1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-12-15 03:48:02 -05:00
Commit graph

69 commits

Author SHA1 Message Date
Bartek Iwańczuk
40b1c42138
fix: improve suggestions and hints when using CommonJS modules (#26287)
Ref https://github.com/denoland/deno/issues/26225
2024-10-15 23:25:24 +00:00
Bartek Iwańczuk
ee904ec06c
fix: add hint for missing document global in terminal error (#26218)
This came up on Discord as a question so I thought it's worth adding a
hint for this as it might be a common pitfall.

---------

Signed-off-by: Bartek Iwańczuk <biwanczuk@gmail.com>
Co-authored-by: David Sherret <dsherret@users.noreply.github.com>
2024-10-15 21:51:39 +00:00
David Sherret
ae6a2b23ba
fix: do not panic running remote cjs module (#26259)
Instead error.
2024-10-15 03:57:31 +00:00
David Sherret
1a0cb5b531
feat(unstable): --unstable-detect-cjs for respecting explicit "type": "commonjs" (#26149)
When using the `--unstable-detect-cjs` flag or adding `"unstable":
["detect-cjs"]` to a deno.json, it will make a JS file CJS if the
closest package.json contains `"type": "commonjs"` and the file is not
an ESM module (no TLA, no `import.meta`, no `import`/`export`).
2024-10-14 20:48:39 -04:00
David Sherret
edac916604
fix(install): surface package.json dependency errors (#26023) 2024-10-04 07:52:00 +00:00
David Sherret
b8a9a4a862
Revert "feat: warn when using --allow-run with no allow list" (#26021)
Although using `--allow-run` without an allow list gives basically no
security, I think we should remove this warning because it gets in the
way and the only way to disable it is via --quiet.
2024-10-04 08:16:35 +01:00
Satya Rohith
779a98cd39
tests: enable specs::run::package_json::invalid_value (#25826)
Towards https://github.com/denoland/deno/issues/25241

Co-authored-by: David Sherret <dsherret@gmail.com>
2024-10-03 16:26:55 +00:00
Bartek Iwańczuk
5504acea67
feat: add --allow-import flag (#25469)
This replaces `--allow-net` for import permissions and makes the
security sandbox stricter by also checking permissions for statically
analyzable imports.

By default, this has a value of
`--allow-import=deno.land:443,jsr.io:443,esm.sh:443,raw.githubusercontent.com:443,gist.githubusercontent.com:443`,
but that can be overridden by providing a different set of hosts.

Additionally, when no value is provided, import permissions are inferred
from the CLI arguments so the following works because
`fresh.deno.dev:443` will be added to the list of allowed imports:

```ts
deno run -A -r https://fresh.deno.dev
```

---------

Co-authored-by: David Sherret <dsherret@gmail.com>
2024-09-26 01:50:54 +00:00
David Sherret
8cdb309ffd
fix(check): properly surface dependency errors in types file of js file (#25860)
We weren't surfacing dependency errors in types files of js files.
2024-09-25 09:04:57 -04:00
Satya Rohith
b1550842d9
tests: enable auto_discovered tests of run/no_deno_json (#25821)
Towards https://github.com/denoland/deno/issues/25241
2024-09-23 15:37:35 +02:00
Bartek Iwańczuk
08d3f17110
feat: make 'globalThis.location' a configurable property (#25812)
This commit changes `globalThis.location` property to be configurable
so that packages wanting to override it (or delete it) work properly.

Towards https://github.com/denoland/deno/issues/23882

This change makes reproduction from
https://github.com/denoland/deno/issues/23882#issuecomment-2340783437
pass properly.
2024-09-23 14:18:07 +02:00
Bartek Iwańczuk
ef3e4a8f74
feat: Show hints when using window global (#25805)
This commit adds better handling for terminal errors when
`window` global is used. This global is removed in Deno 2,
and while we have lints to help with that, an information and
hints are helpful to guide users to working code.

Ref https://github.com/denoland/deno/issues/25797
2024-09-23 00:05:42 +02:00
snek
a01dce3a25
fix: cjs resolution cases (#25739)
Fixes cjs modules being loaded as esm.
2024-09-19 21:10:34 -07:00
Nathan Whitaker
f1ba266613
fix(node): Don't error out if we fail to statically analyze CJS re-export (#25748)
Fixes rsbuild running in deno.

You can look at the test to see what was failing, the gist is that we
were trying to statically analyze the re-exports of a CJS script, and if
we couldn't find the source for the re-exported file we would fail.

Instead, we should just treat these as if they were too dynamic to
analyze, and let it fail (or succeed) at runtime. This aligns with
node's behavior.
2024-09-19 18:37:36 -07:00
Leo Kettmeir
a1d0a427e8
feat: default to TS for file extension and support ext flag in more scenarios (#25472)
Closes #11220
Currently does lint, fmt, and repl
2024-09-18 21:15:13 +02:00
Leo Kettmeir
c90b074579
fix(flags): don't treat empty run command as task subcommand (#25708) 2024-09-18 20:36:37 +02:00
Bartek Iwańczuk
a7d67e3a7a
feat: update warning message for --allow-run with no list (#25693)
Ref https://github.com/denoland/deno/pull/25215#discussion_r1762064605
2024-09-18 00:32:52 +02:00
David Sherret
b0525edd6f
feat: warn when using --allow-run with no allow list (#25215) 2024-09-16 23:08:02 +00:00
David Sherret
62e952559f
refactor(permissions): split up Descriptor into Allow, Deny, and Query (#25508)
This makes the permission system more versatile.
2024-09-16 21:39:37 +01:00
Bartek Iwańczuk
968f441da3
test: rewrite some ignored tests to spec tests (#25652)
Ref https://github.com/denoland/deno/issues/25241

Rewritten these tests:
- check::package_json_basic
- check::package_json_fail_check
- check::package_json_with_deno_json
- info::package_json_basic
- test::package_json_basic
- run::package_json_auto_discovered_for_npm_binary
- run::package_json_with_deno_json
2024-09-16 15:39:58 +02:00
Asher Gomez
394a620da3
chore: enable specs::run::workspaces::explicit_import_map test (#25611)
Towards #25241
2024-09-13 11:52:48 +02:00
Asher Gomez
8476bbff9a
feat: stabilize Deno.createHttpClient() (#25569)
Closes #25518
2024-09-12 10:46:48 +10:00
Kenta Moriuchi
e522f4b65a
BREAKING(temporal/unstable): Remove obsoleted Temporal APIs part 2 (#25505)
Mainly I removed `Temporal.Calendar` and `Temporal.TimeZone` and
replaced them to APIs that handle calendar and timezone as strings.
https://github.com/tc39/proposal-temporal/pull/2925

Related #24836
2024-09-10 21:36:43 +00:00
snek
f9007d3386
feat: require(esm) (#25501)
implement require(esm) using `op_import_sync` from deno_core.

possible future changes:
- cts and mts
- replace Deno.core.evalContext to optimize esm syntax detection

Fixes: https://github.com/denoland/deno/issues/25487
2024-09-10 20:12:36 +00:00
Luca Casonato
7bfcb4dd10
feat(cli): use NotCapable error for permission errors (#25431)
Closes #7394

---------

Co-authored-by: snek <snek@deno.com>
2024-09-10 11:12:24 -07:00
Bartek Iwańczuk
064a73f7a0
BREAKING: Remove --unstable flag (#25522)
This commit effectively removes the --unstable flag.

It's still being parsed, but it only prints a warning that a granular
flag should be used instead and doesn't actually enable any
unstable feature.

Closes https://github.com/denoland/deno/issues/25485
Closes https://github.com/denoland/deno/issues/23237
2024-09-09 23:44:29 +02:00
David Sherret
560ad0331b
fix(node/byonm): do not accidentally resolve bare node built-ins (#25543)
This was accidentally enabled in byonm, but it requires the
`--unstable-bare-node-builtins` flag.

