Adds a `DENO_PERMISSIONS_AUDIT` env var to set the path for a JSONL
permission audit log, with contains the permission and value.
Additionally this can be combined with `DENO_TRACE_PERMISSIONS`, which
will then include the traces in the audit log too.
Fixes https://github.com/denoland/deno/issues/28903
Closes https://github.com/denoland/deno/issues/26190
- Adds a new option `unsafelyDisableHostnameVerification` to
`Deno.connectTls` and `Deno.startTls` to ignore DNS name mismatch errors
from rustls server verifier.
- Disable hostname verification in Node.js TLSSocket if
`checkServerIdentity` is a no-op.
---------
Signed-off-by: Divy Srivastava <dj.srivastava23@gmail.com>
tunnels now automatically reconnect and migrate. also use `shutdown` in
telemetry instead of `flush` because it times out after 5s, which is
important if the tunnel connection is hanged for some reason.
This commit adds the `DENO_COMPAT` env var, that
when specified enables several features:
- --unstable-bare-node-builtins
- --unstable-detect-cjs
- --unstable-sloppy-imports
With Deno v2.3.x, it is a common situation where these 3 flags have to
specified
to run an existing Node.js project, causing a friction that many users
experience.
The idea is that this env var could be "set and forget" for many people,
that should
provide better DX for running Node.js projects.
It is necessary to note that using this env var _impacts performance_ -
especially startup time.
Follow up to https://github.com/denoland/deno/pull/29586 that
adds a `DENO_NODE_CONDITIONS` env var that allows to
specify conditional exports when the user can't control
CLI flags passed to the command (eg. on Deploy).
Fixes#16899.
Fixes https://github.com/denoland/deno/issues/23524.
Fixes https://github.com/denoland/deno/issues/23938.
Fixes https://github.com/denoland/deno/issues/27869.
Unblocks #5501.
This PR adds support for additional stdio pipes to windows, as well as
the detached option in `node:child_process`. I also ported over the
`kill` implementation for windows, which means we now can support
`kill(0)` as well as some other signals.
This means that playwright will now work on windows.
Now that we have a way to support detached processes on all platforms,
we can also easily add a `detached` option to `Deno.Command`, similar to
`child_process.spawn`.
---
The reason for moving away from `std::process::Command` is that the
standard library doesn't expose what we need to control the file
descriptor table of child processes on windows. The implementation here
is based off of parts of `std` and parts of `libuv`, and allows us to
support passing extra pipes in addition to detached processes on
windows.
todo:
- [ ] cleanup cli, decide what flags we want to commit to
- [x] decide what to do about node addons - (you can mark them external
via `--external`)
- [x] move `esbuild_rs` to the `denoland` org
- [x] figure out the dynamic require issue
- [x] figure out how to test this
- [x] clean up / revert all the random changes
This change configures V8 isolates to respect memory limits imposed by
cgroups on Linux.
It adds support for detecting both cgroups v1 and v2 memory limits,
enabling Deno to properly adapt to containerized environments with
memory constraints. When cgroups information is unavailable or not
applicable, it falls back to using the system's total memory as before.
Closes#29077
## Test
For testing, I created a ubuntu VM with 1Gi memory. Within this VM, set
up a cgroup with 512Mi memory limit, then ran the following script to
see how much heap size limit the V8 isolate had.
```js
import * as v8 from "node:v8";
console.log(v8.getHeapStatistics());
```
### Ubuntu 20.04
In this version of ubuntu, hybrid mode is enabled by default.
```
$ cat /proc/self/cgroup
12:rdma:/
11:blkio:/user.slice
10:devices:/user.slice
9:cpu,cpuacct:/user.slice
8:pids:/user.slice/user-1000.slice/session-3.scope
7:memory:/user.slice/user-1000.slice/session-3.scope
6:perf_event:/
5:freezer:/
4:net_cls,net_prio:/
3:hugetlb:/
2:cpuset:/
1:name=systemd:/user.slice/user-1000.slice/session-3.scope
0::/user.slice/user-1000.slice/session-3.scope
```
Create a new cgroup with 512Mi memory limit and run the above script in
this cgroup:
```
$ sudo cgcreate -g memory:/mygroup
$ sudo cgset -r memory.limit_in_bytes=$((512 * 1024 * 1024)) mygroup
$ sudo cgexec -g memory:mygroup ./deno run main.mjs
{
total_heap_size: 7745536,
total_heap_size_executable: 0,
total_physical_size: 7090176,
total_available_size: 266348216,
used_heap_size: 6276752,
heap_size_limit: 271581184,
malloced_memory: 303200,
peak_malloced_memory: 140456,
does_zap_garbage: 0,
number_of_native_contexts: 1,
number_of_detached_contexts: 0,
total_global_handles_size: 24576,
used_global_handles_size: 22432,
external_memory: 3232012
}
```
This indicates that the isolate was informed of cgroup-constrained
memory limit (512Mi) and hence got ~270M heap limit.
### Ubuntu 22.04
In this version of ubuntu, cgroup v2 is used.
```
$ cat /proc/self/cgroup
0::/user.slice/user-1000.slice/session-3.scope
```
Run the above script using `systemd-run`:
```
$ sudo systemd-run --property=MemoryMax=512M --pty bash -c '/home/ubuntu/deno run /home/ubuntu/main.mjs'
{
total_heap_size: 7745536,
total_heap_size_executable: 0,
total_physical_size: 7090176,
total_available_size: 266348184,
used_heap_size: 6276784,
heap_size_limit: 271581184,
malloced_memory: 303200,
peak_malloced_memory: 140456,
does_zap_garbage: 0,
number_of_native_contexts: 1,
number_of_detached_contexts: 0,
total_global_handles_size: 24576,
used_global_handles_size: 22432,
external_memory: 3232012
}
```
Again the isolate got ~270M heap limit properly.
Note that it should have had bigger heap limit if the entire system
memory, i.e. 1Gi, had been passed to V8. In fact, if we run the same
script outside the cgroup, it does display larger `heap_size_limit` like
below:
```
$ ./deno run main.mjs
{
total_heap_size: 7745536,
total_heap_size_executable: 0,
total_physical_size: 7090176,
total_available_size: 546580152,
used_heap_size: 6276752,
heap_size_limit: 551813120,
malloced_memory: 303200,
peak_malloced_memory: 140456,
does_zap_garbage: 0,
number_of_native_contexts: 1,
number_of_detached_contexts: 0,
total_global_handles_size: 24576,
used_global_handles_size: 22432,
external_memory: 3232012
}
```
---------
Signed-off-by: Yusuke Tanaka <wing0920@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
implement lazy(?) mode. an unconfigured jsruntime is created if
DENO_UNSTABLE_CONTROL_SOCK is present, and later passed into deno_runtime to be
configured and used.
Closes https://github.com/denoland/deno/issues/27229.
TODO:
- [x] Tests
- [x] Make some changes to `deno_cache_dir` so we can get the paths for
the local http cache
- [x] Right now this leaves the node modules setup cache in an incorrect
state (removes the symlinks, but doesn't update the setup cache)
- [ ] ~~Handle code cache and other sqlite caches?~~
This commit adds "deno_features" crate that contains definitions of all
unstable features in Deno.
Based on these definitions, both Rust and JS code is generated ensuring
that the two are always in sync.
In addition some of flag handling was rewritten to use the generated
definitions, instead of hand rolling these flag definitions.
---------
Co-authored-by: snek <snek@deno.com>
#28646
Edit:
Hi apologies for the delayed explanation @marvinhagemeister.
The reason the error message wasn't appearing was due to the
initialization order. The logging system was being initialized after the
telemetry system. This created a problem: if telemetry failed during its
own initialization, the logging system wasn't yet ready to capture and
report the error.
My solution was to simply move the log initialization to occur before
the telemetry initialization. This resolves the issue, ensuring any
telemetry setup errors are correctly logged.
