1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-11-23 15:16:54 -05:00
Commit graph

127 commits

Author SHA1 Message Date
denobot
8a5609ad73
chore: forward v2.1.1 release commit to main (#26981)
Co-authored-by: dsherret <dsherret@users.noreply.github.com>
2024-11-21 14:35:32 -05:00
denobot
3da4eca7c1
2.1.0 (#26957)
Bumped versions for 2.1.0

Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
2024-11-21 03:05:02 +01:00
Yazan AbdAl-Rahman
b729bf0ad9
feat(permission): support suffix wildcards in --allow-env flag (#25255)
This commit adds support for suffix wildcard for `--allow-env` flag.

Specifying flag like `--allow-env=DENO_*` will enable access to all
environmental variables starting with `DENO_*`.

Closes #24847

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
Co-authored-by: David Sherret <dsherret@gmail.com>
2024-11-20 23:30:43 +00:00
Leo Kettmeir
cf49599359
feat: permission stack traces in ops (#26938)
This commit improves permission prompts by adding an option
to print a full trace of where the permissions is being requested.

Due to big performance hint of stack trace collection, this is only
enabled when `DENO_TRACE_PERMISSIONS` env var is present.

Closes https://github.com/denoland/deno/issues/20756

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-11-20 21:24:04 +00:00
Richard Carson
01f3451869
chore: make fields public on PermissionDeniedError and deno_kv::KvConfig (#26798)
A few small changes to avoid needing unsafe mem transmutes to
instantiate the extensions

---------

Signed-off-by: Richard Carson <Rscarson@rogers.com>
2024-11-12 17:49:49 +00:00
Divy Srivastava
7179bdcc77
fix(ext/node): handle --allow-sys=inspector (#26836)
`op_inspector_open` checks for "inspector" as one of the allowed sys
value.
2024-11-12 16:55:49 +01:00
denobot
e1b40a69c0
chore: forward v2.0.6 release commit to main (#26804)
This is the release commit being forwarded back to main for 2.0.6

Signed-off-by: Divy Srivastava <dj.srivastava23@gmail.com>
Co-authored-by: Divy Srivastava <dj.srivastava23@gmail.com>
2024-11-10 13:12:18 +05:30
denobot
ef7432c03f
chore: forward v2.0.5 release commit to main (#26755)
This is the release commit being forwarded back to main for 2.0.5

Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
2024-11-06 02:27:14 +01:00
Leo Kettmeir
fe9f0ee593
refactor(runtime/permissions): use concrete error types (#26464) 2024-11-04 09:17:21 -08:00
Divy Srivastava
4774eab64d
chore: upgrade to rust 1.82 and LLVM 19 (#26615)
Upgrade to rust 1.82 and LLVM 19 . Removes one webusb test because
`requestAdapter` not working on new ubuntu 24 runners
2024-11-01 16:13:02 +05:30
Nathan Whitaker
6c6bbeb974
fix(node): Implement os.userInfo properly, add missing toPrimitive (#24702)
Fixes the implementation of `os.userInfo`, and adds a missing
`toPrimitive` for `tmpdir`. This allows us to enable the corresponding
node_compat test.
2024-10-31 22:18:33 -07:00
denobot
a1473d82c5
chore: forward v2.0.4 release commit to main (#26636)
This is the release commit being forwarded back to main for 2.0.4

Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
2024-10-30 13:46:31 +01:00
Bartek Iwańczuk
730331622e
chore: forward v2.0.3 commit to main (#26535)
Forwarding v2.0.3 commit to `main`

Co-authored-by: denobot <33910674+denobot@users.noreply.github.com>
Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
2024-10-25 09:57:40 -04:00
denobot
3ae10a01e0
chore: forward v2.0.2 release commit to main (#26376)
This is the release commit being forwarded back to main for 2.0.2

Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-10-18 03:12:49 +02:00
Lucas Nogueira
40b4b9aaa3
feat(permissions): expose PromptResponse (#26358)
follow-up for #26327
2024-10-17 11:36:34 -07:00
Lucas Nogueira
3b62e05062
feat(permissions): expose PermissionPrompter and set_prompter function (#26327)
when defining a custom runtime, it might be useful to define a custom
prompter - for instance when you are not relying on the terminal and
want a GUI prompter instead
2024-10-17 12:39:18 -04:00
denobot
3385d1252e
chore: forward v2.0.1 release commit to main (#26338)
This is the release commit being forwarded back to main for 2.0.1

Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-10-16 23:48:42 +00:00
林炳权
533a9b1086
chore: upgrade to rust 1.81.0 (#26261) 2024-10-15 21:40:07 +05:30
denobot
a62c7e036a
2.0.0 (#26063)
Bumped versions for 2.0.0

Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-10-08 07:37:28 -07:00
David Sherret
2de4faa483
refactor: improve node permission checks (#26028)
Does less work when requesting permissions with `-A`
2024-10-04 20:55:41 +01:00
Simon Lecoq
da7edf1c0c
fix: don't prompt when using Deno.permissions.request with --no-prompt (#25811) 2024-10-03 12:28:38 +00:00
denobot
55c2a88099
chore: release deno_* crates (#25987)
Testing once again if the crates are being properly released.

---------

Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-10-02 14:27:34 +00:00
denobot
2d3e0284d9
chore: release deno_* crates (#25976)
Test run before Deno 2.0 release to make sure that the publishing
process passes correctly.

---------

Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-10-02 14:44:04 +02:00
David Sherret
c8f692057b
refactor: bury descriptor parsing in PermissionsContainer (#25936)
Closes https://github.com/denoland/deno/issues/25634
2024-09-30 09:19:24 -04:00
David Sherret
fc739dc5eb
refactor: use deno_path_util (#25918) 2024-09-28 07:55:01 -04:00
Bartek Iwańczuk
5504acea67
feat: add --allow-import flag (#25469)
This replaces `--allow-net` for import permissions and makes the
security sandbox stricter by also checking permissions for statically
analyzable imports.

By default, this has a value of
`--allow-import=deno.land:443,jsr.io:443,esm.sh:443,raw.githubusercontent.com:443,gist.githubusercontent.com:443`,
but that can be overridden by providing a different set of hosts.

Additionally, when no value is provided, import permissions are inferred
from the CLI arguments so the following works because
`fresh.deno.dev:443` will be added to the list of allowed imports:

```ts
deno run -A -r https://fresh.deno.dev
```

---------

Co-authored-by: David Sherret <dsherret@gmail.com>
2024-09-26 01:50:54 +00:00
Leo Kettmeir
3e053f8f06
fix(flags): properly error out for urls (#25770)
Closes https://github.com/denoland/deno/issues/25760
2024-09-20 11:10:46 -07:00
Yazan AbdAl-Rahman
bed46474b2
fix: do not panic running invalid file specifier (#25530)
Co-authored-by: Bedis Nbiba <bedisnbiba@gmail.com>
2024-09-18 14:51:39 +01:00
David Sherret
62e952559f
refactor(permissions): split up Descriptor into Allow, Deny, and Query (#25508)
This makes the permission system more versatile.
2024-09-16 21:39:37 +01:00
Luca Casonato
7bfcb4dd10
feat(cli): use NotCapable error for permission errors (#25431)
Closes #7394

---------

Co-authored-by: snek <snek@deno.com>
2024-09-10 11:12:24 -07:00
Bartek Iwańczuk
5dedb49ac4
refactor(permissions): remove FromStr implementations, add ::parse methods (#25473)
The `.parse()` calls in permission code are only making it more
confusing, verbosity
is encouraged and welcome in this code even at the cost of not being
concise.

Left a couple TODOs to not use `AnyError`.
2024-09-06 11:28:53 +02:00
David Sherret
dd208a6df0
fix(regression): do not expose resolved path in Deno.Command permission denied error (#25434)
Regression from https://github.com/denoland/deno/pull/25370
2024-09-04 22:57:49 +00:00
denobot
e27a19c02c
chore: forward v1.46.3 release commit to main (#25425)
This is the release commit being forwarded back to main for 1.46.3
2024-09-04 17:16:24 +00:00
David Sherret
74fc66da11
fix: lock down allow-run permissions more (#25370)
`--allow-run` even with an allow list has essentially been
`--allow-all`... this locks it down more.

1. Resolves allow list for `--allow-run=` on startup to an absolute
path, then uses these paths when evaluating if a command can execute.
Also, adds these paths to `--deny-write`
1. Resolves the environment (cwd and env vars) before evaluating
permissions and before executing a command. Then uses this environment
to evaluate the permissions and then evaluate the command.
2024-09-04 14:51:24 +02:00
Luca Casonato
5cf97f539b
BREAKING(permissions): remove --allow-hrtime (#25367)
Remove `--allow-hrtime` and `--deny-hrtime`. We are doing this because
it is already possible to get access to high resolution timers through
workers and SharedArrayBuffer.

