Skip to content

build(deps): bump ses from 0.6.4 to 1.12.0 in /plugins/async-dropdown #4037

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

build(deps): bump ses from 0.6.4 to 1.12.0 in /plugins/async-dropdown #4037

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 18, 2025

Bumps ses from 0.6.4 to 1.12.0.

Release notes

Sourced from ses's releases.

2025-03-24

ses v1.12.0

  • The evalTaming: option values are renamed:

    • from 'safeEval', 'unsafeEval', and 'noEval'
    • to 'safe-eval', 'unsafe-eval', and 'no-eval'

    in order to follow the convention that lockdown option values use kebob-case rather than camelCase. To avoid breaking old programs during the transition, the old names are deprecated, but continue to work for now.

  • Evaluating a non-lexical name that is also absent on the global object of a compartment no longer throws a ReferenceError and instead produces undefined because it proves impossible to do so without revealing what properties exist on the host globalThis to compartmentalized code with a shim. This is a divergence from the expected behavior of a native Hardened JavaScript implementation, like XS.

@endo/patterns v1.5.0

  • New pattern: M.containerHas(elementPatt, bound = 1n) motivated to support want patterns in Zoe, to pull out only bound number of elements that match elementPatt. bound must be a positive bigint.

  • Closely related, @endo/patterns now exports containerHasSplit to support ERTP's use of M.containerHas on non-fungible (set, copySet) and semifungible (copyBag) assets, respectively. See Agoric/agoric-sdk#10952 .

@endo/import-bundle v1.4.0

  • Adds support for test format bundles, which simply return a promise for an object that resembles a module exports namespace with the objects specified on the symbol-named property @exports, which is deliberately not JSON serializable or passable.
  • Adds a typedImportBundle<ExpectedExportsNamespace> function with a proper type signature, to provide a narrower signature than any without disrupting existing usage.

@endo/bundle-source v4.0.0

  • Replaces the implementation for the nestedEvaluate and getExport formats with one based on Endo's Compartment Mapper instead of Rollup, in order to obviate the need to reconcile source map transforms between Rollup and the underlying Babel generator. As a consequence, we no longer generate a source map for the bundle, but Babel ensures that we preserve line and column numbers between the original source and the bundled source.

@endo/compartment-mapper v1.6.0

  • Accommodates CommonJS modules that use defineProperty on exports.

  • Divides the role of makeBundle into makeScript and makeFunctor. The new makeScript replaces makeBundle without breaking changes, producing a JavaScript string that is suitable as a <script> tag in a web page.

  • The new makeFunctor produces a JavaScript string that, when evaluated, produces a partially applied function, so the caller can provide runtime options.

  • Both makeScript and makeFunctor now accept format, useEvaluate and sourceUrlPrefix options.

  • The functor produced by makeFunctor now accepts evaluate, require, and sourceUrlPrefix runtime options.

  • Both makeScript and makeFunctor now accept a format option. Specifiying the "cjs" format allows the bundle to exit to the host's CommonJS require for host modules.

  • Adds sourceDirname to compartment descriptors in the compartment maps generated by mapNodeModules and uses these to provide better source URL comments for bundles generated by makeScript and makeFunctor, by default.

These changes collectively allow us to replace the implementation of nestedEvaluate and getExports formats in @endo/bundle-source, including the preservation of useful line numbers and file names in stack traces.

  • mapNodeModules, importLocation and loadLocation now accept a log option for users to define a custom logging function. As of this writing, only mapNodeModules will potentially call this function if provided. Expansion of log messaging and support for the log option in more APIs is expected in the future.

@endo/evasive-transform v1.4.0

  • Adds a sourceMap option so that the generated sourcemap can project back to the original source code without unmapLoc.
  • Removes support for sourcemap unmapLoc because it is not used by contemporary Endo packages. The option is now ignored.

2025-01-23

ses v1.11.0

... (truncated)

Changelog

Sourced from ses's changelog.

