search

endojs / endo

Endo is a distributed secure JavaScript sandbox, based on SES
Apache License 2.0
829 stars 72 forks source link

feat(ses): add SES version to lockdown shim #1854

Closed leotm closed 11 months ago

leotm commented 1 year ago

closes: #1853

Description

Prepends the ses package.json > version as a comment to the bundled lockdown file

Security Considerations

Scaling Considerations

Documentation Considerations

Possibly worth mentioning the version number is now included in the SES lockdown shim

Testing Considerations

Possibly add a unit test to check the version number is present at the head of the file

Manually tested locally:

git clean -fdx
nvm use 16 # or 18 or 20
npm i --force # https://github.com/endojs/endo/assets/1881059/72a4079c-fe00-4de8-ac2d-fb13406edbad
cd packages/ses
npm run build
head dist/ses.cjs # ensure correct version present as comment on line 1
npm run test

on Node

Upgrade Considerations

leotm commented 11 months ago

Feedback for your consideration. If you are unable to merge this, please reply when it’s ready to merge.

Changes made, re-ready 2 merge @kriskowal (i'm not authorized to merge)