Comparing changes

Current pull request contains patched `CHANGELOG.md` file for the `v0.7.2` version. Co-authored-by: GitHub Action <action@github.com>

…19 to 3.320 (#219) Bumps [org.jetbrains.intellij.plugins:structure-toolbox](https://github.com/JetBrains/intellij-plugin-verifier) from 3.319 to 3.320. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/JetBrains/intellij-plugin-verifier/commits">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.jetbrains.intellij.plugins:structure-toolbox&package-manager=gradle&previous-version=3.319&new-version=3.320)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Netflix would like the ability to use application name displayed in the dashboard as the main page title instead of the URL. This PR adds a new option `useAppNameAsTitle` that allows users to specify whether or not they want to use the application name visible in the dashboard as Tbx main tile instead of the URL. The default will remain the URL. Unlike previous settings added for Netflix this one is also configurable from the UI (Coder Settings page) so not only via settings.json file. This is an option that probably makes sense for more users.

Netflix uses custom MFA that requires CLI middleware to handle auth flow. The custom CLI implementation on their side intercepts 403 responses from the REST API, handles the MFA challenge, and retries the rest call again. The MFA challenge is handled only by the `start` and `ssh` actions. The remaining actions can go directly to the REST endpoints because of the custom header command that provides MFA tokens to the http calls. Both Gateway and VS Code extension delegate the start logic to the CLI, but not Toolbox which caused issues for the customer. This PR ports some of the work from Gateway in Coder Toolbox.

@asher

Current approach with a secondary poll loop that handles the start action of a workspace is overengineered. Basically the problem is the CLI takes too long before moving the workspace into the queued/starting state, during which the user doesn't have any feedback. To address the issue we: - stopped the main poll loop from updating the environment - moved the environment in the queued state immediately after the start button was pushed. - started a poll loop that moved the workspace from queued state to starting space only after that state became available in the backend. The intermediary stopped state is skipped by the secondary poll loop. @asher pointed out that a better approach can be implemented. We already store the status, and workspace and the agent in the environment. When the start comes in: 1. We directly update the env. status to "queued" 2. We only change the environment status if there is difference in the existing workspace&agent status vs the status from the main poll loop 3. no secondary poll loop is needed.

This adds support for automatically recovering from SSL handshake errors when certificates expired. When an SSL error occurs, the plugin will now attempt to execute a configured external command to refresh certificates. If successful, the SSL context is reloaded and the failed request is transparently retried. This improves reliability in environments with short-lived or frequently rotating certificates. Netflix requested this, they don't have a reliable mechanism to detect and refresh the certificates before any major disruption in Coder Toolbox.

Bumps org.jetbrains.changelog from 2.4.0 to 2.5.0. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.jetbrains.changelog&package-manager=gradle&previous-version=2.4.0&new-version=2.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps `bouncycastle` from 1.82 to 1.83. Updates `org.bouncycastle:bcpg-jdk18on` from 1.82 to 1.83 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html">org.bouncycastle:bcpg-jdk18on's changelog</a>.</em></p> <blockquote>    <p>2.1.1 Version Release: 1.83 Date: 2025, November 27th.</p>  <p>2.2.1 Version Release: 1.82 Date: 2025, 17th September.</p>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/bcgit/bc-java/commits">compare view</a></li> </ul> </details> <br /> Updates `org.bouncycastle:bcprov-jdk18on` from 1.82 to 1.83 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html">org.bouncycastle:bcprov-jdk18on's changelog</a>.</em></p> <blockquote>    <p>2.1.1 Version Release: 1.83 Date: 2025, November 27th.</p>  <p>2.2.1 Version Release: 1.82 Date: 2025, 17th September.</p>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/bcgit/bc-java/commits">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Major features were added like the ability to refresh mTLS certificates and start workspace via CLI instead of REST API

Current pull request contains patched `CHANGELOG.md` file for the `v0.8.0` version. Co-authored-by: GitHub Action <action@github.com>

… 2.0.49 to 2.0.50 (#230) Bumps [org.jetbrains.intellij:plugin-repository-rest-client](https://github.com/JetBrains/plugin-repository-rest-client) from 2.0.49 to 2.0.50. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/JetBrains/plugin-repository-rest-client/commits">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.jetbrains.intellij:plugin-repository-rest-client&package-manager=gradle&previous-version=2.0.49&new-version=2.0.50)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [io.mockk:mockk](https://github.com/mockk/mockk) from 1.14.6 to 1.14.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/mockk/mockk/releases">io.mockk:mockk's releases</a>.</em></p> <blockquote> <h2>v1.14.7</h2> <h2>What's Changed</h2> <ul> <li>fix: normalize value class arguments in EqMatcher for consistent comparison by <a href="https://github.com/edwardmp"><code>@edwardmp</code></a> in <a href="https://redirect.github.com/mockk/mockk/pull/1440">mockk/mockk#1440</a></li> <li>Add configurable logging to withArg & withNullableArg by <a href="https://github.com/OsaSoft"><code>@OsaSoft</code></a> in <a href="https://redirect.github.com/mockk/mockk/pull/1441">mockk/mockk#1441</a></li> <li>docs(readme): document suppressing superclass calls by <a href="https://github.com/ch200203"><code>@ch200203</code></a> in <a href="https://redirect.github.com/mockk/mockk/pull/1444">mockk/mockk#1444</a></li> <li>Fix for issue <a href="https://redirect.github.com/mockk/mockk/issues/1103">#1103</a>. by <a href="https://github.com/sdetilly"><code>@sdetilly</code></a> in <a href="https://redirect.github.com/mockk/mockk/pull/1449">mockk/mockk#1449</a></li> <li>Fix configuration option example for restricted classes by <a href="https://github.com/TWiStErRob"><code>@TWiStErRob</code></a> in <a href="https://redirect.github.com/mockk/mockk/pull/1465">mockk/mockk#1465</a></li> <li>Fix InaccessibleObjectException when spying on JDK interfaces on JDK 16+ by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/mockk/mockk/pull/1457">mockk/mockk#1457</a></li> <li>Fix Java 11 compatibility: replace Random.nextLong(long, long) with Java 8 compatible alternative by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/mockk/mockk/pull/1456">mockk/mockk#1456</a></li> <li>Add optional restricted mock system property by <a href="https://github.com/nishatoma"><code>@nishatoma</code></a> in <a href="https://redirect.github.com/mockk/mockk/pull/1454">mockk/mockk#1454</a></li> <li>Fix StackOverflowError when mocking methods returning ArrayList by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/mockk/mockk/pull/1464">mockk/mockk#1464</a></li> <li>Change JUnit 4/5 dependencies from implementation to compileOnly by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/mockk/mockk/pull/1455">mockk/mockk#1455</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/edwardmp"><code>@edwardmp</code></a> made their first contribution in <a href="https://redirect.github.com/mockk/mockk/pull/1440">mockk/mockk#1440</a></li> <li><a href="https://github.com/OsaSoft"><code>@OsaSoft</code></a> made their first contribution in <a href="https://redirect.github.com/mockk/mockk/pull/1441">mockk/mockk#1441</a></li> <li><a href="https://github.com/sdetilly"><code>@sdetilly</code></a> made their first contribution in <a href="https://redirect.github.com/mockk/mockk/pull/1449">mockk/mockk#1449</a></li> <li><a href="https://github.com/Copilot"><code>@Copilot</code></a> made their first contribution in <a href="https://redirect.github.com/mockk/mockk/pull/1457">mockk/mockk#1457</a></li> <li><a href="https://github.com/nishatoma"><code>@nishatoma</code></a> made their first contribution in <a href="https://redirect.github.com/mockk/mockk/pull/1454">mockk/mockk#1454</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/mockk/mockk/compare/1.14.6...1.14.7">https://github.com/mockk/mockk/compare/1.14.6...1.14.7</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/mockk/mockk/commit/3b99349b693308aacf1a4031bbbd252506feb488"><code>3b99349</code></a> Version bump</li> <li><a href="https://github.com/mockk/mockk/commit/d0e14bb764eb2bc312d3f15d5df9801d801851d0"><code>d0e14bb</code></a> Merge pull request <a href="https://redirect.github.com/mockk/mockk/issues/1455">#1455</a> from mockk/copilot/remove-transitive-junit-dependency</li> <li><a href="https://github.com/mockk/mockk/commit/9372ca62b88d67c1719ce6d4f50953a984741df9"><code>9372ca6</code></a> Merge pull request <a href="https://redirect.github.com/mockk/mockk/issues/1464">#1464</a> from mockk/copilot/fix-stackoverflow-error-mockk</li> <li><a href="https://github.com/mockk/mockk/commit/73736a6ecd592eff99c49fae8d00dc2da7123358"><code>73736a6</code></a> Address code review feedback for parseParamTypes</li> <li><a href="https://github.com/mockk/mockk/commit/6866dd0c75f9e8a3acc5b4fd00f0e585c28387bf"><code>6866dd0</code></a> Merge pull request <a href="https://redirect.github.com/mockk/mockk/issues/1454">#1454</a> from nishatoma/add-strict-mocking-system-property</li> <li><a href="https://github.com/mockk/mockk/commit/ea99f8804bbb9b941b3854bc77502c13324828ea"><code>ea99f88</code></a> Merge pull request <a href="https://redirect.github.com/mockk/mockk/issues/1456">#1456</a> from mockk/copilot/fix-mockk-compatibility-issue</li> <li><a href="https://github.com/mockk/mockk/commit/b7b72de983a0da71e531d8c9b2b68f84743189b6"><code>b7b72de</code></a> Merge pull request <a href="https://redirect.github.com/mockk/mockk/issues/1457">#1457</a> from mockk/copilot/fix-inaccessibleobjectexception</li> <li><a href="https://github.com/mockk/mockk/commit/08d1d1d8e466466f46c448ef459cecdde5585e49"><code>08d1d1d</code></a> Address comments</li> <li><a href="https://github.com/mockk/mockk/commit/7681de2aaa26a6a73aa6a21fe57428ef80c87146"><code>7681de2</code></a> Merge pull request <a href="https://redirect.github.com/mockk/mockk/issues/1465">#1465</a> from TWiStErRob/patch-2</li> <li><a href="https://github.com/mockk/mockk/commit/54e61544105b549c4d29a44370ef8f604caaca0d"><code>54e6154</code></a> Fix configuration option example for restricted classes</li> <li>Additional commits viewable in <a href="https://github.com/mockk/mockk/compare/1.14.6...1.14.7">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=io.mockk:mockk&package-manager=gradle&previous-version=1.14.6&new-version=1.14.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…ened (#227) Netflix reported that only seems to reproduce on Linux (we've only tested Ubuntu so far). I can’t reproduce it on macOS. First, here’s some context: 1. Polling workspaces: Coder Toolbox polls the deployment every 5 seconds for workspace updates. These updates (new workspaces, deletions,status changes) are stored in a cached “environments” list (an oversimplified explanation). When a URI is executed, we reset the content of the list and run the login sequence, which re-initializes the HTTP poller and CLI using the new deployment URL and token. A new polling loop then begins populating the environments list again. 2. Cache monitoring: Toolbox watches this cached list for changes—especially status changes, which determine when an SSH connection can be established. In Netflix’s case, they launched Toolbox, created a workspace from the Dashboard, and the poller added it to the environments list. When the workspace switched from starting to ready, they used a URI to connect to it. The URI reset the list, then the poller repopulated it. But because the list had the same IDs (but new object references), Toolbox didn’t detect any changes. As a result, it never triggered the SSH connection. This issue only reproduces on Linux, but it might explain some of the sporadic macOS failures Atif mentioned in the past. I need to dig deeper into the Toolbox bytecode to determine whether this is a Toolbox bug, but it does seem like Toolbox wasn’t designed to switch cleanly between multiple deployments and/or users. The current Coder plugin behavior—always performing a full login sequence on every URI—is also ...sub-optimal. It only really makes sense in these scenarios: 1. Toolbox started with deployment A, but the URI targets deployment B. 2. Toolbox started with deployment A/user X, but the URI targets deployment A/user Y. But this design is inefficient for the most common case: connecting via URI to a workspace on the same deployment and same user. While working on the fix, I realized that scenario (2) is not realistic. On the same host machine, why would multiple users log into the same deployment via Toolbox? The whole fix revolves around the idea of just recreating the http client and updating the CLI with the new token instead of going through the full authentication steps when the URI deployment URL is the same as the currently opened URL The fix focuses on simply recreating the HTTP client and updating the CLI token when the URI URL matches the existing deployment URL, instead of running a full login. This PR splits responsibilities more cleanly: - CoderProtocolHandler now only finds the workspace and agent and handles IDE installation and launch. - the logic for creating a new HTTP client, updating the CLI, cleaning up old resources (polling loop, environment cache), and handling deployment URL changes is separated out. The benefits would be: - shared logic for cleanup and re-initialization, with less coupling and clearer, more maintainable code. - a clean way to check whether the URI’s deployment URL matches the current one and react appropriately when they differ.

Current pull request contains patched `CHANGELOG.md` file for the `v0.8.1` version. Co-authored-by: GitHub Action <action@github.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Comparing changes

Open a pull request

Commits on Nov 4, 2025

Commits on Nov 10, 2025

Commits on Nov 12, 2025

Commits on Nov 20, 2025

Commits on Nov 26, 2025

Commits on Dec 1, 2025

Commits on Dec 3, 2025

Commits on Dec 8, 2025

Commits on Dec 10, 2025

Commits on Dec 11, 2025

This comparison is taking too long to generate.

Uh oh!