Sync Endo: 2023-08-08

[kriskowal]

This change brings Agoric and Endo in sync.

ses v0.18.8 (2023-09-11)

• Extracts repairIntrinsics(options) and hardenIntrinsics() from the
  behavior of lockdown(options) so vetted shims can run between these
  calls.
  Any modifications to shared intrinsics survive if applied after
  repairIntrinsics().
• In the SES-shim implementation of HardenedJS, all constructed compartments
  get the same safe Date constructor, that does not provide the ability to
  measure duration.
  It used to do this by having Date.now() return NaN, and to have calls on
  the constructor that would normally have returned an indication of the
  current date, instead return the corresponding invalid date indication.
  Now, all of these throw a TypeError whose message begins with 'secure mode'.
  This aligns with the XS implementation of HardenedJS.
• Similarly, In the SES-shim implementation of HardenedJS, all constructed
  compartments get the same safe Math namespace object that does not provide
  a working random() function.
  It used to do that by omitting the random property from the safe Math
  namespace object.
  Now, the safe shared Math namespace object has a Math.random() function
  that throws a TypeError whose message begins with 'secure mode'.
  This again aligns with the XS implementation of HardenedJS.

ses v0.18.6 (2023-08-07)

• Censors the pattern {...import(specifier)}.
  We previously censored import(specifier) and expressly allowed
  object.import(specifier).
  The relaxation for the latter form in version 0.13.0 inadvertently allowed
  import with the spread operator.

@endo/patterns v0.2.6 (2023-09-11)

• Adds support for CopyMap patterns (e.g., matches(specimen, makeCopyMap([]))).

@endo/exo v0.2.6 (2023-09-11)

• Adds support for symbol-keyed methods in interface guards, e.g.

  const LabeledIterableI = M.interface('LabeledIterable', {
    getLabel: M.call().returns(M.string()),
    [Symbol.asyncIterator]: M.call().returns(M.remotable('Iterator')),
  });
  

@endo/bundle-source v2.8.0 (2023-09-11)

• The @endo/bundle-source/cache.js maker now accepts additional optional
  arguments: pid and nonce, with reasonable defaults.
  Providing the pid can make it easier to clean up scratch files if
  the bundler is interrupted, since deleting any scratch file with the PID of a
  non-running process is safe.

[michaelfig]

I've reviewed (and approve) all of your @kriskowal commits. Can you comment on my commits, or delegate to somebody else to do a review of them before we merge?

[kriskowal]

Your commits all look good to me @michaelfig.

[kriskowal]

I don’t think we need another reviewer, but it would be good for @gibson042 or @erights to know that this change created a complication for synchronizing Endo. It would be good for this frustration to have been discovered earlier and for a change to land in Agoric or Endo to iron it out before we attempted integration.

[turadg]

to have been discovered earlier

Would that be done by a process change or new tooling? If the latter, is there a ticket?

[erights]

I have used #7937 on occasion to detect and fix such problems. I think this is similar to some automation @michaelfig already did?

[kriskowal]

And, this is a complication that I introduced that I should have addressed in Agoric before we had attempted to sync the repos.

@michaelfig has created some tools to make these aberrations more visible. I haven’t internalized them well enough in my own process to recommend a workflow for the rest of the team.

[turadg]

LGTM.

One question about a possible unintentional change, but it's innocuous and can be improved later.

[turadg]

nifty

[turadg]

😞

[turadg]

this isn't being used as a type parameter. did you mean to use it for the return type?

[michaelfig]

It's being used as the type of the input interfaceGuard, and it (via inference) is also used as part of the return type.