1.12.0 (2025-03-24)

Features

  • ses: add AsyncGeneratorFunctionInstance to commons (07516f5)
  • ses: bundle and export shim compatible with Hermes compiler (cafc398)
  • ses: create async arrow function transform with Babel for Hermes bundle (654791e)
  • ses: include async generators in anonymous intrinsics if supported (56ae460)
  • ses: support async generators in Hermes transform for CSP (24bbd5c)
  • ses: support CSP in commons AsyncGeneratorFunctionInstance (188c5d4)
  • ses: tame async generator function constructors if supported (eda8a61)

Bug Fixes

1.11.0 (2025-01-24)

Features

  • ses: Add XS variant of shim (f6c8456)
  • ses: Permit legacy properties of ModuleSource shim (75f2461)
  • ses: restrict dynamic permit on Hermes (14731fe)
  • ses: Support dynamic import (e56cc04)

Bug Fixes

  • ses: Consistently name console methods (fa7a1c4), closes #2643
  • ses: removeUnpermittedIntrinsics on Hermes via dynamic permit at runtime (1c61fb5)
  • ses: update permits for stage 2.7.4 proposals (#2693) (35d5ea2)
  • ses: warn on unsupported lockdownOptions mathTaming + dateTaming (8ed8a8b)
  • ses: widen type of globalThis in Compartment (#2644) (ff6a5ab)
  • ses: XS accommodations for console groupEnd absence (fd70235)

1.10.0 (2024-11-13)

Features

... (truncated)

Commits
  • 9b67848 chore(release): publish
  • 353c08e docs: Update release notes
  • 9ced73a fix(ses): Limit scope proxy exposure to discernably owned properties of host ...
  • 85483c0 fix(ses): lockdown options should be kebob-case (#2739)
  • c98bd23 refactor(ses): Compensate Hermes transform for Babel upgrade
  • 96fe149 refactor: Migrate from @​agoric/babel-generator back to @​babel/generator
  • 59bf360 chore(ses): add explicit devDependencies on Babel packages
  • d7d9985 refactor(ses): compartmentImport without function.bind
  • 1d29043 fix(compartment-mapper): sync module transforms in bundle.js
  • 188c5d4 feat(ses): support CSP in commons AsyncGeneratorFunctionInstance
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump ses from 0.6.4 to 1.12.0 in /plugins/async-dropdown
daaef95 
Bumps [ses](https://github.com/endojs/endo/tree/HEAD/packages/ses) from 0.6.4 to 1.12.0.
- [Release notes](https://github.com/endojs/endo/releases)
- [Changelog](https://github.com/endojs/endo/blob/master/packages/ses/CHANGELOG.md)
- [Commits](https://github.com/endojs/endo/commits/[email protected]/packages/ses)

---
updated-dependencies:
- dependency-name: ses
  dependency-version: 1.12.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 18, 2025
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Apr 18, 2025

⚠️ No Changeset found

Latest commit: daaef95

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@nx-cloud Nx Cloud
Copy link

nx-cloud bot commented Apr 18, 2025
edited
Loading

View your CI Pipeline Execution ↗ for commit daaef95.

Command Status Duration Result
nx test @e2e/qwik-city ✅ Succeeded 8m 25s View ↗
nx test @e2e/nuxt ✅ Succeeded 7m 32s View ↗
nx test @e2e/nextjs-sdk-next-app ✅ Succeeded 7m 18s View ↗
nx test @e2e/angular-16 ✅ Succeeded 6m 2s View ↗
nx test @e2e/angular-16-ssr ✅ Succeeded 5m 36s View ↗
nx test @e2e/react-sdk-next-15-app ✅ Succeeded 5m 27s View ↗
nx test @e2e/svelte ✅ Succeeded 5m 29s View ↗
nx test @e2e/angular-19-ssr ✅ Succeeded 5m 31s View ↗
Additional runs (36) ✅ Succeeded ... View ↗

☁️ Nx Cloud last updated this comment at 2025-04-18 15:23:07 UTC

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants