.11.0...v1.11.1
Commits
2a57335Merge pull request #1788 from brackendawson/1785-backport-1.11af8c912Backport #1786 to release/1.11- See full diff in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from actions/setup-go's releases.
v6.0.0
What's Changed
Breaking Changes
- Improve toolchain handling to ensure more reliable and consistent toolchain selection and management by
@matthewhughes934in actions/setup-go#460- Upgrade Nodejs runtime from node20 to node 24 by
@salmanmkcin actions/setup-go#624Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes
Dependency Upgrades
- Upgrade
@types/jestfrom 29.5.12 to 29.5.14 by@dependabot[bot] in actions/setup-go#589- Upgrade
@actions/tool-cachefrom 2.0.1 to 2.0.2 by@dependabot[bot] in actions/setup-go#591- Upgrade
@typescript-eslint/parserfrom 8.31.1 to 8.35.1 by@dependabot[bot] in actions/setup-go#590- Upgrade undici from 5.28.5 to 5.29.0 by
@dependabot[bot] in actions/setup-go#594- Upgrade typescript from 5.4.2 to 5.8.3 by
@dependabot[bot] in actions/setup-go#538- Upgrade eslint-plugin-jest from 28.11.0 to 29.0.1 by
@dependabot[bot] in actions/setup-go#603- Upgrade
form-datato bring in fix for critical vulnerability by@matthewhughes934in actions/setup-go#618- Upgrade actions/checkout from 4 to 5 by
@dependabot[bot] in actions/setup-go#631New Contributors
@matthewhughes934made their first contribution in actions/setup-go#618@salmanmkcmade their first contribution in actions/setup-go#624Full Changelog: https://github.com/actions/setup-go/compare/v5...v6.0.0
Commits
4469467Bump actions/checkout from 4 to 5 (#631)e093d1eNode 24 upgrade (#624)1d76b95Improve toolchain handling (#460)e75c3e8Bumpform-datato bring in fix for critical vulnerability (#618)8e57b58Bump eslint-plugin-jest from 28.11.0 to 29.0.1 (#603)7c0b336Bump typescript from 5.4.2 to 5.8.3 (#538)6f26dccBump undici from 5.28.5 to 5.29.0 (#594)8d4083aBump@typescript-eslint/parserfrom 5.62.0 to 8.32.0 (#590)fa96338Bump@actions/tool-cachefrom 2.0.1 to 2.0.2 (#591)4de67c0Bump@types/jestfrom 29.5.12 to 29.5.14 (#589)- See full diff in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/coder/coder/v2's releases.
v2.27.1
Changelog
[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our latest stable release while we refine this version. Learn more about our Release Schedule.
Bug fixes
- Server: Truncate task prompt to 160 characters in notifications (#20147) (#20153, b2d6a1886) (
@johnstcn)Certain
coder statcommands were failing on more complex Cgroup environments. This patch addresses that failure, and other complex setups.Chores
Compare:
v2.27.0...v2.27.1Container image
docker pull ghcr.io/coder/coder:v2.27.1Install/upgrade
Refer to our docs to install or upgrade Coder, or use a release asset below.
v2.27.0
Changelog
[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our latest stable release while we refine this version. Learn more about our Release Schedule.
BREAKING CHANGES
- Use client IP when creating connection logs for workspace proxied app accesses (#19788, 6a9b896f5) (
@ethanndickson)The presence of the
ipfield oncodersdk.ConnectionLogcannot be guaranteed, and so the field has been made optional. It may be omitted on API responses.- Server: Only show task status for current build (#19966, eb55f0ab1) (
@johnstcn)Renames the
TaskStateCompletedconstant toTaskStateCompleteto align with the tense used inWorkspaceAppStatusStateComplete, requiring any code referencing the constant to be updated.- Rename prompt field to input for task creation (#19982, eb7473283) (
@DanielleMaywood)Renames the
CreateTaskRequest.PrompttoCreateTaskRequest.Inputto align with language used in our CLI and elsewhere in the codebase.Features
AI Bridge
AI Bridge, the self-hosted LLM proxy for auditing LLM tools and adoption is now in Early access, get started with our setup guide.
- Add
aibridgedserverpkg (#19902, 615585d5d) (@dannykopping)- Add aibridged package (#19797, fc9bff710) (
@dannykopping)- Initialize
aibridged& mount API handler (#19798, 0a7981705) (@dannykopping)- Add endpoint to list aibridge interceptions (#19929, 0a6ba5d51) (
@pawbana)
... (truncated)
Commits
230b55bchore: upgrade coder/clistat to v1.1.1 (#20322) (#20325)b2d6a18fix(coderd): truncate task prompt to 160 characters in notifications (#20147)...c0cd32cchore: fix missing variable in deploy workflow (#20135)c2414d5chore: backport release freeze workflow to 2.27 (#20132)ff69ed6chore: backport various downgrades from main (#20133)f4a6894chore: bump@radix-ui/react-dialogfrom 1.1.4 to 1.1.15 in /site (#20068)77b9598chore: bump@radix-ui/react-selectfrom 2.1.4 to 2.2.6 in /site (#20079)fc6c5a4chore: bump msw from 2.4.8 to 2.11.3 in /site (#20074)7c4c4abchore: bump the vite group across 1 directory with 3 updates (#20057)cdd9dddchore: bump ssh2 and@types/ssh2in /site (#20077)- Additional commits viewable in compare view
Most Recent Ignore Conditions Applied to This Pull Request
| Dependency Name | Ignore Conditions | | --- | --- | | github.com/coder/coder/v2 | [>= 2.15.0.a, < 2.15.1] | | github.com/coder/coder/v2 | [>= 2.18.0.a, < 2.18.1] |Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/hashicorp/terraform-plugin-go's releases.
v0.29.0
NOTES:
- all: This Go module has been updated to Go 1.24 per the Go support policy. It is recommended to review the Go 1.24 release notes before upgrading. Any consumers building on earlier Go versions may experience errors. (#556)
- tfprotov5+tfprotov6: An upcoming release will require the
ActionServerimplementation as part ofProviderServer. (#534)FEATURES:
- tfprotov5+tfprotov6: Upgraded protocols and added types to support the new action type. (#534)
- tfprotov5+tfprotov6: Upgraded protocols and added types to support the new list type (#525)
ENHANCEMENTS:
- tftypes:
tftypes.Value.IsFullyNull()allows SDKs to determine when a value is null or consists of only null elements and attributes. (#541)v0.29.0-beta.1
NOTES:
- Updates the
ValidateListResourceConfigRPC to validateinclude_resourceas well aslimit(#538)FEATURES:
- tfprotov5+tfprotov6: Add action validation RPC (#539)
ENHANCEMENTS:
- tftypes:
tftypes.Value.IsFullyNull()allows SDKs to determine when a value is null or consists of only null elements and attributes. (#541)BUG FIXES:
- Fix proto field numbering for
GetProviderSchema(#539)v0.29.0-alpha.1
NOTES:
- This alpha pre-release contains the protocol definitions and Go type definitions for list resources, which are a new type of resource. (#512)
- A
ProviderServerWithListResourcecan be used with theterraform querysubcommand in Terraform 1.13.0-alpha20250708 and later to search unmanaged infrastructure. (#512)- The list resource protocol definitions are considered experimental and may change up until general availability. (#512)
- tfprotov5+tfprotov6: An upcoming release will require the
ValidateListResourceConfigandListResourceimplementations as part ofProviderServer. (#514)
Changelog
Sourced from github.com/hashicorp/terraform-plugin-go's changelog.
0.29.0 (September 17, 2025)
NOTES:
- all: This Go module has been updated to Go 1.24 per the Go support policy. It is recommended to review the Go 1.24 release notes before upgrading. Any consumers building on earlier Go versions may experience errors. (#556)
- tfprotov5+tfprotov6: An upcoming release will require the
ActionServerimplementation as part ofProviderServer. (#534)FEATURES:
- tfprotov5+tfprotov6: Upgraded protocols and added types to support the new action type. (#534)
- tfprotov5+tfprotov6: Upgraded protocols and added types to support the new list type (#525)
ENHANCEMENTS:
- tftypes:
tftypes.Value.IsFullyNull()allows SDKs to determine when a value is null or consists of only null elements and attributes. (#541)0.29.0-beta.1 (July 31, 2025)
NOTES:
- Updates the
ValidateListResourceConfigRPC to validateinclude_resourceas well aslimit(#538)FEATURES:
- tfprotov5+tfprotov6: Add action validation RPC (#539)
ENHANCEMENTS:
- tftypes:
tftypes.Value.IsFullyNull()allows SDKs to determine when a value is null or consists of only null elements and attributes. (#541)BUG FIXES:
- Fix proto field numbering for
GetProviderSchema(#539)0.29.0-alpha.1 (July 08, 2025)
NOTES:
- This alpha pre-release contains the protocol definitions and Go type definitions for list resources, which are a new type of resource. (#512)
- A
ProviderServerWithListResourcecan be used with theterraform querysubcommand in Terraform 1.13.0-alpha20250708 and later to search unmanaged infrastructure. (#512)- The list resource protocol definitions are considered experimental and may change up until general availability. (#512)
- tfprotov5+tfprotov6: An upcoming release will require the
ValidateListResourceConfigandListResourceimplementations as part ofProviderServer. (#514)
Commits
a361c9bUpdate changelog9c9e494add changelog for list (#561)2cd3335add action changelogs (#560)c3810b1Simplify actions to one schema type (#559)0d697e5build(deps): Bump google.golang.org/protobuf from 1.36.8 to 1.36.9 (#557)ef1c33ebuild(deps): Bump google.golang.org/grpc from 1.75.0 to 1.75.1 (#558)45d8122build(deps): Bump github.com/hashicorp/go-plugin from 1.6.3 to 1.7.0 (#555)d021075build(deps): Bump the github-actions group with 2 updates (#556)4c19f06Update action proto v5/v6 definitions to match TF core (#554)f90fa5dbuild(deps): Bump github.com/hashicorp/terraform-registry-address (#553)- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/docker/docker's releases.
v28.5.1
28.5.1
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
- docker/cli, 28.5.1 milestone
- moby/moby, 28.5.1 milestone
- Deprecated and removed features, see Deprecated Features.
- Changes to the Engine API, see API version history.
Bug fixes and enhancements
- Update BuildKit to v0.25.1. moby/moby#51137
- Update Go runtime to 1.24.8. moby/moby#51133, docker/cli#6541
Deprecations
- api/types/image: InspectResponse: deprecate
ParentandDockerVersionfields. moby/moby#51105- api/types/plugin: deprecate
Config.DockerVersionfield. moby/moby#51110v28.5.0
28.5.0
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
- docker/cli, 28.5.0 milestone
- moby/moby, 28.5.0 milestone
- Deprecated and removed features, see Deprecated Features.
- Changes to the Engine API, see API version history.
Bug fixes and enhancements
- Don't print warnings in
docker infofor broken symlinks in CLI-plugin directories. docker/cli#6476- Fix a panic during
statson empty eventActor.ID. docker/cli#6471Packaging updates
- Remove support for legacy CBC cipher suites. docker/cli#6474
- Update Buildkit to v0.25.0. moby/moby#51075
- Update Dockerfile syntax to v1.19.0. moby/moby#51075
Networking
- Eliminated harmless warning about deletion of
endpoint_countfrom the data store. moby/moby#51064- Fix a bug causing IPAM plugins to not be loaded on Windows. moby/moby#51035
API
- Deprecate support for kernel memory TCP accounting (
KernelMemoryTCP). moby/moby#51067- Fix
GET containers/{name}/checkpointsreturningnullinstead of empty JSON array when there are no checkpoints. moby/moby#51052
... (truncated)
Commits
f8215ccMerge pull request #51137 from austinvazquez/cherry-pick-vendor-buildkit-0.25...40a856ahack: add patch to buildkit tests5d1c311vendor: update buildkit to v0.25.190506c1Merge pull request #51133 from vvoland/51132-28.x17db0cdMerge pull request #51128 from thaJeztah/28.x_backport_gcpolicy-invalid-calcu...f7c40eaupdate to go1.24.8dccf7c8builder: use proper percentage calculations for default gc policy0f040aaMerge pull request #51126 from vvoland/51124-28.x5b1a039ci: fix cache for go modules8fa4bd5Merge pull request #51121 from crazy-max/28.x_ci-caches-fixes- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/hashicorp/terraform-plugin-log's releases.
v0.10.0
NOTES:
- This Go module has been updated to Go 1.24 per the Go support policy. Any consumers building on earlier Go versions may experience errors. (#263)
- tfsdklog.RegisterTestSink is deprecated in favor or tfsdklog.ContextWithTestLogging (#264)
FEATURES:
- Added
tfsdklog.ContextWithStandardLogging()for test sweeper logging (#162)
Changelog
Sourced from github.com/hashicorp/terraform-plugin-log's changelog.
