From 8e8e67ef39bda2da9c24b510db599974d1e483ea Mon Sep 17 00:00:00 2001 From: jneira Date: Tue, 11 May 2021 22:24:53 +0200 Subject: [PATCH 1/3] Revert "Merge pull request #379 from haskell/secure-exe-path" This reverts commit 034d2bb1f20a277a01d8c208648a164fa9848608, reversing changes made to b14b3735d4582de485342cc8f5c51b2892caea5b. --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 42c02ad4..c4c33c01 100644 --- a/package.json +++ b/package.json @@ -132,7 +132,7 @@ "description": "An optional URL to override where to check for haskell-language-server releases" }, "haskell.serverExecutablePath": { - "scope": "machine", + "scope": "resource", "type": "string", "default": "", "description": "Manually set a language server executable. Can be something on the $PATH or a path to an executable itself. Works with ~, ${HOME} and ${workspaceFolder}." From bc49326e980267af45e7326a128b55d9edc91efe Mon Sep 17 00:00:00 2001 From: jneira Date: Wed, 12 May 2021 00:02:37 +0200 Subject: [PATCH 2/3] Document deprecation of serverExecutablePath scope --- Changelog.md | 4 ++++ README.md | 7 +++++++ package.json | 2 +- 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/Changelog.md b/Changelog.md index fa7c73f3..7ff908f3 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,3 +1,7 @@ +### 1.4.0 + +- Restore `resource` scope for `haskell.serverExecutablePath` temporary. The `machine` scope will be set again after giving users a period of time to let them adapt theirs workflows and changing or adding some option in the extension itself to help that adjustement (see #387). + ### 1.3.0 - Add `haskell.releasesURL` option to override where to look for HLS releases search for HLS downloads, thanks to @soiamsoNG diff --git a/README.md b/README.md index 320a4a05..78ce1bae 100644 --- a/README.md +++ b/README.md @@ -59,6 +59,13 @@ There are a few placeholders which will be expanded: - `~`, `${HOME}` and `${home}` will be expanded into your users' home folder. - `${workspaceFolder}` and `${workspaceRoot}` will expand into your current project root. +#### Security warning + +The option has scope `resource` scope so it can be changed per workspace. +This supposes it could be used to execute arbitrary programs adding a `.vscode/settings.json` in the workspace folder including this option with the appropiate path. +For this reason its scope will be changed to `machine` so users only will be able to change it globally. +See #387 for more details. + ### Local documentation Haskell Language Server can display Haddock documentation on hover and completions if the project and diff --git a/package.json b/package.json index c4c33c01..e5cdaf5f 100644 --- a/package.json +++ b/package.json @@ -135,7 +135,7 @@ "scope": "resource", "type": "string", "default": "", - "description": "Manually set a language server executable. Can be something on the $PATH or a path to an executable itself. Works with ~, ${HOME} and ${workspaceFolder}." + "markdownDescription": "Manually set a language server executable. Can be something on the $PATH or a path to an executable itself. Works with `~,` `${HOME}` and `${workspaceFolder}`. **Deprecated scope**: This option will be set to `machine` scope in a future release, so it can be changed only globally, not per workspace." }, "haskell.updateBehavior": { "scope": "machine", From 1f0ea728a21ebda0a878e4c03e80233d04b1c4c8 Mon Sep 17 00:00:00 2001 From: jneira Date: Wed, 12 May 2021 00:04:06 +0200 Subject: [PATCH 3/3] Bump up version --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index e5cdaf5f..03951e68 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "haskell", "displayName": "Haskell", "description": "Haskell language support powered by the Haskell Language Server", - "version": "1.3.0", + "version": "1.4.0", "license": "MIT", "publisher": "haskell", "engines": {