Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
ses v1.6.0 (2024-07-30)
NOTICE: This version introduces multiple features to converge upon a
more common standard for Hardened JavaScript.
All code should begin migrating to these usage patterns as the older
patterns are now deprecated and will not be supported in a future major
version of SES.
To converge on a portable pattern for using
Compartment
, introduces an__options__
property for the first argument of theCompartment
constructor that must be
true
if present and indicates the object is theoptions bag and not the global endowments. All code going forward should
include this flag until the next major version of SES, when we plan for it to
become vestigial and drop support for three-argument
Compartment
construction.
In the unlikely event that existing code names an endowment
__options__
,that code will break and need to be adjusted to adopt this version.
Because we rate this unlikely, we have elected not to mark this with
a major version bump.
Adds a
__noNamespaceBox__
option that aligns the behavior of theimport
method on SES
Compartment
with the behavior of XS and the behavior we willchampion for compartment standards.
All use of
Compartment
should migrate to use this option as the standardbehavior will be enabled by default with the next major version of SES.
Adds support for module descriptors better aligned with XS.
Compartments use module desriptors to load and link modules.
The importHook, importNowHook, and moduleMapHook all return module descriptors
(sometimes promises for module descriptors).
The modules option or argument to the Compatment constructor has module
descriptors for all its values.
{record, specifier, compartment}
should become{source: record, specifier, compartment}
.{specifier, compartment}
should become{source: specifier, compartment}
.{record: compartment.module(specifier)}
should become{namespace: specifier, compartment}
.When running transpiled code on Node, the SES error taming
gives line-numbers into the generated JavaScript, which often don't match the
the original lines. This happens even with the normal development-time
lockdown options setting,
errorTaming: 'unsafe'
or setting the environment variable
$ export LOCKDOWN_ERROR_TAMING=unsafe
To get the original line numbers, this release
adds
'unsafe-debug'
. ThiserrorTaming: 'unsafe-debug'
settingshould be used during development only when you can
sacrifice more security for a better debugging experience, as explained at
errorTaming
Options.With this setting, when running transpiled code on Node (e.g. tests written
in TypeScript),
the stacktrace line-numbers point back into the original
source, as they do on Node without SES.
@endo/marshal v1.5.1 (2024-07-30)
deeplyFulfilled
moved from @endo/marshal to @endo/pass-style. @endo/marshal still reexports it, to avoid breaking old importers. But importers should be upgraded to importdeeplyFulfilled
directly from @endo/pass-style.@endo/pass-style v1.4.1 (2024-07-30)
deeplyFulfilled
moved from @endo/marshal to @endo/pass-style. @endo/marshal still reexports it, to avoid breaking old importers. But importers should be upgraded to importdeeplyFulfilled
directly from @endo/pass-style.@endo/bundle-source v3.3.0 (2024-07-30)
--no-transforms
(-T
) which generates bundles withoriginal sources.
A future version of
@endo/import-bundle
will be able to execute thiskind of bundle on XS and in Node.js, but will remain opt-in because
they cannot be made to run on the web without further work on module
virtualization in the platform without entraining a client-side
dependency on a JavaScript parser framework (namely Babel).
-f,--format
command flag to specify other module formats.endoScript
module format.-C,--condition
command flag to specify export/import conditions like"development"
or"browser"
.-C development
condition now provides access todevDependencies
inthe
package.json
of the entry package of a bundle.@endo/compartment-mapper v1.2.0 (2024-07-30)
Previously, the last matching tag would override all prior matches, often
causing a bundle to adopt the
default
instead of a more specific condition.parserForLanguage
andlanguageForExtension
options to all modes ofoperation such that the compartment mapper can analyze and bundle languages
apart from the built-in languages, which include
esm
andcjs
.The
languageForExtension
option provides defaults for the entireapplication and the
"parsers"
property in individualpackage.json
descriptors may extend or override using any of the configured or built-in
language parser names.
import-lite.js
,archive-lite.js
,import-archive-lite.js
,import-parsers.js
,archive-parsers.js
,import-archive-parsers.js
, andnode-modules.js
, allowing these to be mixed and matched.The existing
import.js
,archive.js
, andimport-archive.js
all entrainby import their corresponding default behaviors, where the new modules do
not.
For example,
import-parsers.js
does not entrain Babel.The new
import-lite.js
does not entrainnode-modules.js
and composeswith potential alternative package discovery, storage, and locks.
makeBundle
.tags
in favor ofconditions
to align with Node.jsterminology.
mapNodeModules
now infers that it should includedevDependencies
fromthe entry package from the presence of
"development"
inconditions
,if the
dev
option is abseent.@endo/import-bundle v1.2.0 (2024-07-30)
inescapableGlobalProperties
option is changed from supporting onlystring-named enumerable own properties to supporting all own properties
whether string-named or symbol-named, and whether enumerable or not.
But, see
https://github.com/endojs/endo/blob/master/packages/import-bundle/src/compartment-wrapper.md
for the longer term plan.
@endo/lockdown v1.0.8 (2024-07-30)
Changed
@endo/lockdown/commit-debug.js
so that it now setsthe
lockdown
optionerrorTaming: 'unsafe-debug'
instead ofjust
errorTaming: 'unsafe'
. This is a further loss of safety inexchange for a better development experience. For testing and debugging
purposes during development, this is usually the right tradeoff.
In particular,
errorTaming: 'unsafe'
endangered only confidentiality, whereaserrorTaming: 'unsafe-debug'
also endangers integrity, essentially bydirectly exposing the (non-standard and dangerous) v8
Error
constructor API.
In exchange, stack traces will more often have accurate line numbers into
the sources of transpiled code, such as TypeScript sources. See
errorTaming
Options for more on these tradeoffs.@endo/module-source v1.0.0 (2024-07-30)
@endo/static-module-record
to@endo/module-source
exportingModuleSource
instead ofStaticModuleRecord
.