1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-01-15 10:35:19 -05:00
Commit graph

74 commits

Author SHA1 Message Date
Bartek Iwańczuk
5504acea67
feat: add --allow-import flag (#25469)
This replaces `--allow-net` for import permissions and makes the
security sandbox stricter by also checking permissions for statically
analyzable imports.

By default, this has a value of
`--allow-import=deno.land:443,jsr.io:443,esm.sh:443,raw.githubusercontent.com:443,gist.githubusercontent.com:443`,
but that can be overridden by providing a different set of hosts.

Additionally, when no value is provided, import permissions are inferred
from the CLI arguments so the following works because
`fresh.deno.dev:443` will be added to the list of allowed imports:

```ts
deno run -A -r https://fresh.deno.dev
```

---------

Co-authored-by: David Sherret <dsherret@gmail.com>
2024-09-26 01:50:54 +00:00
Leo Kettmeir
a1d0a427e8
feat: default to TS for file extension and support ext flag in more scenarios (#25472)
Closes #11220
Currently does lint, fmt, and repl
2024-09-18 21:15:13 +02:00
Yazan AbdAl-Rahman
bed46474b2
fix: do not panic running invalid file specifier (#25530)
Co-authored-by: Bedis Nbiba <bedisnbiba@gmail.com>
2024-09-18 14:51:39 +01:00
Nathan Whitaker
e81c67ba22
feat(permissions): Deno.mainModule doesn't require permissions (#25667)
Closes https://github.com/denoland/deno/issues/7315.
2024-09-16 13:43:52 -07:00
David Sherret
62e952559f
refactor(permissions): split up Descriptor into Allow, Deny, and Query (#25508)
This makes the permission system more versatile.
2024-09-16 21:39:37 +01:00
Bartek Iwańczuk
968f441da3
test: rewrite some ignored tests to spec tests (#25652)
Ref https://github.com/denoland/deno/issues/25241

Rewritten these tests:
- check::package_json_basic
- check::package_json_fail_check
- check::package_json_with_deno_json
- info::package_json_basic
- test::package_json_basic
- run::package_json_auto_discovered_for_npm_binary
- run::package_json_with_deno_json
2024-09-16 15:39:58 +02:00
Asher Gomez
e4ea9be874
chore: cleanup remaining internals.future code (#25624) 2024-09-16 09:28:35 +10:00
Asher Gomez
8476bbff9a
feat: stabilize Deno.createHttpClient() (#25569)
Closes #25518
2024-09-12 10:46:48 +10:00
Kenta Moriuchi
e522f4b65a
BREAKING(temporal/unstable): Remove obsoleted Temporal APIs part 2 (#25505)
Mainly I removed `Temporal.Calendar` and `Temporal.TimeZone` and
replaced them to APIs that handle calendar and timezone as strings.
https://github.com/tc39/proposal-temporal/pull/2925

Related #24836
2024-09-10 21:36:43 +00:00
Luca Casonato
7bfcb4dd10
feat(cli): use NotCapable error for permission errors (#25431)
Closes #7394

---------

Co-authored-by: snek <snek@deno.com>
2024-09-10 11:12:24 -07:00
Bartek Iwańczuk
9a169e3cf1
test: remove usage of --unstable flag (#25549)
This commit removes all occurrences of `--unstable` flag
from all the tests that are run in CI.

Turns out none of the tests actually required that flag
anymore.
2024-09-10 11:28:59 +00:00
Bartek Iwańczuk
064a73f7a0
BREAKING: Remove --unstable flag (#25522)
This commit effectively removes the --unstable flag.

It's still being parsed, but it only prints a warning that a granular
flag should be used instead and doesn't actually enable any
unstable feature.

Closes https://github.com/denoland/deno/issues/25485
Closes https://github.com/denoland/deno/issues/23237
2024-09-09 23:44:29 +02:00
David Sherret
560ad0331b
fix(node/byonm): do not accidentally resolve bare node built-ins (#25543)
This was accidentally enabled in byonm, but it requires the
`--unstable-bare-node-builtins` flag.

Closes #25358
2024-09-09 21:35:41 +00:00
Bartek Iwańczuk
04a9cc95ac
feat: Add better error messages for unstable APIs (#25519)
This commit improves error messages for unstable APIs:
- `--unstable-broadcast-channel`
- `--unstable-cron`
- `--unstable-http`
- `--unstable-kv`
- `--unstable-temporal`

By providing information and hints what went wrong and how the
error can be fixed. It reuses the same infra that was added in 
https://github.com/denoland/deno/pull/21764.
2024-09-09 22:51:55 +02:00
Bartek Iwańczuk
dfc5eec43c
feat: Allow importing .cjs files (#25426)
This commit adds support for executing top-level `.cjs` files, 
as well as import `.cjs` files from within npm packages.

This works only for `.cjs` files, the contents of sibling `package.json`
are not consulted for the `"type"` field.

Closes https://github.com/denoland/deno/issues/25384

---------

Signed-off-by: David Sherret <dsherret@users.noreply.github.com>
Co-authored-by: Luca Casonato <hello@lcas.dev>
Co-authored-by: David Sherret <dsherret@users.noreply.github.com>
2024-09-05 07:59:12 +00:00
David Sherret
07ad47da53
BREAKING(config): make supported compilerOptions an allow list (#25432)
Deno has been using a deny list, which doesn't make sense because a lot
of these options don't even work.

Closes #25363
2024-09-04 17:39:30 +02:00
David Sherret
74fc66da11
fix: lock down allow-run permissions more (#25370)
`--allow-run` even with an allow list has essentially been
`--allow-all`... this locks it down more.

1. Resolves allow list for `--allow-run=` on startup to an absolute
path, then uses these paths when evaluating if a command can execute.
Also, adds these paths to `--deny-write`
1. Resolves the environment (cwd and env vars) before evaluating
permissions and before executing a command. Then uses this environment
to evaluate the permissions and then evaluate the command.
2024-09-04 14:51:24 +02:00
Luca Casonato
5cf97f539b
BREAKING(permissions): remove --allow-hrtime (#25367)
Remove `--allow-hrtime` and `--deny-hrtime`. We are doing this because
it is already possible to get access to high resolution timers through
workers and SharedArrayBuffer.

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-09-03 11:24:25 +02:00
David Sherret
bf7571a6f9
fix: make some warnings more standard (#25324) 2024-09-03 10:45:01 +02:00
Bartek Iwańczuk
1f51b5310f
feat: support DENO_LOG env var instead of RUST_LOG (#25356)
Instead of `RUST_LOG` env var, we now support `DENO_LOG` env var.
This is done to be able to set a setting specific to `deno` that
wouldn't impact
other binaries written in Rust.

Ref
https://github.com/denoland/deno/issues/10558#issuecomment-2324300211
2024-09-03 10:36:28 +02:00
Bartek Iwańczuk
42cf762cf4
chore: cleanup code for unstable tests (#25330)
Towards https://github.com/denoland/deno/issues/25241

Removes code for tests of unstable APIs that were stabilized with Deno
2.0.0-rc.0.
2024-08-31 23:38:21 +02:00
David Sherret
f891e73bbf
refactor: remove DENO_FUTURE (#25314) 2024-08-30 21:58:24 +00:00
Bartek Iwańczuk
b1c6142f74
BREAKING: DENO_FUTURE=1 by default, or welcome to Deno 2.0 (#25213)
This commit effectively turns Deno into Deno 2.0.

This is done by forcing `DENO_FUTURE=1` env var, that was available in
the past few months to try Deno 2 changes.

This commit contains several breaking changes scheduled for Deno 2:
- all deprecated JavaScript APIs are not available any more, mostly
`Deno.*` APIs
- `window` global is removed
- FFI, WebGPU and FS APIs are now stable and don't require
`--unstable-*` flags
- import assertions are no longer supported
- "bring your own node modules" is enabled by default

This is the first commit in a series that are scheduled before the Deno
2 release.

Follow up work is tracked in
https://github.com/denoland/deno/issues/25241.

---------

Co-authored-by: Asher Gomez <ashersaupingomez@gmail.com>
Co-authored-by: Nayeem Rahman <nayeemrmn99@gmail.com>
Co-authored-by: Nathan Whitaker <nathan@deno.com>
2024-08-30 13:58:58 -04:00
David Sherret
c6793f52b9
fix(permissions): disallow any LD_ or DYLD_ prefixed env var without full --allow-run permissions (#25271)
Follow up to https://github.com/denoland/deno/pull/25221

I looked into what the list was and it was quite extensive, so I think
as suggested in
https://github.com/denoland/deno/issues/11964#issuecomment-2314585135 we
should disallow this for any `LD_` prefixed env var.
2024-08-28 21:11:37 -04:00
David Sherret
b708a13eb0
feat: improve lockfile v4 to store normalized version constraints and be more terse (#25247)
Stores normalized version constraints in the lockfile, which will
improve reproducibility and will fix a bug with duplicate specifiers
ending up in the lockfile. Also, gets rid of some duplicate data in the
specifiers area of the lockfile.
2024-08-28 14:17:47 -04:00
David Sherret
c89a20b428
perf(cache): single cache file for remote modules (#24983)
This changes the global cache to store the cache file for remote modules
in one file instead of two.
2024-08-26 23:59:17 +00:00
David Sherret
e13230226f
feat: lockfile v4 by default (#25165)
This won't be fully stabilized until 2.0 is released.
2024-08-26 23:01:50 +00:00
melbourne2991
0eba180fdb
fix(repl): Prevent panic on broken pipe (#21945) 2024-08-20 00:21:12 +00:00
Bartek Iwańczuk
ab8802f49b
feat(permissions): link to docs in permission prompt (#24948)
This commit updates permission prompt to add a link
to the documentation for particular flag.

Additionally the box drawings around the prompt have been slightly
altered for better visibility.

<img width="737" alt="Screenshot 2024-08-08 at 12 42 32"
src="https://github.com/user-attachments/assets/6ae748cd-4f29-439d-b0ee-f28f565f211a">
2024-08-08 15:39:31 +02:00
David Sherret
6fce23c54e
perf: skip saving to emit cache after first failure (#24896) 2024-08-08 09:41:30 +00:00
Satya Rohith
8c2f1f5a55
chore: upgrade to rust 1.80 (#24778) 2024-07-29 12:58:04 -04:00
David Sherret
763f05e74d
fix(unstable): move sloppy-import warnings to lint rule (#24710)
Adds a new `no-sloppy-imports` lint rule and cleans up the lint code.

Closes #22844
Closes https://github.com/denoland/deno_lint/issues/1293
2024-07-25 09:07:59 -04:00
Asher Gomez
f248050cb4
chore: use @std prefix for internal module specifiers (#24543)
This change aims to replace all relative import specifiers targeted at
`tests/util/std` with mapped ones (using a `deno.json` file). Towards
updating the `std` git submodule.
2024-07-25 10:26:54 +10:00
Bartek Iwańczuk
7b33623b1d
Reland "refactor(fetch): reimplement fetch with hyper instead of reqwest" (#24593)
Originally landed in
f6fd6619e7.
Reverted in https://github.com/denoland/deno/pull/24574.

This reland contains a fix that sends "Accept: */*" header for calls made
from "FileFetcher". Absence of this header made downloading source code
from JSR broken. This is tested by ensuring this header is present in the
test server that servers JSR packages.

---------

Co-authored-by: Sean McArthur <sean@seanmonstar.com>
2024-07-18 01:37:31 +02:00
Ryan Dahl
e0cfc9da39
Revert "refactor(fetch): reimplement fetch with hyper instead of reqwest (#24237)" (#24574)
This reverts commit f6fd6619e7.

I'm seeing a difference between canary and 1.45.2. In
`deno-docs/reference_gen` I can't download dax when running `deno task
types`

```
~/src/deno-docs/reference_gen# deno upgrade --canary
Looking up latest canary version
Found latest version f6fd6619e7
Downloading https://dl.deno.land/canary/f6fd6619e708a515831f707438368d81b0c9aa56/deno-aarch64-apple-darwin.zip
Deno is upgrading to version f6fd6619e7
Archive:  /var/folders/9v/kys6gqns6kl8nksyn4l1f9v40000gn/T/.tmpb5lDnq/deno.zip
  inflating: deno
Upgraded successfully

~/src/deno-docs/reference_gen# deno -v
deno 1.45.2+f6fd661

~/src/deno-docs/reference_gen# rm -rf /Users/ry/Library/Caches/deno

~/src/deno-docs/reference_gen# deno task types
Task types deno task types:deno && deno task types:node
Task types:deno deno run --allow-read --allow-write --allow-run --allow-env --allow-sys deno-docs.ts
error: JSR package manifest for '@david/dax' failed to load. expected value at line 1 column 1
    at file:///Users/ry/src/deno-docs/reference_gen/deno-docs.ts:2:15

~/src/deno-docs/reference_gen# deno upgrade --version 1.45.2
Downloading https://github.com/denoland/deno/releases/download/v1.45.2/deno-aarch64-apple-darwin.zip
Deno is upgrading to version 1.45.2
Archive:  /var/folders/9v/kys6gqns6kl8nksyn4l1f9v40000gn/T/.tmp3R7uhF/deno.zip
  inflating: deno
Upgraded successfully

~/src/deno-docs/reference_gen# rm -rf /Users/ry/Library/Caches/deno

~/src/deno-docs/reference_gen# deno task types
Task types deno task types:deno && deno task types:node
Task types:deno deno run --allow-read --allow-write --allow-run --allow-env --allow-sys deno-docs.ts
Task types:node deno run --allow-read --allow-write=. --allow-env --allow-sys node-docs.ts
```
2024-07-13 21:08:23 +00:00
Sean McArthur
f6fd6619e7
refactor(fetch): reimplement fetch with hyper instead of reqwest (#24237)
This commit re-implements `ext/fetch` and all dependent crates
using `hyper` and `hyper-util`, instead of `reqwest`.

The reasoning is that we want to have greater control and access
to low level `hyper` APIs when implementing `fetch` API as well
as `node:http` module.

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-07-13 00:51:37 +02:00
David Sherret
147411e64b
feat: npm workspace and better Deno workspace support (#24334)
Adds much better support for the unstable Deno workspaces as well as
support for npm workspaces. npm workspaces is still lacking in that we
only install packages into the root node_modules folder. We'll make it
smarter over time in order for it to figure out when to add node_modules
folders within packages.

This includes a breaking change in config file resolution where we stop
searching for config files on the first found package.json unless it's
in a workspace. For the previous behaviour, the root deno.json needs to
be updated to be a workspace by adding `"workspace":
["./path-to-pkg-json-folder-goes-here"]`. See details in
https://github.com/denoland/deno_config/pull/66

Closes #24340
Closes #24159
Closes #24161
Closes #22020
Closes #18546
Closes #16106
Closes #24160
2024-07-04 00:54:33 +00:00
Bartek Iwańczuk
8db420d552
chore: upgrade to reqwest 0.12.4 and rustls 0.22 (#24388)
Reland of https://github.com/denoland/deno/pull/24056 that doesn't
suffer from the problem that was discovered in
https://github.com/denoland/deno/pull/24261.

It uses upgraded `hyper` and `hyper-util` that fixed the previous
problem in https://github.com/hyperium/hyper/pull/3691.
2024-07-02 02:09:47 +02:00
Bartek Iwańczuk
b94707af7d
Revert "chore: upgrade to reqwest 0.12.4 and rustls 0.22 (#24056)" (#24262)
This reverts commit fb31eaa9ca.

Reverting because users reported spurious errors when downloading
dependencies - https://github.com/denoland/deno/issues/24260.

Closes https://github.com/denoland/deno/issues/24260
2024-06-19 16:09:17 +02:00
David Sherret
cba212b9c6
perf(node): ensure cjs wrapper module has deterministic output (#24248) 2024-06-18 17:24:18 -04:00
Bartek Iwańczuk
fb31eaa9ca
chore: upgrade to reqwest 0.12.4 and rustls 0.22 (#24056)
This commit updates Deno to use `reqwest` at 0.12.4
and `rustls` at 0.22. Other related crates were updated
as well to match versions accepted by `reqwest` and `rustls`.

Note: we are not using the latest available `rustls` yet,
but this upgrade was non-trivial already, so a bump to
0.23 for `rustls` will be done in a separate commit.

Closes #23370

---------

Signed-off-by: Ryan Dahl <ry@tinyclouds.org>
Signed-off-by: Bartek Iwańczuk <biwanczuk@gmail.com>
Co-authored-by: Ryan Dahl <ry@tinyclouds.org>
Co-authored-by: Divy Srivastava <dj.srivastava23@gmail.com>
2024-06-13 22:41:26 +02:00
Ryan Dahl
c7894447eb
chore: upgrade trust-dns-resolver and friends (#24108)
To avoid duplicate winreg crate in #24056

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-06-05 23:39:39 +02:00
David Sherret
94f040ac28
fix: bump cache sqlite dbs to v2 for WAL journal mode change (#24030)
In https://github.com/denoland/deno/pull/23955 we changed the sqlite db
journal mode to WAL. This causes issues when someone is running an old
version of Deno using TRUNCATE and a new version because the two fight
against each other.
2024-05-29 18:38:18 +00:00
Divy Srivastava
a947c6fbf7
fix(ext/node): windows cancel stdin read in line mode (#23969)
This patch fixes stdin read hanging on user input when switching tty
mode on Windows

Fixes #21111

On Windows, when switching from line to raw mode:
- Cancel ongoing console read by writing a return keypress to its input
buffer. This blocks the main thread until any ongoing read has been
cancelled to prevent interference with the screen state.
- On the read thread, restore the cursor position to where it was before
writing the enter, undoing its effect on the screen state.
- Restart reading and notify the main thread.
2024-05-29 22:23:04 +05:30
David Sherret
448fe67b7a
feat(vendor): support modifying remote files in vendor folder without checksum errors (#23979)
Includes:

* https://github.com/denoland/deno_graph/pull/486
* https://github.com/denoland/deno_graph/pull/488
* https://github.com/denoland/deno_lockfile/pull/25
* https://github.com/denoland/deno_lockfile/pull/22
* https://github.com/denoland/deno_graph/pull/483
* https://github.com/denoland/deno_graph/pull/470
2024-05-28 14:58:43 -04:00
David Sherret
1e2b0a2219
chore(tests): increase repl timeout on ci (#23812)
https://github.com/denoland/deno/actions/runs/9084225162/job/24964698935

```
---- run::file_fetcher_preserves_permissions stdout ----
command /Users/runner/work/deno/deno/target/debug/deno repl --quiet
command cwd /Users/runner/work/deno/deno/tests/testdata
------ Start Full Text ------
"const a = await import('http://localhost:4545/run/019_media_types.ts');\r\n"
------- End Full Text -------
Next text: "\r\n"
thread 'run::file_fetcher_preserves_permissions' panicked at tests/integration/run_tests.rs:4615:15:
Timed out.
```

Closes https://github.com/denoland/deno/issues/23690
Closes https://github.com/denoland/deno/issues/23682
Closes https://github.com/denoland/deno/issues/23625
2024-05-14 15:59:32 -04:00
David Sherret
432792a46c
chore: 045_proxy output stdout & stderr on failure (#23810)
Part of https://github.com/denoland/deno/issues/23624
2024-05-14 16:47:57 +00:00
Matt Mastracci
684377c92c
refactor(ext/tls): Implement required functionality for later SNI support (#23686)
Precursor to #23236 

This implements the SNI features, but uses private symbols to avoid
exposing the functionality at this time. Note that to properly test this
feature, we need to add a way for `connectTls` to specify a hostname.
This is something that should be pushed into that API at a later time as
well.

```ts
Deno.test(
  { permissions: { net: true, read: true } },
  async function listenResolver() {
    let sniRequests = [];
    const listener = Deno.listenTls({
      hostname: "localhost",
      port: 0,
      [resolverSymbol]: (sni: string) => {
        sniRequests.push(sni);
        return {
          cert,
          key,
        };
      },
    });

    {
      const conn = await Deno.connectTls({
        hostname: "localhost",
        [serverNameSymbol]: "server-1",
        port: listener.addr.port,
      });
      const [_handshake, serverConn] = await Promise.all([
        conn.handshake(),
        listener.accept(),
      ]);
      conn.close();
      serverConn.close();
    }

    {
      const conn = await Deno.connectTls({
        hostname: "localhost",
        [serverNameSymbol]: "server-2",
        port: listener.addr.port,
      });
      const [_handshake, serverConn] = await Promise.all([
        conn.handshake(),
        listener.accept(),
      ]);
      conn.close();
      serverConn.close();
    }

    assertEquals(sniRequests, ["server-1", "server-2"]);
    listener.close();
  },
);
```

---------

Signed-off-by: Matt Mastracci <matthew@mastracci.com>
2024-05-09 10:54:47 -06:00
David Sherret
998036b399
chore: fix flaky net_listen_allow_localhost_4555 (#23726)
Moves the test npm registry server port from `4558` to `426x`
2024-05-07 17:21:56 +00:00
David Sherret
1587387bcc
chore(test): move npm registries to separate servers and to the tests/registry folder (#23717)
1. Moves the npm registries to their own dedicated ports.
2. Moves the data files out of `tests/testdata/npm/registry` to
`tests/registry/npm`.
2024-05-07 01:06:01 +00:00