1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-01-24 16:08:03 -05:00
Commit graph

724 commits

Author SHA1 Message Date
Bartek Iwańczuk
c9b2139b1e
Revert "fix(publish): error if there are uncommitted changes (#22613)" (#22625)
This reverts commit c2c4e745a5.
2024-02-28 21:35:02 +00:00
David Sherret
918c5e648f
fix(jsr): do not allow importing a non-JSR url via unanalyzable dynamic import from JSR (#22623)
A security feature of JSR is that it is self contained other than npm
dependencies. At publish time, the registry rejects packages that write
code like this:

```ts
const data = await import("https://example.com/evil.js");
```

However, this can be trivially bypassed by writing code that the
registry cannot statically analyze for. This PR prevents Deno from
loading dynamic imports that do this.
2024-02-28 16:30:45 -05:00
Matt Mastracci
a3f982c1d5
chore(cli): rename --trace-ops to --trace-leaks (#22598)
As we add tracing to more types of runtime activity, `--trace-ops` is
less useful of a name. `--trace-leaks` better reflects that this feature
traces both ops and timers, and will eventually trace resource opening
as well.

This keeps `--trace-ops` as an alias for `--trace-leaks`, but prints a
warning to the console suggesting migration to `--trace-leaks`.

One test continues to use `--trace-ops` to test the deprecation warning.

---------

Signed-off-by: Matt Mastracci <matthew@mastracci.com>
2024-02-28 09:12:43 -07:00
Bartek Iwańczuk
c2c4e745a5
fix(publish): error if there are uncommitted changes (#22613)
Closes https://github.com/denoland/deno/issues/22330
2024-02-28 10:21:12 +01:00
Matt Mastracci
96cfe82664
perf(cli): reduce overhead in test registration (#22552)
- Removes the origin call, since all origins are the same for an isolate
(ie: the main module)
- Collects the `TestDescription`s and sends them all at the same time
inside of an Arc, allowing us to (later on) re-use these instead of
cloning.

Needs a follow-up pass to remove all the cloning, but that's a thread
that is pretty long to pull

---------

Signed-off-by: Matt Mastracci <matthew@mastracci.com>
2024-02-27 20:30:17 -07:00
Divy Srivastava
9b5d2f8c1b
feat(publish): provenance attestation (#22573)
Supply chain security for JSR.

```
$ deno publish --provenance

Successfully published @divy/test_provenance@0.0.3
Provenance transparency log available at https://search.sigstore.dev/?logIndex=73657418
```

0. Package has been published.
1. Fetches the version manifest and verifies it's matching with uploaded
files and exports.
2. Builds the attestation SLSA payload using Github actions env.
3. Creates an ephemeral key pair for signing the github token
(aud=sigstore) and DSSE pre authentication tag.
4. Requests a X.509 signing certificate from Fulcio using the challenge
and ephemeral public key PEM.
5. Prepares a DSSE envelop for Rekor to witness. Posts an intoto entry
to Rekor and gets back the transparency log index.
6. Builds the provenance bundle and posts it to JSR.
2024-02-28 07:58:02 +05:30
David Sherret
e9fe71acb5
fix(unstable): sloppy imports should resolve .d.ts files during types resolution (#22602) 2024-02-27 18:30:21 +00:00
Luca Casonato
8d5c231349
feat(publish): support sloppy imports and bare node built-ins (#22588) 2024-02-27 15:13:16 +00:00
Matt Mastracci
47c2a63d87
chore: bump deno_core (#22596)
Migrations:

 - snapshot code updated
 - runtime stats API tweaks
2024-02-27 08:05:57 -07:00
Bartek Iwańczuk
f1a691274e
feat(publish): discover jsr.json and jsr.jsonc files (#22587)
Closes https://github.com/denoland/deno/issues/22491
2024-02-27 08:27:21 +00:00
Bartek Iwańczuk
eaad94687b
test(publish): add a test that checks for .env files (#22590) 2024-02-26 16:01:46 +01:00
David Sherret
6567dc94a9
fix(lsp): import map expansion (#22553) 2024-02-24 00:21:09 -05:00
Satya Rohith
d2ed219dcb
test(ext/node): assert imported argv0 value (#22568) 2024-02-23 17:15:37 +00:00
Satya Rohith
47dee65e4a
fix(ext/node): set correct process.argv0 (#22555) 2024-02-23 17:30:29 +01:00
Marvin Hagemeister
cddefecfff
feat: infer dependencies from package.json (#22563)
<!--
Before submitting a PR, please read
https://docs.deno.com/runtime/manual/references/contributing

1. Give the PR a descriptive title.

  Examples of good title:
    - fix(std/http): Fix race condition in server
    - docs(console): Update docstrings
    - feat(doc): Handle nested reexports

  Examples of bad title:
    - fix #7123
    - update docs
    - fix bugs

2. Ensure there is a related issue and it is referenced in the PR text.
3. Ensure there are tests that cover the changes.
4. Ensure `cargo test` passes.
5. Ensure `./tools/format.js` passes without changing files.
6. Ensure `./tools/lint.js` passes.
7. Open as a draft PR if your work is still in progress. The CI won't
run
   all steps, but you can add '[ci]' to a commit message to force it to.
8. If you would like to run the benchmarks on the CI, add the 'ci-bench'
label.
-->
This PR enhances the `deno publish` command to infer dependencies from
`package.json` if present.
2024-02-23 15:56:49 +01:00
Satya Rohith
156cfe5c90
fix(ext/node): init arch, pid, platform at startup (#22561) 2024-02-23 14:36:17 +01:00
Divy Srivastava
f49abcc1ac
feat(publish): respect .gitignore during deno publish (#22514)
Files from `.gitignore`, global git config, `.git/info/exclude` and
`deno.json`'s `exclude` are ignored.
2024-02-23 07:56:34 +05:30
Matt Mastracci
e8b1925172
chore: Add timeout! macro to test_util (#22539)
Our `itest` macros will occasionally run away and fail ~2 hours later.
This aborts all testcases after 2 minutes.
2024-02-22 14:02:14 -07:00
Bartek Iwańczuk
197d2480bb
fix(compile): respect compiler options for emit (#22521)
`deno compile` was ignoring configuration file and thus not applying
`compilerOptions` to influence the way files were emitted.
2024-02-21 23:03:11 +00:00
Matt Mastracci
76ebf567e2
fix(ext/fs): make errors in tempfile creation clearer (#22498)
When using a prefix or suffix containing an invalid filename character,
it's not entirely clear where the errors come from. We make these errors
more consistent across platforms.

In addition, all permission prompts for tempfile and tempdir were
printing the same API name.

We also take the opportunity to make the tempfile random space larger by
2x (using a base32-encoded u64 rather than a hex-encoded u32).
2024-02-21 20:11:04 +00:00
David Sherret
a2c1cc5a1a
fix(publish): better no-slow-types type discovery (#22517) 2024-02-21 14:12:36 -05:00
Matt Mastracci
8aa529f1b8
chore(cli): fix part of flaky test (#22515) 2024-02-21 19:10:51 +00:00
David Sherret
9166d8a4e9
feat(publish): type check on publish (#22506)
Supersedes #22501 and also fixes that issue.
2024-02-21 08:35:25 -05:00
Satya Rohith
061ee9d38c
fix(ext/node): pass alpnProtocols to Deno.startTls (#22512) 2024-02-21 18:13:01 +05:30
David Sherret
6592a92c20
fix(node/test): disable Deno test sanitizers (#22480)
Closes #22473
2024-02-20 23:22:07 -05:00
Nayeem Rahman
e32c704970
feat(lsp): auto-import completions for jsr specifiers (#22462) 2024-02-21 02:45:00 +00:00
Bartek Iwańczuk
77b90f408c
Revert "fix(console): support NO_COLOR and colors option in all scena… (#22507)
…rios (#21910)"

This reverts commit bd1358efab.

This change caused https://github.com/denoland/deno/issues/22496 and
https://github.com/denoland/deno/issues/22445
2024-02-21 00:17:50 +00:00
Asher Gomez
ca8bc7ece8
fix(ext/node): permission prompt for missing process.env permissions (#22487)
Closes #18665
Closes #20213
2024-02-20 16:40:32 -05:00
David Sherret
f90889e5ee
perf(jsr): fast check cache and lazy fast check graph (#22485) 2024-02-20 21:29:57 +00:00
David Sherret
dbc4a4d632
chore: fix flaky lsp_vendor_dir (#22483)
I think it was occassionally reading the diagnostics from the previous
cache command rather than the config update.

Closes #22481
2024-02-20 13:39:03 -05:00
Luca Casonato
54a3eb585d
fix(publish): print files that will be published (#22495) 2024-02-20 13:30:34 +01:00
David Sherret
66424032a2
feat(unstable/lint): no-slow-types for JSR packages (#22430)
1. Renames zap/fast-check to instead be a `no-slow-types` lint rule.
1. This lint rule is automatically run when doing `deno lint` for
packages (deno.json files with a name, version, and exports field)
1. This lint rules still occurs on publish. It can be skipped by running
with `--no-slow-types`
2024-02-19 15:28:41 +00:00
Asher Gomez
2b279ad630
chore: move test_util to tests/util/server (#22444)
As discussed with @mmastrac.

