feat(analyze): Replace wasm-bindgen with jco generated bindings #334
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
😎 Merged successfully - details. |
|
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
🚮 Removed packages: npm/@arcjet/[email protected], npm/@arcjet/[email protected], npm/@arcjet/[email protected], npm/@types/[email protected], npm/@types/[email protected] |
|
👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎ This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. Ignoring: Next stepsTake a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with |
blaine-arcjet
commented
Mar 8, 2024
davidmytton
approved these changes
Mar 10, 2024
trunk-io bot
pushed a commit
that referenced
this pull request
Mar 11, 2024
Towards #51 This removes the nodejs `crypto` import and replaces it with usage of [SubtleCrypto](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto). I ran into a nextjs error related to this in #334
blaine-arcjet
force-pushed
the
phated/jco
branch
from
6ea7967 to
ab10d17
Compare
blaine-arcjet
force-pushed
the
phated/jco
branch
from
ab10d17 to
17a050d
Compare
|
@SocketSecurity ignore npm/[email protected] |
trunk-io bot
pushed a commit
that referenced
this pull request
Mar 13, 2024
🤖 I have created a release *beep* *boop* --- <details><summary>@arcjet/decorate: 1.0.0-alpha.10</summary> ## [1.0.0-alpha.10](https://github.com/arcjet/arcjet-js/compare/v1.0.0-alpha.9...@arcjet/decorate-v1.0.0-alpha.10) (2024-03-13) ### 📦 Dependencies * **dev:** Bump @rollup/wasm-node from 4.12.0 to 4.12.1 ([#320](#320)) ([7f07a8f](7f07a8f)) * **dev:** Bump @rollup/wasm-node from 4.12.1 to 4.13.0 ([#359](#359)) ([8658316](8658316)) * **dev:** Bump typescript from 5.3.3 to 5.4.2 ([#321](#321)) ([e0c2914](e0c2914)) ### Dependencies * The following workspace dependencies were updated * dependencies * @arcjet/logger bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * @arcjet/protocol bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * devDependencies * @arcjet/eslint-config bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * @arcjet/rollup-config bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * @arcjet/tsconfig bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 </details> <details><summary>@arcjet/duration: 1.0.0-alpha.10</summary> ## [1.0.0-alpha.10](https://github.com/arcjet/arcjet-js/compare/v1.0.0-alpha.9...@arcjet/duration-v1.0.0-alpha.10) (2024-03-13) ### 📦 Dependencies * **dev:** Bump @rollup/wasm-node from 4.12.0 to 4.12.1 ([#320](#320)) ([7f07a8f](7f07a8f)) * **dev:** Bump @rollup/wasm-node from 4.12.1 to 4.13.0 ([#359](#359)) ([8658316](8658316)) * **dev:** Bump typescript from 5.3.3 to 5.4.2 ([#321](#321)) ([e0c2914](e0c2914)) ### Dependencies * The following workspace dependencies were updated * devDependencies * @arcjet/eslint-config bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * @arcjet/rollup-config bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * @arcjet/tsconfig bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 </details> <details><summary>@arcjet/next: 1.0.0-alpha.10</summary> ## [1.0.0-alpha.10](https://github.com/arcjet/arcjet-js/compare/v1.0.0-alpha.9...