The property names of the `exports` field in `deno.json` was never
validated. The `patternProperties` only validates values, whose property
name matches the regex. It doesn't validate the property names
themselves. That's what `propertyNames` is for.
Related https://github.com/denoland/deno/issues/25435
This commit adds:
- `addAbortListener` in `node:events`
- `aborted` in `node:util`
- `execPath` and `execvArgs` named export from `node:process`
- `getDefaultHighWaterMark` from `node:stream`
The `execPath` is very hacky - because module namespaces can not have
real getters, `execPath` is an object with a `toString()` method that on
call returns the actual `execPath`, and replaces the `execPath` binding
with the string. This is done so that we don't require the `execPath`
permission on startup.
Running a file like:
```
import "@std/dotenv/load";
```
Without a mapping in `imports` field of `deno.json` or `dependencies` of
`package.json`
will now error out with a hint:
```
error: Relative import path "@std/dotenv/load" not prefixed with / or ./ or ../
hint: Try running `deno add @std/dotenv/load`
at [WILDCARD]bare_specifier_without_import/main.ts:1:8
```
Closes https://github.com/denoland/deno/issues/24699
---------
Co-authored-by: David Sherret <dsherret@users.noreply.github.com>
This commit changes when to cause the hostname substition of `0.0.0.0` ->
`localhost`.
Currently we substitute `localhost` to the hostname on windows before
calling `options.onListen`, which prevents the users to do more advanced
thing using hostname string like
https://github.com/denoland/std/issues/5558. This PR changes it not to
substitute it when the user provide `onListen` callback.
closes #24776
unblocks https://github.com/denoland/std/issues/5558
This change fixes the handling of upgraded socket from `node:http` module.
In `op_node_http_fetch_response_upgrade`, we create DuplexStream paired
with `hyper::upgrade::Upgraded`. When the connection is closed from the
server, the read result from `Upgraded` becomes 0. However because we
don't close the paired DuplexStream at that point, the Socket object in
JS side keeps alive even after the server closed. That caused the issue
#20179
This change fixes it by closing the paired DuplexStream when the
`Upgraded` stream returns 0 read result.
closes #20179
This allows using npm deps of jsr deps without having to add them to the
root package.json.
Works by taking the package requirement and scanning the
`node_modules/.deno` directory for the best matching package, so it
relies on deno's node_modules structure.
Additionally to make the transition from package.json to deno.json
easier, Deno now:
1. Installs npm deps in a deno.json at the same time as installing npm
deps from a package.json.
2. Uses the alias in the import map for `node_modules/<alias>` for
better package.json compatiblity.
These now works:
```
$ deno add @std/dotenv/load
$ deno add npm:preact/hooks
```
Previously we were erroring out, because this is a "package reference"
including
a subpath.
Closes https://github.com/denoland/deno/issues/25385
---------
Signed-off-by: Bartek Iwańczuk <biwanczuk@gmail.com>
Co-authored-by: David Sherret <dsherret@users.noreply.github.com>
`--allow-run` even with an allow list has essentially been
`--allow-all`... this locks it down more.
1. Resolves allow list for `--allow-run=` on startup to an absolute
path, then uses these paths when evaluating if a command can execute.
Also, adds these paths to `--deny-write`
1. Resolves the environment (cwd and env vars) before evaluating
permissions and before executing a command. Then uses this environment
to evaluate the permissions and then evaluate the command.
Fixes https://github.com/denoland/deno/issues/25333.
We fall back to junctions if the error kind is `PermissionDenied` but
the std library actually sets the kind to `Uncategorized` if the symlink
fails due to insufficient privileges. This was causing the fallback to
not actually fall back in this case.
This PR serves as a part of #22907 .
---------
Signed-off-by: David Sherret <dsherret@users.noreply.github.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
Co-authored-by: David Sherret <dsherret@users.noreply.github.com>
Remove `--allow-hrtime` and `--deny-hrtime`. We are doing this because
it is already possible to get access to high resolution timers through
workers and SharedArrayBuffer.
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
This commit hides following unstable flags:
- `--unstable-ffi` (the API is now stable)
- `--unstable-webgpu` (this API is now stable)
- `--unstable-fs` (no more unstable APIs)
- `--unstable-byonm` (BYONM is on by default)
The flags are still parseable, but they are not used. Concrete cleanup
will be done in a follow up PR.
This significantly simplifies the types for `Deno.serve`.
The following types become generic over the address type:
- ServeHandlerInfo
- ServeHandler
- ServeOptions
- ServeInit
The following types are removed entirely:
- ServeTlsOptions
- ServeUnixOptions
- ServeUnixHandlerInfo
- ServeUnixHandler
Note: this is implemented on Deploy. However, according to @magurotuna,
a thin compatibility layer might be in the works that'd prevent
breakages for PRs such as this one.
Towards #22079