rustyscript icon indicating copy to clipboard operation
rustyscript copied to clipboard
verified publisher icon rscarson

add dependency updater tool to match deno releases

Open utyfua opened this issue 8 months ago • 2 comments

I believe we should follow deno releases when we are updating dependencies.

This tool will help to keep it up to date.

I did not update dependecies itself due to additional work required to update to the latest deno version(2.2.6) such as:

  • add a new arg to write_utf8_v2 fn call - None should be fine
  • deal with new unsafe op op_get_ext_import_meta_proto in test::check_op_whitelist - idk what to to here

After using the tool first time it will resolve:

  • https://github.com/rscarson/rustyscript/issues/332
  • https://github.com/denoland/rusty_v8/issues/1700

utyfua avatar Apr 01 '25 09:04 utyfua

Very similar to something I built into the rustyscript cli

rscarson avatar Apr 01 '25 17:04 rscarson

  1. Is the rustyscript cli code available anywhere?
  2. What should we do with PR? Its fine if you have own tool or want to make it a separate repository.

utyfua avatar Apr 02 '25 07:04 utyfua

Just fyi, the check_op_whitelist test is to prevent sandbox-breaking vulnerabilties like op_panic

in src/op_whitelist.js you'll find the list. Basically I go to deno or deno_core where the op is defined, review their code to make sure it does not break sandbox, and add it to the list if it is clean

rscarson avatar Aug 16 '25 03:08 rscarson

I'd like to integrate this into the rustyscript-cli instead of the main crate!

rscarson avatar Aug 16 '25 03:08 rscarson