mirror of
https://github.com/denoland/deno.git
synced 2024-12-11 18:17:48 -05:00
5504acea67
This replaces `--allow-net` for import permissions and makes the security sandbox stricter by also checking permissions for statically analyzable imports. By default, this has a value of `--allow-import=deno.land:443,jsr.io:443,esm.sh:443,raw.githubusercontent.com:443,gist.githubusercontent.com:443`, but that can be overridden by providing a different set of hosts. Additionally, when no value is provided, import permissions are inferred from the CLI arguments so the following works because `fresh.deno.dev:443` will be added to the list of allowed imports: ```ts deno run -A -r https://fresh.deno.dev ``` --------- Co-authored-by: David Sherret <dsherret@gmail.com>
19 lines
770 B
Text
19 lines
770 B
Text
Checking for slow types in the public API...
|
|
error[invalid-external-import]: invalid import to a non-JSR 'https' specifier
|
|
--> [WILDLINE]deps.ts:1:15
|
|
|
|
|
1 | export * from "https://deno.land/std/assert/assert.ts";
|
|
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ the specifier
|
|
|
|
|
= hint: replace this import with one from jsr or npm, or vendor the dependency into your package
|
|
|
|
|
1 | "jsr:@std/assert@1/assert"
|
|
| -------------------------- try this specifier
|
|
|
|
|
|
|
info: the import was resolved to 'https://deno.land/std/assert/assert.ts'
|
|
info: this specifier is not allowed to be imported on jsr
|
|
info: jsr only supports importing `jsr:`, `npm:`, and `data:` specifiers
|
|
docs: https://jsr.io/go/invalid-external-import
|
|
|
|
error: Found 1 problem
|