chore: bump version to 3.10.6, renumber ATTACKS categories

patriksimek · patriksimek · commit b2867a675e24 · 2026-04-29T01:22:11.000+02:00
cp6g (require.root realpath / TOCTOU) is deferred to a future major,
so its slot in ATTACKS.md is dropped. Promise-executor and Buffer.alloc
DoS categories slide down one (Cat 23 → 22, Cat 24 → 23).
diff --git a/docs/ATTACKS.md b/docs/ATTACKS.md
@@ -1524,7 +1524,7 @@ The fix does not affect the `mocks` / `overrides` escape hatches — users who g
 
 ---
 
-## Attack Category 23: Promise Executor Unhandled Rejection — Host Process DoS
+## Attack Category 22: Promise Executor Unhandled Rejection — Host Process DoS
 
 ### Description
 
@@ -1584,7 +1584,7 @@ The fix preserves the native semantics for non-callable executors (`new Promise(
 
 ---
 
-## Attack Category 24: Unbounded `Buffer.alloc(N)` — Host Heap DoS
+## Attack Category 23: Unbounded `Buffer.alloc(N)` — Host Heap DoS
 
 ### Description
 
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -13,7 +13,7 @@
 		"alcatraz",
 		"contextify"
 	],
-	"version": "3.10.5",
+	"version": "3.10.6",
 	"main": "index.js",
 	"sideEffects": false,
 	"repository": "github:patriksimek/vm2",
