feat(ses): add SES version to lockdown shim #1854
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
leotm
commented
Nov 8, 2023
13 tasks
leotm
commented
Nov 8, 2023
leotm
commented
Nov 8, 2023
leotm
changed the title
leotm
commented
Nov 9, 2023
kriskowal
approved these changes
Nov 9, 2023
boneskull
approved these changes
Nov 13, 2023
packages/ses/scripts/bundle.js
Outdated
Comment on lines
20
to
23
| const bytes = await fs.promises.readFile( | ||
| fileURLToPath(`${root}/package.json`), | ||
| ); | ||
| const text = textDecoder.decode(bytes); |
There was a problem hiding this comment.
Can we not do this:
Suggested change
| const bytes = await fs.promises.readFile( | |
| fileURLToPath(`${root}/package.json`), | |
| ); | |
| const text = textDecoder.decode(bytes); | |
| const text = await fs.promises.readFile( | |
| fileURLToPath(`${root}/package.json`), | |
| 'utf8' | |
| ); |
and drop the TextDecoder? Is this an Endo convention?
There was a problem hiding this comment.
nice the 2nd arg w utf8 cleans up the need for TextDecoder ^
spotted utf-8 is also used, but don't think it matters? (same result)
if not, then RE convention i favour our suggestion (the default)
edit: i guess the same change could be made as follow-up in packages/check-bundle/index.js
and possibly deeper in various other parts the codebase
edit: just realised could do this aswell 🤷♂️
const bytes = await fs.promises.readFile(
fileURLToPath(`${root}/package.json`),
);
const packageJson = JSON.parse(bytes);
leotm
added a commit
to leotm/endo
that referenced
this pull request
Nov 20, 2023
Changes made, re-ready 2 merge @kriskowal (i'm not authorized to merge) |
boneskull
approved these changes
Nov 22, 2023
kriskowal
pushed a commit
to leotm/endo
that referenced
this pull request
Dec 5, 2023
kriskowal
force-pushed
the
leotm-versioned-lockdown-bundle
branch
from
273db98 to
02e8896
Compare
Tested - `npm run build` - `head dist/ses.cjs`
Co-authored-by: Christopher Hiller <boneskull@boneskull.com>
kriskowal
force-pushed
the
leotm-versioned-lockdown-bundle
branch
from
02e8896 to
a3c3cc8
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
closes: #1853
Description
Prepends the
sespackage.json > version as a comment to the bundled lockdown fileSecurity Considerations
Scaling Considerations
Documentation Considerations
Possibly worth mentioning the version number is now included in the SES lockdown shim
Testing Considerations
Possibly add a unit test to check the version number is present at the head of the file
Manually tested locally:
nvm use 16 # or 18 or 20npm i --force # https://github.com/endojs/endo/assets/1881059/72a4079c-fe00-4de8-ac2d-fb13406edbadcd packages/ses npm run buildhead dist/ses.cjs # ensure correct version present as comment on line 1npm run teston Node
Upgrade Considerations