deno.git - Unnamed repository; edit this file 'description' to name the repository.

Age	Commit message (Collapse)	Author
2024-10-10	fix(unstable/worker): ensure import permissions are passed (#26101)	David Sherret
	We only had integration tests for this and not an integration test. Closes #26074
2024-10-04	Revert "feat: warn when using --allow-run with no allow list" (#26021)	David Sherret
	Although using `--allow-run` without an allow list gives basically no security, I think we should remove this warning because it gets in the way and the only way to disable it is via --quiet.
2024-09-27	fix(flags): --allow-all should conflict with lower permissions (#25909)	David Sherret
	Using `--allow-all` with other `--allow-x` permission flags should cause an error since `--allow-all` is a superset of `--allow-x`. Closes #25901
2024-09-26	fix(doc): surface graph errors as warnings (#25888)	David Sherret

2024-09-26	feat: add `--allow-import` flag (#25469)	Bartek Iwańczuk
	This replaces `--allow-net` for import permissions and makes the security sandbox stricter by also checking permissions for statically analyzable imports. By default, this has a value of `--allow-import=deno.land:443,jsr.io:443,esm.sh:443,raw.githubusercontent.com:443,gist.githubusercontent.com:443`, but that can be overridden by providing a different set of hosts. Additionally, when no value is provided, import permissions are inferred from the CLI arguments so the following works because `fresh.deno.dev:443` will be added to the list of allowed imports: ```ts deno run -A -r https://fresh.deno.dev ``` --------- Co-authored-by: David Sherret <dsherret@gmail.com>
2024-09-18	feat: update warning message for --allow-run with no list (#25693)	Bartek Iwańczuk
	Ref https://github.com/denoland/deno/pull/25215#discussion_r1762064605
2024-09-16	feat: warn when using `--allow-run` with no allow list (#25215)	David Sherret

2024-09-16	refactor(permissions): split up Descriptor into Allow, Deny, and Query (#25508)	David Sherret
	This makes the permission system more versatile.
2024-09-10	feat(cli): use NotCapable error for permission errors (#25431)	Luca Casonato
	Closes #7394 --------- Co-authored-by: snek <snek@deno.com>
2024-09-04	fix(regression): do not expose resolved path in Deno.Command permission ↵	David Sherret
	denied error (#25434) Regression from https://github.com/denoland/deno/pull/25370
2024-09-04	fix: lock down allow-run permissions more (#25370)	David Sherret
	`--allow-run` even with an allow list has essentially been `--allow-all`... this locks it down more. 1. Resolves allow list for `--allow-run=` on startup to an absolute path, then uses these paths when evaluating if a command can execute. Also, adds these paths to `--deny-write` 1. Resolves the environment (cwd and env vars) before evaluating permissions and before executing a command. Then uses this environment to evaluate the permissions and then evaluate the command.
2024-05-10	fix(runtime): Allow opening /dev/fd/XXX for unix (#23743)	Matt Mastracci
	`deno run script.ts <(some command)` is a valid use case -- let's allow this to work without `--allow-all`. Fixes #23703
2024-05-08	fix(runtime): allow nul device on windows (#23741)	Matt Mastracci
	Fixes [23721](https://github.com/denoland/deno/issues/23721)
2024-05-07	fix(runtime): allow r/w access to /etc without --allow-all (#23718)	Luca Casonato
	This is not a special path that can be used to escalate or bypass Deno permissions, such as `--allow-env`.
2024-05-01	chore(cli): add permission test (#23633)	Matt Mastracci