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-09-03 11:24:25 +02:00
denobot
0fb8df6c0c
chore: forward v1.46.2 release commit to main (#25296)
This is the release commit being forwarded back to main for 1.46.2
2024-08-29 22:13:28 +02:00
denobot
716ae4d8cb
chore: forward v1.46.1 release commit to main (#25155) 2024-08-22 10:44:53 -07:00
denobot
3314a0ceb8
1.46.0 (#25139)
Bumped versions for 1.46.0

Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-08-22 02:16:45 +02:00
Yazan AbdAl-Rahman
4f49f703c1
fix(cli): update permission prompt message for compiled binaries (#24081)
Co-authored-by: David Sherret <dsherret@gmail.com>
2024-08-20 01:20:06 +00:00
David Sherret
bf510544ef
chore: improve accessing special file test (#25099) 2024-08-19 16:21:27 -04:00
Bartek Iwańczuk
ab8802f49b
feat(permissions): link to docs in permission prompt (#24948)
This commit updates permission prompt to add a link
to the documentation for particular flag.

Additionally the box drawings around the prompt have been slightly
altered for better visibility.

<img width="737" alt="Screenshot 2024-08-08 at 12 42 32"
src="https://github.com/user-attachments/assets/6ae748cd-4f29-439d-b0ee-f28f565f211a">
2024-08-08 15:39:31 +02:00
denobot
6267905f09
chore: forward v1.45.5 release commit to main (#24818) 2024-07-31 15:14:27 -07:00
denobot
ed2bf8ce31
chore: forward v1.45.4 release commit to main (#24754)
Co-authored-by: David Sherret <dsherret@gmail.com>
2024-07-26 14:26:13 -04:00
denobot
9806064ac2
chore: forward v1.45.3 release commit to main (#24681)
This is the release commit being forwarded back to main for 1.45.3

---------

Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-07-23 03:41:40 +02:00
denobot
3a48bc695f
chore: forward v1.45.2 release commit to main (#24564)
Co-authored-by: dsherret <dsherret@users.noreply.github.com>
2024-07-12 18:05:45 -04:00
denobot
0be4c8947d
chore: forward v1.45.1 release commit to main (#24540)
This is the release commit being forwarded back to main for 1.45.1

Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
2024-07-12 01:14:14 +02:00
denobot
04ff5c731d
1.45.0 (#24512)
Bumped versions for 1.45.0

---------

Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-07-11 00:08:02 +02:00
Adam Gregory
82f9216610
fix: Add sys permission kinds for node compat (#24242)
Fixes #24241

* Support "statfs", "username", "getPriority" and "setPriority" kinds
for `--allow-sys`.
* Check individual permissions in `node:os.userInfo()` instead of a
single "userInfo" permission.
* Check for "uid" permission in `node:process.geteuid()` instead of
"geteuid".
* Add missing "homedir" to `SysPermissionDescriptor.kind` union

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-07-10 15:15:43 +02:00
Nathan Whitaker
ce7dc2be92
feat(node): Support executing npm package lifecycle scripts (preinstall/install/postinstall) (#24487)
Adds support for running npm package lifecycle scripts, opted into via a
new `--allow-scripts` flag.

With this PR, when running `deno cache` (or `DENO_FUTURE=1 deno
install`) you can specify the `--allow-scripts=pkg1,pkg2` flag to run
lifecycle scripts attached to the given packages.

Note at the moment this only works when `nodeModulesDir` is true (using
the local resolver).

When a package with un-run lifecycle scripts is encountered, we emit a
warning suggesting things may not work and to try running lifecycle
scripts. Additionally, if a package script implicitly requires
`node-gyp` and it's not found on the system, we emit a warning.

Extra things in this PR:
- Extracted out bits of `task.rs` into a separate module for reuse
- Added a couple fields to `process.config` in order to support
`node-gyp` (it relies on a few variables being there)
- Drive by fix to downloading new npm packages to test registry

---

TODO:
- [x] validation for allow-scripts args (make sure it looks like an npm
package)
- [x] make allow-scripts matching smarter
- [ ] figure out what issues this closes

---
Review notes:
- This adds a bunch of deps to our test registry due to using
`node-gyp`, so it's pretty noisy
2024-07-10 03:06:08 +00:00
Luca Casonato
74ac29bae6
fix(permissions): handle ipv6 addresses correctly (#24397)
Also don't panic on invalid domain names and addresses.

Extracted with cleanups up from #24080

Co-authored-by: Yazan AbdAl-Rahman <yazan.abdalrahman@exalt.ps>
2024-07-05 23:45:06 +01:00