Commit 79481f9
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&size=40){kind=avatar}
chore: Bump ses from 1.12.0 to 1.13.0 in the npm_and_yarn group across 1 directory (#3438)
Bumps the npm_and_yarn group with 1 update in the / directory:
[ses](https://github.com/endojs/endo/tree/HEAD/packages/ses).
Updates `ses` from 1.12.0 to 1.13.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/endojs/endo/releases">ses's
releases</a>.</em></p>
<blockquote>
<h2>2025-06-02 Releases</h2>
<h1><code>ses</code> v1.13.0</h1>
<ul>
<li>
<p>Two new <code>stackFiltering:</code> options are added</p>
<ul>
<li><code>'omit-frames'</code> -- Only omit likely uninteresting frames.
Keep original paths.</li>
<li><code>'shorten-paths'</code> -- Only shorten paths to text likely
clickable in an IDE</li>
</ul>
<p>This fills out the matrix of what should have been orthogonal
options. The existing <code>'concise'</code> setting both omits likely
uninteresting frames and shortens their paths. The existing
<code>'verbose'</code> setting does neither.</p>
</li>
<li>
<p>Uses the <code>@endo/immutable-arraybuffer</code> shim to add
<code>ArrayBuffer.p.immutable</code>,
<code>ArrayBuffer.p.transferToImmutable</code>, and
<code>ArrayBuffer.p.sliceToImmutable</code> to ses, in order to emulate
the <a
href="https://github.com/tc39/proposal-immutable-arraybuffer">Immutable
ArrayBuffer proposal</a>. These make an ArrayBuffer-like object whose
contents cannot be mutated. However, due to limitations of the shim</p>
<ul>
<li>Unlike <code>ArrayBuffer</code> and <code>SharedArrayBuffer</code>
this shim's ArrayBuffer-like object cannot be transfered or cloned
between JS threads.</li>
<li>Unlike <code>ArrayBuffer</code> and <code>SharedArrayBuffer</code>,
this shim's ArrayBuffer-like object cannot be used as the backing store
of TypeArrays or DataViews.</li>
<li>The shim depends on the platform providing either
<code>structuredClone</code> or <code>Array.prototype.transfer</code>.
Node <= 16 and provides neither, causing the shim to fail to
initialize, and therefore SES to fail to initialize on such
platforms.</li>
<li>Current Hermes has even stronger constraints, lacking
<code>structuredClone</code>, <code>transfer</code>, private fields, and
even <code>class</code> syntax. This requires other coping strategies.
See <a
href="https://redirect.github.com/endojs/endo/pull/2785">endojs/endo#2785</a></li>
<li>Even after the upcoming <code>transferToImmutable</code> proposal is
implemented by the platform, the current code will still replace it with
the shim implementation, in accord with shim best practices. See <a
href="https://redirect.github.com/endojs/endo/pull/2311#discussion_r1632607527">endojs/endo#2311</a>
. It will require a later manual step to delete the shim or have it
avoid overriting a platform implementation, after manual analysis of the
compat implications.</li>
</ul>
</li>
<li>
<p>The <a
href="https://github.com/endojs/endo/blob/master/packages/ses/docs/lockdown.md#evaltaming-options">evalTaming</a>
option <code>'safe-eval'</code> now can only throw error
<code>SES_DIRECT_EVAL</code>. This allows SES to initialize with
<code>'unsafe-eval'</code> or <code>'no-eval'</code> on hosts with no
direct eval available such as Hermes for a successful lockdown that
tolerates it's language <a
href="https://github.com/facebook/hermes/blob/main/doc/Features.md">features</a>.</p>
<p>The module name <code>ses/hermes</code> can now be required to call
<code>lockdown</code> and <code>repairIntrinsics</code> only,
<code>Compartment</code> is not yet available.</p>
<p>It is currently compatible with Hermes <a
href="https://www.npmjs.com/package/hermes-engine-cli/v/0.12.0">v0.12.0</a>,
we plan to support <a
href="https://github.com/facebook/hermes/releases/tag/v0.13.0">v0.13.0</a>
then subsequent Hermes <a
href="https://github.com/facebook/hermes/tags">tags</a> or side-by-side
versions built for React Native depending on ecosystem usage and
official <a
href="https://github.com/reactwg/react-native-releases/blob/main/docs/support.md">support</a>,
then Static Hermes when released.</p>
<p>Also <code>ses/hermes</code> can now be hooked into bundlers such as
Metro to run Hardened JS.</p>
</li>
</ul>
<h1><code>@endo/compartment-mapper</code> v1.6.1</h1>
<ul>
<li>The <code>dev</code> flag for <code>mapNodeModules()</code> is no
longer deprecated. The concept of a "condition" (<a
href="https://nodejs.org/api/packages.html#conditional-exports">conditional
exports</a>) is disinct from the flag's original meaning (instructs
<code>mapNodeModules()</code> to consider <code>devDependencies</code>
when graphing packages). Users who have switched to using a
<code>development</code> condition for <code>dev</code>'s purpose are
encouraged to <em>switch back</em> to using the <code>dev</code> flag
instead. <strong>In a future release, the presence of a
<code>development</code> condition will no longer mimic an enabled
<code>dev</code> flag</strong> and will only be considered when
evaluating conditional exports.</li>
</ul>
<h1><code>@endo/evasive-transform</code> v2.0.0</h1>
<ul>
<li>The <code>sourceType</code> option is now restricted to
<code>script</code> and <code>module</code> only. Function signature
types have changed to be more precise.</li>
</ul>
<h1><code>@endo/bundle-source</code> v4.1.0</h1>
<ul>
<li>The <code>'endoZipBase64'</code> moduleFormat now utilizes the
<code>importHook</code> option to exit dependencies whose specifiers
return a truthy value.</li>
</ul>
<h1><code>@endo/import-bundle</code> v1.5.0</h1>
<ul>
<li>The <code>'endoZipBase64'</code> moduleFormat now utilizes the
<code>importHook</code> option.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/endojs/endo/blob/master/packages/ses/CHANGELOG.md">ses's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/endojs/endo/compare/[email protected]@1.13.0">1.13.0</a>
(2025-06-02)</h2>
<h3>Features</h3>
<ul>
<li><strong>ses:</strong> ArrayBuffer.prototype.sliceToImmutable on
Hermes (<a
href="https://github.com/endojs/endo/commit/e432b1467b52f7e5a97c66f1ea5a488c3cfaf9b5">e432b14</a>)</li>
<li><strong>ses:</strong> ArrayBuffer.prototype.transferToImmutable (<a
href="https://redirect.github.com/endojs/endo/issues/2400">#2400</a>)
(<a
href="https://github.com/endojs/endo/commit/d714d1dc6b0d021f956eff80c8644b0aa6844da4">d714d1d</a>)</li>
<li><strong>ses:</strong> Include ses-ava in stack frame filtering (<a
href="https://github.com/endojs/endo/commit/bdbdb01b7e1e451ca411f27edb4fa7c0dfb2d070">bdbdb01</a>)</li>
<li><strong>ses:</strong> init SES with evalTaming unsafe-eval or
no-eval (<a
href="https://github.com/endojs/endo/commit/0dfaa8d5c8bb10458997e6af9ad41c8c430d9047">0dfaa8d</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><strong>ses,lockdown:</strong> make filenames in stacktraces
clickable (<a
href="https://redirect.github.com/endojs/endo/issues/2747">#2747</a>)
(<a
href="https://github.com/endojs/endo/commit/178e25324651608fdd0888066ef2075b7efff531">178e253</a>),
closes <a
href="https://redirect.github.com/endojs/endo/issues/2359">#2359</a> <a
href="https://redirect.github.com/endojs/endo/issues/2359">#2359</a></li>
<li><strong>ses:</strong> avoid depth-first loading sequence in loadNow
to prevent getting stuck in cycles (<a
href="https://redirect.github.com/endojs/endo/issues/2804">#2804</a>)
(<a
href="https://github.com/endojs/endo/commit/37bfad6321cb5de630c1bc4f97f422261d6c88a6">37bfad6</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/endojs/endo/commit/571b7803cf10df7cb4fa9d70e4d53a0b53767fa8"><code>571b780</code></a>
chore(release): publish</li>
<li><a
href="https://github.com/endojs/endo/commit/11c0eacd6feecfd751b29f1457a02421bc09902e"><code>11c0eac</code></a>
docs: Update release notes</li>
<li><a
href="https://github.com/endojs/endo/commit/13c173b48f9371457676cc3047913e4f39c566cb"><code>13c173b</code></a>
chore(types): conform to TS 5.8.3</li>
<li><a
href="https://github.com/endojs/endo/commit/6a5a4101ee5dac8f3fa5f9e3eacaeb8b4788dc45"><code>6a5a410</code></a>
chore(deps): bump typescript to 5.8.3</li>
<li><a
href="https://github.com/endojs/endo/commit/ae1fae203654ee31c33053cab4db87acefd8a712"><code>ae1fae2</code></a>
test: fix ses-ava Ava usage</li>
<li><a
href="https://github.com/endojs/endo/commit/7eb22cfcc52baa3a6426f6bbab4a2ff75da63a0e"><code>7eb22cf</code></a>
lint: skipLibCheck in ses</li>
<li><a
href="https://github.com/endojs/endo/commit/b9c0a357650a324eb861a6d401bc8c44de4971b4"><code>b9c0a35</code></a>
chore(types): conform</li>
<li><a
href="https://github.com/endojs/endo/commit/589c0e55a0b8a5451f9b31893221cf258353324b"><code>589c0e5</code></a>
lint: include eslint-ed files in tsconfig</li>
<li><a
href="https://github.com/endojs/endo/commit/7108ca2f8e15c38deebe94347b7192399178ba72"><code>7108ca2</code></a>
chore(types): conform "ses"</li>
<li><a
href="https://github.com/endojs/endo/commit/108ddfef7446b6349726e21749b3bfdf16917320"><code>108ddfe</code></a>
lint(types): include "test"</li>
<li>Additional commits viewable in <a
href="https://github.com/endojs/endo/commits/[email protected]/packages/ses">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/MetaMask/snaps/network/alerts).
</details>
---------
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MetaMask Bot <[email protected]>1 parent 7b08aba commit 79481f9
File tree
3 files changed
+21
-13
lines changed- packages
- snaps-execution-environments
- snaps-utils
3 files changed
+21
-13
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
108 | 108 | | |
109 | 109 | | |
110 | 110 | | |
111 | | - | |
| 111 | + | |
112 | 112 | | |
113 | 113 | | |
114 | 114 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
100 | 100 | | |
101 | 101 | | |
102 | 102 | | |
103 | | - | |
| 103 | + | |
104 | 104 | | |
105 | 105 | | |
106 | 106 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1692 | 1692 | | |
1693 | 1693 | | |
1694 | 1694 | | |
1695 | | - | |
1696 | | - | |
1697 | | - | |
1698 | | - | |
| 1695 | + | |
| 1696 | + | |
| 1697 | + | |
| 1698 | + | |
| 1699 | + | |
| 1700 | + | |
| 1701 | + | |
| 1702 | + | |
| 1703 | + | |
| 1704 | + | |
| 1705 | + | |
1699 | 1706 | | |
1700 | 1707 | | |
1701 | 1708 | | |
| |||
4299 | 4306 | | |
4300 | 4307 | | |
4301 | 4308 | | |
4302 | | - | |
| 4309 | + | |
4303 | 4310 | | |
4304 | 4311 | | |
4305 | 4312 | | |
| |||
4574 | 4581 | | |
4575 | 4582 | | |
4576 | 4583 | | |
4577 | | - | |
| 4584 | + | |
4578 | 4585 | | |
4579 | 4586 | | |
4580 | 4587 | | |
| |||
16928 | 16935 | | |
16929 | 16936 | | |
16930 | 16937 | | |
16931 | | - | |
16932 | | - | |
16933 | | - | |
| 16938 | + | |
| 16939 | + | |
| 16940 | + | |
16934 | 16941 | | |
16935 | | - | |
16936 | | - | |
| 16942 | + | |
| 16943 | + | |
| 16944 | + | |
16937 | 16945 | | |
16938 | 16946 | | |
16939 | 16947 | | |
| |||
0 commit comments