GoKawiilDeno 2.8 is here. This is our biggest minor release to date and we’re excited to share it with you.
To upgrade to Deno 2.8, run the following in your terminal:
deno upgrade
If Deno is not yet installed, run one of the following commands to install or learn how to install it here.
curl -fsSL https://deno.land/install.sh | sh iwr https://deno.land/install.ps1 -useb | iex
New subcommands
deno audit fix
deno audit (shipped in 2.6) reports vulnerabilities in npm packages in your dependency tree. The new deno audit fix subcommand goes one step further and automatically upgrades affected packages to the nearest patched version that still satisfies your version constraints (#32909, #34273). The same behavior is also available as a --fix flag on deno audit :
$ deno audit fix ╭ body-parser vulnerable to denial of service when url encoding is enabled │ Severity: high │ Package: body-parser │ Vulnerable: < 1.20 .3 ╰ Info: https://github.com/advisories/GHSA-qwcr-r2fm-qrc7 ╭ Express.js Open Redirect in malformed URLs │ Severity: moderate │ Package: express │ Vulnerable: < 4.19 .2 ╰ Info: https://github.com/advisories/GHSA-rv95-896h-c2vc Found 2 vulnerabilities Severity: 0 low, 1 moderate, 1 high, 0 critical Fixed 1 vulnerability: body-parser 1.19 .0 - > 1.20 .3 1 vulnerability could not be fixed automatically: express ( major upgrade to 5.0 .0 )
Anything that needs a major-version bump is listed separately, so you can decide whether to relax the constraint. Learn more about deno audit fix .
... continue reading