Bump ses from 0.4.0 to 0.6.3

[dependabot[bot]]

Bumps ses from 0.4.0 to 0.6.3.

Release notes

*Sourced from [ses's releases](https://github.com/Agoric/SES/releases).* > ## SES-0.5.0 > ## Release 0.5.0 (05-Apr-2019) > > INCOMPATIBLE API CHANGE: Starting with this release, the SES package exports > a single default object (named `SES`, from which you can get the > `SES.makeSESRootRealm()` function). Previously, it exported both a `SES` > object and the `makeSESRootRealm` function. > > Code which uses this package as an ES6 module must change its import from > `import { SES } from 'ses';` to: > > ```js > import SES from 'ses'; > ``` > > Similarly, for code which uses CommonJS-style, it must change from `const { > SES } = require('ses')` to: > > ```js > const SES = require('ses') > ``` > > The package now exports bundles in various flavors: CommonJS, ES6 Module, and > browser-based UMD. > > Other changes: > > * whitelist Symbol.matchAll, to fix Chrome-v73 (Issue [#90](https://github-redirect.dependabot.com/Agoric/SES/issues/90)) > * change primary export [#88](https://github-redirect.dependabot.com/Agoric/SES/issues/88) > * improve documentation [#66](https://github-redirect.dependabot.com/Agoric/SES/issues/66) [#67](https://github-redirect.dependabot.com/Agoric/SES/issues/67) > * add integration tests [#85](https://github-redirect.dependabot.com/Agoric/SES/issues/85) > * packaging: remove ses-shim.js, add other generated bundles > * update Realms shim to commit 0c00eb, to fix Browserify [#79](https://github-redirect.dependabot.com/Agoric/SES/issues/79) > * test against node v10/v11, switch from travis to circleci [#73](https://github-redirect.dependabot.com/Agoric/SES/issues/73) > * fix examples [#102](https://github-redirect.dependabot.com/Agoric/SES/issues/102) > > Thanks to Matt Bell, Kate Sills, and Mark Miller for additional fixes in this > release.

Changelog

*Sourced from [ses's changelog](https://github.com/Agoric/SES/blob/master/NEWS.md).* > ## Release 0.6.3 (02-Oct-2019) > > SECURITY UPDATE: This release upgrades realms-shim to fix multiple sandbox > escapes. All users should update to this version. > > * upgrade to realms-shim v1.2.0 > > Non-security fixes: > > * add `SES.harden` to make hardening available from within the Realm. ([#161](https://github-redirect.dependabot.com/Agoric/SES/issues/161)) > > > ## Release 0.6.2 (25-Sep-2019) > > No user-visible changes. > > Use realms-shim as a normal package, not a git-submodule. Update eslint > dependencies. > > > ## Release 0.6.1 (14-Sep-2019) > > * SECURITY UPDATE: This release fixes a sandbox escape discovered in the > realms-shim by GitHub user "XmiliaH", which works by causing an infinite > loop and extracting the real function constructor from the RangeError > exception object. See [Agoric/realms-shim#48](https://github-redirect.dependabot.com/Agoric/realms-shim/issues/48) for > more details. > > > ## Release 0.6.0 (03-Sep-2019) > > * Breaking change: `options.transforms` may no longer specify `endow()` > transforms. Instead, use `rewrite()`, which can now modify endowments. > See [Agoric/realms-shim#38](https://github-redirect.dependabot.com/Agoric/realms-shim/pull/38) for details. > * Repair the "override mistake", with optional repair plan in > `options.dataPropertiesToRepair`. See src/bundle/dataPropertiesToRepair.js > and [Agoric/SES#146](https://github-redirect.dependabot.com/Agoric/SES/pull/146) for details. > * `options.sloppyGlobals` is rejected by `makeSESRootRealm()`, since all SES > root realms are frozen. `sloppyGlobals` can only be used in a new > "Compartment", made by calling `Realm.makeCompartment(options)`. See > [Agoric/SES#142](https://github-redirect.dependabot.com/Agoric/SES/issues/142) > [Agoric/realms-shim#33](https://github-redirect.dependabot.com/Agoric/realms-shim/pull/33) > [Agoric/realms-shim#30](https://github-redirect.dependabot.com/Agoric/realms-shim/pull/30) for details. > * Add `options.whitelist` to override the set of properties that are retained > in the new realm. The default gives you SES, but it could be overridden to > e.g. enforce a Jessie-only environment. > > > ## Release 0.5.3 (24-Jul-2019) > > ... (truncated)

Commits

- [`81af366`](https://github.com/Agoric/SES/commit/81af36698da9f6076152a16a1feda46be1160323) release 0.6.3 - [`a19725e`](https://github.com/Agoric/SES/commit/a19725e465af3f7f90cfb6083b73020843b2041c) update README/SECURITY.md with bug-reporting instructions - [`fb2536a`](https://github.com/Agoric/SES/commit/fb2536af2d663009518a76184f4c4592b39ab572) upgrade to realms-shim v1.2.0 for security fix - [`c2b94e0`](https://github.com/Agoric/SES/commit/c2b94e0b4c33951d9aa2fdb7670ab96fc32d1aa0) Merge pull request [#161](https://github-redirect.dependabot.com/Agoric/SES/issues/161) from Agoric/global-SES-harden - [`ae2b7a4`](https://github.com/Agoric/SES/commit/ae2b7a48ff7faeddb7993a6ec9c38a4578aa318b) createSES.js: create a global SES.harden - [`2669dca`](https://github.com/Agoric/SES/commit/2669dca9a8f8fba3c901bcd4c93e116db1023ec1) 0.6.3-dev.0 - [`9fc391f`](https://github.com/Agoric/SES/commit/9fc391f0ec15cf20fdc9c47cbc02e826ba813fe6) release 0.6.2 - [`dce320f`](https://github.com/Agoric/SES/commit/dce320fe77de9f95b8a4ce5dd00683a856974da9) update deps: eslint. Add disables for the new pickyness. - [`586dba7`](https://github.com/Agoric/SES/commit/586dba77bf33818b7f51dbacca3d401e6591a13a) update deps: realms-shim 1.1.2 - [`7be7190`](https://github.com/Agoric/SES/commit/7be719017a822456b05010a763db6fc3c47961fe) Merge pull request [#156](https://github-redirect.dependabot.com/Agoric/SES/issues/156) from Agoric/migrate-realms-shim - Additional commits viewable in [compare view](https://github.com/Agoric/SES/compare/0.4.0...v0.6.3)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Agoric/PlaygroundVat/network/alerts).