1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-11-26 16:09:27 -05:00
Commit graph

10981 commits

Author SHA1 Message Date
David Sherret
918c5e648f
fix(jsr): do not allow importing a non-JSR url via unanalyzable dynamic import from JSR (#22623)
A security feature of JSR is that it is self contained other than npm
dependencies. At publish time, the registry rejects packages that write
code like this:

```ts
const data = await import("https://example.com/evil.js");
```

However, this can be trivially bypassed by writing code that the
registry cannot statically analyze for. This PR prevents Deno from
loading dynamic imports that do this.
2024-02-28 16:30:45 -05:00
Ryan Dahl
f54acb53ed
fix(publish): make the already published message look like a warning (#22620) 2024-02-28 21:30:20 +01:00
Matt Mastracci
a3f982c1d5
chore(cli): rename --trace-ops to --trace-leaks (#22598)
As we add tracing to more types of runtime activity, `--trace-ops` is
less useful of a name. `--trace-leaks` better reflects that this feature
traces both ops and timers, and will eventually trace resource opening
as well.

This keeps `--trace-ops` as an alias for `--trace-leaks`, but prints a
warning to the console suggesting migration to `--trace-leaks`.

One test continues to use `--trace-ops` to test the deprecation warning.

---------

Signed-off-by: Matt Mastracci <matthew@mastracci.com>
2024-02-28 09:12:43 -07:00
Bartek Iwańczuk
c2c4e745a5
fix(publish): error if there are uncommitted changes (#22613)
Closes https://github.com/denoland/deno/issues/22330
2024-02-28 10:21:12 +01:00
Matt Mastracci
96cfe82664
perf(cli): reduce overhead in test registration (#22552)
- Removes the origin call, since all origins are the same for an isolate
(ie: the main module)
- Collects the `TestDescription`s and sends them all at the same time
inside of an Arc, allowing us to (later on) re-use these instead of
cloning.

Needs a follow-up pass to remove all the cloning, but that's a thread
that is pretty long to pull

---------

Signed-off-by: Matt Mastracci <matthew@mastracci.com>
2024-02-27 20:30:17 -07:00
Divy Srivastava
9b5d2f8c1b
feat(publish): provenance attestation (#22573)
Supply chain security for JSR.

```
$ deno publish --provenance

Successfully published @divy/test_provenance@0.0.3
Provenance transparency log available at https://search.sigstore.dev/?logIndex=73657418
```

0. Package has been published.
1. Fetches the version manifest and verifies it's matching with uploaded
files and exports.
2. Builds the attestation SLSA payload using Github actions env.
3. Creates an ephemeral key pair for signing the github token
(aud=sigstore) and DSSE pre authentication tag.
4. Requests a X.509 signing certificate from Fulcio using the challenge
and ephemeral public key PEM.
5. Prepares a DSSE envelop for Rekor to witness. Posts an intoto entry
to Rekor and gets back the transparency log index.
6. Builds the provenance bundle and posts it to JSR.
2024-02-28 07:58:02 +05:30
David Sherret
e9fe71acb5
fix(unstable): sloppy imports should resolve .d.ts files during types resolution (#22602) 2024-02-27 18:30:21 +00:00
Luca Casonato
8d5c231349
feat(publish): support sloppy imports and bare node built-ins (#22588) 2024-02-27 15:13:16 +00:00
Matt Mastracci
47c2a63d87
chore: bump deno_core (#22596)
Migrations:

 - snapshot code updated
 - runtime stats API tweaks
2024-02-27 08:05:57 -07:00
Bartek Iwańczuk
f1a691274e
feat(publish): discover jsr.json and jsr.jsonc files (#22587)
Closes https://github.com/denoland/deno/issues/22491
2024-02-27 08:27:21 +00:00
Matt Mastracci
d722de886b
fix(io): create_named_pipe parallelism (#22597)
Investigating https://github.com/denoland/deno/issues/22574

Unable to reproduce with a unit test, but assuming that it's a name
collision or create pipe/open pipe race, and adding some additional
diagnostics.
2024-02-26 21:21:14 -07:00
Bartek Iwańczuk
eaad94687b
test(publish): add a test that checks for .env files (#22590) 2024-02-26 16:01:46 +01:00
Asher Gomez
3f53b74e6d
chore: fix wpt_epoch workflow (#22550)
Should fix #22257

---------

Co-authored-by: Matt Mastracci <matthew@mastracci.com>
2024-02-26 06:41:17 -07:00
David Sherret
6567dc94a9
fix(lsp): import map expansion (#22553) 2024-02-24 00:21:09 -05:00
David Sherret
76e8e02bba
chore: revert submodule creation in test_util (#22572)
Looks accidentally added back in
https://github.com/denoland/deno/pull/22563/files
2024-02-23 17:19:48 -05:00
David Sherret
33fa49a100
chore: improve not implemented npm system info message (#22571) 2024-02-23 16:34:24 -05:00
David Sherret
22cd8ebf1f
perf(fmt): reduce memory usage and improve performance (#22570)
Reduces memory usage of the fmt command and fixes a memory leak.

Also improves slightly improves performance.
2024-02-23 16:11:45 -05:00
tuhana
bcf2156dbf
fix(compile): add aarch64 linux to CliOptions::npm_system_info (#22567)
Follow-up for #22542.
2024-02-23 19:18:39 +01:00
Matt Mastracci
5193834cf2
refactor(cli): clean up test runner channels (#22422)
Gets us closer to solving #20707.

Rewrites the `TestEventSender`:

- Allow for explicit creation of multiple streams. This will allow for
one-std{out,err}-per-worker
- All test events are received along with a worker ID, allowing for
eventual, proper parallel threading of test events.
 
In theory this should open up proper interleaving of test output,
however that is left for a future PR.

I had some plans for a better performing synchronization primitive, but
the inter-thread communication is tricky. This does, however, speed up
the processing of large numbers of tests 15-25% (possibly even more on
100,000+).

Before

```
ok | 1000 passed | 0 failed (32ms)
ok | 10000 passed | 0 failed (276ms)
```

After

```
ok | 1000 passed | 0 failed (25ms)
ok | 10000 passed | 0 failed (230ms)
```
2024-02-23 11:11:15 -07:00
Bartek Iwańczuk
619acce305
fix(compile): allow to compile for ARM linux (#22542)
Closes https://github.com/denoland/deno/issues/22527
2024-02-23 18:08:17 +00:00
Satya Rohith
d2ed219dcb
test(ext/node): assert imported argv0 value (#22568) 2024-02-23 17:15:37 +00:00
Satya Rohith
47dee65e4a
fix(ext/node): set correct process.argv0 (#22555) 2024-02-23 17:30:29 +01:00
Marvin Hagemeister
cddefecfff
feat: infer dependencies from package.json (#22563)
<!--
Before submitting a PR, please read
https://docs.deno.com/runtime/manual/references/contributing

1. Give the PR a descriptive title.

  Examples of good title:
    - fix(std/http): Fix race condition in server
    - docs(console): Update docstrings
    - feat(doc): Handle nested reexports

  Examples of bad title:
    - fix #7123
    - update docs
    - fix bugs

2. Ensure there is a related issue and it is referenced in the PR text.
3. Ensure there are tests that cover the changes.
4. Ensure `cargo test` passes.
5. Ensure `./tools/format.js` passes without changing files.
6. Ensure `./tools/lint.js` passes.
7. Open as a draft PR if your work is still in progress. The CI won't
run
   all steps, but you can add '[ci]' to a commit message to force it to.
8. If you would like to run the benchmarks on the CI, add the 'ci-bench'
label.
-->
This PR enhances the `deno publish` command to infer dependencies from
`package.json` if present.
2024-02-23 15:56:49 +01:00
Asher Gomez
55fa61abc6
chore(cli): swap CreateHttpClientOptions.{cert,key} descriptions (#22543)
Fixes https://github.com/denoland/deno/pull/22280#discussion_r1499615986
2024-02-23 07:52:23 -07:00
Asher Gomez
0730d749ad
chore: upgrade to actions/setup-python@v5 (#22546)
Removes the following warning on the `wpt_epoch` CI workflow:
```
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/checkout@v3, denoland/setup-deno@v1, actions/setup-python@v4. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
```

Co-authored-by: Matt Mastracci <matthew@mastracci.com>
2024-02-23 07:51:10 -07:00
Satya Rohith
156cfe5c90
fix(ext/node): init arch, pid, platform at startup (#22561) 2024-02-23 14:36:17 +01:00
Divy Srivastava
f49abcc1ac
feat(publish): respect .gitignore during deno publish (#22514)
Files from `.gitignore`, global git config, `.git/info/exclude` and
`deno.json`'s `exclude` are ignored.
2024-02-23 07:56:34 +05:30
Asher Gomez
ae703041b1
chore: remove bench_cron workflow (#22551)
This workflow has been failing for 6 months, so it's likely unneeded.

Closes #22547
2024-02-23 01:04:41 +00:00
Asher Gomez
f7b08cd962
chore: fail properly in web platform test (#22549)
Having `|| true` means that the job always executes with a success code,
even when it really fails. Credit to Bartek for spotting this possible
mistake.

Towards #22257
2024-02-23 00:17:39 +00:00
Matt Mastracci
e8b1925172
chore: Add timeout! macro to test_util (#22539)
Our `itest` macros will occasionally run away and fail ~2 hours later.
This aborts all testcases after 2 minutes.
2024-02-22 14:02:14 -07:00
denobot
118445103b
1.41.0 (#22524)
Bumped versions for 1.41.0

Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-02-22 02:44:05 +01:00
Matt Mastracci
27579f6fcb
chore(io): Add a cross-platform unidirectional pipe implementation (#22522)
Currently useful for `deno test` and internal tests, but could
potentially be exposed at a later time as a `Deno` API.
2024-02-22 01:00:57 +00:00
Bartek Iwańczuk
d29fb911f6
chore: update Deno version in workflows (#22523) 2024-02-22 00:42:21 +00:00
Bartek Iwańczuk
197d2480bb
fix(compile): respect compiler options for emit (#22521)
`deno compile` was ignoring configuration file and thus not applying
`compilerOptions` to influence the way files were emitted.
2024-02-21 23:03:11 +00:00
David Sherret
190776f30d
perf: linter lsp memory leak fix and deno_graph executor (#22519)
Updates dependent crates which includes an investigation fix by @irbull
in Deno's LSP when linting code. Huge thanks to Ian for tracking down
this issue.

Also includes Divy's deno_graph executor change, which reduces memory
usage when loading jsr specifiers and makes them faster.

Co-authored-by: irbull <irbull@users.noreply.github.com>
Co-authored-by: littledivy <littledivy@users.noreply.github.com>
2024-02-21 21:58:37 +00:00
Matt Mastracci
76ebf567e2
fix(ext/fs): make errors in tempfile creation clearer (#22498)
When using a prefix or suffix containing an invalid filename character,
it's not entirely clear where the errors come from. We make these errors
more consistent across platforms.

In addition, all permission prompts for tempfile and tempdir were
printing the same API name.

We also take the opportunity to make the tempfile random space larger by
2x (using a base32-encoded u64 rather than a hex-encoded u32).
2024-02-21 20:11:04 +00:00
David Sherret
a2c1cc5a1a
fix(publish): better no-slow-types type discovery (#22517) 2024-02-21 14:12:36 -05:00
Matt Mastracci
8aa529f1b8
chore(cli): fix part of flaky test (#22515) 2024-02-21 19:10:51 +00:00
Bartek Iwańczuk
bd66080217
chore: upgrade deno_core and V8 (#22505)
Co-authored-by: Divy Srivastava <dj.srivastava23@gmail.com>
2024-02-21 17:31:18 +00:00
Bartek Iwańczuk
5020705011
chore: bump deno_lint to 0.57.0 (#22513) 2024-02-21 10:43:49 -05:00
David Sherret
9166d8a4e9
feat(publish): type check on publish (#22506)
Supersedes #22501 and also fixes that issue.
2024-02-21 08:35:25 -05:00
Satya Rohith
061ee9d38c
fix(ext/node): pass alpnProtocols to Deno.startTls (#22512) 2024-02-21 18:13:01 +05:30
Divy Srivastava
c75c9a0727
perf: strip denort on unix (#22426)
denort are release binaries for `deno compile`. Stripping debuginfo and
symbols lets us ship a smaller binary. The same source can be run under
`deno` CLI to get the proper Rust backtrace.

stripped denort is 55MB on macOS.
2024-02-21 17:45:50 +05:30
David Sherret
6592a92c20
fix(node/test): disable Deno test sanitizers (#22480)
Closes #22473
2024-02-20 23:22:07 -05:00
Nayeem Rahman
e32c704970
feat(lsp): auto-import completions for jsr specifiers (#22462) 2024-02-21 02:45:00 +00:00
Bartek Iwańczuk
77b90f408c
Revert "fix(console): support NO_COLOR and colors option in all scena… (#22507)
…rios (#21910)"

This reverts commit bd1358efab.

This change caused https://github.com/denoland/deno/issues/22496 and
https://github.com/denoland/deno/issues/22445
2024-02-21 00:17:50 +00:00
Asher Gomez
ca8bc7ece8
fix(ext/node): permission prompt for missing process.env permissions (#22487)
Closes #18665
Closes #20213
2024-02-20 16:40:32 -05:00
David Sherret
f90889e5ee
perf(jsr): fast check cache and lazy fast check graph (#22485) 2024-02-20 21:29:57 +00:00
David Sherret
dbc4a4d632
chore: fix flaky lsp_vendor_dir (#22483)
I think it was occassionally reading the diagnostics from the previous
cache command rather than the config update.

Closes #22481
2024-02-20 13:39:03 -05:00
Luca Casonato
4201f17936
fix(lsp): add schema for JSR related config options (#22497) 2024-02-20 13:49:24 +00:00