0.10.0 (November 13, 2025)
NOTES:
- This Go module has been updated to Go 1.24 per the Go support policy. Any consumers building on earlier Go versions may experience errors. (#263)
- tfsdklog.RegisterTestSink is deprecated in favor or tfsdklog.ContextWithTestLogging (#264)
FEATURES:
- Added
tfsdklog.ContextWithStandardLogging()for test sweeper logging (#162)
Commits
1a25278Update changelog13ad22bAddtfsdklog.ContextWithStdlibLoggingfor consistency (#267)1107e3fbuild(deps): bump golangci/golangci-lint-action (#268)f151a10build(deps): bump actions/upload-artifact in the github-actions group (#266)18815d1Update CODEOWNERS (#265)c20f085Adds logging sink that uses the standard logger (#162)5926d5bDeprecatetfsdklog.RegisterTestSink(#264)534b24b[Chore] Upgrade Go version to 1.24 (#263)374b470build(deps): bump the github-actions group with 2 updates (#262)e486d3achore: remove old docs (#261)- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/coder/coder/v2's releases.
v2.28.3
Changelog
[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our latest stable release while we refine this version. Learn more about our Release Schedule.
Bug fixes
- Upgrade aibridge lib to fix cache issue (#20730) (#20734, 7beb95fd5)
AI Bridge's injected MCP tools were not being set in a stable sort order. This lead to invalidation of the cache in upstream AI providers' APIs, resulting in more cache writes and therefore higher token spend. Deployments with AI Bridge enabled as well as the oauth2 and mcp-server-http experiments will be affected by this bug, and are highly encouraged to upgrade.
Compare:
v2.28.2...v2.28.3Container image
docker pull ghcr.io/coder/coder:v2.28.3Install/upgrade
Refer to our docs to install or upgrade Coder, or use a release asset below.
v2.28.2
Changelog
[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our latest stable release while we refine this version. Learn more about our Release Schedule.
Bug fixes
Compare:
v2.28.1...v2.28.2Container image
docker pull ghcr.io/coder/coder:v2.28.2Install/upgrade
Refer to our docs to install or upgrade Coder, or use a release asset below.
v2.28.1
Changelog
[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our latest stable release while we refine this version. Learn more about our Release Schedule.
Chores
... (truncated)
Commits
7beb95ffix: upgrade aibridge lib to fix cache issue (#20730) (#20734)097e085fix: use correct slog arguments (#20721) (#20723)b8ab2d3chore: update Go to 1.24.10 (#20684) (#20688)1b1e3cbchore: change managed agent limit (#20664)ea0aca0fix(coderd): fix template ai task check error message (#20651) (#20659)563612efix: delete related task when deleting workspace (#20567) (#20585)fa43ea8chore: remove brazil fly.io proxy (#20601) (#20645)d82ba7efix(coderd): disallow POSTing a workspace build on a deleted workspace (#2058...cb4ea1ffix(coderd): fix audit log resource link for tasks (#20545) (#20547)effbe4erefactor: remove TaskAppID from codersdk.WorkspaceBuild (#20583) (#20592)- Additional commits viewable in compare view
Most Recent Ignore Conditions Applied to This Pull Request
| Dependency Name | Ignore Conditions | | --- | --- | | github.com/coder/coder/v2 | [>= 2.15.0.a, < 2.15.1] | | github.com/coder/coder/v2 | [>= 2.18.0.a, < 2.18.1] |Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Commits
4e0068cgo.mod: update golang.org/x dependenciese79546essh: curb GSSAPI DoS risk by limiting number of specified OIDsf91f7a7ssh/agent: prevent panic on malformed constraint2df4153acme/autocert: let automatic renewal work with short lifetime certsbcf6a84acme: pass context to requestb4f2b62ssh: fix error message on unsupported cipher79ec3a5ssh: allow to bind to a hostname in remote forwarding122a78fgo.mod: update golang.org/x dependenciesc0531f9all: eliminate vet diagnostics0997000all: fix some comments- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/docker/docker's releases.