---------

Signed-off-by: Asher Gomez <ashersaupingomez@gmail.com>
Co-authored-by: Matt Mastracci <matthew@mastracci.com>
2024-02-19 06:34:24 -07:00
Luca Casonato
15c64365a2
fix: write lockfile in deno info (#22272) 2024-02-19 13:02:40 +01:00
Matt Mastracci
7e6b942312
feat(core): highlight unprintable chars in permission prompts (#22468)
If we strip out unprintable chars, we don't see the full filename being
requested by permission prompts. Instead, we highlight and escape them
to make them visible.
2024-02-19 04:51:06 +00:00
Asher Gomez
9a43a2b495
feat: Deno.ConnectTlsOptions.{cert,key} (#22274)
Towards #22197
2024-02-18 07:30:58 -07:00
Javier Hernández
3c7057d583
fix: util.parseArgs() missing node:process import (#22405)
fix parseArgs() not working due to missing import of node:process

this commit fixes issue #22363
2024-02-18 07:30:27 -07:00
Asher Gomez
c1fac11dfa
feat(fs): Deno.FsFile.{isTerminal,setRaw}() (#22234)
Closes #22229.

---------

Signed-off-by: Asher Gomez <ashersaupingomez@gmail.com>
2024-02-18 07:27:44 -07:00
Asher Gomez
3a243c8272
BREAKING: add Deno.CreateHttpClientOptions.{cert,key} (#22280)
This change deprecates
`Deno.CreateHttpClientOptions.{certChain,privateKey}` in favour of
`Deno.CreateHttpClientOptions.{cert,key}`.

Closes #22278

Co-authored-by: Matt Mastracci <matthew@mastracci.com>
2024-02-18 07:26:16 -07:00
Matt Mastracci
67a4231bb6
refactor(cli): move op sanitizer to Rust (#22413)
The format of the sanitizers will change a little bit:

- If multiple async ops leak and traces are on, we repeat the async op
header once per stack trace.
- All leaks are aggregated under a "Leaks detected:" banner as the new
timers are eventually going to be added, and these are neither ops nor
resources.
 - `1 async op` is now `An async op`
- If ops and resources leak, we show both (rather than op leaks masking
resources)

Follow-on to https://github.com/denoland/deno/pull/22226
2024-02-16 21:22:12 +00:00
Matt Mastracci
c92717a1a4
chore(cli): pre-factor the sanitizer tests (#22436)
Moving tests around so that we can make #22413 smaller
2024-02-16 10:49:42 -07:00
Asher Gomez
5596de8081
chore: move test_util/wpt to tests/wpt/suite (#22412)
As discussed with @mmastrac. I'll move `tools/wpt` to `tests/wpt` in a
follow-up PR.

---------

Co-authored-by: Matt Mastracci <matthew@mastracci.com>
2024-02-16 03:32:28 +00:00
David Sherret
4f80d83774
feat(unstable): single checksum per JSR package in the lockfile (#22421)
This changes the lockfile to not store JSR specifiers in the "remote"
section. Instead a single JSR integrity is stored per package in the
lockfile, which is a hash of the version's `x.x.x_meta.json` file, which
contains hashes for every file in the package. The hashes in this file
are then compared against when loading.

Additionally, when using `{ "vendor": true }` in a deno.json, the files
can be modified without causing lockfile errors—the checksum is only
checked when copying into the vendor folder and not afterwards
(eventually we should add this behaviour for non-jsr specifiers as
well). As part of this change, the `vendor` folder creation is not
always automatic in the LSP and running an explicit cache command is
necessary. The code required to track checksums in the LSP would have
been too complex for this PR, so that all goes through deno_graph now.
The vendoring is still automatic when running from the CLI.
2024-02-15 14:49:35 -05:00
Divy Srivastava
b72f0be27c
chore: add DENO_FUTURE env var (#22318)
Closes https://github.com/denoland/deno/issues/22315

```
~> DENO_FUTURE=1 target/debug/deno

> globalThis.window
undefined
```
2024-02-15 04:50:17 +00:00
Nayeem Rahman
1ad754b412
feat(lsp): jsr support with cache probing (#22418) 2024-02-14 22:48:39 +00:00
Leo Kettmeir
b5d122de32
feat(publish): allow passing config flag (#22416) 2024-02-14 17:13:07 +00:00
Matt Mastracci
e23fc6d88c
chore: deno_core bump (#22407)
- Adding `None` flag for warmup script.
 - Modify opcall trace interface to match new Rust implementation
2024-02-13 19:44:37 -07:00
Florian Schwalm
082f8128b8
fix(ext/web): Prevent (De-)CompressionStream resource leak on stream cancellation (#21199)
Based on #21074 and #20741 I was looking for further potential use cases
of `TransformStream` `cancel()` method, so here go `CompressionStream`
and `DecompressionStream`.

Fixes #14212
2024-02-13 21:45:23 +00:00
Asher Gomez
6be389ce29
chore: move test_util/std to tests/util/std (#22402)
Note: tests are not the only part of the codebase that uses `std`. Other
parts, like `tools/`, do too. So, it could be argued that this is a
little misleading. Either way, I'm doing this as discussed with
@mmastrac.
2024-02-13 09:22:49 -07:00
Asher Gomez
92f6188253
chore: use @std import instead of @test_util/std (#22398)
This PR:
1. Replaces `@test_util/std`-prefixed imports with `@std`.
2. Adds `@std/` import map entries to a few `deno.json` files.
2024-02-13 02:05:10 +00:00