@arcjet/next-v1.0.0-alpha.10) (2024-03-13) ### ⚠ BREAKING CHANGES * Switch Next.js to peer dependency ([#339](#339)) ### 📦 Dependencies * **dev:** Bump @rollup/wasm-node from 4.12.0 to 4.12.1 ([#320](#320)) ([7f07a8f](7f07a8f)) * **dev:** Bump @rollup/wasm-node from 4.12.1 to 4.13.0 ([#359](#359)) ([8658316](8658316)) * **dev:** Bump typescript from 5.3.3 to 5.4.2 ([#321](#321)) ([e0c2914](e0c2914)) ### 🧹 Miscellaneous Chores * Switch Next.js to peer dependency ([#339](#339)) ([cb82883](cb82883)) ### Dependencies * The following workspace dependencies were updated * dependencies * @arcjet/ip bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * arcjet bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * devDependencies * @arcjet/eslint-config bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * @arcjet/rollup-config bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * @arcjet/tsconfig bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 </details> <details><summary>@arcjet/node: 1.0.0-alpha.10</summary> ## [1.0.0-alpha.10](https://github.com/arcjet/arcjet-js/compare/v1.0.0-alpha.9...@arcjet/node-v1.0.0-alpha.10) (2024-03-13) ### 📦 Dependencies * **dev:** Bump @rollup/wasm-node from 4.12.0 to 4.12.1 ([#320](#320)) ([7f07a8f](7f07a8f)) * **dev:** Bump @rollup/wasm-node from 4.12.1 to 4.13.0 ([#359](#359)) ([8658316](8658316)) * **dev:** Bump typescript from 5.3.3 to 5.4.2 ([#321](#321)) ([e0c2914](e0c2914)) ### Dependencies * The following workspace dependencies were updated * dependencies * @arcjet/ip bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * arcjet bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * devDependencies * @arcjet/eslint-config bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * @arcjet/rollup-config bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * @arcjet/tsconfig bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 </details> <details><summary>@arcjet/analyze: 1.0.0-alpha.10</summary> ## [1.0.0-alpha.10](https://github.com/arcjet/arcjet-js/compare/v1.0.0-alpha.9...@arcjet/analyze-v1.0.0-alpha.10) (2024-03-13) ### 🚀 New Features * **analyze:** Replace wasm-bindgen with jco generated bindings ([#334](#334)) ([48359ff](48359ff)) ### 📦 Dependencies * **dev:** Bump @bytecodealliance/jco from 1.0.2 to 1.0.3 ([#365](#365)) ([bb1470e](bb1470e)) * **dev:** Bump @rollup/wasm-node from 4.12.0 to 4.12.1 ([#320](#320)) ([7f07a8f](7f07a8f)) * **dev:** Bump @rollup/wasm-node from 4.12.1 to 4.13.0 ([#359](#359)) ([8658316](8658316)) * **dev:** Bump typescript from 5.3.3 to 5.4.2 ([#321](#321)) ([e0c2914](e0c2914)) ### 🧹 Miscellaneous Chores * **analyze:** Replace node import with crypto global ([#335](#335)) ([bcc27f2](bcc27f2)) ### Dependencies * The following workspace dependencies were updated * dependencies * @arcjet/logger bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * devDependencies * @arcjet/eslint-config bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * @arcjet/rollup-config bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * @arcjet/tsconfig bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 </details> <details><summary>@arcjet/eslint-config: 1.0.0-alpha.10</summary> ## [1.0.0-alpha.10](https://github.com/arcjet/arcjet-js/compare/v1.0.0-alpha.9...@arcjet/eslint-config-v1.0.0-alpha.10) (2024-03-13) ### 📦 Dependencies * Bump eslint-config-next from 14.1.1 to 14.1.3 ([#322](#322)) ([9b99345](9b99345)) * Bump eslint-config-turbo from 1.12.4 to 1.12.5 ([#340](#340)) ([3d28dd9](3d28dd9)) ### 🧹 Miscellaneous Chores * Make next a peerDep in our eslint package ([#344](#344)) ([89de5a8](89de5a8)) </details> <details><summary>@arcjet/ip: 1.0.0-alpha.10</summary> ## [1.0.0-alpha.10](https://github.com/arcjet/arcjet-js/compare/v1.0.0-alpha.9...@arcjet/ip-v1.0.0-alpha.10) (2024-03-13) ### 📦 Dependencies * **dev:** Bump @rollup/wasm-node from 4.12.0 to 4.12.1 ([#320](#320)) ([7f07a8f](7f07a8f)) * **dev:** Bump @rollup/wasm-node from 4.12.1 to 4.13.0 ([#359](#359)) ([8658316](8658316)) * **dev:** Bump typescript from 5.3.3 to 5.4.2 ([#321](#321)) ([e0c2914](e0c2914)) ### Dependencies * The following workspace dependencies were updated * devDependencies * @arcjet/eslint-config bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * @arcjet/rollup-config bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * @arcjet/tsconfig bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 </details> <details><summary>@arcjet/logger: 1.0.0-alpha.10</summary> ## [1.0.0-alpha.10](https://github.com/arcjet/arcjet-js/compare/v1.0.0-alpha.9...@arcjet/logger-v1.0.0-alpha.10) (2024-03-13) ### 📦 Dependencies * **dev:** Bump @rollup/wasm-node from 4.12.0 to 4.12.1 ([#320](#320)) ([7f07a8f](7f07a8f)) * **dev:** Bump @rollup/wasm-node from 4.12.1 to 4.13.0 ([#359](#359)) ([8658316](8658316)) * **dev:** Bump typescript from 5.3.3 to 5.4.2 ([#321](#321)) ([e0c2914](e0c2914)) ### Dependencies * The following workspace dependencies were updated * devDependencies * @arcjet/eslint-config bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * @arcjet/rollup-config bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * @arcjet/tsconfig bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 </details> <details><summary>@arcjet/protocol: 1.0.0-alpha.10</summary> ## [1.0.0-alpha.10](https://github.com/arcjet/arcjet-js/compare/v1.0.0-alpha.9...@arcjet/protocol-v1.0.0-alpha.10) (2024-03-13) ### 📦 Dependencies * **dev:** Bump @rollup/wasm-node from 4.12.0 to 4.12.1 ([#320](#320)) ([7f07a8f](7f07a8f)) * **dev:** Bump @rollup/wasm-node from 4.12.1 to 4.13.0 ([#359](#359)) ([8658316](8658316)) * **dev:** Bump typescript from 5.3.3 to 5.4.2 ([#321](#321)) ([e0c2914](e0c2914)) ### Dependencies * The following workspace dependencies were updated * devDependencies * @arcjet/eslint-config bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * @arcjet/rollup-config bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * @arcjet/tsconfig bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 </details> <details><summary>@arcjet/rollup-config: 1.0.0-alpha.10</summary> ## [1.0.0-alpha.10](https://github.com/arcjet/arcjet-js/compare/v1.0.0-alpha.9...@arcjet/rollup-config-v1.0.0-alpha.10) (2024-03-13) ### ⚠ BREAKING CHANGES * Switch Next.js to peer dependency ([#339](#339)) ### 📦 Dependencies * **dev:** Bump @rollup/wasm-node from 4.12.0 to 4.12.1 ([#320](#320)) ([7f07a8f](7f07a8f)) * **dev:** Bump @rollup/wasm-node from 4.12.1 to 4.13.0 ([#359](#359)) ([8658316](8658316)) * **dev:** Bump typescript from 5.3.3 to 5.4.2 ([#321](#321)) ([e0c2914](e0c2914)) ### 🧹 Miscellaneous Chores * Switch Next.js to peer dependency ([#339](#339)) ([cb82883](cb82883)) ### Dependencies * The following workspace dependencies were updated * devDependencies * @arcjet/eslint-config bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * @arcjet/tsconfig bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 </details> <details><summary>@arcjet/tsconfig: 1.0.0-alpha.10</summary> ## [1.0.0-alpha.10](https://github.com/arcjet/arcjet-js/compare/v1.0.0-alpha.9...@arcjet/tsconfig-v1.0.0-alpha.10) (2024-03-13) ### 🧹 Miscellaneous Chores * **@arcjet/tsconfig:** Synchronize arcjet-js versions </details> <details><summary>arcjet: 1.0.0-alpha.10</summary> ## [1.0.0-alpha.10](v1.0.0-alpha.9...arcjet-v1.0.0-alpha.10) (2024-03-13) ### 🚀 New Features * **analyze:** Replace wasm-bindgen with jco generated bindings ([#334](#334)) ([48359ff](48359ff)) ### 📦 Dependencies * **dev:** Bump @rollup/wasm-node from 4.12.0 to 4.12.1 ([#320](#320)) ([7f07a8f](7f07a8f)) * **dev:** Bump @rollup/wasm-node from 4.12.1 to 4.13.0 ([#359](#359)) ([8658316](8658316)) * **dev:** Bump typescript from 5.3.3 to 5.4.2 ([#321](#321)) ([e0c2914](e0c2914)) ### Dependencies * The following workspace dependencies were updated * dependencies * @arcjet/analyze bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * @arcjet/duration bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * @arcjet/logger bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * @arcjet/protocol bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * devDependencies * @arcjet/eslint-config bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * @arcjet/rollup-config bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 * @arcjet/tsconfig bumped from 1.0.0-alpha.9 to 1.0.0-alpha.10 </details> <details><summary>1.0.0-alpha.10</summary> ## [1.0.0-alpha.10](v1.0.0-alpha.9...v1.0.0-alpha.10) (2024-03-13) ### ⚠ BREAKING CHANGES * Switch Next.js to peer dependency ([#339](#339)) ### 🚀 New Features * **analyze:** Replace wasm-bindgen with jco generated bindings ([#334](#334)) ([48359ff](48359ff)) ### 📦 Dependencies * Bump eslint-config-next from 14.1.1 to 14.1.3 ([#322](#322)) ([9b99345](9b99345)) * Bump eslint-config-turbo from 1.12.4 to 1.12.5 ([#340](#340)) ([3d28dd9](3d28dd9)) * Bump next from 14.1.1 to 14.1.3 ([#323](#323)) ([0bad5fe](0bad5fe)) * **dev:** Bump @bytecodealliance/jco from 1.0.2 to 1.0.3 ([#365](#365)) ([bb1470e](bb1470e)) * **dev:** Bump @rollup/wasm-node from 4.12.0 to 4.12.1 ([#320](#320)) ([7f07a8f](7f07a8f)) * **dev:** Bump @rollup/wasm-node from 4.12.1 to 4.13.0 ([#359](#359)) ([8658316](8658316)) * **dev:** Bump typescript from 5.3.3 to 5.4.2 ([#321](#321)) ([e0c2914](e0c2914)) * **example:** Bump the dependencies group in /examples/nextjs-13-pages-wrap with 1 update ([#366](#366)) ([62a3e7f](62a3e7f)) * **example:** Bump the dependencies group in /examples/nextjs-13-pages-wrap with 3 updates ([#332](#332)) ([5083415](5083415)) * **example:** Bump the dependencies group in /examples/nextjs-14-app-dir-rl with 1 update ([#348](#348)) ([29b2259](29b2259)) * **example:** Bump the dependencies group in /examples/nextjs-14-app-dir-rl with 1 update ([#361](#361)) ([291ad58](291ad58)) * **example:** Bump the dependencies group in /examples/nextjs-14-app-dir-rl with 3 updates ([#330](#330)) ([505c886](505c886)) * **example:** Bump the dependencies group in /examples/nextjs-14-app-dir-validate-email with 1 update ([#352](#352)) ([ce76dcb](ce76dcb)) * **example:** Bump the dependencies group in /examples/nextjs-14-app-dir-validate-email with 1 update ([#358](#358)) ([71847b9](71847b9)) * **example:** Bump the dependencies group in /examples/nextjs-14-app-dir-validate-email with 3 updates ([#326](#326)) ([322311e](322311e)) * **example:** Bump the dependencies group in /examples/nextjs-14-clerk-rl with 1 update ([#349](#349)) ([1f4e1d4](1f4e1d4)) * **example:** Bump the dependencies group in /examples/nextjs-14-clerk-rl with 1 update ([#362](#362)) ([2d3f8eb](2d3f8eb)) * **example:** Bump the dependencies group in /examples/nextjs-14-clerk-rl with 3 updates ([#329](#329)) ([3797b6b](3797b6b)) * **example:** Bump the dependencies group in /examples/nextjs-14-clerk-shield with 1 update ([#357](#357)) ([e35d530](e35d530)) * **example:** Bump the dependencies group in /examples/nextjs-14-clerk-shield with 3 updates ([#327](#327)) ([12cf78b](12cf78b)) * **example:** Bump the dependencies group in /examples/nextjs-14-decorate with 1 update ([#350](#350)) ([51a21cf](51a21cf)) * **example:** Bump the dependencies group in /examples/nextjs-14-decorate with 1 update ([#354](#354)) ([4267d44](4267d44)) * **example:** Bump the dependencies group in /examples/nextjs-14-decorate with 3 updates ([#331](#331)) ([2641ffe](2641ffe)) * **example:** Bump the dependencies group in /examples/nextjs-14-openai with 1 update ([#360](#360)) ([cc7f381](cc7f381)) * **example:** Bump the dependencies group in /examples/nextjs-14-openai with 2 updates ([#346](#346)) ([a5db5a9](a5db5a9)) * **example:** Bump the dependencies group in /examples/nextjs-14-openai with 4 updates ([#328](#328)) ([d927ecc](d927ecc)) * **example:** Bump the dependencies group in /examples/nextjs-14-pages-wrap with 1 update ([#347](#347)) ([adb1a83](adb1a83)) * **example:** Bump the dependencies group in /examples/nextjs-14-pages-wrap with 1 update ([#355](#355)) ([aca306b](aca306b)) * **example:** Bump the dependencies group in /examples/nextjs-14-pages-wrap with 3 updates ([#325](#325)) ([2bbf20d](2bbf20d)) * **example:** Bump the dependencies group in /examples/nextjs-example with 1 update ([#324](#324)) ([4bf8997](4bf8997)) * Update trunk and linter ([#363](#363)) ([b6ab8a6](b6ab8a6)) ### 📝 Documentation * **examples:** Add Node.js express server validate email example ([#343](#343)) ([fc6c6a8](fc6c6a8)) * **examples:** Added Node.js Express server example ([#333](#333)) ([f398c28](f398c28)) ### 🧹 Miscellaneous Chores * **analyze:** Replace node import with crypto global ([#335](#335)) ([bcc27f2](bcc27f2)) * **ci:** Ensure dependabot doesn't update next to 14 in 13 example ([#364](#364)) ([32e4cc7](32e4cc7)) * **examples:** Leverage semver so next gets updated by dependabot ([#345](#345)) ([58b6d2e](58b6d2e)) * Make next a peerDep in our eslint package ([#344](#344)) ([89de5a8](89de5a8)) * Switch Next.js to peer dependency ([#339](#339)) ([cb82883](cb82883)) </details> --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This replaces our wasm-bindgen generated code with jco generated code. Switching to
jcoaligns us with our desire to use the WebAssembly Component Model throughout our codebase. Through the Component Model, we can define concrete types in awitfile, like ourbot-typeenum:This allows us to have one definition and do minimal-to-no translation. This will also allow us to eventually do away with
JSON.stringifyandJSON.parseon inputs/outputs on the Wasm boundary.Additionally, the
--instantiationmode of jco allows us to do away with our custom wasm instantiation.Since
jcois used to produce various wasm "core" modules, I've moved the base64 module generation into a Rollup plugin in theanalyzepackage. Any time a.wasmimport (but not a.wasm?moduleimport) is encountered during the build, it is translated into a virtual module and the base64 version is produced during theloadphase.