| Age | Commit message (Collapse) | Author |
|---|
|
generation logic (#26885)
|
|
Closes #26545
Shows a hint when a package is installed globally, otherwise fallbacks
to the existing implementation.
|
|
This is slow progress towards creating a `deno_resolver` crate.
Waiting on:
* https://github.com/denoland/deno/pull/25918
* https://github.com/denoland/deno/pull/25916
|
|
This replaces `--allow-net` for import permissions and makes the
security sandbox stricter by also checking permissions for statically
analyzable imports.
By default, this has a value of
`--allow-import=deno.land:443,jsr.io:443,esm.sh:443,raw.githubusercontent.com:443,gist.githubusercontent.com:443`,
but that can be overridden by providing a different set of hosts.
Additionally, when no value is provided, import permissions are inferred
from the CLI arguments so the following works because
`fresh.deno.dev:443` will be added to the list of allowed imports:
```ts
deno run -A -r https://fresh.deno.dev
```
---------
Co-authored-by: David Sherret <dsherret@gmail.com>
|
|
Fixes: #25199
Ensures that for the SLSA provenance document generated on publishing,
`subject` is an array of ResourceDescriptor objects per the in-toto
specification
[requirements](https://github.com/in-toto/attestation/blob/main/spec/v1/statement.md#fields).
---------
Signed-off-by: Bob Callaway <bcallaway@google.com>
|
|
|
|
Fixes #24607.
This PR makes the logic that caches top level dependencies (things
present in import map) smarter, so we handle JSR dependencies without
root exports.
|
|
1. Adds a new "license" field.
1. Adds this field by default when doing `deno init --lib`
|
|
Co-authored-by: Satya Rohith <me@satyarohith.com>
|
|
Before:
<img width="278" alt="Screenshot 2024-08-09 at 3 15 01 PM"
src="https://github.com/user-attachments/assets/91b0ada6-93ee-4be6-a996-078aef98c2a9">
After:
<img width="888" alt="Screenshot 2024-08-09 at 3 52 15 PM"
src="https://github.com/user-attachments/assets/3c88a0e8-c761-4f70-88bf-109355ac12f0">
|
|
|
|
Also fixes the issue where we say a package was successfully published
before it wasn't.
Bug in https://github.com/denoland/deno/pull/24714
|
|
Adds a new `no-sloppy-imports` lint rule and cleans up the lint code.
Closes #22844
Closes https://github.com/denoland/deno_lint/issues/1293
|
|
not in pkg (#24714)
|
|
```
> deno upgrade
error: Unsupported lockfile version 'invalid'. Try upgrading Deno or recreating the lockfile.
V:\scratch
> V:\deno\target\debug\deno upgrade
Looking up latest version
Local deno version 1.45.3 is the most recent release
```
Closes #24517
Closes #20729
|
|
Part of https://github.com/denoland/deno/issues/24676 , but just a
warning for now.
|
|
- Gets rid of WorkspaceMemberContext. It's now `Workspace` and
`WorkspaceDirectory`
- Uses the workspace cache in the lsp
* https://github.com/denoland/deno_config/pull/95
* https://github.com/denoland/deno_config/pull/96
|
|
(#24593)
Originally landed in
https://github.com/denoland/deno/commit/f6fd6619e708a515831f707438368d81b0c9aa56.
Reverted in https://github.com/denoland/deno/pull/24574.
This reland contains a fix that sends "Accept: */*" header for calls made
from "FileFetcher". Absence of this header made downloading source code
from JSR broken. This is tested by ensuring this header is present in the
test server that servers JSR packages.
---------
Co-authored-by: Sean McArthur <sean@seanmonstar.com>
|
|
(#24237)" (#24574)
This reverts commit f6fd6619e708a515831f707438368d81b0c9aa56.
I'm seeing a difference between canary and 1.45.2. In
`deno-docs/reference_gen` I can't download dax when running `deno task
types`
```
~/src/deno-docs/reference_gen# deno upgrade --canary
Looking up latest canary version
Found latest version f6fd6619e708a515831f707438368d81b0c9aa56
Downloading https://dl.deno.land/canary/f6fd6619e708a515831f707438368d81b0c9aa56/deno-aarch64-apple-darwin.zip
Deno is upgrading to version f6fd6619e708a515831f707438368d81b0c9aa56
Archive: /var/folders/9v/kys6gqns6kl8nksyn4l1f9v40000gn/T/.tmpb5lDnq/deno.zip
inflating: deno
Upgraded successfully
~/src/deno-docs/reference_gen# deno -v
deno 1.45.2+f6fd661
~/src/deno-docs/reference_gen# rm -rf /Users/ry/Library/Caches/deno
~/src/deno-docs/reference_gen# deno task types
Task types deno task types:deno && deno task types:node
Task types:deno deno run --allow-read --allow-write --allow-run --allow-env --allow-sys deno-docs.ts
error: JSR package manifest for '@david/dax' failed to load. expected value at line 1 column 1
at file:///Users/ry/src/deno-docs/reference_gen/deno-docs.ts:2:15
~/src/deno-docs/reference_gen# deno upgrade --version 1.45.2
Downloading https://github.com/denoland/deno/releases/download/v1.45.2/deno-aarch64-apple-darwin.zip
Deno is upgrading to version 1.45.2
Archive: /var/folders/9v/kys6gqns6kl8nksyn4l1f9v40000gn/T/.tmp3R7uhF/deno.zip
inflating: deno
Upgraded successfully
~/src/deno-docs/reference_gen# rm -rf /Users/ry/Library/Caches/deno
~/src/deno-docs/reference_gen# deno task types
Task types deno task types:deno && deno task types:node
Task types:deno deno run --allow-read --allow-write --allow-run --allow-env --allow-sys deno-docs.ts
Task types:node deno run --allow-read --allow-write=. --allow-env --allow-sys node-docs.ts
```
|
|
This commit re-implements `ext/fetch` and all dependent crates
using `hyper` and `hyper-util`, instead of `reqwest`.