Closes #25358
2024-09-09 21:35:41 +00:00
Bartek Iwańczuk
04a9cc95ac
feat: Add better error messages for unstable APIs (#25519)
This commit improves error messages for unstable APIs:
- `--unstable-broadcast-channel`
- `--unstable-cron`
- `--unstable-http`
- `--unstable-kv`
- `--unstable-temporal`

By providing information and hints what went wrong and how the
error can be fixed. It reuses the same infra that was added in 
https://github.com/denoland/deno/pull/21764.
2024-09-09 22:51:55 +02:00
Bartek Iwańczuk
794d347ec6
fix: add suggestion how to fix importing CJS module (#21764)
```
$ cat exports_error.js
Object.defineProperty(exports, "__esModule", { value: true });

$ deno exports_error.js
error: Uncaught (in promise) ReferenceError: exports is not defined
Object.defineProperty(exports, "__esModule", { value: true });
                      ^
    at file:///exports_error.js:1:23

    info: Deno doesn't support CommonJS modules without `.cjs` extension.
    hint: Rewrite this module to ESM or change the file extension to `.cjs`.
```
2024-09-05 12:49:07 +00:00
Bartek Iwańczuk
5dc907df87
fix: update hint for deno add <package> (#25455)
Follow up to https://github.com/denoland/deno/pull/25430
2024-09-05 11:08:22 +02:00
Bartek Iwańczuk
dfc5eec43c
feat: Allow importing .cjs files (#25426)
This commit adds support for executing top-level `.cjs` files, 
as well as import `.cjs` files from within npm packages.

This works only for `.cjs` files, the contents of sibling `package.json`
are not consulted for the `"type"` field.

Closes https://github.com/denoland/deno/issues/25384

---------

Signed-off-by: David Sherret <dsherret@users.noreply.github.com>
Co-authored-by: Luca Casonato <hello@lcas.dev>
Co-authored-by: David Sherret <dsherret@users.noreply.github.com>
2024-09-05 07:59:12 +00:00
Bartek Iwańczuk
acd01eb2b4
feat: Add a hint on error about 'Relative import path ... not prefixed with ...' (#25430)
Running a file like:
```
import "@std/dotenv/load";
```
Without a mapping in `imports` field of `deno.json` or `dependencies` of
`package.json`
will now error out with a hint:
```
error: Relative import path "@std/dotenv/load" not prefixed with / or ./ or ../
  hint: Try running `deno add @std/dotenv/load`
    at [WILDCARD]bare_specifier_without_import/main.ts:1:8

```

Closes https://github.com/denoland/deno/issues/24699

---------

Co-authored-by: David Sherret <dsherret@users.noreply.github.com>
2024-09-05 08:25:56 +02:00
David Sherret
74fc66da11
fix: lock down allow-run permissions more (#25370)
`--allow-run` even with an allow list has essentially been
`--allow-all`... this locks it down more.

1. Resolves allow list for `--allow-run=` on startup to an absolute
path, then uses these paths when evaluating if a command can execute.
Also, adds these paths to `--deny-write`
1. Resolves the environment (cwd and env vars) before evaluating
permissions and before executing a command. Then uses this environment
to evaluate the permissions and then evaluate the command.
2024-09-04 14:51:24 +02:00
David Sherret
3015f16fbf
fix: remove entrypoint hack for Deno 2.0 (#25332) 2024-09-02 15:33:07 +00:00
Bartek Iwańczuk
b1c6142f74
BREAKING: DENO_FUTURE=1 by default, or welcome to Deno 2.0 (#25213)
This commit effectively turns Deno into Deno 2.0.

This is done by forcing `DENO_FUTURE=1` env var, that was available in
the past few months to try Deno 2 changes.

This commit contains several breaking changes scheduled for Deno 2:
- all deprecated JavaScript APIs are not available any more, mostly
`Deno.*` APIs
- `window` global is removed
- FFI, WebGPU and FS APIs are now stable and don't require
`--unstable-*` flags
- import assertions are no longer supported
- "bring your own node modules" is enabled by default

This is the first commit in a series that are scheduled before the Deno
2 release.

Follow up work is tracked in
https://github.com/denoland/deno/issues/25241.

---------

Co-authored-by: Asher Gomez <ashersaupingomez@gmail.com>
Co-authored-by: Nayeem Rahman <nayeemrmn99@gmail.com>
Co-authored-by: Nathan Whitaker <nathan@deno.com>
2024-08-30 13:58:58 -04:00
David Sherret
c6793f52b9
fix(permissions): disallow any LD_ or DYLD_ prefixed env var without full --allow-run permissions (#25271)
Follow up to https://github.com/denoland/deno/pull/25221

I looked into what the list was and it was quite extensive, so I think
as suggested in
https://github.com/denoland/deno/issues/11964#issuecomment-2314585135 we
should disallow this for any `LD_` prefixed env var.
2024-08-28 21:11:37 -04:00
David Sherret
2afbc1aa39
feat: deprecate import assertions (#25281)
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-08-29 01:06:09 +00:00
David Sherret
b708a13eb0
feat: improve lockfile v4 to store normalized version constraints and be more terse (#25247)
Stores normalized version constraints in the lockfile, which will
improve reproducibility and will fix a bug with duplicate specifiers
ending up in the lockfile. Also, gets rid of some duplicate data in the
specifiers area of the lockfile.
2024-08-28 14:17:47 -04:00
David Sherret
1a6fd38f2f
fix(permissions): disallow launching subprocess with LD_PRELOAD env var without full run permissions (#25221)
Ref https://github.com/denoland/deno/pull/25215

Closes https://github.com/denoland/deno/issues/11964
2024-08-27 22:03:09 -04:00
Marvin Hagemeister
7e68cce815
fix(task): support tasks with colons in name in deno run (#25233)
Fix task names containing a colon not being found with `deno run`. We
were only checking for a `module not found` error message, but strings
containing a colon throw a different error.

Fixes https://github.com/denoland/deno/issues/25232
2024-08-27 11:27:10 +02:00
David Sherret
1d4169204c
fix: warn about import assertions when using typescript (#25135)
1. On emit, checks for the prescence of import assertions.
1. Warns and doesn't store the parsed source in the emit cache in this
case.
2024-08-21 17:12:56 +00:00
David Sherret
f1c58ec041
feat(unstable): ability to use a local copy of jsr packages (#25068) 2024-08-20 14:11:43 +00:00
David Sherret
04473c04ed
fix(compile): support workspace members importing other members (#24909) 2024-08-07 07:43:05 +00:00
Satya Rohith
b3f1f3ba04
feat: deno run <task> (#24891)
This PR updates `deno run` to fallback to executing tasks when there is
no script with the specified name. If there are both script and a task
with the same name then `deno run` will prioritise executing the script.
2024-08-06 20:35:30 +05:30
Luca Casonato
1faac2dce3
fix(ext/node): handle node child_process with --v8-options flag (#24804)
Makes `v8flags` package from NPM work.
2024-07-31 16:28:08 +02:00
David Sherret
763f05e74d
fix(unstable): move sloppy-import warnings to lint rule (#24710)
Adds a new `no-sloppy-imports` lint rule and cleans up the lint code.

Closes #22844
Closes https://github.com/denoland/deno_lint/issues/1293
2024-07-25 09:07:59 -04:00
Asher Gomez
5f44148e83
chore: update to std@2024.07.19 (#24715) 2024-07-25 15:30:28 +10:00
Asher Gomez
f248050cb4
chore: use @std prefix for internal module specifiers (#24543)
This change aims to replace all relative import specifiers targeted at
`tests/util/std` with mapped ones (using a `deno.json` file). Towards
updating the `std` git submodule.
2024-07-25 10:26:54 +10:00
Kenta Moriuchi
715675565a
fix(types): Conform lib.deno_web.d.ts to lib.dom.d.ts and lib.webworker.d.ts (#24599)
Fix #24578
Fix #21981
2024-07-22 22:02:39 +02:00
David Sherret
ba63740e7f
chore: @netlify/edge-bundler workaround until Deno 2.0 (#24532)
Hack for a few months until Deno 2.0. See code for details
2024-07-11 17:43:46 +00:00