0.3.0

release 0.3.0: improves security and functionality

This fixes all known confinement leaks:

• We now freeze AsyncGeneratorFunction and AsyncFunction, the last of the
  "anonymous" intrinsics (which are reachable by syntax but not simple
  property lookup). In the previous release, attacker code could modify their
  behavior (which defender code might have been relying upon) or use them as
  a communication channel. (#3, #41)
• We now remove all unknown properties from the global object, using a
  special list of ones that are safe to expose. This protects us from
  surprising platform-specific objects, or newly-added standard JS objects
  that have not yet been examined for safety. The 'Intl' object is currently
  removed by this check (and intlMode: "allow" has been removed), but may
  be brought back in a future release. (#26)
• RegExp.prototype.compile is removed unconditionally (even if regexpMode:
  "allow" is set), because it violates the semantics of Object.freeze

It also improves usability:

• Uncaught exceptions in Node.js are now rendered correctly when the
  errorStackMode: "allow" option is enabled. In the previous release, such
  exceptions were always displayed as "undefined", which was particularly
  unhelpful. If your program is abruptly exiting with "undefined", try
  turning this option on while you're debugging. But don't leave it on,
  because it probably enables a confinement breach.
• SES is an ES6 module, but should now be importable with require() by
  other code which is unaware of ES6 modules, because it now uses the esm
  module internally. (#32)
• console.log is now available within the confined code, if the
  consoleMode: "allow" option is enabled. If this is disabled,
  console.log() will throw a TypeError (since console is undefined, it
  has no log property). Many other console methods (but not all) are
  exposed too. (#35)

SES now requires Node.js version 10 or later.