| Age | Commit message (Collapse) | Author |
|---|
|
Use the [scopeguard](https://docs.rs/scopeguard/) defer macro to run
cleanup code for `new_slab_future`.
This means it can be a single async function, avoiding the need to
create a struct and implement `PinnedDrop`
Async cleanup in Rust is awkward because async functions may be
cancelled at any await point when their Future is dropped.
The scopeguard approach comes from the following articles:
* [How to think about `async`/`await` in
Rust](http://cliffle.com/blog/async-inversion/)
* [Async Cancellation
I](https://blog.yoshuawuyts.com/async-cancellation-1/) (Reddit
[discussion](https://www.reddit.com/r/rust/comments/qrhg39/blog_post_async_cancellation/))
|
|
|
|
```
Updating aes-gcm v0.10.2 -> v0.10.3
Updating aho-corasick v1.1.0 -> v1.1.1
Updating curve25519-dalek v4.1.0 -> v4.1.1
Updating deno_core v0.214.0 -> v0.215.0
Updating deno_ops v0.90.0 -> v0.91.0
Updating deno_unsync v0.2.1 -> v0.3.0
Updating md-5 v0.10.5 -> v0.10.6
Updating rustix v0.38.13 -> v0.38.14
Updating rustls-webpki v0.101.5 -> v0.101.6
Updating serde_v8 v0.123.0 -> v0.124.0
Updating sha1 v0.10.5 -> v0.10.6
Updating smallvec v1.11.0 -> v1.11.1
Updating tokio-util v0.7.8 -> v0.7.9
Updating v8 v0.76.0 -> v0.77.0
Updating winapi-util v0.1.5 -> v0.1.6
```
|
|
Bumps [aes-gcm](https://github.com/RustCrypto/AEADs) from 0.10.2 to
0.10.3.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/RustCrypto/AEADs/commit/7e82b01cd4901f6a35b5153536f11b87f5e4e622"><code>7e82b01</code></a>
aes-gcm v0.10.3 (<a
href="https://redirect.github.com/RustCrypto/AEADs/issues/552">#552</a>)</li>
<li><a
href="https://github.com/RustCrypto/AEADs/commit/b587b27270cc300d39c496a1ab06be80d72ac107"><code>b587b27</code></a>
aes-gcm: avoid exposing plaintext on tag verification failure (<a
href="https://redirect.github.com/RustCrypto/AEADs/issues/551">#551</a>)</li>
<li><a
href="https://github.com/RustCrypto/AEADs/commit/2209bcaa9edc65e9a60498e7ece5b50e66f32ebf"><code>2209bca</code></a>
build(deps): bump actions/checkout from 3 to 4 (<a
href="https://redirect.github.com/RustCrypto/AEADs/issues/548">#548</a>)</li>
<li><a
href="https://github.com/RustCrypto/AEADs/commit/035ec25362886735a0f44098f85ba0501a9b4038"><code>035ec25</code></a>
build(deps): bump ascon from 0.3.1 to 0.4.0 (<a
href="https://redirect.github.com/RustCrypto/AEADs/issues/545">#545</a>)</li>
<li><a
href="https://github.com/RustCrypto/AEADs/commit/e94ba5ab9fb2c7f3a18c92fb9dc8df14ac36f06b"><code>e94ba5a</code></a>
xsalsa20poly1305: remove source code (<a
href="https://redirect.github.com/RustCrypto/AEADs/issues/543">#543</a>)</li>
<li><a
href="https://github.com/RustCrypto/AEADs/commit/31240c1285144aeabef3e80eb9a1b4137dc2b43f"><code>31240c1</code></a>
Update Cargo.lock</li>
<li><a
href="https://github.com/RustCrypto/AEADs/commit/40240c4a852df21048830de4eed4782c0fbddaef"><code>40240c4</code></a>
Update Cargo.lock</li>
<li><a
href="https://github.com/RustCrypto/AEADs/commit/be4ea6fd3bcc1c8a5a23974a43e0fc35104d8cba"><code>be4ea6f</code></a>
Update Cargo.lock</li>
<li><a
href="https://github.com/RustCrypto/AEADs/commit/2aef39e90d39c247cc89ccc31628468c9a9f60de"><code>2aef39e</code></a>
Update Clippy version (<a
href="https://redirect.github.com/RustCrypto/AEADs/issues/534">#534</a>)</li>
<li><a
href="https://github.com/RustCrypto/AEADs/commit/50710da0cbd47a4614b6d37119877f206c207e95"><code>50710da</code></a>
Update Cargo.lock</li>
<li>Additional commits viewable in <a
href="https://github.com/RustCrypto/AEADs/compare/aes-gcm-v0.10.2...aes-gcm-v0.10.3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/denoland/deno/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
> 1.72.1 resolves a few regressions introduced in 1.72.0:
> - [Partially revert codegen change, improving
codegen](https://github.com/rust-lang/rust/pull/115236)
> - [rustdoc: Fix self ty params in objects with
lifetimes](https://github.com/rust-lang/rust/pull/115276)
> - [Fix regression in compile
times](https://github.com/rust-lang/rust/pull/114948)
> - Resolve some ICEs in the compiler:
> - [#115215](https://github.com/rust-lang/rust/pull/115215)
> - [#115559](https://github.com/rust-lang/rust/pull/115559)
|
|
Co-authored-by: David Sherret <dsherret@gmail.com>
|
|
|
|
Closes #20554
|
|
Adds an experimental unstable built-in package manager to Deno, but it is
currently not usable because the registry infrastructure hasn't been
setup and it points to a non-existent url by default. The default
registry url can be configured via the `DENO_REGISTRY_URL` environment
variable.
|
|
This commit adds "deno jupyter" subcommand which
provides a Deno kernel for Jupyter notebooks.
The implementation is mostly based on Deno's REPL and
reuses large parts of it (though there's some clean up that
needs to happen in follow up PRs). Not all functionality of
Jupyter kernel is implemented and some message type
are still not implemented (eg. "inspect_request") but
the kernel is fully working and provides all the capatibilities
that the Deno REPL has; including TypeScript transpilation
and npm packages support.
Closes https://github.com/denoland/deno/issues/13016
---------
Co-authored-by: Adam Powers <apowers@ato.ms>
Co-authored-by: Kyle Kelley <rgbkrk@gmail.com>
|
|
This commit improves compatibility of "node:http2" module by polyfilling
"connect" method and "ClientHttp2Session" class. Basic operations like
streaming, header and trailer handling are working correctly.
Refing/unrefing is still a TODO and "npm:grpc-js/grpc" is not yet working
correctly.
---------
Co-authored-by: Matt Mastracci <matthew@mastracci.com>
|
|
Fixes the last dependabot security warning
|
|
|
|
This adds support for `using` and `await using` declarations in
TypeScript only. We need to wait for v8 to support it for this to work
in JS.
|
|
This adds the ability to pattern match unordered lines. For example, the
downloading messages may appear in any order
```
[UNORDERED_START]
Download https://localhost:4546/a.ts
Download https://localhost:4546/b.ts
[UNORDERED_END]
Hello!
```
Additionally, I've made the pattern matching slightly more strict and the output better.
|
|
|
|
Bump deno_core, pulling in new rusty_v8. Requires some op2/deprecation
fixes.
|
|
This PR implements a graceful shutdown API for Deno.serve, allowing all
current connections to drain from the server before shutting down, while
preventing new connections from being started or new transactions on
existing connections from being created.
We split the cancellation handle into two parts: a listener handle, and
a connection handle. A graceful shutdown cancels the listener only,
while allowing the connections to drain. The connection handle aborts
all futures. If the listener handle is cancelled, we put the connections
into graceful shutdown mode, which disables keep-alive on http/1.1 and
uses http/2 mechanisms for http/2 connections.
In addition, we now guarantee that all connections are complete or
cancelled, and all resources are cleaned up when the server `finished`
promise resolves -- we use a Rust-side server refcount for this.
Performance impact: does not appear to affect basic serving performance
by more than 1% (~126k -> ~125k)
---------
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
|
|
LSP testing APIs now obey the various file inclusion settings:
- Modules shown in the text explorer now respect the `exclude`,
`test.exclude` and `test.include` fields in `deno.json`, as well as
`deno.enablePaths` in VSCode settings.
