| Age | Commit message (Collapse) | Author |
|---|
|
`deno_kv::KvConfig` (#26798)
A few small changes to avoid needing unsafe mem transmutes to
instantiate the extensions
---------
Signed-off-by: Richard Carson <Rscarson@rogers.com>
|
|
`op_inspector_open` checks for "inspector" as one of the allowed sys
value.
|
|
This is the release commit being forwarded back to main for 2.0.6
Signed-off-by: Divy Srivastava <dj.srivastava23@gmail.com>
Co-authored-by: Divy Srivastava <dj.srivastava23@gmail.com>
|
|
This is the release commit being forwarded back to main for 2.0.5
Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
|
|
|
|
Upgrade to rust 1.82 and LLVM 19 . Removes one webusb test because
`requestAdapter` not working on new ubuntu 24 runners
|
|
Fixes the implementation of `os.userInfo`, and adds a missing
`toPrimitive` for `tmpdir`. This allows us to enable the corresponding
node_compat test.
|
|
This is the release commit being forwarded back to main for 2.0.4
Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
|
|
Forwarding v2.0.3 commit to `main`
Co-authored-by: denobot <33910674+denobot@users.noreply.github.com>
Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
|
|
This is the release commit being forwarded back to main for 2.0.2
Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
|
|
follow-up for #26327
|
|
when defining a custom runtime, it might be useful to define a custom
prompter - for instance when you are not relying on the terminal and
want a GUI prompter instead
|
|
This is the release commit being forwarded back to main for 2.0.1
Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
|
|
|
|
Bumped versions for 2.0.0
Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
|
|
Does less work when requesting permissions with `-A`
|
|
(#25811)
|
|
Testing once again if the crates are being properly released.
---------
Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
|
|
Test run before Deno 2.0 release to make sure that the publishing
process passes correctly.
---------
Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
|
|
Closes https://github.com/denoland/deno/issues/25634
|
|
|
|
This replaces `--allow-net` for import permissions and makes the
security sandbox stricter by also checking permissions for statically
analyzable imports.
By default, this has a value of
`--allow-import=deno.land:443,jsr.io:443,esm.sh:443,raw.githubusercontent.com:443,gist.githubusercontent.com:443`,
but that can be overridden by providing a different set of hosts.
Additionally, when no value is provided, import permissions are inferred
from the CLI arguments so the following works because
`fresh.deno.dev:443` will be added to the list of allowed imports:
```ts
deno run -A -r https://fresh.deno.dev
```
---------
Co-authored-by: David Sherret <dsherret@gmail.com>
|
|
Closes https://github.com/denoland/deno/issues/25760
|
|
Co-authored-by: Bedis Nbiba <bedisnbiba@gmail.com>
|
|
This makes the permission system more versatile.
|
|
Closes #7394
---------
Co-authored-by: snek <snek@deno.com>
|
|
(#25473)
The `.parse()` calls in permission code are only making it more
confusing, verbosity
is encouraged and welcome in this code even at the cost of not being
concise.
Left a couple TODOs to not use `AnyError`.
|
|
denied error (#25434)
Regression from https://github.com/denoland/deno/pull/25370
|
|
This is the release commit being forwarded back to main for 1.46.3
|
|
`--allow-run` even with an allow list has essentially been
`--allow-all`... this locks it down more.
1. Resolves allow list for `--allow-run=` on startup to an absolute
path, then uses these paths when evaluating if a command can execute.
Also, adds these paths to `--deny-write`
1. Resolves the environment (cwd and env vars) before evaluating
permissions and before executing a command. Then uses this environment
to evaluate the permissions and then evaluate the command.
|
|
Remove `--allow-hrtime` and `--deny-hrtime`. We are doing this because
it is already possible to get access to high resolution timers through
workers and SharedArrayBuffer.
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
|
|
This is the release commit being forwarded back to main for 1.46.2
|
|
|
|
Bumped versions for 1.46.0
Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
|
|
Co-authored-by: David Sherret <dsherret@gmail.com>
|
|
|
|
This commit updates permission prompt to add a link
to the documentation for particular flag.
Additionally the box drawings around the prompt have been slightly
altered for better visibility.
<img width="737" alt="Screenshot 2024-08-08 at 12 42 32"
src="https://github.com/user-attachments/assets/6ae748cd-4f29-439d-b0ee-f28f565f211a">
|
|
|
|
Co-authored-by: David Sherret <dsherret@gmail.com>
|
|
This is the release commit being forwarded back to main for 1.45.3
---------
Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
|
|
Co-authored-by: dsherret <dsherret@users.noreply.github.com>
|
|
This is the release commit being forwarded back to main for 1.45.1
Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
|
|
Bumped versions for 1.45.0
---------
Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
|
|
Fixes #24241
* Support "statfs", "username", "getPriority" and "setPriority" kinds
for `--allow-sys`.
* Check individual permissions in `node:os.userInfo()` instead of a
single "userInfo" permission.
* Check for "uid" permission in `node:process.geteuid()` instead of
"geteuid".
* Add missing "homedir" to `SysPermissionDescriptor.kind` union
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
|
|
(preinstall/install/postinstall) (#24487)
Adds support for running npm package lifecycle scripts, opted into via a
new `--allow-scripts` flag.
With this PR, when running `deno cache` (or `DENO_FUTURE=1 deno
install`) you can specify the `--allow-scripts=pkg1,pkg2` flag to run
lifecycle scripts attached to the given packages.
Note at the moment this only works when `nodeModulesDir` is true (using
the local resolver).
When a package with un-run lifecycle scripts is encountered, we emit a
warning suggesting things may not work and to try running lifecycle
scripts. Additionally, if a package script implicitly requires
`node-gyp` and it's not found on the system, we emit a warning.
Extra things in this PR:
- Extracted out bits of `task.rs` into a separate module for reuse
- Added a couple fields to `process.config` in order to support
`node-gyp` (it relies on a few variables being there)
- Drive by fix to downloading new npm packages to test registry
---
TODO:
- [x] validation for allow-scripts args (make sure it looks like an npm
package)
- [x] make allow-scripts matching smarter
- [ ] figure out what issues this closes
---
Review notes:
- This adds a bunch of deps to our test registry due to using
`node-gyp`, so it's pretty noisy
|
|
Also don't panic on invalid domain names and addresses.
Extracted with cleanups up from #24080
Co-authored-by: Yazan AbdAl-Rahman <yazan.abdalrahman@exalt.ps>
|
|
Closes https://github.com/denoland/deno/issues/21260.
Part of https://github.com/denoland/deno/issues/18218.
Implements `node:fs.lchown`, and enables the node_compat test for it.
The test uses `process.getegid`, which we didn't have implemented, so I
went ahead and implemented that as well to get the test working.
|
|
This is the release commit being forwarded back to main for 1.44.4
Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
|
|
This is the release commit being forwarded back to main for 1.44.3
Co-authored-by: bartlomieju <bartlomieju@users.noreply.github.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
|
|
|
