1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-11-24 15:19:26 -05:00
Commit graph

6764 commits

Author SHA1 Message Date
David Sherret
edac916604
fix(install): surface package.json dependency errors (#26023) 2024-10-04 07:52:00 +00:00
David Sherret
b8a9a4a862
Revert "feat: warn when using --allow-run with no allow list" (#26021)
Although using `--allow-run` without an allow list gives basically no
security, I think we should remove this warning because it gets in the
way and the only way to disable it is via --quiet.
2024-10-04 08:16:35 +01:00
David Sherret
91860b34f5
fix(task): use current executable for deno even when not named deno (#26019)
Closes https://github.com/denoland/deno/issues/26005
2024-10-03 13:07:12 +00:00
David Sherret
ac73b1042b
feat(permissions): allow importing from cdn.jsdelivr.net by default (#26013)
The exploit `--allow-import` is preventing against requires a
compromised host. To make things easier and given its popularity, we're
going to have the default `--allow-import` value include
`cdn.jsdelivr.net:443`, but this can be overridden by replacing the
`--allow-import` value with something else.
2024-10-03 10:05:46 +00:00
Bartek Iwańczuk
c7cba4eda7
v2.0.0-rc.10 (#26002) 2024-10-03 03:24:18 +02:00
Nathan Whitaker
275418473e
fix(install): store tags associated with package in node_modules dir (#26000)
Fixes #25998. Fixes https://github.com/denoland/deno/issues/25928.

Originally I was just going to make this an error message instead of a
panic, but once I got to a minimal repro I felt that this really should
work.

The panic occurs when you have `nodeModulesDir: manual` (or a
package.json present), and you have an npm package with a tag in your
deno.json (see the spec test that illustrates this).

This code path only actually executes when trying to choose an
appropriate package version from `node_modules/.deno`, so we should be
able to fix it by storing some extra data at install time.

The fix proposed here is to repurpose the `.initialized` file that we
store in `node_modules` to store the tags associated with a package.
Basically, if you have a version requirement with a tag (e.g.
`npm:chalk@latest`), when we set up the node_modules folder for that
package, we store the tag (`latest`) in `.initialized`. Then, when doing
BYONM resolution, if we have a version requirement with a tag, we read
that file and check if the tag is present.

The downside is that we do more work when setting up `node_modules`. We
_could_ do this only when BYONM is enabled, but that would have the
downside of needing to re-run `deno install` when you switch from auto
-> manual, though maybe that's not a big deal.
2024-10-02 17:16:46 -07:00
Nathan Whitaker
cb74975ab2
fix(install): compare versions directly to decide whether to create a child node_modules dir for a workspace member (#26001)
Fixes #25861.

Previously we were attempting to match the version requirement against
the version already present in `node_modules` root, and if they didn't
match we would create a node_modules dir in the workspace member's
directory with the dependency.

Aside from the fact that this caused the panic, on second thought it
just doesn't make sense in general. We shouldn't be semver matching, as
resolution has already occurred and decided what package versions are
required. Instead, we can just compare the versions directly.
2024-10-02 15:11:43 -07:00
David Sherret
cac28b5262
feat(byonm): support deno run npm:<package> when package is not in package.json (#25981)
Closes https://github.com/denoland/deno/issues/25905
2024-10-02 21:17:39 +01:00
Nathan Whitaker
bbd4ae1bc1
fix(node): implement libuv APIs needed to support npm:sqlite3 (#25893)
Fixes #24740.

Implements the `uv_mutex_*` and `uv_async_*` APIs.

The mutex API is implemented exactly as libuv, a thin wrapper over the
OS's native mutex.

The async API is implemented in terms of napi_async_work. As documented
in the napi docs, you really shouldn't call `napi_queue_async_work`
multiple times (it is documented as undefined behavior). However, our
implementation doesn't have any issue with this, so I believe it suits
our purpose here.
2024-10-02 10:43:42 -07:00
David Sherret
18beb13f0e
fix(workspace): handle when config has members when specified via --config (#25988)
Closes #25847
2024-10-02 16:20:51 +01:00
David Sherret
ebc8a6169e
fix(no-slow-types): better override handling (#25989)
* https://github.com/denoland/deno_graph/pull/534

Closes https://github.com/denoland/deno/issues/25322
2024-10-02 16:10:49 +01:00
denobot
55c2a88099
chore: release deno_* crates (#25987)
Testing once again if the crates are being properly released.

---------

Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-10-02 14:27:34 +00:00
denobot
2d3e0284d9
chore: release deno_* crates (#25976)
Test run before Deno 2.0 release to make sure that the publishing
process passes correctly.

---------

Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-10-02 14:44:04 +02:00
Nayeem Rahman
3881b71734
feat(lsp): quick fix for @deno-types="npm:@types/*" (#25954) 2024-10-01 22:55:02 +01:00
Bartek Iwańczuk
f930000415
feat: Add suggestion for packages using Node-API addons (#25975)
This commit adds a suggestion with information and hint how
to resolve situation when user tries to run an npm package
with Node-API addons using global cache (which is currently not
supported).

Closes https://github.com/denoland/deno/issues/25974
2024-10-01 21:49:32 +00:00
David Sherret
4c8d57db03
BREAKING: rename "deps" remote cache folder to "remote" (#25969)
Closes https://github.com/denoland/deno/issues/25967
Closes #25968
2024-10-01 14:05:40 -04:00
MujahedSafaa
29104384c4
fix: remove the typo in the help message (#25962)
This PR fixes: https://github.com/denoland/deno/issues/25274

Remove the extra shorthand -S that attached to the --deny-sys.
2024-10-01 13:24:12 +00:00
Bartek Iwańczuk
c487a86b04
fix: Hide 'deno cache' from help output (#25960)
`deno cache` was soft-deprecated in favor of `deno install`. It should
not show up in the help output.
2024-10-01 15:05:21 +02:00
Divy Srivastava
aafe771b55
v2.0.0-rc.9 (#25957) 2024-10-01 16:18:24 +05:30
Bartek Iwańczuk
218a9bf7eb
v2.0.0-rc.8 (#25950) 2024-10-01 01:19:37 +02:00
Leo Kettmeir
7ad14589f9
fix(flags): move some content from docs.deno.com into help output (#25951) 2024-09-30 16:00:54 -07:00
David Sherret
d7b787792c
fix(info): error instead of panic for npm specifiers when using byonm (#25947) 2024-09-30 19:46:43 +00:00
David Sherret
69ab720025
refactor: move ByonmNpmResolver to deno_resolver (#25937)
Some more slow progress on moving all the resolution code into
deno_resolver.
2024-09-30 13:33:32 +00:00
David Sherret
c8f692057b
refactor: bury descriptor parsing in PermissionsContainer (#25936)
Closes https://github.com/denoland/deno/issues/25634
2024-09-30 09:19:24 -04:00
Divy Srivastava
efb413bdaa
fix: update sui to 0.4 (#25942)
Properly apply offset fixup to `LC_DYLD_EXPORTS_TRIE` load commands.
This should fix Node-API symbols not resolving in RC releases.

Fixes https://github.com/denoland/deno/issues/25879
Fixes https://github.com/denoland/deno/issues/25940

Ref
2b3a33bb6e
2024-09-30 17:10:51 +05:30
David Sherret
183130ff31
refactor: cleanup for creating worker structs (#25933) 2024-09-29 20:07:50 -04:00
David Sherret
5faf769ac6
refactor: extract out sloppy imports resolution from CLI crate (#25920)
This is slow progress towards creating a `deno_resolver`  crate.

Waiting on:

* https://github.com/denoland/deno/pull/25918
* https://github.com/denoland/deno/pull/25916
2024-09-28 19:17:48 -04:00
David Sherret
1bb47805d6
refactor: move NpmCacheDir to deno_cache_dir (#25916)
Part of the ongoing work to move more of Deno's resolution out of the
CLI crate (for use in Wasm and other things)

Includes:

* https://github.com/denoland/deno_cache_dir/pull/60
2024-09-28 08:50:16 -04:00
David Sherret
fc739dc5eb
refactor: use deno_path_util (#25918) 2024-09-28 07:55:01 -04:00
Bartek Iwańczuk
b694efb384
v2.0.0-rc.7 (#25907) 2024-09-27 21:37:56 +02:00
Nathan Whitaker
fbddd5a2eb
fix(node): Pass NPM_PROCESS_STATE to subprocesses via temp file instead of env var (#25896)
Fixes https://github.com/denoland/deno/issues/25401. Fixes
https://github.com/denoland/deno/issues/25841. Fixes
https://github.com/denoland/deno/issues/25891.
2024-09-27 12:35:37 -07:00
David Sherret
a8d1ab5276
fix(flags): --allow-all should conflict with lower permissions (#25909)
Using `--allow-all` with other `--allow-x` permission flags should cause
an error since `--allow-all` is a superset of `--allow-x`.

Closes #25901
2024-09-27 16:49:43 +00:00
Luca Casonato
6f0fbceaf2
fix(lint): correctly handle old jsx in linter (#25902)
Previously the CLI was incorrectly reporting `React` as unused in a JSX
file that uses the "old" transform.

The LSP was already handling this correctly.
2024-09-27 14:14:17 +00:00
Bartek Iwańczuk
09a7cc4723
refactor(fmt): rewrite HTML syntax error handling (#25892) 2024-09-26 20:44:36 -04:00
Bartek Iwańczuk
eff64238b6
feat: Don't warn about --allow-script when using esbuild (#25894)
`esbuild` can work fine without needing to run post-install script, so
to make it easier on users (especially people using Vite) we are not prompting to run with
`--allow-scripts` again.

We only do that for version >= 0.18.0 to be sure.
2024-09-26 23:37:49 +00:00
David Sherret
7cccb7422b
fix(info): move "version" field to top of json output (#25890) 2024-09-26 15:57:12 -04:00
Nathan Whitaker
543c687c34
feat(install): warn repeatedly about not-run lifecycle scripts on explicit installs (#25878)
Currently we only warn once. With this PR, we continue to warn about
not-run scripts on explicit `deno install` (or cache). For `run` (or
other subcommands) we only warn the once, as we do currently.
2024-09-26 17:13:33 +00:00
Nathan Whitaker
13c53d9727
fix(installl): make bin entries executable even if not put in node_modules/.bin (#25873)
Fixes https://github.com/denoland/deno/issues/25862.

npm only makes bin entries executable if they get linked into `.bin`, as
we did before this PR. So this PR actually deviates from npm, because
it's the only reasonable way to fix this that I can think of.

---

The reason this was broken in moment is the following:

Moment has dependencies on two typescript versions: 1.8 and 3.1

If you have two packages with conflicting bin entries (i.e. two
typescript versions which both have a bin entry `tsc`), in npm it is
non-deterministic and undefined which one will end up in `.bin`.

npm, due to implementation differences, chooses to put typescript 1.8
into the `.bin` directory, and so `node_modules/typescript/bin/tsc` ends
up getting marked executable. We, however, choose typescript 3.2, and so
we end up making `node_modules/typescript3/bin/tsc` executable.

As part of its tests, moment executes `node_modules/typescript/bin/tsc`.
Because we didn't make it executable, this fails.

Since the conflict resolution is undefined in npm, instead of trying to
match it, I think it makes more sense to just make bin entries
executable even if they aren't chosen in the case of a conflict.
2024-09-26 09:36:25 -07:00
David Sherret
7437f9d944
fix(doc): surface graph errors as warnings (#25888) 2024-09-26 12:31:03 -04:00
David Sherret
b80cf1f5e7
refactor: use ModuleGraph::fill_from_lockfile (#25887) 2024-09-26 14:24:49 +00:00
Leo Kettmeir
9252969780
feat(tools/doc): display subitems in symbol overviews where applicable (#25885)
For https://github.com/denoland/deno_doc/pull/635
2024-09-26 13:08:03 +00:00
Bartek Iwańczuk
6be7d51398
v2.0.0-rc.6 (#25877) 2024-09-26 11:27:44 +02:00
Bartek Iwańczuk
5504acea67
feat: add --allow-import flag (#25469)
This replaces `--allow-net` for import permissions and makes the
security sandbox stricter by also checking permissions for statically
analyzable imports.

By default, this has a value of
`--allow-import=deno.land:443,jsr.io:443,esm.sh:443,raw.githubusercontent.com:443,gist.githubusercontent.com:443`,
but that can be overridden by providing a different set of hosts.

Additionally, when no value is provided, import permissions are inferred
from the CLI arguments so the following works because
`fresh.deno.dev:443` will be added to the list of allowed imports:

```ts
deno run -A -r https://fresh.deno.dev
```

---------

Co-authored-by: David Sherret <dsherret@gmail.com>
2024-09-26 01:50:54 +00:00
Bartek Iwańczuk
05415bb9de
fix(compile): support 'deno compile' in RC and LTS releases (#25875)
This was missed previously. There's no problem support RC and LTS
releases.
2024-09-26 02:40:35 +02:00
David Sherret
8cdb309ffd
fix(check): properly surface dependency errors in types file of js file (#25860)
We weren't surfacing dependency errors in types files of js files.
2024-09-25 09:04:57 -04:00
Nathan Whitaker
5c40b47629
fix(add/install): default to "latest" tag for npm packages in deno add npm:pkg (#25858)
Fixes #25813.

I initially tried doing this in `deno_semver`, where it's a cleaner
change, but that caused breakage in deno in places where we don't expect
a tag (see https://github.com/denoland/deno/issues/25857).

This does not fix wildcard requirements failing to choose pre-release
versions. That's a little more involved and I'll do a separate PR.
2024-09-25 01:10:01 +00:00
Bartek Iwańczuk
6c26c1ed96
feat(fmt): better error on malfored HTML files (#25853)
Improves syntax errors for HTML formatter.

`broken.html`

```html
<div class=container > content 
```

```
$ deno fmt broken.html
Error formatting: /Users/ib/dev/deno/tests/specs/fmt/html/broken.html
   syntax error 'expect close tag' at line 3, column 0
Checked 1 file
```

```
$ ./target/debug/deno fmt broken.html
Error formatting: /Users/ib/dev/deno/tests/specs/fmt/html/broken.html
   Syntax error (expect close tag) at file:///Users/ib/dev/deno/tests/specs/fmt/html/broken.html:3:0

Checked 1 file
```
2024-09-25 01:00:16 +00:00
David Sherret
c4f7b2ac00
fix(check): ignore noImplicitOverrides in remote modules (#25854) 2024-09-24 20:49:44 -04:00
Nathan Whitaker
36ebc03f17
fix(cli): Warn on not-run lifecycle scripts with global cache (#25786)
Refactors the lifecycle scripts code to extract out the common
functionality and then uses that to provide a warning in the global
resolver.

While ideally we would still support them with the global cache, for now
a warning is at least better than the status quo (where people are
unaware why their packages aren't working).
2024-09-24 19:23:57 +00:00
Bartek Iwańczuk
ba5b8d0213
v2.0.0-rc.5 (#25838) 2024-09-24 20:44:08 +02:00