Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: patriksimek/vm2
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v3.11.2
Choose a base ref
...
head repository: patriksimek/vm2
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v3.11.3
Choose a head ref
  • 1 commit
  • 5 files changed
  • 2 contributors

Commits on May 11, 2026

  1. fix(GHSA-248r-7h7q-cr24): close async generator yield*-return thenabl… 

    …e exception capture

Wrap %AsyncGeneratorPrototype%.next/.return/.throw to sanitise both
iterator-result values/rejections and the thenable arguments V8 awaits
in yield*-return abrupt completion. The non-thenable branch of the
thenable wrapper always resolves with a sandbox-realm shadow (own
descriptors copied except .then) so V8's [[Get]] in
PromiseResolveThenableJob cannot re-detect a thenable on the user's
value via getter or descriptor TOCTOU.

Restores Defense Invariant #2 for the implicit-catch case in V8's
async generator state machine.

Bumps version to 3.11.3.

ATTACKS.md gains Category 29 with the full mitigation rationale and
trade-off discussion. CHANGELOG.md updated.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
    @patriksimek @claude
    patriksimek and claude committed May 11, 2026
    Configuration menu
    Copy the full SHA
    093494c View commit details
    Browse the repository at this point in the history
Loading