@agoric/install-ses - npm Package Compare versions

Comparing version 0.5.4 to 0.5.5-dev.0

CHANGELOG.md

@@ -6,2 +6,14 @@ # Change Log
 
+## [0.5.5-dev.0](https://github.com/Agoric/agoric-sdk/compare/@agoric/install-ses@0.5.4...@agoric/install-ses@0.5.5-dev.0) (2021-03-26)
+
+
+### Bug Fixes
+
+* update to depend on ses 0.12.5 ([#2718](https://github.com/Agoric/agoric-sdk/issues/2718)) ([08dbe0d](https://github.com/Agoric/agoric-sdk/commit/08dbe0db5ce06944dc92c710865e441a60b31b5b))
+* use ses-ava in SwingSet where possible ([#2709](https://github.com/Agoric/agoric-sdk/issues/2709)) ([85b674e](https://github.com/Agoric/agoric-sdk/commit/85b674e7942443219fa9828841cc7bd8ef909b47))
+
+
+
+
+
 ## [0.5.4](https://github.com/Agoric/agoric-sdk/compare/@agoric/install-ses@0.5.3...@agoric/install-ses@0.5.4) (2021-03-24)
@@ -8,0 +20,0 @@

install-ses.js

@@ -7,3 +7,68 @@ // 'lockdown' appears on the global as a side-effect of importing 'ses'
 
-lockdown();
+// For testing under Ava, and also sometimes for testing and debugging in
+// general, when safety is not needed, you perhaps want to use
+// packages/SwingSet/tools/install-ses-debug.js instead of this one.
+// If you're using a prepare-test-env-ava.js, it is probably already doing that
+// for you.
+
+lockdown({
+  // The default `{errorTaming: 'safe'}` setting, if possible, redacts the
+  // stack trace info from the error instances, so that it is not available
+  // merely by saying `errorInstance.stack`. However, some tools
+  // will look for the stack there and become much less useful if it is
+  // missing. In production, the settings in this file need to preserve
+  // security, so the 'unsafe' setting below MUST always be commented out
+  // except during private development.
+  //
+  // NOTE TO REVIEWERS: If you see the following line *not* commented out,
+  // this may be a development accident that MUST be fixed before merging.
+  //
+  // errorTaming: 'unsafe',
+  //
+  //
+  // The default `{stackFiltering: 'concise'}` setting usually makes for a
+  // better debugging experience, by severely reducing the noisy distractions
+  // of the normal verbose stack traces. Which is why we comment
+  // out the `'verbose'` setting is commented out below. However, some
+  // tools look for the full filename that it expects in order
+  // to fetch the source text for diagnostics,
+  //
+  // Another reason for not commenting it out: The cause
+  // of the bug may be anywhere, so the `'noise'` thrown out by the default
+  // `'concise'` setting may also contain the signal you need. To see it,
+  // uncomment out the following line. But please do not commit it in that
+  // state.
+  //
+  // NOTE TO REVIEWERS: If you see the following line *not* commented out,
+  // this may be a development accident that MUST be fixed before merging.
+  //
+  // stackFiltering: 'verbose',
+  //
+  //
+  // The default `{overrideTaming: 'moderate'}` setting does not hurt the
+  // debugging experience much. But it will introduce noise into, for example,
+  // the vscode debugger's object inspector. During debug and test, if you can
+  // avoid legacy code that needs the `'moderate'` setting, then the `'min'`
+  // setting reduces debugging noise yet further, by turning fewer inherited
+  // properties into accessors.
+  //
+  // NOTE TO REVIEWERS: If you see the following line *not* commented out,
+  // this may be a development accident that MUST be fixed before merging.
+  //
+  // overrideTaming: 'min',
+  //
+  //
+  // The default `{consoleTaming: 'safe'}` setting usually makes for a
+  // better debugging experience, by wrapping the original `console` with
+  // the SES replacement `console` that provides more information about
+  // errors, expecially those thrown by the `assert` system. However,
+  // in case the SES `console` is getting in the way, we provide the
+  // `'unsafe'` option for leaving the original `console` in place.
+  //
+  // NOTE TO REVIEWERS: If you see the following line *not* commented out,
+  // this may be a development accident that MUST be fixed before merging.
+  //
+  // consoleTaming: 'unsafe',
+});
+
 // We are now in the "Start Compartment". Our global has all the same
@@ -10,0 +75,0 @@ // powerful things it had before, but the primordials have changed to make

package.json

 {
   "name": "@agoric/install-ses",
-  "version": "0.5.4",
+  "version": "0.5.5-dev.0",
   "description": "install SES at import time",
@@ -22,4 +22,4 @@ "parsers": {
   "dependencies": {
-    "@agoric/eventual-send": "^0.13.4",
-    "ses": "^0.12.3"
+    "@agoric/eventual-send": "^0.13.5-dev.0",
+    "ses": "^0.12.5"
   },
@@ -62,3 +62,3 @@ "files": [
   },
-  "gitHead": "be478ee84773b8e403cf896e53df28146a60f976"
+  "gitHead": "3600ed30e30d2b26512fe8fd8e73d9f13ab0d125"
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Deprecated

Maintenance

The maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

10016

increased by57.71%

Lines of code

79

increased by393.75%

Number of medium maintenance alerts

0

decreased by-100%

Dependency changes

• Updated@agoric/eventual-send@^0.13.5-dev.0

• Updatedses@^0.12.5