Is there an existing issue for this?
OS/Web Information
Vulnerable qs dependency (< 6.14.1)
A security vulnerability has been reported in the qs package affecting versions earlier than 6.14.1:
In code-server, the qs dependency is currently locked to version 6.4.0:
This version appears to fall within the affected range described in the advisory.
Expected behavior
Upgrade qs to version 6.14.1 or later, or otherwise mitigate the reported vulnerability.
Steps to Reproduce
Expected
Upgrade qs to version 6.14.1 or later, or otherwise mitigate the reported vulnerability.
Actual
qs dependency is currently locked to version 6.4.0:
Logs
Screenshot/Video
No response
Does this bug reproduce in native VS Code?
Yes, this is also broken in native VS Code
Does this bug reproduce in VS Code web?
Yes, this is also broken in VS Code web
Does this bug reproduce in GitHub Codespaces?
Yes, this is also broken in GitHub Codespaces
Are you accessing code-server over a secure context?
Notes
No response
Is there an existing issue for this?
OS/Web Information
Vulnerable
qsdependency (< 6.14.1)A security vulnerability has been reported in the
qspackage affecting versions earlier than 6.14.1:In
code-server, theqsdependency is currently locked to version 6.4.0:This version appears to fall within the affected range described in the advisory.
Expected behavior
Upgrade
qsto version 6.14.1 or later, or otherwise mitigate the reported vulnerability.Steps to Reproduce
Expected
Upgrade
qsto version 6.14.1 or later, or otherwise mitigate the reported vulnerability.Actual
qsdependency is currently locked to version 6.4.0:Logs
Screenshot/Video
No response
Does this bug reproduce in native VS Code?
Yes, this is also broken in native VS Code
Does this bug reproduce in VS Code web?
Yes, this is also broken in VS Code web
Does this bug reproduce in GitHub Codespaces?
Yes, this is also broken in GitHub Codespaces
Are you accessing code-server over a secure context?
Notes
No response