v28.5.2
28.5.2
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
[!CAUTION] This release contains fixes for three high-severity security vulnerabilities in runc:
All three vulnerabilities ultimately allow (through different methods) for full container breakouts by bypassing runc's restrictions for writing to arbitrary
/procfiles.Packaging updates
- Update runc to v1.3.3. moby/moby#51394
Bug fixes and enhancements
- dockerd-rootless.sh: if slirp4netns is not installed, try using pasta (passt). moby/moby#51162
- Update Go runtime to 1.24.9. moby/moby#51387, docker/cli#6613
Deprecations
- Go-SDK: cli/command/image/build: deprecate
DefaultDockerfileName,DetectArchiveReader,WriteTempDockerfile,ResolveAndValidateContextPath. These utilities were only used internally and will be removed in the next release. docker/cli#6610- Go-SDK: cli/command/image/build: deprecate IsArchive utility. docker/cli#6560
- Go-SDK: opts: deprecate
ValidateMACAddress. docker/cli#6560- Go-SDK: opts: deprecate ListOpts.Delete(). docker/cli#6560
Commits
89c5e8fMerge pull request #51396 from thaJeztah/28.x_backport_api_docs9b93878Merge pull request #51395 from thaJeztah/28.x_backport_rootless_reject6178456Merge pull request #51398 from vvoland/51397-28.x0cae4e5vendor: github.com/moby/buildkit v0.25.233cc06fMerge pull request #51394 from vvoland/51393-28.xd525277api/docs: remove BuildCache.Parent field for API v1.42 and up2fbc51bdockerd-rootless.sh: reject DOCKERD_ROOTLESS_ROOTLESSKIT_NET=hostbd98008integration-cli: Adjust nofile limits1967515Dockerfile: update runc binary to v1.3.34489660Merge pull request #51387 from thaJeztah/28.x_bump_go- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/hashicorp/terraform-plugin-framework-validators's releases.
v0.19.0
NOTES:
- all: This Go module has been updated to Go 1.24 per the Go support policy. It is recommended to review the Go 1.24 release notes before upgrading. Any consumers building on earlier Go versions may experience errors. (#307)
FEATURES:
Changelog
Sourced from github.com/hashicorp/terraform-plugin-framework-validators's changelog.
0.19.0 (October 07, 2025)
NOTES:
- all: This Go module has been updated to Go 1.24 per the Go support policy. It is recommended to review the Go 1.24 release notes before upgrading. Any consumers building on earlier Go versions may experience errors. (#307)
FEATURES:
Commits
25a1378Update changelog3f083cabuild(deps): bump the terraform-plugin group with 2 updates (#305)af35c54update go version to 1.24.0 (#307)8e55d8cbuild(deps): bump the github-actions group with 2 updates (#304)ca7df0bbuild(deps): bump the github-actions group with 2 updates (#303)639f59dactionvalidator: Add package for common action configuration validators (#302)073371e[CI] Update lock workflow file23783f1build(deps): bump the terraform-plugin group with 2 updates (#301)d81de64build(deps): bump github.com/hashicorp/terraform-plugin-framework (#300)ee3a2f9build(deps): bump golang.org/x/oauth2 from 0.8.0 to 0.27.0 in /tools (#299)- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from actions/checkout's releases.
v6.0.0
What's Changed
- Update README to include Node.js 24 support details and requirements by
@salmanmkcin actions/checkout#2248- Persist creds to a separate file by
@ericsciplein actions/checkout#2286- v6-beta by
@ericsciplein actions/checkout#2298- update readme/changelog for v6 by
@ericsciplein actions/checkout#2311Full Changelog: https://github.com/actions/checkout/compare/v5.0.0...v6.0.0
v6-beta
What's Changed
Updated persist-credentials to store the credentials under
$RUNNER_TEMPinstead of directly in the local git config.This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.
v5.0.1
What's Changed
- Port v6 cleanup to v5 by
@ericsciplein actions/checkout#2301Full Changelog: https://github.com/actions/checkout/compare/v5...v5.0.1
Changelog
Sourced from actions/checkout's changelog.
Changelog
V6.0.0
- Persist creds to a separate file by
@ericsciplein actions/checkout#2286- Update README to include Node.js 24 support details and requirements by
@salmanmkcin actions/checkout#2248V5.0.1
- Port v6 cleanup to v5 by
@ericsciplein actions/checkout#2301V5.0.0
- Update actions checkout to use node 24 by
@salmanmkcin actions/checkout#2226V4.3.1
- Port v6 cleanup to v4 by
@ericsciplein actions/checkout#2305V4.3.0
- docs: update README.md by
@motssin actions/checkout#1971- Add internal repos for checking out multiple repositories by
@mouismailin actions/checkout#1977- Documentation update - add recommended permissions to Readme by
@benwellsin actions/checkout#2043- Adjust positioning of user email note and permissions heading by
@joshmgrossin actions/checkout#2044- Update README.md by
@nebuk89in actions/checkout#2194- Update CODEOWNERS for actions by
@TingluoHuangin actions/checkout#2224- Update package dependencies by
@salmanmkcin actions/checkout#2236v4.2.2
url-helper.tsnow leverages well-known environment variables by@jww3in actions/checkout#1941- Expand unit test coverage for
isGhesby@jww3in actions/checkout#1946v4.2.1
- Check out other refs/* by commit if provided, fall back to ref by
@orhantoyin actions/checkout#1924v4.2.0
- Add Ref and Commit outputs by
@lucacomein actions/checkout#1180- Dependency updates by
@dependabot- actions/checkout#1777, actions/checkout#1872v4.1.7
- Bump the minor-npm-dependencies group across 1 directory with 4 updates by
@dependabotin actions/checkout#1739- Bump actions/checkout from 3 to 4 by
@dependabotin actions/checkout#1697- Check out other refs/* by commit by
@orhantoyin actions/checkout#1774- Pin actions/checkout's own workflows to a known, good, stable version. by
@jww3in actions/checkout#1776v4.1.6
- Check platform to set archive extension appropriately by
@cory-millerin actions/checkout#1732v4.1.5
- Update NPM dependencies by
@cory-millerin actions/checkout#1703- Bump github/codeql-action from 2 to 3 by
@dependabotin actions/checkout#1694- Bump actions/setup-node from 1 to 4 by
@dependabotin actions/checkout#1696- Bump actions/upload-artifact from 2 to 4 by
@dependabotin actions/checkout#1695
... (truncated)
Commits
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from actions/setup-go's releases.
v6.1.0
What's Changed
Enhancements
- Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by
@nicholasngaiin actions/setup-go#665- Add support for .tool-versions file and update workflow by
@priya-kinthaliin actions/setup-go#673- Add comprehensive breaking changes documentation for v6 by
@mahabaleshwarsin actions/setup-go#674Dependency updates
- Upgrade eslint-config-prettier from 10.0.1 to 10.1.8 and document breaking changes in v6 by
@dependabotin actions/setup-go#617- Upgrade actions/publish-action from 0.3.0 to 0.4.0 by
@dependabotin actions/setup-go#641- Upgrade semver and
@types/semverby@dependabotin actions/setup-go#652New Contributors
@nicholasngaimade their first contribution in actions/setup-go#665@priya-kinthalimade their first contribution in actions/setup-go#673@mahabaleshwarsmade their first contribution in actions/setup-go#674Full Changelog: https://github.com/actions/setup-go/compare/v6...v6.1.0
Commits
4dc6199Bump semver and@types/semver(#652)f3787beAdd comprehensive breaking changes documentation for v6 (#674)3a0c2c8Bump actions/publish-action from 0.3.0 to 0.4.0 (#641)faf5242Add support for .tool-versions file in setup-go, update workflow (#673)7bc60dbFall back to downloading from go.dev/dl instead of storage.googleapis.com/gol...c0137caBump eslint-config-prettier from 10.0.1 to 10.1.8 and document breaking chang...- See full diff in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
Release notes
Sourced from github.com/coder/coder/v2's releases.
v2.28.4
Changelog
[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our latest stable release while we refine this version. Learn more about our Release Schedule.
SECURITY FIXES
Bug fixes
- Backport dynamic parameters fix #20740 (#20777, 8765352fb)
- Backport fix #20769 to 2.28 (#20872, aa5b22cb4)
Compare:
v2.28.3...v2.28.4Container image
docker pull ghcr.io/coder/coder:v2.28.4Install/upgrade
Refer to our docs to install or upgrade Coder, or use a release asset below.
Commits
Most Recent Ignore Conditions Applied to This Pull Request
| Dependency Name | Ignore Conditions | | --- | --- | | github.com/coder/coder/v2 | [>= 2.15.0.a, < 2.15.1] | | github.com/coder/coder/v2 | [>= 2.18.0.a, < 2.18.1] |Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show