Skip to content

Bump ses from 1.1.0 to 1.12.0 in the npm_and_yarn group across 1 directory #352

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump ses from 1.1.0 to 1.12.0 in the npm_and_yarn group across 1 directory #352

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 18, 2025

Bumps the npm_and_yarn group with 1 update in the / directory: ses.

Updates ses from 1.1.0 to 1.12.0

Release notes

Sourced from ses's releases.

2025-03-24

ses v1.12.0

  • The evalTaming: option values are renamed:

    • from 'safeEval', 'unsafeEval', and 'noEval'
    • to 'safe-eval', 'unsafe-eval', and 'no-eval'

    in order to follow the convention that lockdown option values use kebob-case rather than camelCase. To avoid breaking old programs during the transition, the old names are deprecated, but continue to work for now.

  • Evaluating a non-lexical name that is also absent on the global object of a compartment no longer throws a ReferenceError and instead produces undefined because it proves impossible to do so without revealing what properties exist on the host globalThis to compartmentalized code with a shim. This is a divergence from the expected behavior of a native Hardened JavaScript implementation, like XS.

@endo/patterns v1.5.0

  • New pattern: M.containerHas(elementPatt, bound = 1n) motivated to support want patterns in Zoe, to pull out only bound number of elements that match elementPatt. bound must be a positive bigint.

  • Closely related, @endo/patterns now exports containerHasSplit to support ERTP's use of M.containerHas on non-fungible (set, copySet) and semifungible (copyBag) assets, respectively. See Agoric/agoric-sdk#10952 .

@endo/import-bundle v1.4.0

  • Adds support for test format bundles, which simply return a promise for an object that resembles a module exports namespace with the objects specified on the symbol-named property @exports, which is deliberately not JSON serializable or passable.
  • Adds a typedImportBundle<ExpectedExportsNamespace> function with a proper type signature, to provide a narrower signature than any without disrupting existing usage.

@endo/bundle-source v4.0.0

  • Replaces the implementation for the nestedEvaluate and getExport formats with one based on Endo's Compartment Mapper instead of Rollup, in order to obviate the need to reconcile source map transforms between Rollup and the underlying Babel generator. As a consequence, we no longer generate a source map for the bundle, but Babel ensures that we preserve line and column numbers between the original source and the bundled source.

@endo/compartment-mapper v1.6.0

  • Accommodates CommonJS modules that use defineProperty on exports.

  • Divides the role of makeBundle into makeScript and makeFunctor. The new makeScript replaces makeBundle without breaking changes, producing a JavaScript string that is suitable as a <script> tag in a web page.

  • The new makeFunctor produces a JavaScript string that, when evaluated, produces a partially applied function, so the caller can provide runtime options.

  • Both makeScript and makeFunctor now accept format, useEvaluate and sourceUrlPrefix options.

  • The functor produced by makeFunctor now accepts evaluate, require, and sourceUrlPrefix runtime options.

  • Both makeScript and makeFunctor now accept a format option. Specifiying the "cjs" format allows the bundle to exit to the host's CommonJS require for host modules.

  • Adds sourceDirname to compartment descriptors in the compartment maps generated by mapNodeModules and uses these to provide better source URL comments for bundles generated by makeScript and makeFunctor, by default.

These changes collectively allow us to replace the implementation of nestedEvaluate and getExports formats in @endo/bundle-source, including the preservation of useful line numbers and file names in stack traces.

  • mapNodeModules, importLocation and loadLocation now accept a log option for users to define a custom logging function. As of this writing, only mapNodeModules will potentially call this function if provided. Expansion of log messaging and support for the log option in more APIs is expected in the future.

@endo/evasive-transform v1.4.0

  • Adds a sourceMap option so that the generated sourcemap can project back to the original source code without unmapLoc.
  • Removes support for sourcemap unmapLoc because it is not used by contemporary Endo packages. The option is now ignored.

2025-01-23

ses v1.11.0

... (truncated)

Changelog

Sourced from ses's changelog.

1.12.0 (2025-03-24)

Features

  • ses: add AsyncGeneratorFunctionInstance to commons (07516f5)
  • ses: bundle and export shim compatible with Hermes compiler (cafc398)
  • ses: create async arrow function transform with Babel for Hermes bundle (654791e)
  • ses: include async generators in anonymous intrinsics if supported (56ae460)
  • ses: support async generators in Hermes transform for CSP (24bbd5c)
  • ses: support CSP in commons AsyncGeneratorFunctionInstance (188c5d4)
  • ses: tame async generator function constructors if supported (eda8a61)

Bug Fixes

1.11.0 (2025-01-24)

Features

  • ses: Add XS variant of shim (f6c8456)
  • ses: Permit legacy properties of ModuleSource shim (75f2461)
  • ses: restrict dynamic permit on Hermes (14731fe)
  • ses: Support dynamic import (e56cc04)

Bug Fixes

  • ses: Consistently name console methods (fa7a1c4), closes #2643
  • ses: removeUnpermittedIntrinsics on Hermes via dynamic permit at runtime (1c61fb5)
  • ses: update permits for stage 2.7.4 proposals (#2693) (35d5ea2)
  • ses: warn on unsupported lockdownOptions mathTaming + dateTaming (8ed8a8b)
  • ses: widen type of globalThis in Compartment (#2644) (ff6a5ab)
  • ses: XS accommodations for console groupEnd absence (fd70235)

1.10.0 (2024-11-13)

Features

... (truncated)

Commits
  • 9b67848 chore(release): publish
  • 353c08e docs: Update release notes
  • 9ced73a fix(ses): Limit scope proxy exposure to discernably owned properties of host ...
  • 85483c0 fix(ses): lockdown options should be kebob-case (#2739)
  • c98bd23 refactor(ses): Compensate Hermes transform for Babel upgrade
  • 96fe149 refactor: Migrate from @​agoric/babel-generator back to @​babel/generator
  • 59bf360 chore(ses): add explicit devDependencies on Babel packages
  • d7d9985 refactor(ses): compartmentImport without function.bind
  • 1d29043 fix(compartment-mapper): sync module transforms in bundle.js
  • 188c5d4 feat(ses): support CSP in commons AsyncGeneratorFunctionInstance
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump ses in the npm_and_yarn group across 1 directory
880d2d8 
Bumps the npm_and_yarn group with 1 update in the / directory: [ses](https://github.com/endojs/endo/tree/HEAD/packages/ses).


Updates `ses` from 1.1.0 to 1.12.0
- [Release notes](https://github.com/endojs/endo/releases)
- [Changelog](https://github.com/endojs/endo/blob/master/packages/ses/CHANGELOG.md)
- [Commits](https://github.com/endojs/endo/commits/[email protected]/packages/ses)

---
updated-dependencies:
- dependency-name: ses
  dependency-version: 1.12.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 18, 2025
@dependabot dependabot bot requested a review from a team as a code owner April 18, 2025 15:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants