Closed erights closed 1 week ago
closes: #XXXX refs: https://github.com/endojs/endo/issues/1837 https://github.com/Agoric/agoric-sdk/commit/7accc0286007216d55642056152f3be2a0ba3671 https://github.com/Agoric/agoric-sdk/pull/9112 https://github.com/endojs/endo/blob/master/packages/ses/error-codes/SES_HTML_COMMENT_REJECTED.md
A patch introduced in at https://github.com/Agoric/agoric-sdk/commit/7accc0286007216d55642056152f3be2a0ba3671 in #9112 patched https://www.npmjs.com/package/bn.js/v/5.1.2 to work around the bug explained at https://github.com/endojs/endo/issues/1837 . However, the fix followed the advice at https://github.com/endojs/endo/issues/1837#issuecomment-2136033372 , which is wrong for the reasons explained at https://github.com/endojs/endo/issues/1837#issuecomment-2136252916 .
x-- > y
(x--, x > y)
This PR fixes that mistake by instead using the technique @gibson042 suggests at https://github.com/endojs/endo/issues/1837#issuecomment-2136074644
[x--][0] > y
fixes an integrity bug. I have no idea how significant this bug was.
none
Well, it is a change. But I have no idea what the patched library was used for, so cannot evaluate.
c7ebc2c
View logs
closes: #XXXX refs: https://github.com/endojs/endo/issues/1837 https://github.com/Agoric/agoric-sdk/commit/7accc0286007216d55642056152f3be2a0ba3671 https://github.com/Agoric/agoric-sdk/pull/9112 https://github.com/endojs/endo/blob/master/packages/ses/error-codes/SES_HTML_COMMENT_REJECTED.md
Description
A patch introduced in at https://github.com/Agoric/agoric-sdk/commit/7accc0286007216d55642056152f3be2a0ba3671 in #9112 patched https://www.npmjs.com/package/bn.js/v/5.1.2 to work around the bug explained at https://github.com/endojs/endo/issues/1837 . However, the fix followed the advice at https://github.com/endojs/endo/issues/1837#issuecomment-2136033372 , which is wrong for the reasons explained at https://github.com/endojs/endo/issues/1837#issuecomment-2136252916 .
x-- > y
as(x--, x > y)
This PR fixes that mistake by instead using the technique @gibson042 suggests at https://github.com/endojs/endo/issues/1837#issuecomment-2136074644
x-- > y
as[x--][0] > y
Security Considerations
fixes an integrity bug. I have no idea how significant this bug was.
Scaling Considerations
none
Documentation Considerations
none
Testing Considerations
none
Upgrade Considerations
Well, it is a change. But I have no idea what the patched library was used for, so cannot evaluate.