CHANGELOG.md

Change Log

All notable changes to this project will be documented in this file. See Conventional Commits for commit guidelines.

1.8.0 (2024-08-27)

Features

• add regenerator runtime taming (#2383) (6ae7995), closes #621 #1950
• ses: errorTrapping reports prepend "SES_UNCAUGHT_EXCEPTION:" (1090063)

Bug Fixes

• Delete obsolete platform-compatibility-test (#2419) (61660da), closes #2418 #2417 #1308 /github.com/endojs/endo/pull/2419#pullrequestreview-2252979514 #2418 #2417
• IteratorResult in getAnonymousIntrinsics (ccb1b26)
• ses: make test insensitive to an irrelevant env var (#2403) (8fc0ef7), closes #2383

1.7.0 (2024-08-01)

Features

• ses: call lockdown before bundling SES shim (#2337) (8c01dd4)

1.6.0 (2024-07-30)

Features

• ses: Capture Compartment endowments and modules options (81eb956)
• ses: Compartment single argument options (bc94a2b)
• ses: Module descriptor parity with XS (11f1345)
• ses: Option noNamespaceBox (d996bad)
• ses: permit toHex etc (#2385) (c7ebcc1)
• ses: Remove module map validation (2f27834)
• types: assert.equal narrows (c3a593c)

Bug Fixes

• endow with original unstructured assert (#2323) (8b2bedb), closes #2324 #2324
• ses-demo: adapt to disabled Date.now() throwing (#2357) (b007d20), closes /github.com/endojs/endo/issues/910#issuecomment-1581855420
• ses: Add missing reexports map field on precompiled module source (78b273d)
• ses: Defer module hook assertions (8e4396b)
• ses: work around #2348 linenumber bug (#2355) (00f5eab)

1.5.0 (2024-05-07)

Features

• ses: add COMPARTMENT_LOAD_ERRORS env option to print verbose output for module loading errors (eca5f23)
• ses: add ImportNowHook to CompartmentOptions (e0300ba)
• ses: importNowHook PoC (e20c135)
• ses: redefine SharedSymbol to bypass Hermes prototype bug on obj literal short-hand methods (#2206) (59bb9ba)

Bug Fixes

• ses: harden hacks v8 stack own accessor problem (#2232) (4b529e0), closes #2198 #2230 #2200 #2229 #2231 #2229 #2229
• ses: fix broken types for CJS consumers (a950b99)
• ses: makeError defaults to making passable errors (#2200) (3b0f766)
• ses: naming consistency, types, defensive iterator (e3248fa)
• ses: Remove some trailing whitespace (ff61dea)
• ses: use generators and trampoline to unify sync and async load implementation (7bc22f6)

1.4.1 (2024-04-04)

Note: Version bump only for package ses

1.4.0 (2024-03-20)

Features

• ses-ava: import test from @endo/ses-ava/prepare-endo.js (#2133) (9d3a7ce)
• ses: tolerate omitted species (#2108) (70c85ef)

1.3.0 (2024-02-23)

Features

• ses: permit Promise.any, AggregateError (6a8c4d8)

Bug Fixes

• ses,pass-style,marshal: tolerate platforms prior to AggregateError (5762dd4)

1.2.0 (2024-02-15)

Features

• ses: enablements needed by (old?) mobx (#2030) (553cb52)
• ses: expect more properties to censor (#2070) (4e5a88b)
• ses: Export assert-shim.js, lockdown-shim.js, compartment-shim.js (2eca78d)
• ses: permit stage 3 float16 proposal API (#2014) (cdb526a)

Bug Fixes

• Add repository directory to all package descriptors (e5f36e7)

1.1.0 (2024-01-18)

Features

• env-options: env-options conveniences for common cases (#1710) (4c686f6)
• ses: Anticipate set-methods proposal (#1970) (4a4f9fe)
• ses: Fail fast when a required process.exit or process.abort method is missing (5d637d0)
• ses: group removal cleanup diagnostics (173ec8e)
• ses: harden some Node.js intrinsics (148f101)

Bug Fixes

• ses: Add @[@to](https://github.com/to)StringTag property to proxiedExports (639de2a)
• ses: handle properties that are already override protected (#1969) (5792949)
• ses: Remove link to stale Read the Docs (58864b7), closes #1239
• ses: Support an incomplete shimmed globalEnv.process (6e92951), closes #1917
• ses: Suppress bug #1973 until it is fixed (#1974) (03074ce)

1.0.1 (2023-12-20)

Note: Version bump only for package ses

1.0.0 (2023-12-12)

Features

• ses: add SES version (db17743)
• ses: Freeze evaluators, Compartment constructor and Symbol (1016375)

Bug Fixes

• enable compatibility with node16/nodenext module resolution (9063c47)
• ses: Fake a good-enough console (a2fd851), closes #1819
• ses: fix ThirdPartyStaticModuleInterface type (fe38c40)
• ses: fix types export for newer module resolutions (9cc3dd5), closes #1803
• ses: refactor import assert {type: json} to fs (d5741a4)
• ses: Support absence of console (fece445), closes #1819

0.18.8 (2023-09-12)

Features

• ses: Support vetted shims (40b59cc)

Bug Fixes

• assert: mistyped assert.fail (e1ebe75)
• only assertions on 'assert' export (e6a7815)
• ses: align with XS property censorship agreement (0193d99)
• ses: prepare for Array Grouping proposal (8e0e6bb)
• ses: review suggestions (e4be709)

0.18.7 (2023-08-07)

Bug Fixes

• fix: Censor spread import (fc90c64)
• ses: add more missing permits (222f8f1)
• ses: normalize bestEffortsStringify property order (137daff)

0.18.6 (2023-08-07)

Bug Fixes

• fix: Censor spread import (fc90c64)
• ses: add more missing permits (222f8f1)
• ses: normalize bestEffortsStringify property order (137daff)

0.18.5 (2023-07-19)

Features

• ses: Add assert.raw for embedding unquoted strings in details (652df0c)
• ses: allow new dispose symbols (3b9fa4a)
• ses: anticipate interator helpers (b0b28a2)
• ses: review suggestions (882f8d5)
• ses: tame Symbol so whitelist works (9fb1242)
• ses: whitelist some recent >= stage 3 additions (f0c6e50)

Bug Fixes

• revert broken ones (09cabb3)
• ses: better safari debugging (8cca7db)
• ses: Correct AsyncIterator permits (5009022)
• ses: Fix expectations of import order in module source test (a59f2b4)
• ses: missing native function markings (98b9698)
• ses: permits for new proposal problems (de46b14)
• ses: review suggestions (8e9ead0)
• ses: ses depends on env-options (ca3ffd1)

0.18.4 (2023-04-20)

Features

• ses: use globalThis.harden as safeHarden if available (5f3de3e)

Bug Fixes

• ses: correct types (c38235c)

0.18.3 (2023-04-14)

Features

• eslint-plugin: separate rules into subsets (688e89c)
• ses: finite deep stacks, on by default (#1513) (aae0e57)
• ses: option to fake harden unsafely (697bf58)

Bug Fixes

• limit logged args per error (88f4662)
• ses: Add length (number) prop to whitelist %AsyncGenerator% and %AsyncFunctionPrototype% (#1511) (c08b15b)
• ses: avoid holding deep stacks strongly (996af60)

0.18.2 (2023-03-07)

Features

• Comment links error code errors to explanation (#1431) (91362f1)
• ses: export tools (ba562df)
• ses: module execute uses syncModuleFunctor if present (079098e)

Bug Fixes

• extend severeEnablements with immer workaround (#1433) (f072995)
• Fix hackerone.com links in SECURITY.md (#1472) (389733d)
• Improve typing information (765d262)
• ses: Fix guide.md Compartment link (#1457) (c9b0276)
• ses: Fix SES_NO_SLOPPY.md typo (#1458) (4cf1845)

0.18.1 (2022-12-23)

Features

• ses: support RedirectStaticModuleInterface with implicit record (356ed3b)

Bug Fixes

• ses: Do not crash under no-unsafe-eval Content Security Policy (#1333) (e512174)
• ses: handle named reexports without confusing bindings for matching imported names (84a62cc)
• ses: Link to primer on Hardened JavaScript (121457d)
• ses: Remove superfluous tick in module loader (342626a), closes #1394

0.18.0 (2022-11-14)

⚠ BREAKING CHANGES

• ses: Remove support for globalLexicals

Features

• ses: Remove support for globalLexicals (3b90d5d), closes #904

Bug Fixes

• assert touchups (#1350) (3fcb5b1)
• fail template (#1334) (725b987)

0.17.0 (2022-10-24)

⚠ BREAKING CHANGES

• ses: Prevent surprising global unscopables behavior
• ses: Divide scope proxy into four layers

Features

• ses: Revocable evalScope (0187d1e)

Bug Fixes

• ses: Prevent surprising global unscopables behavior (dcb8f5d)
• ses: Protect necessary eval admission before it has been admitted (3d022b1)
• ses: Typo in compartmentEvaluate (d66db7a)
• ses: Typo in scope-constants (a4ee1ea)

Code Refactoring

• ses: Divide scope proxy into four layers (37c4b4a)

0.16.0 (2022-10-19)

Features

• Add links to resources and community portals (b0fef82)

Bug Fixes

• ses: Fail safe when getOwnPropertyDescriptor reports absence of a known property (5fa3b50)
• ses: Harden all non-integer typed array properties, even if canonical (88cab0b)
• ses: Lock down all typed array expando properties (dc82f5d)
• minor improvements to some override comments (#1327) (678285a)
• marshal: Return a special error message from passStyleOf(typedArray) (dbd498e), closes #1326
• delete broken objectFromEntries (#1306) (d83be67)
• ses: expand the scope this-value test (3d50c1a)
• ses: Fix incompatible spelling (c32fdf1)
• ses: scope tests - expand Symbol.unscopables fidelity test (bb542f7)
• ses: scope tests - expand Symbolunscopables fidelity test (c603c5a)
• ses: scope tests - move teardown into ava teardown call (e59f682)
• ses: scope tests - rename variables to match purpose (18d64c3)
• ses: this-value scope test includes optimizable props (9c3fea3)
• ses: this-value scope test includes unscopables fidelity test (0be95ac)

0.15.23 (2022-09-27)

Features

• ses: improve performance of uncurryThis (b1ad60a)

Bug Fixes

• add a do-nothing SharedError.prepareStackTrace (#1290) (705aef2)
• ses: report unhandled promise rejection when collected (dae7235)
• ses: uncurryThis type fixes (feb062c)

0.15.22 (2022-09-14)

Bug Fixes

• alt syntax for positive but faster assertions (#1280) (dc24f2f)

0.15.21 (2022-08-26)

Note: Version bump only for package ses

0.15.20 (2022-08-26)

Note: Version bump only for package ses

0.15.19 (2022-08-25)

Note: Version bump only for package ses

0.15.18 (2022-08-23)

Bug Fixes

• more hardens (#1241) (b6ff811)
• remove allowUnsafeMonkeyPatching (fe9c784)
• remove dead environment-options module (#1243) (c43c939)
• ses: avoid leaks through CallSite structures (69f69fa)

0.15.17 (2022-06-28)

Features

• compartment-mapper: implement passing values in import.meta.url (d6294f6)
• add the foundations for support of import.meta (36f6449)
• call importMetaHook on instantiation if import.meta uttered by module (23e8c40)

Bug Fixes

• rename meta to importMeta, fix detection to detect import.meta not import.meta.something (c61a862)
• tolerate empty func.prototype (#1221) (4da7742)

0.15.16 (2022-06-11)

Features

• console-taming: unhandledRejectionTrapping after finalized (7dccecf)
• ses: add to commons (9dc2de8)

Bug Fixes

• console: close over severity for error note callbacks (59910b2)
• console: direct error output to the current severity (f5d460d)
• ses: Fix compartment with name from object with toString (405c00b)
• static-module-record: Make types consistent with implementation (#1184) (5b7e3a6)
• all errors have stacks, even if empty (#1171) (25b7d86)
• make *Trapping orthogonal to consoleTaming (8c5e12e)
• repair deviations from local convention (#1183) (13614f5)

0.15.15 (2022-04-15)

Note: Version bump only for package ses

0.15.14 (2022-04-14)

Note: Version bump only for package ses

0.15.13 (2022-04-13)

Bug Fixes

• Revert dud release (c8a7101)
• ses: Prevent hypothetical stack bumping to get unsafe eval (3c64cde), closes #956

0.15.12 (2022-04-12)

Features

• add Array#at close #1139 (#1146) (43494c8)
• compartment-mapper: proper default export implementation for cjs with import and require compatibility (30cbaa8)
• init: Handle symbols installed on Promise by Node's async_hooks (#1115) (06827b9)

Bug Fixes

• ses: avoid cache corruption when execute() throws (1d9c17b)
• some tests sensitive to errorTaming (#1135) (0c22364)
• endo: Ensure conditions include default, import, and endo (1361abd)
• ses: Do not bundle modules for use as modules (7d27020)
• ses: Do not get confused by well-known look-alikes (5139dad)
• ses: Ignore Array unscopable findLast{,Index} (#1129) (bbf7e7d)
• ses: make import * and default from cjs wire up correctly (33cbd27)

0.15.11 (2022-03-07)

Note: Version bump only for package ses

0.15.10 (2022-03-02)

Features

• add evalTaming option (#961) (735ff94)

0.15.9 (2022-02-20)

Note: Version bump only for package ses

0.15.8 (2022-02-18)

Features

• ses: Harden typed arrays (#1032) (0dfa7de)

Bug Fixes

• Make jsconfigs less brittle (861ca32)
• ses: update index.d.ts with second argument to compartment.evaluate (716621c)
• remove pureCopy, ALLOW_IMPLICIT_REMOTABLES (#1061) (f08cad9)
• Make sure lint:type runs correctly in CI (a520419)
• Unify TS version to ~4.2 (5fb173c)
• ses: Relax hardened typed array test to be insensitive to bugfix between Node.js 14 and 16 (#1048) (e12508d), closes #1045

0.15.7 (2022-01-31)

Bug Fixes

• ses: Globals have vars, not consts (#1027) (157669f)

0.15.6 (2022-01-27)

Note: Version bump only for package ses

0.15.5 (2022-01-25)

Note: Version bump only for package ses

0.15.4 (2022-01-23)

Features

• ses: Check early for dynamic evalability (d0f6f09), closes #343

Bug Fixes

• ses: Direct eval check should not preclude no-eval under CSP (#1004) (fc8f9ee)
• ses: Fix mistaken this binding example (#990) (71db876)
• minor wording (#989) (f8d6ff6)
• ses: Add assert.error options bag to type definition (#978) (ca42997), closes #977
• ses: Number.prototype.toLocaleString radix confusion (#975) (6a17595), closes #852
• ses: Remove superfluous error cause on prototypes (#955) (6e50c45)

0.15.3 (2021-12-14)

Note: Version bump only for package ses

0.15.2 (2021-12-08)

Bug Fixes

• ses: Constrain URL types in bundle script (bdd7996)
• ses: Send removal warnings to STDERR (#949) (761774c)
• ses: Windows support for bundle build script (f8c6885)
• ses: Windows support for tests (3bc504b)
• Avoid eslint globs for Windows (4b4f3cc)
• update whitelist with stage 3 and 4 proposals (#946) (8112430)

0.15.1 (2021-11-16)

Bug Fixes

• ses: Add errorTrapping none to type definition (#935) (313d47c)
• ses: Include error in trapped error log (#936) (22c4644)

0.15.0 (2021-11-02)

⚠ BREAKING CHANGES

• ses: Withdraw support for muli-lockdown (#921)
• ses: Domain taming safe by default (#917)

Features

• ses: Read lockdown options from environment (#871) (789d639)

Bug Fixes

• ses: Domain taming safe by default (#917) (7039276)
• ses: Withdraw support for muli-lockdown (#921) (99752b0), closes #814

0.14.4 (2021-10-15)

Features

• ses: lazily create evaluate (f1cf92a)

Bug Fixes

• ses: Add test and warning about the has hazard (9066c97)
• ses: more detailed has hazard test (f010a9e)
• ses: Refactor Compartment to use shared evaluator (dc0bad6)

0.14.3 (2021-09-18)

Features

• eslint-plugin: Add no-polymorphic-call rule (03e8c5f)
• ses: Lockdown option domainTaming (ee3e4c3)

Bug Fixes

• ses: Fix reflexive imports (d259db7)
• ses: Search engine optimization (#886) (ef03184)
• add "name" to moderate override of all errors (#867) (d608325)
• update NEWS with news of #867 (#869) (c3139d2)

0.14.2 (2021-08-14)

Note: Version bump only for package ses

0.14.1 (2021-08-13)

Features

• ses: Add permits for at methods (#857) (8b9e138), closes #854

0.14.0 (2021-07-22)

⚠ BREAKING CHANGES

• Update preamble for SES StaticModuleRecord
• ses: Adjust preamble for module instances to expect entries instead of a Map

Features

• ses: Add errorTrapping lockdown option (2a88adb)
• ses: Reveal harden only after lockdown (424af0f), closes #787

Bug Fixes

• ses: Adjust preamble for module instances to expect entries instead of a Map (574c518)
• ses: Defend integrity of intrinsics (14e451c)
• ses: Fix assert type assertions (53d284d)
• ses: Fix packaging for @web/dev-server (8c35e33)
• ses: Fix version number errors in news (9aff6c3)
• ses: Improve error messages for invalid module records (5c07c85)
• ses: Scope proxy defense against property descriptor prototype pollution (cbfbf85)
• ses: Use eslint-disable notation consistently (#837) (6ddb50c)
• typo vs type checker (#798) (fcb433f)
• Update preamble for SES StaticModuleRecord (790ed01)
• ses: Trap and report errors (a79df15), closes #769

0.13.4 (2021-06-20)

Note: Version bump only for package ses

0.13.3 (2021-06-16)

Features

• ses: Improve link errors (71a509c)

0.13.2 (2021-06-14)

Note: Version bump only for package ses

0.13.1 (2021-06-06)

Bug Fixes

• ses: Export hardener types properly (0d2e8f0)

0.13.0 (2021-06-02)

⚠ BREAKING CHANGES

• ses: No longer supports direct use from CommonJS
• static-module-record: Emphasize RESM/NESM compatibility over CJS/UMD
• ses: Remove evaluate endowments option (#368)
• ses: Simplify transforms (#325)
• ses, transform-module: Fix StaticModuleRecord name (#323)
• ses: Surface SES on globalThis (#307)

Features

• ses: Add shimTransforms Compartment option (#485) (5196521)
• ses: Add Compartment load function (#349) (8352fa1)
• ses: add Compartment shim utility method isKnownScopeProxy (#623) (22dbe36)
• ses: Add minimal Compartment to SES-lite (#443) (3d1dfd2)
• ses: Add moduleMapHook (#419) (f053ba4)
• ses: Add ModuleStaticRecord (#279) (98c3a8f)
• ses: Add news for override mistake fix (#417) (01bf4d7)
• ses: Add support for third-party modules (#393) (0abe442)
• ses: Add TypeScript definitions for Compartment aux types (07715ce)
• ses: Allow import and eval methods (#669) (505a7d7)
• ses: Carry compartment names in error messages (#441) (765172a)
• ses: Censorship error messages may now contain the source name (#515) (2bcd726)
• ses: Create a thin lockdown layer (#406) (ff693ae)
• ses: Create ses/lockdown alias (17d416f)
• ses: Detect invalid sloppy mode execution (86c4751), closes #740
• ses: Expand TypeScript coverage for Compartment and lockdown (#584) (e31c86b)
• ses: Export SES Transforms (#608) (5ec8858)
• ses: Prepare to publish with TypeScript definitions (#384) (af48adb)
• ses: Replace Rollup with Endo bundler (c826f77)
• ses: Retract evaluate name option, use sourceURL (#521) (d1fa7ec)
• ses: Support global lexicals (#356) (aefefbf)
• ses: Surface SES on globalThis (#307) (3ddfb95)
• ses: Update packaging for RESM/NESM bridge (6abbcdc)
• create overrideDebug: [...props] option (#728) (2573c1a)
• ses: Revert "Export SES Transforms (#608)" (#618) (df5739d)
• ses: Support explicit exports of third-party modules (dfa4775)
• non-security mode for create-react-scripts compat. (KLUDGE) (#642) (6bd9f03)
• ses: Support importHook alias returns (#432) (1c8e706)

Bug Fixes

• Add pre-publish build step (#263) (e22f094)
• Regularize format of NEWS.md (0ec29b3)
• ses: Address charset error in integration (17406d6)
• ses: Address Parcel need for ESM export (fb3297e)
• ses: Fix intentional typo (da3b8aa)
• ses: Handle null moduleMap (b863922)
• ses: Make dist directory before bundles (51afb2f)
• ses: Remove superfluous dev dependency on @agoric/babel-standalone (3a278b5)
• ses: Validate third-party static module record exports (9ec51b3)
• static-module-record: Emphasize RESM/NESM compatibility over CJS/UMD (dcff87e)
• adapt whitelist to XS. clean it up too (#549) (bd0952a)
• add "confirm" a terminating variant of "assert" (8929475)
• add missing testcase (#575) (f5e1c25)
• Add missing ts-checks. Fix type errors (#565) (52e6830)
• assert.typeof(xxx, 'object') should assert record or null (#603) (c84ba97)
• blocklist properties we expect to remove (#614) (992f35f)
• comment (#561) (5e55d16)
• comment who needs push enabled (#596) (1218bcd)
• comments only (#598) (1230901)
• consolidate honorary native function printing (#392) (038bb13)
• Consolidate lint rules (#262) (e5ce12a)
• coordinate assert typing with agoric-sdk (#510) (195f988)
• correct fix for override mistake (#409) (b576211)
• de-url-ify error codes (#548) (b7e2e2c)
• eslint rule to suppress bogus dependency warning (#483) (7e3d9ea)
• evaluate options to evade rejections (#546) (dec75ad)
• flatten tameFunctionToString (#482) (3d7570f)
• friendlier nested console output for browsers (#557) (2c5c622)
• Fully thread shimTransforms through Compartment Mapper and SES (#509) (0f199ef)
• kill obsolete repair-legacy-accessors (#552) (be202b9)
• Lint universal package metadata (#266) (24ff867)
• Massive intrinsic reform. Start vs other compartments. (#372) (5cf2a20)
• Move NativeErrors list to whitelist.js (#444) (f2b8fcd)
• no more detached properties (#473) (efa990c)
• partial intrinsic reform (#358) (9b13f73)
• remove "apply" from enablements whitelist (#475) (b52f8d2)
• remove "debugger;" statement (#558) (c5988e6)
• remove deprecated noTame options (#328) (5d7b781)
• remove extra stackframe (#391) (9ba5ecf)
• rename to originalValue (#476) (54e0b0c)
• Repair released damage caused when I merged #552 (#638) (145595c)
• restore locale methods safely (#382) (0a091a4)
• suggested fix in #570 (#571) (3877d72)
• tame Error constructor (#359) (bfe610f)
• tolerate symbols as property names (#547) (f16bbc3)
• tolerate whitelist absence better (#408) (9ed1ad8)
• towards reconciling with agoric-sdk (#451) (5f71e91)
• typo (#471) (d5742c2)
• typo (#527) (c7a3895)
• Unsafe errorTaming and consoleTaming needs other adjustments (#637) (70cc86e)
• update to eslint 7.23.0 (#652) (e9199f4)
• use string instead of symbol for getter property (e514a6e)
• workaround remaining validation bug (#667) (cbc3247)
• 326: accept old and new taming options during transition (#327) (67eb6e8)
• ses: Add HandledPromise to the whitelist (#416) (a7330a8)
• ses: Aliasing true to t did not improve readability (#360) (90a40c6)
• ses: comments (#254) (435f1af)
• ses: Fix lockdown layer pollution from module layer (#472) (9a7a097)
• ses: Fix missing change to compartment load method (42759a8)
• ses: Generally import "ses/lockdown" (#410) (6ef4a3f)
• ses: Reform conditional tamings, especially Error (#250) (dfa22b3)
• ses: regexp taming (b010f8a), closes #237
• ses: remove code that failed to add species (3cfc8da), closes #239
• ses: Remove evaluate endowments option (#368) (e7b7b6e)
• ses: Simplify transforms (#325) (86a373e)
• ses: Spelling errors (#362) (8f606f4)
• ses: transform is an object with a rewrite method (#255) (979fbc6), closes #248 #248
• ses: Unravel compartment/lockdown import cycle (#405) (b931629)
• ses: Use CommonJS Rollup plugin (#354) (f626365)
• ses, transform-module: Fix StaticModuleRecord name (#323) (10eb49a)