All notable changes to this project will be documented in this file. See Conventional Commits for commit guidelines.
1.8.0 (2024-08-27)
- add regenerator runtime taming (#2383) (6ae7995), closes #621 #1950
- ses:
errorTrapping
reports prepend"SES_UNCAUGHT_EXCEPTION:"
(1090063)
- Delete obsolete platform-compatibility-test (#2419) (61660da), closes #2418 #2417 #1308 /github.com/endojs/endo/pull/2419#pullrequestreview-2252979514 #2418 #2417
- IteratorResult in getAnonymousIntrinsics (ccb1b26)
- ses: make test insensitive to an irrelevant env var (#2403) (8fc0ef7), closes #2383
1.7.0 (2024-08-01)
1.6.0 (2024-07-30)
- ses: Capture Compartment endowments and modules options (81eb956)
- ses: Compartment single argument options (bc94a2b)
- ses: Module descriptor parity with XS (11f1345)
- ses: Option noNamespaceBox (d996bad)
- ses: permit toHex etc (#2385) (c7ebcc1)
- ses: Remove module map validation (2f27834)
- types: assert.equal narrows (c3a593c)
- endow with original unstructured
assert
(#2323) (8b2bedb), closes #2324 #2324 - ses-demo: adapt to disabled
Date.now()
throwing (#2357) (b007d20), closes /github.com/endojs/endo/issues/910#issuecomment-1581855420 - ses: Add missing reexports map field on precompiled module source (78b273d)
- ses: Defer module hook assertions (8e4396b)
- ses: work around #2348 linenumber bug (#2355) (00f5eab)
1.5.0 (2024-05-07)
- ses: add COMPARTMENT_LOAD_ERRORS env option to print verbose output for module loading errors (eca5f23)
- ses: add ImportNowHook to CompartmentOptions (e0300ba)
- ses: importNowHook PoC (e20c135)
- ses: redefine SharedSymbol to bypass Hermes prototype bug on obj literal short-hand methods (#2206) (59bb9ba)
- ses:
harden
hacks v8stack
own accessor problem (#2232) (4b529e0), closes #2198 #2230 #2200 #2229 #2231 #2229 #2229 - ses: fix broken types for CJS consumers (a950b99)
- ses: makeError defaults to making passable errors (#2200) (3b0f766)
- ses: naming consistency, types, defensive iterator (e3248fa)
- ses: Remove some trailing whitespace (ff61dea)
- ses: use generators and trampoline to unify sync and async load implementation (7bc22f6)
1.4.1 (2024-04-04)
Note: Version bump only for package ses
1.4.0 (2024-03-20)
- ses-ava: import test from @endo/ses-ava/prepare-endo.js (#2133) (9d3a7ce)
- ses: tolerate omitted species (#2108) (70c85ef)
1.3.0 (2024-02-23)
- ses: permit Promise.any, AggregateError (6a8c4d8)
- ses,pass-style,marshal: tolerate platforms prior to AggregateError (5762dd4)
1.2.0 (2024-02-15)
- ses: enablements needed by (old?) mobx (#2030) (553cb52)
- ses: expect more properties to censor (#2070) (4e5a88b)
- ses: Export assert-shim.js, lockdown-shim.js, compartment-shim.js (2eca78d)
- ses: permit stage 3 float16 proposal API (#2014) (cdb526a)
- Add repository directory to all package descriptors (e5f36e7)
1.1.0 (2024-01-18)
- env-options: env-options conveniences for common cases (#1710) (4c686f6)
- ses: Anticipate set-methods proposal (#1970) (4a4f9fe)
- ses: Fail fast when a required process.exit or process.abort method is missing (5d637d0)
- ses: group removal cleanup diagnostics (173ec8e)
- ses: harden some Node.js intrinsics (148f101)
- ses: Add
@[@to](https://github.com/to)StringTag
property toproxiedExports
(639de2a) - ses: handle properties that are already override protected (#1969) (5792949)
- ses: Remove link to stale Read the Docs (58864b7), closes #1239
- ses: Support an incomplete shimmed globalEnv.process (6e92951), closes #1917
- ses: Suppress bug #1973 until it is fixed (#1974) (03074ce)
1.0.1 (2023-12-20)
Note: Version bump only for package ses
1.0.0 (2023-12-12)
- enable compatibility with node16/nodenext module resolution (9063c47)
- ses: Fake a good-enough console (a2fd851), closes #1819
- ses: fix ThirdPartyStaticModuleInterface type (fe38c40)
- ses: fix types export for newer module resolutions (9cc3dd5), closes #1803
- ses: refactor import assert {type: json} to fs (d5741a4)
- ses: Support absence of console (fece445), closes #1819
0.18.8 (2023-09-12)
- ses: Support vetted shims (40b59cc)
- assert: mistyped assert.fail (e1ebe75)
- only assertions on 'assert' export (e6a7815)
- ses: align with XS property censorship agreement (0193d99)
- ses: prepare for Array Grouping proposal (8e0e6bb)
- ses: review suggestions (e4be709)
0.18.7 (2023-08-07)
- fix: Censor spread import (fc90c64)
- ses: add more missing permits (222f8f1)
- ses: normalize bestEffortsStringify property order (137daff)
0.18.6 (2023-08-07)
- fix: Censor spread import (fc90c64)
- ses: add more missing permits (222f8f1)
- ses: normalize bestEffortsStringify property order (137daff)
0.18.5 (2023-07-19)
- ses: Add assert.raw for embedding unquoted strings in details (652df0c)
- ses: allow new dispose symbols (3b9fa4a)
- ses: anticipate interator helpers (b0b28a2)
- ses: review suggestions (882f8d5)
- ses: tame Symbol so whitelist works (9fb1242)
- ses: whitelist some recent >= stage 3 additions (f0c6e50)
- revert broken ones (09cabb3)
- ses: better safari debugging (8cca7db)
- ses: Correct AsyncIterator permits (5009022)
- ses: Fix expectations of import order in module source test (a59f2b4)
- ses: missing native function markings (98b9698)
- ses: permits for new proposal problems (de46b14)
- ses: review suggestions (8e9ead0)
- ses: ses depends on env-options (ca3ffd1)
0.18.4 (2023-04-20)
- ses: use
globalThis.harden
assafeHarden
if available (5f3de3e)
- ses: correct types (c38235c)
0.18.3 (2023-04-14)
- eslint-plugin: separate rules into subsets (688e89c)
- ses: finite deep stacks, on by default (#1513) (aae0e57)
- ses: option to fake harden unsafely (697bf58)
- limit logged args per error (88f4662)
- ses: Add length (number) prop to whitelist %AsyncGenerator% and %AsyncFunctionPrototype% (#1511) (c08b15b)
- ses: avoid holding deep stacks strongly (996af60)
0.18.2 (2023-03-07)
- Comment links error code errors to explanation (#1431) (91362f1)
- ses: export tools (ba562df)
- ses: module execute uses syncModuleFunctor if present (079098e)
- extend severeEnablements with immer workaround (#1433) (f072995)
- Fix hackerone.com links in SECURITY.md (#1472) (389733d)
- Improve typing information (765d262)
- ses: Fix guide.md Compartment link (#1457) (c9b0276)
- ses: Fix SES_NO_SLOPPY.md typo (#1458) (4cf1845)
0.18.1 (2022-12-23)
- ses: support RedirectStaticModuleInterface with implicit record (356ed3b)
- ses: Do not crash under no-unsafe-eval Content Security Policy (#1333) (e512174)
- ses: handle named reexports without confusing bindings for matching imported names (84a62cc)
- ses: Link to primer on Hardened JavaScript (121457d)
- ses: Remove superfluous tick in module loader (342626a), closes #1394
0.18.0 (2022-11-14)
- ses: Remove support for globalLexicals
0.17.0 (2022-10-24)
- ses: Prevent surprising global unscopables behavior
- ses: Divide scope proxy into four layers
- ses: Revocable evalScope (0187d1e)
- ses: Prevent surprising global unscopables behavior (dcb8f5d)
- ses: Protect necessary eval admission before it has been admitted (3d022b1)
- ses: Typo in compartmentEvaluate (d66db7a)
- ses: Typo in scope-constants (a4ee1ea)
- ses: Divide scope proxy into four layers (37c4b4a)
0.16.0 (2022-10-19)
- Add links to resources and community portals (b0fef82)
- ses: Fail safe when getOwnPropertyDescriptor reports absence of a known property (5fa3b50)
- ses: Harden all non-integer typed array properties, even if canonical (88cab0b)
- ses: Lock down all typed array expando properties (dc82f5d)
- minor improvements to some override comments (#1327) (678285a)
- marshal: Return a special error message from passStyleOf(typedArray) (dbd498e), closes #1326
- delete broken objectFromEntries (#1306) (d83be67)
- ses: expand the scope this-value test (3d50c1a)
- ses: Fix incompatible spelling (c32fdf1)
- ses: scope tests - expand Symbol.unscopables fidelity test (bb542f7)
- ses: scope tests - expand Symbolunscopables fidelity test (c603c5a)
- ses: scope tests - move teardown into ava teardown call (e59f682)
- ses: scope tests - rename variables to match purpose (18d64c3)
- ses: this-value scope test includes optimizable props (9c3fea3)
- ses: this-value scope test includes unscopables fidelity test (0be95ac)
0.15.23 (2022-09-27)
- ses: improve performance of uncurryThis (b1ad60a)
- add a do-nothing SharedError.prepareStackTrace (#1290) (705aef2)
- ses: report unhandled promise rejection when collected (dae7235)
- ses: uncurryThis type fixes (feb062c)
0.15.22 (2022-09-14)
0.15.21 (2022-08-26)
Note: Version bump only for package ses
0.15.20 (2022-08-26)
Note: Version bump only for package ses
0.15.19 (2022-08-25)
Note: Version bump only for package ses
0.15.18 (2022-08-23)
- more hardens (#1241) (b6ff811)
- remove allowUnsafeMonkeyPatching (fe9c784)
- remove dead environment-options module (#1243) (c43c939)
- ses: avoid leaks through CallSite structures (69f69fa)
0.15.17 (2022-06-28)
- compartment-mapper: implement passing values in import.meta.url (d6294f6)
- add the foundations for support of import.meta (36f6449)
- call importMetaHook on instantiation if import.meta uttered by module (23e8c40)
- rename meta to importMeta, fix detection to detect import.meta not import.meta.something (c61a862)
- tolerate empty func.prototype (#1221) (4da7742)
0.15.16 (2022-06-11)
- console: close over severity for error note callbacks (59910b2)
- console: direct error output to the current severity (f5d460d)
- ses: Fix compartment with name from object with toString (405c00b)
- static-module-record: Make types consistent with implementation (#1184) (5b7e3a6)
- all errors have stacks, even if empty (#1171) (25b7d86)
- make
*Trapping
orthogonal toconsoleTaming
(8c5e12e) - repair deviations from local convention (#1183) (13614f5)
0.15.15 (2022-04-15)
Note: Version bump only for package ses
0.15.14 (2022-04-14)
Note: Version bump only for package ses
0.15.13 (2022-04-13)
- Revert dud release (c8a7101)
- ses: Prevent hypothetical stack bumping to get unsafe eval (3c64cde), closes #956
0.15.12 (2022-04-12)
- add Array#at close #1139 (#1146) (43494c8)
- compartment-mapper: proper default export implementation for cjs with import and require compatibility (30cbaa8)
- init: Handle symbols installed on Promise by Node's
async_hooks
(#1115) (06827b9)
- ses: avoid cache corruption when execute() throws (1d9c17b)
- some tests sensitive to errorTaming (#1135) (0c22364)
- endo: Ensure conditions include default, import, and endo (1361abd)
- ses: Do not bundle modules for use as modules (7d27020)
- ses: Do not get confused by well-known look-alikes (5139dad)
- ses: Ignore Array unscopable findLast{,Index} (#1129) (bbf7e7d)
- ses: make import * and default from cjs wire up correctly (33cbd27)
0.15.11 (2022-03-07)
Note: Version bump only for package ses
0.15.10 (2022-03-02)
0.15.9 (2022-02-20)
Note: Version bump only for package ses
0.15.8 (2022-02-18)
- Make jsconfigs less brittle (861ca32)
- ses: update index.d.ts with second argument to compartment.evaluate (716621c)
- remove pureCopy, ALLOW_IMPLICIT_REMOTABLES (#1061) (f08cad9)
- Make sure lint:type runs correctly in CI (a520419)
- Unify TS version to ~4.2 (5fb173c)
- ses: Relax hardened typed array test to be insensitive to bugfix between Node.js 14 and 16 (#1048) (e12508d), closes #1045
0.15.7 (2022-01-31)
0.15.6 (2022-01-27)
Note: Version bump only for package ses
0.15.5 (2022-01-25)
Note: Version bump only for package ses
0.15.4 (2022-01-23)
- ses: Direct eval check should not preclude no-eval under CSP (#1004) (fc8f9ee)
- ses: Fix mistaken this binding example (#990) (71db876)
- minor wording (#989) (f8d6ff6)
- ses: Add assert.error options bag to type definition (#978) (ca42997), closes #977
- ses: Number.prototype.toLocaleString radix confusion (#975) (6a17595), closes #852
- ses: Remove superfluous error cause on prototypes (#955) (6e50c45)
0.15.3 (2021-12-14)
Note: Version bump only for package ses
0.15.2 (2021-12-08)
- ses: Constrain URL types in bundle script (bdd7996)
- ses: Send removal warnings to STDERR (#949) (761774c)
- ses: Windows support for bundle build script (f8c6885)
- ses: Windows support for tests (3bc504b)
- Avoid eslint globs for Windows (4b4f3cc)
- update whitelist with stage 3 and 4 proposals (#946) (8112430)
0.15.1 (2021-11-16)
- ses: Add errorTrapping none to type definition (#935) (313d47c)
- ses: Include error in trapped error log (#936) (22c4644)
0.15.0 (2021-11-02)
- ses: Withdraw support for muli-lockdown (#921)
- ses: Domain taming safe by default (#917)
- ses: Domain taming safe by default (#917) (7039276)
- ses: Withdraw support for muli-lockdown (#921) (99752b0), closes #814
0.14.4 (2021-10-15)
- ses: lazily create evaluate (f1cf92a)
- ses: Add test and warning about the
has
hazard (9066c97) - ses: more detailed
has
hazard test (f010a9e) - ses: Refactor Compartment to use shared evaluator (dc0bad6)
0.14.3 (2021-09-18)
- ses: Fix reflexive imports (d259db7)
- ses: Search engine optimization (#886) (ef03184)
- add "name" to moderate override of all errors (#867) (d608325)
- update NEWS with news of #867 (#869) (c3139d2)
0.14.2 (2021-08-14)
Note: Version bump only for package ses
0.14.1 (2021-08-13)
0.14.0 (2021-07-22)
- Update preamble for SES StaticModuleRecord
- ses: Adjust preamble for module instances to expect entries instead of a Map
- ses: Add errorTrapping lockdown option (2a88adb)
- ses: Reveal harden only after lockdown (424af0f), closes #787
- ses: Adjust preamble for module instances to expect entries instead of a Map (574c518)
- ses: Defend integrity of intrinsics (14e451c)
- ses: Fix assert type assertions (53d284d)
- ses: Fix packaging for
@web/dev-server
(8c35e33) - ses: Fix version number errors in news (9aff6c3)
- ses: Improve error messages for invalid module records (5c07c85)
- ses: Scope proxy defense against property descriptor prototype pollution (cbfbf85)
- ses: Use eslint-disable notation consistently (#837) (6ddb50c)
- typo vs type checker (#798) (fcb433f)
- Update preamble for SES StaticModuleRecord (790ed01)
- ses: Trap and report errors (a79df15), closes #769
0.13.4 (2021-06-20)
Note: Version bump only for package ses
0.13.3 (2021-06-16)
- ses: Improve link errors (71a509c)
0.13.2 (2021-06-14)
Note: Version bump only for package ses
0.13.1 (2021-06-06)
- ses: Export hardener types properly (0d2e8f0)
- ses: No longer supports direct use from CommonJS
- static-module-record: Emphasize RESM/NESM compatibility over CJS/UMD
- ses: Remove evaluate endowments option (#368)
- ses: Simplify transforms (#325)
- ses, transform-module: Fix StaticModuleRecord name (#323)
- ses: Surface SES on globalThis (#307)
- ses: Add shimTransforms Compartment option (#485) (5196521)
- ses: Add Compartment load function (#349) (8352fa1)
- ses: add Compartment shim utility method isKnownScopeProxy (#623) (22dbe36)
- ses: Add minimal Compartment to SES-lite (#443) (3d1dfd2)
- ses: Add moduleMapHook (#419) (f053ba4)
- ses: Add ModuleStaticRecord (#279) (98c3a8f)
- ses: Add news for override mistake fix (#417) (01bf4d7)
- ses: Add support for third-party modules (#393) (0abe442)
- ses: Add TypeScript definitions for Compartment aux types (07715ce)
- ses: Allow import and eval methods (#669) (505a7d7)
- ses: Carry compartment names in error messages (#441) (765172a)
- ses: Censorship error messages may now contain the source name (#515) (2bcd726)
- ses: Create a thin lockdown layer (#406) (ff693ae)
- ses: Create ses/lockdown alias (17d416f)
- ses: Detect invalid sloppy mode execution (86c4751), closes #740
- ses: Expand TypeScript coverage for Compartment and lockdown (#584) (e31c86b)
- ses: Export SES Transforms (#608) (5ec8858)
- ses: Prepare to publish with TypeScript definitions (#384) (af48adb)
- ses: Replace Rollup with Endo bundler (c826f77)
- ses: Retract evaluate name option, use sourceURL (#521) (d1fa7ec)
- ses: Support global lexicals (#356) (aefefbf)
- ses: Surface SES on globalThis (#307) (3ddfb95)
- ses: Update packaging for RESM/NESM bridge (6abbcdc)
- create
overrideDebug: [...props]
option (#728) (2573c1a) - ses: Revert "Export SES Transforms (#608)" (#618) (df5739d)
- ses: Support explicit exports of third-party modules (dfa4775)
- non-security mode for create-react-scripts compat. (KLUDGE) (#642) (6bd9f03)
- ses: Support importHook alias returns (#432) (1c8e706)
- Add pre-publish build step (#263) (e22f094)
- Regularize format of NEWS.md (0ec29b3)
- ses: Address charset error in integration (17406d6)
- ses: Address Parcel need for ESM export (fb3297e)
- ses: Fix intentional typo (da3b8aa)
- ses: Handle null moduleMap (b863922)
- ses: Make dist directory before bundles (51afb2f)
- ses: Remove superfluous dev dependency on @agoric/babel-standalone (3a278b5)
- ses: Validate third-party static module record exports (9ec51b3)
- static-module-record: Emphasize RESM/NESM compatibility over CJS/UMD (dcff87e)
- adapt whitelist to XS. clean it up too (#549) (bd0952a)
- add "confirm" a terminating variant of "assert" (8929475)
- add missing testcase (#575) (f5e1c25)
- Add missing ts-checks. Fix type errors (#565) (52e6830)
- assert.typeof(xxx, 'object') should assert record or null (#603) (c84ba97)
- blocklist properties we expect to remove (#614) (992f35f)
- comment (#561) (5e55d16)
- comment who needs push enabled (#596) (1218bcd)
- comments only (#598) (1230901)
- consolidate honorary native function printing (#392) (038bb13)
- Consolidate lint rules (#262) (e5ce12a)
- coordinate assert typing with agoric-sdk (#510) (195f988)
- correct fix for override mistake (#409) (b576211)
- de-url-ify error codes (#548) (b7e2e2c)
- eslint rule to suppress bogus dependency warning (#483) (7e3d9ea)
- evaluate options to evade rejections (#546) (dec75ad)
- flatten tameFunctionToString (#482) (3d7570f)
- friendlier nested console output for browsers (#557) (2c5c622)
- Fully thread shimTransforms through Compartment Mapper and SES (#509) (0f199ef)
- kill obsolete repair-legacy-accessors (#552) (be202b9)
- Lint universal package metadata (#266) (24ff867)
- Massive intrinsic reform. Start vs other compartments. (#372) (5cf2a20)
- Move NativeErrors list to whitelist.js (#444) (f2b8fcd)
- no more detached properties (#473) (efa990c)
- partial intrinsic reform (#358) (9b13f73)
- remove "apply" from enablements whitelist (#475) (b52f8d2)
- remove "debugger;" statement (#558) (c5988e6)
- remove deprecated noTame options (#328) (5d7b781)
- remove extra stackframe (#391) (9ba5ecf)
- rename to originalValue (#476) (54e0b0c)
- Repair released damage caused when I merged #552 (#638) (145595c)
- restore locale methods safely (#382) (0a091a4)
- suggested fix in #570 (#571) (3877d72)
- tame Error constructor (#359) (bfe610f)
- tolerate symbols as property names (#547) (f16bbc3)
- tolerate whitelist absence better (#408) (9ed1ad8)
- towards reconciling with agoric-sdk (#451) (5f71e91)
- typo (#471) (d5742c2)
- typo (#527) (c7a3895)
- Unsafe errorTaming and consoleTaming needs other adjustments (#637) (70cc86e)
- update to eslint 7.23.0 (#652) (e9199f4)
- use string instead of symbol for getter property (e514a6e)
- workaround remaining validation bug (#667) (cbc3247)
- 326: accept old and new taming options during transition (#327) (67eb6e8)
- ses: Add HandledPromise to the whitelist (#416) (a7330a8)
- ses: Aliasing true to t did not improve readability (#360) (90a40c6)
- ses: comments (#254) (435f1af)
- ses: Fix lockdown layer pollution from module layer (#472) (9a7a097)
- ses: Fix missing change to compartment load method (42759a8)
- ses: Generally import "ses/lockdown" (#410) (6ef4a3f)
- ses: Reform conditional tamings, especially Error (#250) (dfa22b3)
- ses: regexp taming (b010f8a), closes #237
- ses: remove code that failed to add species (3cfc8da), closes #239
- ses: Remove evaluate endowments option (#368) (e7b7b6e)
- ses: Simplify transforms (#325) (86a373e)
- ses: Spelling errors (#362) (8f606f4)
- ses: transform is an object with a rewrite method (#255) (979fbc6), closes #248 #248
- ses: Unravel compartment/lockdown import cycle (#405) (b931629)
- ses: Use CommonJS Rollup plugin (#354) (f626365)
- ses, transform-module: Fix StaticModuleRecord name (#323) (10eb49a)