refactor(memoize): depend on harden, not ses

[erights]

Closes: #XXXX
Refs: #3108

Description

@endo/memoize is a tiny package that had depended on 'ses' only for harden. It is a great example of why we factored harden out into an importable @endo/harden. The PR changes @endo/memoize to depend directly on endo@harden rather than ses.

Security Considerations

@endo/harden enables non-protecting hardens, but only when protection is off in general. @endo/memoize only provides its strong guarantees when @endo/harden is fully protecting. This is all consistent, so I would say:

No weakening of security.

Scaling Considerations

A bit. It means other packages can depend on @endo/memoize without bringing in all of ses.

Documentation Considerations

none

Testing Considerations

• Should do the multi-ses-ava mode testing that @kriskowal set up.

Compatibility Considerations

none

Upgrade Considerations

none

[changeset-bot]

⚠️ No Changeset found

Latest commit: d9b742d

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR