mirror of
https://github.com/denoland/deno.git
synced 2024-12-22 23:34:47 -05:00
9b5d2f8c1b
Supply chain security for JSR. ``` $ deno publish --provenance Successfully published @divy/test_provenance@0.0.3 Provenance transparency log available at https://search.sigstore.dev/?logIndex=73657418 ``` 0. Package has been published. 1. Fetches the version manifest and verifies it's matching with uploaded files and exports. 2. Builds the attestation SLSA payload using Github actions env. 3. Creates an ephemeral key pair for signing the github token (aud=sigstore) and DSSE pre authentication tag. 4. Requests a X.509 signing certificate from Fulcio using the challenge and ephemeral public key PEM. 5. Prepares a DSSE envelop for Rekor to witness. Posts an intoto entry to Rekor and gets back the transparency log index. 6. Builds the provenance bundle and posts it to JSR.
173 lines
5.1 KiB
TOML
173 lines
5.1 KiB
TOML
# Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.
|
|
|
|
[package]
|
|
name = "deno"
|
|
version = "1.41.0"
|
|
authors.workspace = true
|
|
default-run = "deno"
|
|
edition.workspace = true
|
|
license.workspace = true
|
|
repository.workspace = true
|
|
description = "Provides the deno executable"
|
|
|
|
[[bin]]
|
|
name = "deno"
|
|
path = "main.rs"
|
|
doc = false
|
|
|
|
[[bin]]
|
|
name = "denort"
|
|
path = "mainrt.rs"
|
|
doc = false
|
|
|
|
[[test]]
|
|
name = "integration"
|
|
path = "integration_tests_runner.rs"
|
|
harness = false
|
|
|
|
[[bench]]
|
|
name = "deno_bench"
|
|
harness = false
|
|
path = "./bench/main.rs"
|
|
|
|
[[bench]]
|
|
name = "lsp_bench_standalone"
|
|
harness = false
|
|
path = "./bench/lsp_bench_standalone.rs"
|
|
|
|
[features]
|
|
default = ["upgrade", "__vendored_zlib_ng"]
|
|
# A feature that enables the upgrade subcommand and the background check for
|
|
# available updates (of deno binary). This is typically disabled for (Linux)
|
|
# distribution packages.
|
|
upgrade = []
|
|
# A dev feature to disable creations and loading of snapshots in favor of
|
|
# loading JS sources at runtime.
|
|
__runtime_js_sources = ["deno_runtime/__runtime_js_sources"]
|
|
# Vendor zlib as zlib-ng
|
|
__vendored_zlib_ng = ["flate2/zlib-ng-compat", "libz-sys/zlib-ng"]
|
|
|
|
[build-dependencies]
|
|
deno_runtime = { workspace = true, features = ["include_js_files_for_snapshotting", "only_snapshotted_js_sources"] }
|
|
deno_core = { workspace = true, features = ["include_js_files_for_snapshotting"] }
|
|
lazy-regex.workspace = true
|
|
serde.workspace = true
|
|
serde_json.workspace = true
|
|
zstd.workspace = true
|
|
glibc_version = "0.1.2"
|
|
flate2 = { workspace = true, features = ["default"] }
|
|
|
|
[target.'cfg(windows)'.build-dependencies]
|
|
winapi.workspace = true
|
|
winres.workspace = true
|
|
|
|
[dependencies]
|
|
deno_ast = { workspace = true, features = ["bundler", "cjs", "codegen", "proposal", "react", "sourcemap", "transforms", "typescript", "view", "visit"] }
|
|
deno_cache_dir = { workspace = true }
|
|
deno_config = "=0.12.0"
|
|
deno_core = { workspace = true, features = ["include_js_files_for_snapshotting"] }
|
|
deno_doc = { version = "=0.113.1", features = ["html"] }
|
|
deno_emit = "=0.38.2"
|
|
deno_graph = { version = "=0.69.5", features = ["tokio_executor"] }
|
|
deno_lint = { version = "=0.57.1", features = ["docs"] }
|
|
deno_lockfile.workspace = true
|
|
deno_npm = "=0.17.0"
|
|
deno_runtime = { workspace = true, features = ["include_js_files_for_snapshotting"] }
|
|
deno_semver = "=0.5.4"
|
|
deno_task_shell = "=0.14.3"
|
|
deno_terminal.workspace = true
|
|
eszip = "=0.64.2"
|
|
napi_sym.workspace = true
|
|
|
|
async-trait.workspace = true
|
|
base32.workspace = true
|
|
base64.workspace = true
|
|
bincode = "=1.3.3"
|
|
bytes.workspace = true
|
|
cache_control.workspace = true
|
|
chrono.workspace = true
|
|
clap = { version = "=4.4.17", features = ["env", "string"] }
|
|
clap_complete = "=4.4.7"
|
|
clap_complete_fig = "=4.4.2"
|
|
color-print = "0.3.5"
|
|
console_static_text.workspace = true
|
|
dashmap = "5.5.3"
|
|
data-encoding.workspace = true
|
|
dissimilar = "=1.0.4"
|
|
dotenvy = "0.15.7"
|
|
dprint-plugin-json = "=0.19.2"
|
|
dprint-plugin-jupyter = "=0.1.3"
|
|
dprint-plugin-markdown = "=0.16.4"
|
|
dprint-plugin-typescript = "=0.89.3"
|
|
env_logger = "=0.10.0"
|
|
fancy-regex = "=0.10.0"
|
|
# If you disable the default __vendored_zlib_ng feature above, you _must_ be able to link against `-lz`.
|
|
flate2.workspace = true
|
|
fs3.workspace = true
|
|
glob = "0.3.1"
|
|
hex.workspace = true
|
|
ignore = "0.4"
|
|
import_map = { version = "=0.19.0", features = ["ext"] }
|
|
indexmap.workspace = true
|
|
jsonc-parser = { version = "=0.23.0", features = ["serde"] }
|
|
lazy-regex.workspace = true
|
|
libc.workspace = true
|
|
libz-sys.workspace = true
|
|
log = { workspace = true, features = ["serde"] }
|
|
lsp-types.workspace = true
|
|
monch.workspace = true
|
|
notify.workspace = true
|
|
once_cell.workspace = true
|
|
open = "5.0.1"
|
|
os_pipe.workspace = true
|
|
p256.workspace = true
|
|
percent-encoding.workspace = true
|
|
phf.workspace = true
|
|
pin-project.workspace = true
|
|
quick-junit = "^0.3.5"
|
|
rand = { workspace = true, features = ["small_rng"] }
|
|
regex.workspace = true
|
|
reqwest.workspace = true
|
|
ring.workspace = true
|
|
rustyline.workspace = true
|
|
rustyline-derive = "=0.7.0"
|
|
serde.workspace = true
|
|
serde_repr.workspace = true
|
|
sha2.workspace = true
|
|
shell-escape = "=0.1.5"
|
|
spki = { version = "0.7", features = ["pem"] }
|
|
tar.workspace = true
|
|
tempfile.workspace = true
|
|
text-size = "=1.1.0"
|
|
text_lines = "=0.6.0"
|
|
thiserror.workspace = true
|
|
tokio.workspace = true
|
|
tokio-util.workspace = true
|
|
tower-lsp.workspace = true
|
|
twox-hash = "=1.6.3"
|
|
typed-arena = "=2.0.1"
|
|
unicode-width = "0.1"
|
|
uuid = { workspace = true, features = ["serde"] }
|
|
walkdir = "=2.3.2"
|
|
zeromq = { version = "=0.3.4", default-features = false, features = ["tcp-transport", "tokio-runtime"] }
|
|
zstd.workspace = true
|
|
|
|
[target.'cfg(windows)'.dependencies]
|
|
fwdansi.workspace = true
|
|
junction = "=0.2.0"
|
|
winapi = { workspace = true, features = ["knownfolders", "mswsock", "objbase", "shlobj", "tlhelp32", "winbase", "winerror", "winsock2"] }
|
|
|
|
[target.'cfg(unix)'.dependencies]
|
|
nix.workspace = true
|
|
|
|
[dev-dependencies]
|
|
deno_bench_util.workspace = true
|
|
pretty_assertions.workspace = true
|
|
test_util.workspace = true
|
|
|
|
[package.metadata.winres]
|
|
# This section defines the metadata that appears in the deno.exe PE header.
|
|
OriginalFilename = "deno.exe"
|
|
LegalCopyright = "© Deno contributors & Deno Land Inc. MIT licensed."
|
|
ProductName = "Deno"
|
|
FileDescription = "Deno: A secure runtime for JavaScript and TypeScript"
|