Comparing version 0.18.2 to 0.18.3
10
NEWS.md
User-visible changes in SES: | ||
# v0.18.3 (2023-04-14) | ||
- New `__hardenTaming__: 'unsafe'` lockdown option to fake harden unsafely, | ||
which can be used to improve performance for applications that are known to be | ||
safe even with a no-op `harden`. | ||
- Finite deep stacks, using LRU budgets for depth of stacks an well as the | ||
maximum number of weakly-held errors to annotate. | ||
- Add `%AsyncGenerator%.length` and `%AsyncFunctionPrototype%.length` `number` | ||
properties to allowlist. | ||
# v0.18.2 (2023-03-07) | ||
@@ -4,0 +14,0 @@ |
{ | ||
"name": "ses", | ||
"version": "0.18.2", | ||
"version": "0.18.3", | ||
"description": "Hardened JavaScript for Fearless Cooperation", | ||
@@ -63,6 +63,5 @@ "keywords": [ | ||
"devDependencies": { | ||
"@endo/compartment-mapper": "^0.8.2", | ||
"@endo/eslint-config": "^0.5.3", | ||
"@endo/static-module-record": "^0.7.17", | ||
"@endo/test262-runner": "^0.1.30", | ||
"@endo/compartment-mapper": "^0.8.3", | ||
"@endo/static-module-record": "^0.7.18", | ||
"@endo/test262-runner": "^0.1.31", | ||
"ava": "^5.2.0", | ||
@@ -73,9 +72,8 @@ "babel-eslint": "^10.0.3", | ||
"eslint-config-airbnb-base": "^14.0.0", | ||
"eslint-config-prettier": "^6.9.0", | ||
"eslint-config-prettier": "^8.8.0", | ||
"eslint-plugin-eslint-comments": "^3.1.2", | ||
"eslint-plugin-import": "^2.27.5", | ||
"eslint-plugin-prettier": "^3.4.1", | ||
"prettier": "^2.8.0", | ||
"prettier": "^2.8.5", | ||
"sinon": "8.0.4", | ||
"terser": "^4.8.0", | ||
"terser": "^5.16.6", | ||
"tsd": "^0.24.1", | ||
@@ -100,3 +98,3 @@ "typescript": "~4.9.5" | ||
"extends": [ | ||
"@endo" | ||
"plugin:@endo/internal" | ||
], | ||
@@ -177,7 +175,2 @@ "rules": { | ||
}, | ||
"prettier": { | ||
"arrowParens": "avoid", | ||
"trailingComma": "all", | ||
"singleQuote": true | ||
}, | ||
"ava": { | ||
@@ -189,3 +182,3 @@ "files": [ | ||
}, | ||
"gitHead": "0053227a37ee76ee8a3dce6059dd55140ed0ce6d" | ||
"gitHead": "8141f58debaec420cbc2a7cb698e888566d430ba" | ||
} |
@@ -62,2 +62,4 @@ /* global globalThis */ | ||
is, | ||
isFrozen, | ||
isSealed, | ||
isExtensible, | ||
@@ -64,0 +66,0 @@ keys, |
@@ -44,3 +44,3 @@ /** | ||
* value associated with that property is not traversed. For | ||
* example, {@code "Function.prototype.name"} leads to true, | ||
* example, {@code "Function.prototype.name"} leads to true, | ||
* meaning that the {@code "name"} property of {@code | ||
@@ -47,0 +47,0 @@ * "Function.prototype"} should be repaired (which is needed |
@@ -39,2 +39,3 @@ // Copyright (C) 2019 Agoric, under Apache License 2.0 | ||
import './internal-types.js'; | ||
import { makeNoteLogArgsArrayKit } from './note-log-args.js'; | ||
@@ -255,13 +256,3 @@ // For our internal debugging purposes, uncomment | ||
/** | ||
* @type {WeakMap<Error, LogArgs[]>} | ||
* | ||
* Maps from an error to an array of log args, where each log args is | ||
* remembered as an annotation on that error. This can be used, for example, | ||
* to keep track of additional causes of the error. The elements of any | ||
* log args may include errors which are associated with further annotations. | ||
* An augmented console, like the causal console of `console.js`, could | ||
* then retrieve the graph of such annotations. | ||
*/ | ||
const hiddenNoteLogArgsArrays = new WeakMap(); | ||
const { addLogArgs, takeLogArgsArray } = makeNoteLogArgsArrayKit(); | ||
@@ -300,8 +291,3 @@ /** | ||
} else { | ||
const logArgsArray = weakmapGet(hiddenNoteLogArgsArrays, error); | ||
if (logArgsArray !== undefined) { | ||
arrayPush(logArgsArray, logArgs); | ||
} else { | ||
weakmapSet(hiddenNoteLogArgsArrays, error, [logArgs]); | ||
} | ||
addLogArgs(error, logArgs); | ||
} | ||
@@ -345,4 +331,3 @@ }; | ||
takeNoteLogArgsArray: (error, callback) => { | ||
const result = weakmapGet(hiddenNoteLogArgsArrays, error); | ||
weakmapDelete(hiddenNoteLogArgsArrays, error); | ||
const result = takeLogArgsArray(error); | ||
if (callback !== undefined) { | ||
@@ -349,0 +334,0 @@ const callbacks = weakmapGet(hiddenNoteCallbackArrays, error); |
@@ -55,2 +55,3 @@ // Copyright (C) 2018 Agoric | ||
import { makeCompartmentConstructor } from './compartment-shim.js'; | ||
import { tameHarden } from './tame-harden.js'; | ||
@@ -71,3 +72,3 @@ /** @typedef {import('../types.js').LockdownOptions} LockdownOptions */ | ||
*/ | ||
const harden = makeHardener(); | ||
const safeHarden = makeHardener(); | ||
@@ -179,2 +180,3 @@ /** | ||
), | ||
__hardenTaming__ = getenv('LOCKDOWN_HARDEN_TAMING', 'safe'), | ||
dateTaming = 'safe', // deprecated | ||
@@ -270,3 +272,4 @@ mathTaming = 'safe', // deprecated | ||
addIntrinsics({ harden }); | ||
const tamedHarden = tameHarden(safeHarden, __hardenTaming__); | ||
addIntrinsics({ harden: tamedHarden }); | ||
@@ -384,3 +387,3 @@ addIntrinsics(tameFunctionConstructors()); | ||
// must be the operation that modifies the intrinsics. | ||
harden(intrinsics); | ||
tamedHarden(intrinsics); | ||
@@ -395,3 +398,3 @@ // Reveal harden after lockdown. | ||
// @ts-ignore harden not yet recognized on globalThis. | ||
globalThis.harden = harden; | ||
globalThis.harden = tamedHarden; | ||
@@ -398,0 +401,0 @@ // Returning `true` indicates that this is a JS to SES transition. |
@@ -60,5 +60,4 @@ import { | ||
// Chip has seen this happen single stepping under the Chrome/v8 debugger. | ||
// TODO record how to reliably reproduce, and to test if this fix helps. | ||
// TODO report as bug to v8 or Chrome, and record issue link here. | ||
// See https://github.com/endojs/endo/issues/1510 | ||
// TODO: report as bug to v8 or Chrome, and record issue link here. | ||
getOwnPropertyDescriptor(_target, prop) { | ||
@@ -65,0 +64,0 @@ // Coerce with `String` in case prop is a symbol. |
@@ -1224,2 +1224,6 @@ /* eslint-disable no-restricted-globals */ | ||
prototype: '%AsyncGeneratorPrototype%', | ||
// length prop added here for React Native jsc-android | ||
// https://github.com/endojs/endo/issues/660 | ||
// https://github.com/react-native-community/jsc-android-buildscripts/issues/181 | ||
length: 'number', | ||
'@@toStringTag': 'string', | ||
@@ -1307,2 +1311,6 @@ }, | ||
constructor: '%InertAsyncFunction%', | ||
// length prop added here for React Native jsc-android | ||
// https://github.com/endojs/endo/issues/660 | ||
// https://github.com/react-native-community/jsc-android-buildscripts/issues/181 | ||
length: 'number', | ||
'@@toStringTag': 'string', | ||
@@ -1373,5 +1381,5 @@ }, | ||
lockdown: fn, | ||
harden: fn, | ||
harden: { ...fn, isFake: 'boolean' }, | ||
'%InitialGetStackString%': fn, | ||
}; |
@@ -36,2 +36,3 @@ /** | ||
domainTaming?: 'safe' | 'unsafe'; | ||
__hardenTaming__?: 'safe' | 'unsafe'; | ||
} | ||
@@ -38,0 +39,0 @@ |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
2950860
16
67
63129
1