This PR upgrades crates from hickory-dns to version 0.25.2
The main reason to upgrade them is that hickory-resolver has break
change on `Resolver` initialazation APIs and renamed `tokio-runtime`
feature to `tokio`, which breaks dependency resolving with recent crates
when embedding deno.
Adds a `DENO_PERMISSIONS_AUDIT` env var to set the path for a JSONL
permission audit log, with contains the permission and value.
Additionally this can be combined with `DENO_TRACE_PERMISSIONS`, which
will then include the traces in the audit log too.
This commit adds support for specifying CIDR ranges in
`--allow-net` and `--deny-net` flag:
Eg: trying to run `deno run --allow-net --deny-net=192.168.0.0/16`
and `fetch` from `http://127.0.0.1:4545/` will raise `NotCapable`
error.
This commit changes "Deno.cwd()" (as well as "process.cwd()") to no
longer require full "--allow-read" permission. This change was meant to be done
in Deno 2.0.0, but somehow it slipped. Requiring full read permission
just to read the CWD is a mistake, because CWD can already be obtained
with no permission by throwing an error in JS and inspecting its stack.
Fixes https://github.com/denoland/deno/issues/27110
---------
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
This slightly degrades the performance of CJS export analysis on
subsequent runs because I changed it to no longer cache in the DENO_DIR
with this PR (denort now properly has no idea about the DENO_DIR). We'll
have to change it to embed this data in the binary and that will also
allow us to get rid of swc in denort (will do that in a follow-up PR).
This commit improves permission prompts by adding an option
to print a full trace of where the permissions is being requested.
Due to big performance hint of stack trace collection, this is only
enabled when `DENO_TRACE_PERMISSIONS` env var is present.
Closes https://github.com/denoland/deno/issues/20756
---------
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
Closes#26425
## Overview
This PR adds support for specifying multiple environment files as
arguments when using the Deno CLI. Subsequent files override
pre-existing variables defined in previous files.
If the same variable is defined in the environment and in the file, the
value from the environment takes precedence.
## Example Usage
```bash
deno run --allow-env --env-file --env-file=".env.one" --env-file=".env.two" script.ts
```
---------
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
* cts support
* better cjs/cts type checking
* deno compile cjs/cts support
* More efficient detect cjs (going towards stabilization)
* Determination of whether .js, .ts, .jsx, or .tsx is cjs or esm is only
done after loading
* Support `import x = require(...);`
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
This replaces `--allow-net` for import permissions and makes the
security sandbox stricter by also checking permissions for statically
analyzable imports.
By default, this has a value of
`--allow-import=deno.land:443,jsr.io:443,esm.sh:443,raw.githubusercontent.com:443,gist.githubusercontent.com:443`,
but that can be overridden by providing a different set of hosts.
Additionally, when no value is provided, import permissions are inferred
from the CLI arguments so the following works because
`fresh.deno.dev:443` will be added to the list of allowed imports:
```ts
deno run -A -r https://fresh.deno.dev
```
---------
Co-authored-by: David Sherret <dsherret@gmail.com>
This commit removes all occurrences of `--unstable` flag
from all the tests that are run in CI.
Turns out none of the tests actually required that flag
anymore.
This commit improves error messages for unstable APIs:
- `--unstable-broadcast-channel`
- `--unstable-cron`
- `--unstable-http`
- `--unstable-kv`
- `--unstable-temporal`
By providing information and hints what went wrong and how the
error can be fixed. It reuses the same infra that was added in
https://github.com/denoland/deno/pull/21764.
This commit adds support for executing top-level `.cjs` files,
as well as import `.cjs` files from within npm packages.
This works only for `.cjs` files, the contents of sibling `package.json`
are not consulted for the `"type"` field.
Closes https://github.com/denoland/deno/issues/25384
---------
Signed-off-by: David Sherret <dsherret@users.noreply.github.com>
Co-authored-by: Luca Casonato <hello@lcas.dev>
Co-authored-by: David Sherret <dsherret@users.noreply.github.com>