The reasoning is that we want to have greater control and access
to low level `hyper` APIs when implementing `fetch` API as well
as `node:http` module.
---------
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
|
|
|
|
Closes https://github.com/denoland/deno/issues/24430
|
|
Adds much better support for the unstable Deno workspaces as well as
support for npm workspaces. npm workspaces is still lacking in that we
only install packages into the root node_modules folder. We'll make it
smarter over time in order for it to figure out when to add node_modules
folders within packages.
This includes a breaking change in config file resolution where we stop
searching for config files on the first found package.json unless it's
in a workspace. For the previous behaviour, the root deno.json needs to
be updated to be a workspace by adding `"workspace":
["./path-to-pkg-json-folder-goes-here"]`. See details in
https://github.com/denoland/deno_config/pull/66
Closes #24340
Closes #24159
Closes #24161
Closes #22020
Closes #18546
Closes #16106
Closes #24160
|
|
This also fixes several issues where we weren't properly creating http
clients with the user's settings.
|
|
instead of just `publish` (#23811)
|
|
Closes https://github.com/denoland/deno/issues/23796
|
|
1. Generally we should prefer to use the `log` crate.
2. I very often accidentally commit `eprintln`s.
When we should use `println` or `eprintln`, it's not too bad to be a bit
more verbose and ignore the lint rule.
|
|
Files that were gitignored only were not included in the diagnostic.
|
|
directory (#23173)
|
|
(#23119)
Unused locals and parameters don't make sense to surface in remote
modules. Additionally, fast check can cause these kind of diagnostics
when publishing, so they should be ignored.
Closes #22959
|
|
Closes #22936
|
|
publishing (#22948)
Closes #22657
|
|
exprs (#22849)
Several fixes in deno_graph:
* https://github.com/denoland/deno_graph/pull/411
* https://github.com/denoland/deno_graph/pull/413
* https://github.com/denoland/deno_graph/pull/414
* https://github.com/denoland/deno_graph/pull/415
* https://github.com/denoland/deno_graph/pull/416
* https://github.com/denoland/deno_graph/pull/417
Also created https://github.com/denoland/publish_smoke_tests to help
prevent regressions in the future.
Closes https://github.com/denoland/deno/issues/22829
Closes https://github.com/denoland/deno/issues/22819
Closes https://github.com/denoland/deno/issues/22802
|
|
|
|
Not sure if we should do this, but it's a nice hidden tool that
overwrites the working tree with the fast check output.
|
|
In
https://github.com/denoland/deno/pull/22720/files#diff-d62d85de2a7ffb816cd2fdbaa47e588352f521c7c43d058b75649bbb255e0ae1R70
, I copy and pasted from another area of the code and didn't think about
removing how it ignores the vendor folder by default.
|
|
|
|
Reverted in https://github.com/denoland/deno/pull/22625
|
|
`cli::util::checksum` was showing up on flame graphs because it was
concatenating allocated strings. We can use `faster-hex` to improve it.
|
|
The graph validation errors were displaying cryptically during publish.
This fixes that.
|
|
Fixes https://github.com/denoland/deno/issues/22658
|
|
|
|
|
|
The condition was wrong
|
|
This commit adds "deno add" subcommand that has a basic support for
adding "jsr:" packages to "deno.json" file.
This currently doesn't support "npm:" specifiers and specifying version
constraints.
|
|
|
|
This reverts commit c2c4e745a5db4f2e53aa70bf22b6c828fa1b4040.
|
|
|
|
Closes https://github.com/denoland/deno/issues/22330
|
|
Supply chain security for JSR.
```
$ deno publish --provenance
Successfully published @divy/test_provenance@0.0.3
Provenance transparency log available at https://search.sigstore.dev/?logIndex=73657418
```
0. Package has been published.
1. Fetches the version manifest and verifies it's matching with uploaded
files and exports.
2. Builds the attestation SLSA payload using Github actions env.
3. Creates an ephemeral key pair for signing the github token
(aud=sigstore) and DSSE pre authentication tag.
4. Requests a X.509 signing certificate from Fulcio using the challenge
and ephemeral public key PEM.
5. Prepares a DSSE envelop for Rekor to witness. Posts an intoto entry
to Rekor and gets back the transparency log index.
6. Builds the provenance bundle and posts it to JSR.
|
