v1.13.0

author: Bartek Iwańczuk <biwanczuk@gmail.com> 2021-08-10 16:22:21 +0200
committer: GitHub <noreply@github.com> 2021-08-10 16:22:21 +0200
commit: d82351d67784a2bcb5431ebb233abc727f673152 (patch)
tree: 68b99db16a836e47791c94b62228fb7d79c74b84
parent: 548e4661121b32b2b9bfb0356b2329be91dec738 (diff)
9 files changed, 74 insertions, 10 deletions
diff --git a/Cargo.lock b/Cargo.lock
index 0b16ab840..0154cb152 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -560,7 +560,7 @@ dependencies = [
 
 [[package]]
 name = "deno"
-version = "1.12.2"
+version = "1.13.0"
 dependencies = [
  "atty",
  "base64 0.13.0",
@@ -875,7 +875,7 @@ dependencies = [
 
 [[package]]
 name = "deno_tls"
-version = "0.1.0"
+version = "0.1.1"
 dependencies = [
  "deno_core",
  "lazy_static",
diff --git a/Releases.md b/Releases.md
index 10461e76f..5a2b7bdfe 100644
--- a/Releases.md
+++ b/Releases.md
@@ -6,6 +6,43 @@ https://github.com/denoland/deno/releases
 We also have one-line install commands at:
 https://github.com/denoland/deno_install
 
+### 1.13.0 / 2021.08.10
+
+- BREAKING(unstable): Rename Deno.WebSocketUpgrade::websocket to socket (#11542)
+- feat: Add --unsafely-treat-insecure-origin-as-secure flag to disable SSL
+  verification (#11324)
+- feat: add experimental WebSocketStream API (#10365)
+- feat: FFI API replacing native plugins (#11152)
+- feat: stabilize Deno.serveHttp() (#11544)
+- feat: support AbortSignal in writeFile (#11568)
+- feat: support client certificates for connectTls (#11598)
+- feat: type check codeblocks in Markdown file with "deno test --doc" (#11421)
+- feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys
+  (#11367)
+- feat(extensions/crypto): implement verify() for HMAC (#11387)
+- feat(extensions/tls): Optionally support loading native certs (#11491)
+- feat(extensions/web): add structuredClone function (#11572)
+- feat(fmt): format top-level JSX elements/fragments with parens when multi-line
+  (#11582)
+- feat(lsp): ability to set DENO_DIR via settings (#11527)
+- feat(lsp): implement refactoring code actions (#11555)
+- feat(lsp): support clients which do not support disabled code actions (#11612)
+- feat(repl): add --eval flag for evaluating code when the repl starts (#11590)
+- feat(repl): support exports in the REPL (#11592)
+- feat(runtime): allow URL for permissions (#11578)
+- feat(runtime): implement navigator.hardwareConcurrency (#11448)
+- feat(unstable): clean environmental variables for subprocess (#11571)
+- fix: support windows file specifiers with import maps (#11551)
+- fix: Type `Deno.errors.*` as subclasses of `Error` (#10702)
+- fix(doc): panic on invalid url (#11536)
+- fix(extensions/fetch): Add Origin header to outgoing requests for fetch
+  (#11557)
+- fix(extensions/websocket): allow any close code for server (#11614)
+- fix(lsp): do not output to stderr before exiting the process (#11562)
+
+Release notes for std version 0.104.0:
+https://github.com/denoland/deno_std/releases/tag/0.104.0
+
 ### 1.12.2 / 2021.07.26
 
 - feat(lsp, unstable): add workspace config to status page (#11459)
diff --git a/cli/Cargo.toml b/cli/Cargo.toml
index a314415a6..a7fe7faa4 100644
--- a/cli/Cargo.toml
+++ b/cli/Cargo.toml
@@ -2,7 +2,7 @@
 
 [package]
 name = "deno"
-version = "1.12.2"
+version = "1.13.0"
 authors = ["the Deno authors"]
 default-run = "deno"
 edition = "2018"
diff --git a/cli/tests/deno_land_unsafe_ssl.ts b/cli/tests/deno_land_unsafe_ssl.ts
new file mode 100644
index 000000000..f5e8dcc80
--- /dev/null
+++ b/cli/tests/deno_land_unsafe_ssl.ts
@@ -0,0 +1,2 @@
+const r = await fetch("https://google.com");
+console.log(r.status);
diff --git a/cli/tests/deno_land_unsafe_ssl.ts.out b/cli/tests/deno_land_unsafe_ssl.ts.out
new file mode 100644
index 000000000..5ca4d68e2
--- /dev/null
+++ b/cli/tests/deno_land_unsafe_ssl.ts.out
@@ -0,0 +1,2 @@
+DANGER: TLS ceritificate validation is disabled for: deno.land
+200
diff --git a/cli/tests/integration/mod.rs b/cli/tests/integration/mod.rs
index 392101e54..ee9c195f3 100644
--- a/cli/tests/integration/mod.rs
+++ b/cli/tests/integration/mod.rs
@@ -487,6 +487,20 @@ itest!(cafile_ts_fetch_unsafe_ssl {
   http_server: true,
 });
 
