1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-12-22 23:34:47 -05:00
denoland-deno/cli/Cargo.toml
Divy Srivastava 9b5d2f8c1b
feat(publish): provenance attestation (#22573)
Supply chain security for JSR.

```
$ deno publish --provenance

Successfully published @divy/test_provenance@0.0.3
Provenance transparency log available at https://search.sigstore.dev/?logIndex=73657418
```

0. Package has been published.
1. Fetches the version manifest and verifies it's matching with uploaded
files and exports.
2. Builds the attestation SLSA payload using Github actions env.
3. Creates an ephemeral key pair for signing the github token
(aud=sigstore) and DSSE pre authentication tag.
4. Requests a X.509 signing certificate from Fulcio using the challenge
and ephemeral public key PEM.
5. Prepares a DSSE envelop for Rekor to witness. Posts an intoto entry
to Rekor and gets back the transparency log index.
6. Builds the provenance bundle and posts it to JSR.
2024-02-28 07:58:02 +05:30

173 lines
5.1 KiB
TOML

# Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.
[package]
name = "deno"
version = "1.41.0"
authors.workspace = true
default-run = "deno"
edition.workspace = true
license.workspace = true
repository.workspace = true
description = "Provides the deno executable"
[[bin]]
name = "deno"
path = "main.rs"
doc = false
[[bin]]
name = "denort"
path = "mainrt.rs"
doc = false
[[test]]
name = "integration"
path = "integration_tests_runner.rs"
harness = false
[[bench]]
name = "deno_bench"
harness = false
path = "./bench/main.rs"
[[bench]]
name = "lsp_bench_standalone"
harness = false
path = "./bench/lsp_bench_standalone.rs"
[features]
default = ["upgrade", "__vendored_zlib_ng"]
# A feature that enables the upgrade subcommand and the background check for
# available updates (of deno binary). This is typically disabled for (Linux)
# distribution packages.
upgrade = []
# A dev feature to disable creations and loading of snapshots in favor of
# loading JS sources at runtime.
__runtime_js_sources = ["deno_runtime/__runtime_js_sources"]
# Vendor zlib as zlib-ng
__vendored_zlib_ng = ["flate2/zlib-ng-compat", "libz-sys/zlib-ng"]
[build-dependencies]
deno_runtime = { workspace = true, features = ["include_js_files_for_snapshotting", "only_snapshotted_js_sources"] }
deno_core = { workspace = true, features = ["include_js_files_for_snapshotting"] }
lazy-regex.workspace = true
serde.workspace = true
serde_json.workspace = true
zstd.workspace = true
glibc_version = "0.1.2"
flate2 = { workspace = true, features = ["default"] }
[target.'cfg(windows)'.build-dependencies]
winapi.workspace = true
winres.workspace = true
[dependencies]
deno_ast = { workspace = true, features = ["bundler", "cjs", "codegen", "proposal", "react", "sourcemap", "transforms", "typescript", "view", "visit"] }
deno_cache_dir = { workspace = true }
deno_config = "=0.12.0"
deno_core = { workspace = true, features = ["include_js_files_for_snapshotting"] }
deno_doc = { version = "=0.113.1", features = ["html"] }
deno_emit = "=0.38.2"
deno_graph = { version = "=0.69.5", features = ["tokio_executor"] }
deno_lint = { version = "=0.57.1", features = ["docs"] }
deno_lockfile.workspace = true
deno_npm = "=0.17.0"
deno_runtime = { workspace = true, features = ["include_js_files_for_snapshotting"] }
deno_semver = "=0.5.4"
deno_task_shell = "=0.14.3"
deno_terminal.workspace = true
eszip = "=0.64.2"
napi_sym.workspace = true
async-trait.workspace = true
base32.workspace = true
base64.workspace = true
bincode = "=1.3.3"
bytes.workspace = true
cache_control.workspace = true
chrono.workspace = true
clap = { version = "=4.4.17", features = ["env", "string"] }
clap_complete = "=4.4.7"
clap_complete_fig = "=4.4.2"
color-print = "0.3.5"
console_static_text.workspace = true
dashmap = "5.5.3"
data-encoding.workspace = true
dissimilar = "=1.0.4"
dotenvy = "0.15.7"
dprint-plugin-json = "=0.19.2"
dprint-plugin-jupyter = "=0.1.3"
dprint-plugin-markdown = "=0.16.4"
dprint-plugin-typescript = "=0.89.3"
env_logger = "=0.10.0"
fancy-regex = "=0.10.0"
# If you disable the default __vendored_zlib_ng feature above, you _must_ be able to link against `-lz`.
flate2.workspace = true
fs3.workspace = true
glob = "0.3.1"
hex.workspace = true
ignore = "0.4"
import_map = { version = "=0.19.0", features = ["ext"] }
indexmap.workspace = true
jsonc-parser = { version = "=0.23.0", features = ["serde"] }
lazy-regex.workspace = true
libc.workspace = true
libz-sys.workspace = true
log = { workspace = true, features = ["serde"] }
lsp-types.workspace = true
monch.workspace = true
notify.workspace = true
once_cell.workspace = true
open = "5.0.1"
os_pipe.workspace = true
p256.workspace = true
percent-encoding.workspace = true
phf.workspace = true
pin-project.workspace = true
quick-junit = "^0.3.5"
rand = { workspace = true, features = ["small_rng"] }
regex.workspace = true
reqwest.workspace = true
ring.workspace = true
rustyline.workspace = true
rustyline-derive = "=0.7.0"
serde.workspace = true
serde_repr.workspace = true
sha2.workspace = true
shell-escape = "=0.1.5"
spki = { version = "0.7", features = ["pem"] }
tar.workspace = true
tempfile.workspace = true
text-size = "=1.1.0"
text_lines = "=0.6.0"
thiserror.workspace = true
tokio.workspace = true
tokio-util.workspace = true
tower-lsp.workspace = true
twox-hash = "=1.6.3"
typed-arena = "=2.0.1"
unicode-width = "0.1"
uuid = { workspace = true, features = ["serde"] }
walkdir = "=2.3.2"
zeromq = { version = "=0.3.4", default-features = false, features = ["tcp-transport", "tokio-runtime"] }
zstd.workspace = true
[target.'cfg(windows)'.dependencies]
fwdansi.workspace = true
junction = "=0.2.0"
winapi = { workspace = true, features = ["knownfolders", "mswsock", "objbase", "shlobj", "tlhelp32", "winbase", "winerror", "winsock2"] }
[target.'cfg(unix)'.dependencies]
nix.workspace = true
[dev-dependencies]
deno_bench_util.workspace = true
pretty_assertions.workspace = true
test_util.workspace = true
[package.metadata.winres]
# This section defines the metadata that appears in the deno.exe PE header.
OriginalFilename = "deno.exe"
LegalCopyright = "© Deno contributors & Deno Land Inc. MIT licensed."
ProductName = "Deno"
FileDescription = "Deno: A secure runtime for JavaScript and TypeScript"