GHSA-4mw5-2636-4535: op_panic in the base runtime can force a panic in the runtime's containing thread
Affected versions use deno_core releases that expose Deno.core.ops.op_panic
to the JS runtime in the base core
This function when called triggers a manual panic in the thread containing the runtime, breaking sandboxing
It can be fixed by stubbing out the exposed op:
Deno.core.ops.op_panic = (msg) => { throw new Error(msg) };
References
Detect and mitigate GHSA-4mw5-2636-4535 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →