1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-01-10 16:11:13 -05:00
Commit graph

1181 commits

Author SHA1 Message Date
Matt Mastracci
dc505e905e
chore(cli): update chrono to remove broken time dep (#20508)
Fixes the last dependabot security warning
2023-09-14 13:17:38 -06:00
Matt Mastracci
5ba89666af
chore: update deno_core + cargo update (#20507) 2023-09-14 19:00:25 +00:00
David Sherret
6dc8682b9a
feat: explicit resource management in TypeScript (#20506)
This adds support for `using` and `await using` declarations in
TypeScript only. We need to wait for v8 to support it for this to work
in JS.
2023-09-14 18:08:59 +00:00
David Sherret
54890ee98b
chore(tests): ability to pattern match unordered lines (#20488)
This adds the ability to pattern match unordered lines. For example, the
downloading messages may appear in any order

```
[UNORDERED_START]
Download https://localhost:4546/a.ts
Download https://localhost:4546/b.ts
[UNORDERED_END]
Hello!
```

Additionally, I've made the pattern matching slightly more strict and the output better.
2023-09-14 16:21:57 +00:00
David Sherret
e60cbfadc0
refactor: use TaskQueue from deno_unsync (#20485) 2023-09-13 23:36:24 -04:00
Matt Mastracci
81d50e1b66
chore: bump deno_core and cargo update (#20480)
Bump deno_core, pulling in new rusty_v8. Requires some op2/deprecation
fixes.
2023-09-13 22:01:31 +00:00
Matt Mastracci
950e0e9cd6
fix(ext/http): create a graceful shutdown API (#20387)
This PR implements a graceful shutdown API for Deno.serve, allowing all
current connections to drain from the server before shutting down, while
preventing new connections from being started or new transactions on
existing connections from being created.

We split the cancellation handle into two parts: a listener handle, and
a connection handle. A graceful shutdown cancels the listener only,
while allowing the connections to drain. The connection handle aborts
all futures. If the listener handle is cancelled, we put the connections
into graceful shutdown mode, which disables keep-alive on http/1.1 and
uses http/2 mechanisms for http/2 connections.

In addition, we now guarantee that all connections are complete or
cancelled, and all resources are cleaned up when the server `finished`
promise resolves -- we use a Rust-side server refcount for this.

Performance impact: does not appear to affect basic serving performance
by more than 1% (~126k -> ~125k)

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2023-09-12 00:06:38 +00:00
Nayeem Rahman
f75a17521d
fix(lsp): respect configured exclusions for testing APIs (#20427)
LSP testing APIs now obey the various file inclusion settings:
- Modules shown in the text explorer now respect the `exclude`,
`test.exclude` and `test.include` fields in `deno.json`, as well as
`deno.enablePaths` in VSCode settings.
- Modules with testing code lens now respect the `"exclude"`,
`test.exclude` and `test.include` fields in `deno.json`. Code lens
already respects `deno.enablePaths`.
2023-09-09 19:37:01 +01:00
Matt Mastracci
947865c054
feat(cli): allow --log-level=trace for additional deep debugging (#20426)
This allows us to opt in to extremely detailed tracing from dependency
libraries, like so:

```
cargo run --features tracing/log,tracing/max_level_trace -- test --log-level=trace -A --unstable ./cli/tests/unit/serve_test.ts 
```

It will not impact normal operation as it requires the
`tracing/max_level_trace` and `tracing/log` to be active.

Note that tracing is already a dependency -- this just makes it a direct
dep of cli so we can access its features more easily.
2023-09-09 12:03:19 -06:00
David Sherret
c521c5fe77
feat: lockfile v3 (#20424)
Details: https://github.com/denoland/deno_lockfile/pull/8
2023-09-08 14:34:57 -04:00
David Sherret
1b7d5937d9
fix(fmt/markdown): improve ignore comment handling (#20421)
Two bug fixes:

* https://github.com/dprint/dprint-plugin-markdown/pull/85
* https://github.com/dprint/dprint-plugin-markdown/pull/84
2023-09-08 16:38:42 +00:00
Nayeem Rahman
17276a1df9
fix: empty include in config file excludes all (#20404) 2023-09-08 15:04:45 +01:00
David Sherret
3fc19dab47
feat: support import attributes (#20342) 2023-09-07 09:09:16 -04:00
Divy Srivastava
9befa566ec
fix(ext/node): implement AES GCM cipher (#20368)
Adds support for AES-GCM 128/256 bit keys in `node:crypto` and
`setAAD()`, `setAuthTag()` and `getAuthTag()`

Uses https://github.com/littledivy/aead-gcm-stream

Fixes https://github.com/denoland/deno/issues/19836
https://github.com/denoland/deno/issues/20353
2023-09-06 11:01:50 +05:30
Igor Zinkovsky
1dc5d42114
fix(ext/kv): add a warning for listenQueue if used with remote KV (#20341) 2023-09-03 17:47:52 -07:00
Nayeem Rahman
e1fb48524d
Reland "feat(lsp): enable via config file detection (#20334)" (#20349) 2023-09-01 21:13:13 +01:00
Bartek Iwańczuk
2b191c6e9d
chore: forward v1.36.4 to main (#20352)
Co-authored-by: denobot <33910674+denobot@users.noreply.github.com>
2023-09-01 18:08:58 +00:00
Bartek Iwańczuk
cd0fcc2257
chore: upgrade deno_core to 0.208.0 (#20340) 2023-08-31 19:56:25 +00:00
Matt Mastracci
653e668c20
chore: bump deno_core to 0.207.0 (#20333)
rusty_v8 -> "0.75.1"
2023-08-30 21:45:47 +02:00
Nayeem Rahman
1cce306022
fix(runtime/permissions): Resolve executable specifiers in allowlists and queries (#14130)
Closes #14122.

Adds two extensions to `--allow-run` behaviour:
- When `--allow-run=foo` is specified and `foo` is found in the `PATH`
at startup, `RunDescriptor::Path(which("foo"))` is added to the
allowlist alongside `RunDescriptor::Name("foo")`. Currently only the
latter is.
- When run permission for `foo` is queried and `foo` is found in the
`PATH` at runtime, either `RunDescriptor::Path(which("foo"))` or
`RunDescriptor::Name("foo")` would qualify in the allowlist. Currently
only the latter does.
2023-08-30 18:52:01 +01:00
David Sherret
c4451d3076
feat(lockfile): add redirects to the lockfile (#20262) 2023-08-29 12:03:02 -05:00
David Sherret
ebfead1021
fix(fmt/markdown): ignore trailing words in code block info string for language detection (#20310) 2023-08-28 12:28:06 +00:00
Matt Mastracci
d104a09f79
chore(core): bump and trim deps (#20265)
Skipping for a later follow-up:

 - base64: #20266
 - notify
 - indexmap (will require follow-up in upstream projects)
2023-08-26 07:10:42 -06:00
Matt Mastracci
8bb4e10881
fix(ext/tls): upgrade webpki version (#20285)
This removes a webpki version that was showing up as vulnerable to
https://github.com/briansmith/webpki/issues/69.

Needed to upgrade `reqwest` as part of this.
2023-08-25 23:40:25 +02:00
Matt Mastracci
fd70b7025b
chore: fully remove atty dep (#20288)
This fully removes the `atty` crate from deno by bumping `env_logger`
and removing the now-unused `atty` dep for runtime.
2023-08-25 17:40:21 +00:00
Matt Mastracci
c272d26ae8
chore(cli): remove atty crate (#20275)
Removes a crate with an outstanding vulnerability.
2023-08-25 07:43:07 -06:00
denobot
3a2d284c96
chore: forward v1.36.3 release commit to main (#20270)
Co-authored-by: Matt Mastracci <matthew@mastracci.com>
2023-08-24 17:53:01 +00:00
dependabot[bot]
a47c160cbc
build(deps): bump trust-dns-server from 0.22.0 to 0.22.1 (#20114)
Bumps [trust-dns-server](https://github.com/bluejekyll/trust-dns) from
0.22.0 to 0.22.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/bluejekyll/trust-dns/releases">trust-dns-server's
releases</a>.</em></p>
<blockquote>
<h2>v0.22.1 - Deny response requests on the server</h2>
<h2>0.22.1</h2>
<h3>Fixed</h3>
<ul>
<li>(server) drop response messages <a
href="https://redirect.github.com/bluejekyll/trust-dns/issues/1952">#1952</a>
by <a href="https://github.com/djc"><code>@​djc</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/bluejekyll/trust-dns/blob/main/CHANGELOG.md">trust-dns-server's
changelog</a>.</em></p>
<blockquote>
<h2>0.22.1</h2>
<h3>Fixed</h3>
<ul>
<li>(server) drop response messages <a
href="https://redirect.github.com/bluejekyll/trust-dns/issues/1952">#1952</a>
by <a href="https://github.com/djc"><code>@​djc</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9f344b54cd"><code>9f344b5</code></a>
bump server and bin crates to 0.22.1</li>
<li><a
href="9e6e77293b"><code>9e6e772</code></a>
update CHANGELOG for 0.22.1</li>
<li><a
href="5f6278154d"><code>5f62781</code></a>
Regenerate the test SSL certificates</li>
<li><a
href="2fd2603171"><code>2fd2603</code></a>
server: drop response messages</li>
<li>See full diff in <a
href="https://github.com/bluejekyll/trust-dns/compare/v0.22.0...v0.22.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=trust-dns-server&package-manager=cargo&previous-version=0.22.0&new-version=0.22.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/denoland/deno/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-24 09:10:26 -06:00
dependabot[bot]
1b77a59be5
build(deps): bump rustls-webpki from 0.100.1 to 0.100.2 (#20241)
Bumps [rustls-webpki](https://github.com/rustls/webpki) from 0.100.1 to
0.100.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rustls/webpki/releases">rustls-webpki's
releases</a>.</em></p>
<blockquote>
<h2>v/0.100.2</h2>
<h2>Release notes</h2>
<ul>
<li>certificate path building and verification is now capped at 100
signature validation operations to avoid the risk of CPU usage
denial-of-service attack when validating crafted certificate chains
producing quadratic runtime. This risk affected both clients, as well as
servers that verified client certificates.</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>v0.100.2 prep by <a
href="https://github.com/cpu"><code>@​cpu</code></a> in <a
href="https://redirect.github.com/rustls/webpki/pull/154">rustls/webpki#154</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rustls/webpki/compare/v/0.100.1...v/0.100.2">https://github.com/rustls/webpki/compare/v/0.100.1...v/0.100.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c8b821450b"><code>c8b8214</code></a>
Bump MSRV to 1.60</li>
<li><a
href="855752292e"><code>8557522</code></a>
Avoid testing MSRV of dev-dependencies</li>
<li><a
href="73a7f0c7d7"><code>73a7f0c</code></a>
Cargo: version 0.100.1 -&gt; 0.100.2</li>
<li><a
href="4ea052366f"><code>4ea0523</code></a>
verify_cert: enforce maximum number of signatures.</li>
<li>See full diff in <a
href="https://github.com/rustls/webpki/compare/v/0.100.1...v/0.100.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rustls-webpki&package-manager=cargo&previous-version=0.100.1&new-version=0.100.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/denoland/deno/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-24 09:09:20 -06:00
Bartek Iwańczuk
f9beb92818
refactor: use "deno_config" crate (#20260)
Moved the configuration file to https://github.com/denoland/deno_config
as we will have to use it in other projects.
2023-08-24 11:21:34 +02:00
Matt Mastracci
b1ce2e4167
fix(ext/web): add stream tests to detect v8slice split bug (#20253)
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2023-08-23 17:03:05 -06:00
David Sherret
8649648b43
fix(lint): erroneous remove await in async (#20235)
Closes #20229
2023-08-22 12:16:35 +02:00
Heyang Zhou
6d4a005e41
feat(ext/kv): connect to remote database (#20178)
This patch adds a `remote` backend for `ext/kv`. This supports
connection to Deno Deploy and potentially other services compatible with
the KV Connect protocol.
2023-08-22 13:56:00 +08:00
David Sherret
5834d282d4
refactor: upgrade deno_ast 0.28 and deno_semver 0.4 (#20193) 2023-08-21 09:53:52 +00:00
David Sherret
6082e51094
fix(cli): handle missing now field in cache (#20192)
Fixes this error message:

```
error: missing field `now` at line 32 column 1
```

This would occur if someone used an old version of the deno_cache
library to cache information in the cache then tried to load it with the
latest CLI. Regression in the last patch when migrating to the
deno_cache_dir crate.
2023-08-17 15:25:00 +00:00
Matt Mastracci
23ff0e722e
feat(ext/web): resourceForReadableStream (#20180)
Extracted from fast streams work.

This is a resource wrapper for `ReadableStream`, allowing us to treat
all `ReadableStream` instances as resources, and remove special paths in
both `fetch` and `serve`.

Performance with a ReadableStream response yields ~18% improvement:

```
  return new Response(new ReadableStream({
    start(controller) {
      controller.enqueue(new Uint8Array([104, 101, 108, 108, 111, 32, 119, 111, 114, 108, 100]));
      controller.close();
    }
  })
```

This patch:

```
12:36 $ third_party/prebuilt/mac/wrk http://localhost:8080
Running 10s test @ http://localhost:8080
  2 threads and 10 connections
  Thread Stats   Avg      Stdev     Max   +/- Stdev
    Latency    99.96us  100.03us   6.65ms   98.84%
    Req/Sec    47.73k     2.43k   51.02k    89.11%
  959308 requests in 10.10s, 117.10MB read
Requests/sec:  94978.71
Transfer/sec:     11.59MB
```

main:

```
Running 10s test @ http://localhost:8080
  2 threads and 10 connections
  Thread Stats   Avg      Stdev     Max   +/- Stdev
    Latency   163.03us  685.51us  19.73ms   99.27%
    Req/Sec    39.50k     3.98k   66.11k    95.52%
  789582 requests in 10.10s, 82.83MB read
Requests/sec:  78182.65
Transfer/sec:      8.20MB
```
2023-08-17 07:52:37 -06:00
Heyang Zhou
0960e895da
fix(ext/kv): retry transaction on SQLITE_BUSY errors (#20189)
Properly handle the `SQLITE_BUSY` error code by retrying the
transaction.

