Towards https://github.com/denoland/deno/issues/18455
`safe`, `add` and `rem` options are not implemented because there is no
rust crate that provides this functionality (except rust-openssl maybe)
and its just not clear if this API is used widely.
- No need to wrap buffer in a `new DataView()`
- Deferred ops are still eagerly polled, but resolved on the next
tick of the event loop, we don't want them to be eagerly polled
- Using "core.opAsync"/"core.opAsync2" incurs additional cost
of looking up these functions on each call. Similarly with "ops.*"
---------
Co-authored-by: Divy Srivastava <dj.srivastava23@gmail.com>
This commit fixes "node:http" API to properly handle "upgrade"
requests and thus marking Vite work again.
This is done by migrating back to "Deno.serve()" and internal
"upgradeHttpRaw" APIs for "node:http" module polyfill.
Hey there! I took a crack at improving these embedded docs [as requested
here](https://github.com/denoland/deno/issues/18685). These should
accurately reflect the functionality of the permission-related flags for
`deno run`.
### Highlights
* Adds human-readable argument string in the format [prescribed in the
docs](https://docs.rs/clap/latest/clap/struct.Arg.html#method.value_name)
* Keeps text description terse, but includes a relevant copy/pasteable
docs link
* Includes example argument usage/formatting
This commit adds `@deprecated` comments to `Deno.run` API declarations.
Since stabilization of `Deno.Command` API in [Deno
v1.31](https://deno.com/blog/v1.31#api-stabilizations), `Deno.Command`
is the preferred (more reliable) API to interact with subprocesses.
This is the preparation for the removal of `Deno.run` API in Deno 2.0.
About 2% improvement on WS/HTTP benchmarks, possibly unlocking more
optimizations in the future.
---------
Co-authored-by: Matt Mastracci <matthew@mastracci.com>
We can make `NodePermissions` rely on interior mutability (which the
`PermissionsContainer` is already doing) in order to not have to clone
everything all the time. This also reduces the chance of an accidental
`borrow` while `borrrow_mut`.
This implements HTTP/2 prior-knowledge connections, allowing clients to
request HTTP/2 over plaintext or TLS-without-ALPN connections. If a
client requests a specific protocol via ALPN (`h2` or `http/1.1`),
however, the protocol is forced and must be used.
We were indeterministically including packages in the top level
`node_modules/` folder when using a local node_modules directory. This
change aligns with pnpm and only includes top level packages in this
folder. This should be faster for initializing the folder, but may
expose issues in packages that reference other packages not defined in
their dependencies. That said, the behaviour previously was previously
broken.
This has exposed a bug in the require implementation where it doesn't
find a package (which is the main underlying issue here). There is a
failing test already for this in the test suite after this change.
Closes #18822
---------
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
Deno does not cover storage explosion attacks from evaluated runtime
code.
I've chosen the following parts for this clarification:
- _Evaluated_ code - storage explosion attacks caused by services in
Deno such as the HTTP server should still be covered.
- Isolated - If the storage explosion attack can happen at arbitrary
different files, it may leave a much more lasting impact on a targeted
host system than on simply the Deno cache.