+itest!(deno_land_unsafe_ssl {
+  args:
+    "run --quiet --reload --allow-net --unsafely-ignore-certificate-errors=deno.land deno_land_unsafe_ssl.ts",
+  output: "deno_land_unsafe_ssl.ts.out",
+});
+
+itest!(localhost_unsafe_ssl {
+  args:
+    "run --quiet --reload --allow-net --unsafely-ignore-certificate-errors=deno.land cafile_url_imports.ts",
+  output: "localhost_unsafe_ssl.ts.out",
+  http_server: true,
+  exit_code: 1,
+});
+
 #[test]
 #[ignore]
 fn cafile_env_fetch() {
diff --git a/cli/tests/localhost_unsafe_ssl.ts.out b/cli/tests/localhost_unsafe_ssl.ts.out
new file mode 100644
index 000000000..0bb6d0fb4
--- /dev/null
+++ b/cli/tests/localhost_unsafe_ssl.ts.out
@@ -0,0 +1,3 @@
+DANGER: TLS ceritificate validation is disabled for: deno.land
+error: error sending request for url (https://localhost:5545/cli/tests/subdir/mod2.ts): error trying to connect: invalid certificate: UnknownIssuer
+    at [WILDCARD]tests/cafile_url_imports.ts:1:0
diff --git a/extensions/tls/Cargo.toml b/extensions/tls/Cargo.toml
index 7a723e73b..42060f418 100644
--- a/extensions/tls/Cargo.toml
+++ b/extensions/tls/Cargo.toml
@@ -2,7 +2,7 @@
 
 [package]
 name = "deno_tls"
-version = "0.1.0"
+version = "0.1.1"
 authors = ["the Deno authors"]
 edition = "2018"
 license = "MIT"
diff --git a/extensions/tls/lib.rs b/extensions/tls/lib.rs
index 932f5ba4c..8f56f0ffd 100644
--- a/extensions/tls/lib.rs
+++ b/extensions/tls/lib.rs
@@ -25,6 +25,7 @@ use rustls::ServerCertVerified;
 use rustls::ServerCertVerifier;
 use rustls::StoresClientSessions;
 use rustls::TLSError;
+use rustls::WebPKIVerifier;
 use serde::Deserialize;
 use std::collections::HashMap;
 use std::io::BufReader;
@@ -42,17 +43,22 @@ pub struct NoCertificateVerification(pub Vec<String>);
 impl ServerCertVerifier for NoCertificateVerification {
   fn verify_server_cert(
     &self,
-    _roots: &RootCertStore,
-    _presented_certs: &[Certificate],
-    dns_name: DNSNameRef<'_>,
-    _ocsp: &[u8],
+    roots: &RootCertStore,
+    presented_certs: &[Certificate],
+    dns_name_ref: DNSNameRef<'_>,
+    ocsp: &[u8],
   ) -> Result<ServerCertVerified, TLSError> {
-    let dns_name: &str = dns_name.into();
+    let dns_name: &str = dns_name_ref.into();
     let dns_name: String = dns_name.to_owned();
     if self.0.is_empty() || self.0.contains(&dns_name) {
       Ok(ServerCertVerified::assertion())
     } else {
-      Err(TLSError::General(dns_name))
+      WebPKIVerifier::new().verify_server_cert(
+        roots,
+        presented_certs,
+        dns_name_ref,
+        ocsp,
+      )
     }
   }
author	Bartek Iwańczuk <biwanczuk@gmail.com>	2021-08-10 16:22:21 +0200
committer	GitHub <noreply@github.com>	2021-08-10 16:22:21 +0200
commit	d82351d67784a2bcb5431ebb233abc727f673152 (patch)
tree	68b99db16a836e47791c94b62228fb7d79c74b84
parent	548e4661121b32b2b9bfb0356b2329be91dec738 (diff)