- Modules with testing code lens now respect the `"exclude"`,
`test.exclude` and `test.include` fields in `deno.json`. Code lens
already respects `deno.enablePaths`.
|
|
This allows us to opt in to extremely detailed tracing from dependency
libraries, like so:
```
cargo run --features tracing/log,tracing/max_level_trace -- test --log-level=trace -A --unstable ./cli/tests/unit/serve_test.ts
```
It will not impact normal operation as it requires the
`tracing/max_level_trace` and `tracing/log` to be active.
Note that tracing is already a dependency -- this just makes it a direct
dep of cli so we can access its features more easily.
|
|
Details: https://github.com/denoland/deno_lockfile/pull/8
|
|
Two bug fixes:
* https://github.com/dprint/dprint-plugin-markdown/pull/85
* https://github.com/dprint/dprint-plugin-markdown/pull/84
|
|
|
|
|
|
Adds support for AES-GCM 128/256 bit keys in `node:crypto` and
`setAAD()`, `setAuthTag()` and `getAuthTag()`
Uses https://github.com/littledivy/aead-gcm-stream
Fixes https://github.com/denoland/deno/issues/19836
https://github.com/denoland/deno/issues/20353
|
|
|
|
|
|
Co-authored-by: denobot <33910674+denobot@users.noreply.github.com>
|
|
|
|
rusty_v8 -> "0.75.1"
|
|
queries (#14130)
Closes #14122.
Adds two extensions to `--allow-run` behaviour:
- When `--allow-run=foo` is specified and `foo` is found in the `PATH`
at startup, `RunDescriptor::Path(which("foo"))` is added to the
allowlist alongside `RunDescriptor::Name("foo")`. Currently only the
latter is.
- When run permission for `foo` is queried and `foo` is found in the
`PATH` at runtime, either `RunDescriptor::Path(which("foo"))` or
`RunDescriptor::Name("foo")` would qualify in the allowlist. Currently
only the latter does.
|
|
|
|
language detection (#20310)
|
|
Skipping for a later follow-up:
- base64: #20266
- notify
- indexmap (will require follow-up in upstream projects)
|
|
This removes a webpki version that was showing up as vulnerable to
https://github.com/briansmith/webpki/issues/69.
Needed to upgrade `reqwest` as part of this.
|
|
This fully removes the `atty` crate from deno by bumping `env_logger`
and removing the now-unused `atty` dep for runtime.
|
|
Removes a crate with an outstanding vulnerability.
|
|
Co-authored-by: Matt Mastracci <matthew@mastracci.com>
|
|
Bumps [trust-dns-server](https://github.com/bluejekyll/trust-dns) from
0.22.0 to 0.22.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/bluejekyll/trust-dns/releases">trust-dns-server's
releases</a>.</em></p>
<blockquote>
<h2>v0.22.1 - Deny response requests on the server</h2>
<h2>0.22.1</h2>
<h3>Fixed</h3>
<ul>
<li>(server) drop response messages <a
href="https://redirect.github.com/bluejekyll/trust-dns/issues/1952">#1952</a>
by <a href="https://github.com/djc"><code>@djc</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/bluejekyll/trust-dns/blob/main/CHANGELOG.md">trust-dns-server's
changelog</a>.</em></p>
<blockquote>
<h2>0.22.1</h2>
<h3>Fixed</h3>
<ul>
<li>(server) drop response messages <a
href="https://redirect.github.com/bluejekyll/trust-dns/issues/1952">#1952</a>
by <a href="https://github.com/djc"><code>@djc</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/bluejekyll/trust-dns/commit/9f344b54cdd90cd1fe435c603c5b97fb32eda3f2"><code>9f344b5</code></a>
bump server and bin crates to 0.22.1</li>
<li><a
href="https://github.com/bluejekyll/trust-dns/commit/9e6e77293bc75f961695eb95fb23d2a56600de87"><code>9e6e772</code></a>
update CHANGELOG for 0.22.1</li>
<li><a
href="https://github.com/bluejekyll/trust-dns/commit/5f6278154d4ceaec11ae6c1f91222faa7bd43838"><code>5f62781</code></a>
Regenerate the test SSL certificates</li>
<li><a
href="https://github.com/bluejekyll/trust-dns/commit/2fd26031711b00ec0c88aa88044716ffb2f0ef94"><code>2fd2603</code></a>
server: drop response messages</li>
<li>See full diff in <a
href="https://github.com/bluejekyll/trust-dns/compare/v0.22.0...v0.22.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/denoland/deno/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [rustls-webpki](https://github.com/rustls/webpki) from 0.100.1 to