Also wraps database initialization logic in a transaction to protect
against incomplete/concurrent initializations.

Fixes https://github.com/denoland/deno/issues/20116.
2023-08-17 18:53:55 +08:00
Matt Mastracci
babfba14ef
chore: deno_core -> 0.201.0 (#20135) 2023-08-12 19:04:45 +00:00
Divy Srivastava
94d664535b
chore: forward v1.36.1 to main (#20119)
Co-authored-by: denobot <33910674+denobot@users.noreply.github.com>
Co-authored-by: littledivy <littledivy@users.noreply.github.com>
2023-08-10 16:44:41 +03:00
Divy Srivastava
91dc6fa5f1
chore: upgrade fastwebsockets to 0.4.4 (#19089)
Fixes https://github.com/denoland/deno/issues/19041
2023-08-10 09:59:06 +05:30
Yusuke Tanaka
f2e30a6f79
refactor(cli): move snapshot_from_lockfile function to deno_npm (#20024)
This commit moves `snapshot_from_lockfile` function to [deno_npm
crate](https://github.com/denoland/deno_npm). This allows this function
to be called outside Deno CLI (in particular, Deno Deploy).
2023-08-08 10:07:29 -07:00
David Sherret
05f838a57c
refactor: use deno_cache_dir crate (#20092)
Uses https://github.com/denoland/deno_cache/pull/26
2023-08-08 14:23:02 +00:00
David Sherret
a037ed77a2
fix(fmt): do not insert expr stmt leading semi-colon in do while stmt body (#20093)
This is for when semiColons: false

Closes #20089
2023-08-08 09:15:19 -04:00
David Sherret
7b5bc87f29
fix(unstable): vendor cache should support adding files to hashed directories (#20070)
This changes the design of the manifest.json file to have a separate
"folders" map for mapping hashed directories. This allows, for example,
to add files in a folder like `http_localhost_8000/#testing_5de71/` and
have them be resolved automatically as long as their remaining
components are identity-mappable to the file system (not hashed). It
also saves space in the manifest.json file by only including the hashed
directory instead of each descendant file.

```
// manifest.json
{
  "folders": {
    "https://localhost/NOT_MAPPABLE/": "localhost/#not_mappable_5cefgh"
  },
  "modules": {
    "https://localhost/folder/file": {
      "headers": {
        "content-type": "application/javascript"
      }
    },
  }
}

// folder structure
localhost
  - folder
    - #file_2defn (note: I've made up the hashes in these examples)
  - #not_mappable_5cefgh
    - mod.ts
    - etc.ts
    - more_files.ts
```
2023-08-06 12:25:48 -04:00
Nayeem Rahman
b96f283064
refactor: remove snapshot_module_load_cb (#20043) 2023-08-05 23:00:38 +00:00
Matt Mastracci
85a2b281f5
chore: use zlib-ng for flate2 (#20059)
Extracted from PR #16011
2023-08-05 15:43:16 -06:00
Luca Bruno
72d9f06090
chore(cargo): update async-compression/flate2/miniz to latest (#20049)
This bumps `async-compression` dependency in `deno_http` to latest, in
order to avoid having multiple duplicate versions.
Related, it also unpin a stale `flate2` dependency so that the whole
chain of `async-compression` -> `flate2` -> `miniz_oxide` can surface up
to current versions.
The lockfile entries for all of the above crates have been update
accordingly; the new tree of dependencies looks like this:
```
$ cargo tree -i -p miniz_oxide

miniz_oxide v0.7.1
└── flate2 v1.0.26
    └── async-compression v0.4.1
```
2023-08-04 18:30:14 +02:00
Matt Mastracci
0f07dc95f1
chore: fix pty support on Macs (#20037)
Many of the CI tests have been failing on my M2 Pro mac (Ventura 13.4)
when running inside of a vscode terminal (a strange `ENOTTY` error).
This modifies the pty-handling code to use libc directly rather than the
older pty library that appears mostly unmaintained (outside of
@littledivy's fork).

As a bonus, this should allow us to run pty tests on the mac CI runner.

After this PR, the tests now complete with 100% success on my local
machine. Before this PR, I needed to pass `CI=true` to get my local test
suite to pass.
2023-08-03 14:04:37 -06:00
denobot
6ba245fe25
1.36.0 (#20036)
Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
2023-08-03 18:26:25 +02:00
Bartek Iwańczuk
9d1c32945c
fix: regression in workers using dynamic imports (#20006)
Closes https://github.com/denoland/deno/issues/19903
2023-08-02 01:19:44 +00:00