0.100.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rustls/webpki/releases">rustls-webpki's
releases</a>.</em></p>
<blockquote>
<h2>v/0.100.2</h2>
<h2>Release notes</h2>
<ul>
<li>certificate path building and verification is now capped at 100
signature validation operations to avoid the risk of CPU usage
denial-of-service attack when validating crafted certificate chains
producing quadratic runtime. This risk affected both clients, as well as
servers that verified client certificates.</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>v0.100.2 prep by <a
href="https://github.com/cpu"><code>@cpu</code></a> in <a
href="https://redirect.github.com/rustls/webpki/pull/154">rustls/webpki#154</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rustls/webpki/compare/v/0.100.1...v/0.100.2">https://github.com/rustls/webpki/compare/v/0.100.1...v/0.100.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/rustls/webpki/commit/c8b821450be5659be75c2a8ba663fc9fb0f8726c"><code>c8b8214</code></a>
Bump MSRV to 1.60</li>
<li><a
href="https://github.com/rustls/webpki/commit/855752292e97c1caada65e7b53ecc5df010ea88a"><code>8557522</code></a>
Avoid testing MSRV of dev-dependencies</li>
<li><a
href="https://github.com/rustls/webpki/commit/73a7f0c7d7eaaea038d2a1a48c18c47bcb487cc4"><code>73a7f0c</code></a>
Cargo: version 0.100.1 -> 0.100.2</li>
<li><a
href="https://github.com/rustls/webpki/commit/4ea052366f342a06344aab589565179b59b342d3"><code>4ea0523</code></a>
verify_cert: enforce maximum number of signatures.</li>
<li>See full diff in <a
href="https://github.com/rustls/webpki/compare/v/0.100.1...v/0.100.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/denoland/deno/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Moved the configuration file to https://github.com/denoland/deno_config
as we will have to use it in other projects.
|
|
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
|
|
Closes #20229
|
|
This patch adds a `remote` backend for `ext/kv`. This supports
connection to Deno Deploy and potentially other services compatible with
the KV Connect protocol.
|
|
|
|
Fixes this error message:
```
error: missing field `now` at line 32 column 1
```
This would occur if someone used an old version of the deno_cache
library to cache information in the cache then tried to load it with the
latest CLI. Regression in the last patch when migrating to the
deno_cache_dir crate.
|
|
Extracted from fast streams work.
This is a resource wrapper for `ReadableStream`, allowing us to treat
all `ReadableStream` instances as resources, and remove special paths in
both `fetch` and `serve`.
Performance with a ReadableStream response yields ~18% improvement:
```
return new Response(new ReadableStream({
start(controller) {
controller.enqueue(new Uint8Array([104, 101, 108, 108, 111, 32, 119, 111, 114, 108, 100]));
controller.close();
}
})
```
This patch:
```
12:36 $ third_party/prebuilt/mac/wrk http://localhost:8080
Running 10s test @ http://localhost:8080
2 threads and 10 connections
Thread Stats Avg Stdev Max +/- Stdev
Latency 99.96us 100.03us 6.65ms 98.84%
Req/Sec 47.73k 2.43k 51.02k 89.11%
959308 requests in 10.10s, 117.10MB read
Requests/sec: 94978.71
Transfer/sec: 11.59MB
```
main:
```
Running 10s test @ http://localhost:8080
2 threads and 10 connections
Thread Stats Avg Stdev Max +/- Stdev
Latency 163.03us 685.51us 19.73ms 99.27%
Req/Sec 39.50k 3.98k 66.11k 95.52%
789582 requests in 10.10s, 82.83MB read
Requests/sec: 78182.65
Transfer/sec: 8.20MB
```
|
|
Properly handle the `SQLITE_BUSY` error code by retrying the
transaction.
Also wraps database initialization logic in a transaction to protect
against incomplete/concurrent initializations.
Fixes https://github.com/denoland/deno/issues/20116.
|
|
|
|
Co-authored-by: denobot <33910674+denobot@users.noreply.github.com>
Co-authored-by: littledivy <littledivy@users.noreply.github.com>
|
