Branch: refs/heads/webkitglib/2.52
Home: https://github.com/WebKit/WebKit
Commit: 0d41359b6088b48b7e3cbfdca483f7510d7cc95d
https://github.com/WebKit/WebKit/commit/0d41359b6088b48b7e3cbfdca483f7510d7cc95d
Author: Kai Tamkun <[email protected]>
Date: 2026-06-14 (Sun, 14 Jun 2026)
Changed paths:
A
LayoutTests/js/dom/modules/import-from-javascript-url-new-window-expected.txt
A LayoutTests/js/dom/modules/import-from-javascript-url-new-window.html
M Source/WebCore/bindings/js/ScriptModuleLoader.cpp
Log Message:
-----------
Cherry-pick 315109@main (6cc340adc68d).
https://bugs.webkit.org/show_bug.cgi?id=316862
Importing modules from a document with no base URL causes null deref
https://bugs.webkit.org/show_bug.cgi?id=316862
rdar://179143870
Reviewed by Yusuke Suzuki.
This replaces an assertion that the base URL is valid when dynamically
importing a module
from ScriptModuleLoader with an actual validation.
Test: js/dom/modules/import-from-javascript-url-new-window.html
*
LayoutTests/js/dom/modules/import-from-javascript-url-new-window-expected.txt:
Added.
* LayoutTests/js/dom/modules/import-from-javascript-url-new-window.html:
Added.
* Source/WebCore/bindings/js/ScriptModuleLoader.cpp:
(WebCore::ScriptModuleLoader::importModule):
Canonical link: https://commits.webkit.org/315109@main
Canonical link:
https://commits.webkit.org/305877.750@eng/backports-misc-01KTZ349QSG5WHQ3VCB0N8PF24
Commit: 88bc49648b41864ce27a0459c489a048a8bf0473
https://github.com/WebKit/WebKit/commit/88bc49648b41864ce27a0459c489a048a8bf0473
Author: Charlie Wolfe <[email protected]>
Date: 2026-06-14 (Sun, 14 Jun 2026)
Changed paths:
M Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp
Log Message:
-----------
Cherry-pick 315182@main (5ab18c7407f7).
https://bugs.webkit.org/show_bug.cgi?id=317046
UniqueIDBDatabase::createIndexAsync() is missing an early return on the
null-manager path
https://bugs.webkit.org/show_bug.cgi?id=317046
rdar://179526370
Reviewed by Rupin Mittal.
When m_manager is null the method invoked transaction.didCreateIndexAsync()
but did not return,
falling through to manager->requestSpace() and dereferencing the null
CheckedPtr. Add the missing
return, matching every other null-manager check in the file.
* Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp:
(WebCore::IDBServer::UniqueIDBDatabase::createIndexAsync):
Canonical link: https://commits.webkit.org/315182@main
Canonical link:
https://commits.webkit.org/305877.751@eng/backports-misc-01KTZ349QSG5WHQ3VCB0N8PF24
Commit: 1c670831def4de7b96499527e588e2495b5ca50b
https://github.com/WebKit/WebKit/commit/1c670831def4de7b96499527e588e2495b5ca50b
Author: Chris Dumez <[email protected]>
Date: 2026-06-14 (Sun, 14 Jun 2026)
Changed paths:
A
LayoutTests/imported/w3c/web-platform-tests/css/css-values/random-unresolvable-argument.tentative-expected.txt
A
LayoutTests/imported/w3c/web-platform-tests/css/css-values/random-unresolvable-argument.tentative.html
M Source/WebCore/css/calc/CSSCalcTree+Evaluation.cpp
Log Message:
-----------
Cherry-pick 315177@main (1683eb4fed1d).
https://bugs.webkit.org/show_bug.cgi?id=316972
random() crashes when one of its arguments is invalid at computed-value time
https://bugs.webkit.org/show_bug.cgi?id=316972
Reviewed by Darin Adler.
The evaluator for random() in CSSCalcTree+Evaluation.cpp evaluated its `max`
argument but then re-checked `min` (already known to be engaged from the
check
above) instead of `max`. As a result, a `max` argument that fails to
evaluate at
computed-value time -- e.g. an anchor-size() used on a non-out-of-flow
element,
which resolves to nothing -- was not caught, and the subsequent `*max` then
dereferenced a disengaged std::optional<double>. With hardened libc++ this
traps
(SIGTRAP) and crashes the WebContent process; otherwise it reads
uninitialized
memory and produces a garbage result.
Fix this by checking the result of evaluating `max`. When any argument
fails to
resolve, random() correctly evaluates to nothing, making the declaration
invalid
at computed-value time so the property falls back to its initial value.
Test:
imported/w3c/web-platform-tests/css/css-values/random-unresolvable-argument.tentative.html
*
LayoutTests/imported/w3c/web-platform-tests/css/css-values/random-unresolvable-argument.tentative-expected.txt:
Added.
*
LayoutTests/imported/w3c/web-platform-tests/css/css-values/random-unresolvable-argument.tentative.html:
Added.
* Source/WebCore/css/calc/CSSCalcTree+Evaluation.cpp:
(WebCore::CSSCalc::evaluate):
Canonical link: https://commits.webkit.org/315177@main
Canonical link:
https://commits.webkit.org/305877.752@eng/backports-misc-01KTZ349QSG5WHQ3VCB0N8PF24
Commit: 0be3c0124a9684fddb8fcab020f0a6724d8174c5
https://github.com/WebKit/WebKit/commit/0be3c0124a9684fddb8fcab020f0a6724d8174c5
Author: Nikolas Zimmermann <[email protected]>
Date: 2026-06-14 (Sun, 14 Jun 2026)
Changed paths:
M Tools/Scripts/webkitdirs.pm
Log Message:
-----------
herry-pick 315086@main (7abc2361027f).
https://bugs.webkit.org/show_bug.cgi?id=312365
[CMake] Glob all Source/cmake/*.cmake files when deciding to remove
CMakeCache.txt
Reviewed by Carlos Alberto Lopez Perez.
shouldRemoveCMakeCache() only checked a hand-picked subset of cmake files
(the port Options file, OptionsCommon and WebKitCompilerFlags) against the
cache mtime, so edits to other configuration files that influence the
generated cache -- WebKitFeatures, VersioningUtils, did not trigger an
automatic reconfigure.
Replace the enumerated checks (and the redundant Windows-only OptionsWin
special case) with a glob over Source/cmake/*.cmake, so every current and
future module is covered automatically.
* Tools/Scripts/webkitdirs.pm:
(shouldRemoveCMakeCache):
Canonical link: https://commits.webkit.org/315086@main
Canonical link:
https://commits.webkit.org/305877.753@eng/backports-misc-01KTZ349QSG5WHQ3VCB0N8PF24
Commit: 3b0a57e63d144ee72234559ec244d55ab84ad6ba
https://github.com/WebKit/WebKit/commit/3b0a57e63d144ee72234559ec244d55ab84ad6ba
Author: Charlie Wolfe <[email protected]>
Date: 2026-06-14 (Sun, 14 Jun 2026)
Changed paths:
M Source/WebCore/loader/SubframeLoader.cpp
Log Message:
-----------
Cherry-pick 314964@main (f46ff32d3af2).
https://bugs.webkit.org/show_bug.cgi?id=316837
Resolve stray `if` in loadSubframe
https://bugs.webkit.org/show_bug.cgi?id=316837
rdar://179278333
Reviewed by Alex Christensen.
The return was removed in 293666@main without removing the `if`. Remove.
The depth check still
happens in canCreateSubFrame().
* Source/WebCore/loader/SubframeLoader.cpp:
(WebCore::FrameLoader::SubframeLoader::loadSubframe):
Canonical link: https://commits.webkit.org/314964@main
Canonical link:
https://commits.webkit.org/305877.754@eng/backports-misc-01KTZ349QSG5WHQ3VCB0N8PF24
Commit: a0a6e3b10d282cde040a2d8eef5fdb1edf51a93d
https://github.com/WebKit/WebKit/commit/a0a6e3b10d282cde040a2d8eef5fdb1edf51a93d
Author: Charlie Wolfe <[email protected]>
Date: 2026-06-14 (Sun, 14 Jun 2026)
Changed paths:
M Source/WebCore/platform/graphics/transforms/TransformOperation.cpp
Log Message:
-----------
Cherry-pick 314927@main (cd4bc5c21722).
https://bugs.webkit.org/show_bug.cgi?id=316772
TransformOperation TextStream uses "scaleX" for ScaleZ
https://bugs.webkit.org/show_bug.cgi?id=316772
rdar://179221212
Reviewed by Sam Weinig.
* Source/WebCore/platform/graphics/transforms/TransformOperation.cpp:
(WebCore::operator<<):
Canonical link: https://commits.webkit.org/314927@main
Canonical link:
https://commits.webkit.org/305877.755@eng/backports-misc-01KTZ349QSG5WHQ3VCB0N8PF24
Commit: 1a83d888d3b17201e9d6ac8aea1f91939fefc730
https://github.com/WebKit/WebKit/commit/1a83d888d3b17201e9d6ac8aea1f91939fefc730
Author: Chris Dumez <[email protected]>
Date: 2026-06-14 (Sun, 14 Jun 2026)
Changed paths:
M Source/WebKit/WebProcess/Storage/WebSWClientConnection.cpp
Log Message:
-----------
Cherry-pick 314859@main (e319714bc528).
https://bugs.webkit.org/show_bug.cgi?id=316631
WebSWClientConnection leaks pending callbacks when the network process
connection is lost
https://bugs.webkit.org/show_bug.cgi?id=316631
Reviewed by Youenn Fablet.
WebSWClientConnection::clear() — invoked from connectionToServerLost()
on network-process death and from the destructor — only called the base
class clearPendingJobs() and never drained the two per-instance queues
holding pending callbacks:
1. m_retrieveRecordResponseBodyCallbacks (HashMap of streaming
BackgroundFetch record-body callbacks). retrieveRecordResponseBody()
sends a fire-and-forget IPC and the callbacks fire only from the
notifyRecordResponseBodyChunk / notifyRecordResponseBodyEnd replies.
With the network process gone, the replies never arrive and each
in-flight body retrieval was silently dropped, leaving the
FetchResponse body / ReadableStream consumer on the JS side pending
forever. WorkerSWClientConnection::contextStopped() already handles
the equivalent case correctly (WorkerSWClientConnection.cpp:120-122).
2. m_tasksPendingOriginImport (Deque of tasks awaiting
setSWOriginTableIsImported()). With the connection closed,
setSWOriginTableIsImported() will never run, so the queue was only
emptied via the eventual destruction of the WebSWClientConnection.
getRegistrations() captured a plain CompletionHandler in the queued
task — destroying it unfired hit the
ASSERT_WITH_MESSAGE(!m_function, "Completion handler should always
be called") in debug and left the JS getRegistrations() promise hung
in release.
Fix clear() to drain both queues. Body callbacks are invoked with an
errorDomainWebKitInternal ResourceError. The pending-import tasks are
cleared by destruction; matchRegistration() already wrapped its callback
in a CompletionHandlerWithFinalizer that supplies std::nullopt on
destruction, so the destructor chain fires the JS-visible callback.
Apply the same wrapping to getRegistrations() (finalizer supplies an
empty Vector) so its destruction is also safe and observable.
std::exchange the body-callback map onto the stack before iterating to
avoid reentrant-mutation hazards.
* Source/WebKit/WebProcess/Storage/WebSWClientConnection.cpp:
(WebKit::WebSWClientConnection::getRegistrations):
Wrap the GetRegistrationsCallback in CompletionHandlerWithFinalizer with
an empty-Vector finalizer, mirroring matchRegistration().
(WebKit::WebSWClientConnection::clear):
Drain m_retrieveRecordResponseBodyCallbacks with a "Connection to
network process lost" ResourceError, and clear m_tasksPendingOriginImport
so each queued task's CompletionHandlerWithFinalizer destructor resolves
the corresponding JS promise with a default value.
Canonical link: https://commits.webkit.org/314859@main
Canonical link:
https://commits.webkit.org/305877.756@eng/backports-misc-01KTZ349QSG5WHQ3VCB0N8PF24
Commit: cdd94cf6b9e65a0b417234038bdfd34266502cfe
https://github.com/WebKit/WebKit/commit/cdd94cf6b9e65a0b417234038bdfd34266502cfe
Author: Chris Dumez <[email protected]>
Date: 2026-06-14 (Sun, 14 Jun 2026)
Changed paths:
M Source/WebKit/WebProcess/WebPage/EventDispatcher.cpp
Log Message:
-----------
Cherry-pick 314855@main (5fb99ecfd74c).
https://bugs.webkit.org/show_bug.cgi?id=316616
Fix unsafe capture of `this` in
EventDispatcher::flushMomentumEventLoggingSoon()
https://bugs.webkit.org/show_bug.cgi?id=316616
Reviewed by Rupin Mittal.
* Source/WebKit/WebProcess/WebPage/EventDispatcher.cpp:
(WebKit::EventDispatcher::flushMomentumEventLoggingSoon):
Canonical link: https://commits.webkit.org/314855@main
Canonical link:
https://commits.webkit.org/305877.757@eng/backports-misc-01KTZ349QSG5WHQ3VCB0N8PF24
Commit: be79fc456a964c1501800c7a74a3719616209876
https://github.com/WebKit/WebKit/commit/be79fc456a964c1501800c7a74a3719616209876
Author: Chris Dumez <[email protected]>
Date: 2026-06-14 (Sun, 14 Jun 2026)
Changed paths:
M Source/WebKit/NetworkProcess/storage/NetworkStorageManager.cpp
Log Message:
-----------
Cherry-pick 314856@main (2fa8d7a994ae).
https://bugs.webkit.org/show_bug.cgi?id=316603
NetworkStorageManager::persistOrigin() may return true in case of error
https://bugs.webkit.org/show_bug.cgi?id=316603
Reviewed by Sihui Liu.
NetworkStorageManager::persistOrigin() may return true in case of error,
because it fails to check if FileSystem::overwriteEntireFile() succeeded.
* Source/WebKit/NetworkProcess/storage/NetworkStorageManager.cpp:
(WebKit::NetworkStorageManager::persistOrigin):
Canonical link: https://commits.webkit.org/314856@main
Canonical link:
https://commits.webkit.org/305877.758@eng/backports-misc-01KTZ349QSG5WHQ3VCB0N8PF24
Commit: e42095d5ee081f7577e56ae5d5ccb297e9b60a19
https://github.com/WebKit/WebKit/commit/e42095d5ee081f7577e56ae5d5ccb297e9b60a19
Author: Chris Dumez <[email protected]>
Date: 2026-06-14 (Sun, 14 Jun 2026)
Changed paths:
M Source/WTF/wtf/MathExtras.h
M Source/WebCore/dom/Element.cpp
M Source/WebCore/platform/LayoutUnit.h
M Source/WebCore/platform/graphics/DoublePoint.h
M Source/WebCore/platform/graphics/FloatPoint.h
M Source/WebCore/platform/graphics/FloatSize.h
M Source/WebCore/platform/graphics/IntPoint.cpp
M Source/WebCore/platform/graphics/IntRect.cpp
M Source/WebCore/platform/graphics/IntSize.cpp
M Source/WebCore/platform/graphics/cocoa/IOSurface.mm
M Source/WebCore/rendering/AttachmentLayout.mm
M Source/WebCore/style/StyleAdjuster.cpp
M Source/WebKit/Shared/wpe/WebEventFactoryWPE.cpp
M Source/WebKit/UIProcess/API/gtk/DropTargetGtk4.cpp
M Source/WebKit/UIProcess/API/gtk/WebKitWebViewBase.cpp
M Source/WebKit/UIProcess/Cocoa/UserMediaPermissionRequestManagerProxy.mm
M Tools/TestWebKitAPI/Tests/WTF/MathExtras.cpp
Log Message:
-----------
Cherry-pick 314768@main (59604007e4c6).
https://bugs.webkit.org/show_bug.cgi?id=312357
clampToInteger<T> does not clamp values below INT_MIN
https://bugs.webkit.org/show_bug.cgi?id=316511
Reviewed by Darin Adler.
clampToInteger had three overloads. The float and double versions were thin
wrappers that delegated to clampTo<int>. The integral version was its own
implementation that only clamped the upper bound — for values below INT_MIN
it
fell through to a bare static_cast<int>(x), which is implementation-defined
for
out-of-range conversions. In practice, clampToInteger<int64_t>(INT64_MIN)
returned 0 and clampToInteger<int64_t>(INT_MIN - 1) returned INT_MAX
instead of
clamping to INT_MIN.
The integral version was also miscompiled for narrow signed/unsigned T
(int8_t,
int16_t, uint8_t, uint16_t) because `static_cast<unsigned>(INT_MAX)`
truncates
when assigned to `T intMax` — caught by -Werror=constant-conversion, so
those
instantiations were unreachable from production code.
Rather than fix the integral overload in place, remove the API entirely and
migrate callers to clampTo<int>(value), whose existing overload set already
handles every integral and floating-point source type with correct two-sided
clamping.
Test: Tools/TestWebKitAPI/Tests/WTF/MathExtras.cpp
* Source/WTF/wtf/MathExtras.h:
(clampToInteger): Deleted.
* Source/WebCore/dom/Element.cpp:
(WebCore::Element::scrollTo):
(WebCore::Element::setScrollLeft):
(WebCore::Element::setScrollTop):
* Source/WebCore/platform/LayoutUnit.h:
(WebCore::LayoutUnit::LayoutUnit):
(WebCore::LayoutUnit::fromFloatCeil):
(WebCore::LayoutUnit::fromFloatFloor):
* Source/WebCore/platform/graphics/DoublePoint.h:
(WebCore::flooredIntPoint):
(WebCore::roundedIntPoint):
* Source/WebCore/platform/graphics/FloatPoint.h:
(WebCore::flooredIntSize):
(WebCore::roundedIntPoint):
(WebCore::flooredIntPoint):
(WebCore::ceiledIntPoint):
* Source/WebCore/platform/graphics/FloatSize.h:
(WebCore::roundedIntSize):
(WebCore::flooredIntSize):
(WebCore::expandedIntSize):
(WebCore::flooredIntPoint):
* Source/WebCore/platform/graphics/IntPoint.cpp:
(WebCore::IntPoint::IntPoint):
* Source/WebCore/platform/graphics/IntRect.cpp:
(WebCore::IntRect::IntRect):
* Source/WebCore/platform/graphics/IntSize.cpp:
(WebCore::IntSize::IntSize):
* Source/WebCore/platform/graphics/cocoa/IOSurface.mm:
(WebCore::computeMaximumSurfaceSize):
* Source/WebCore/rendering/AttachmentLayout.mm:
(WebCore::AttachmentLayout::AttachmentLayout):
* Source/WebCore/style/StyleAdjuster.cpp:
(WebCore::Style::addIntrinsicMargins):
* Source/WebKit/Shared/wpe/WebEventFactoryWPE.cpp:
(WebKit::positionFromEvent):
* Source/WebKit/UIProcess/API/gtk/DropTargetGtk4.cpp:
(WebKit::DropTarget::DropTarget):
* Source/WebKit/UIProcess/API/gtk/WebKitWebViewBase.cpp:
(webkitWebViewBaseScrollEvent):
* Source/WebKit/UIProcess/Cocoa/UserMediaPermissionRequestManagerProxy.mm:
(-[WKRotationCoordinatorObserver
observeValueForKeyPath:ofObject:change:context:]):
(-[WKRotationCoordinatorObserver start:layer:]):
* Tools/TestWebKitAPI/Tests/WTF/MathExtras.cpp:
(TestWebKitAPI::TEST(WTF, clampToIntFloat)):
(TestWebKitAPI::TEST(WTF, clampToIntDouble)):
(TestWebKitAPI::TEST(WTF, clampToIntIntegral)):
(TestWebKitAPI::TEST(WTF, clampToIntegerFloat)): Deleted.
(TestWebKitAPI::TEST(WTF, clampToIntegerDouble)): Deleted.
Canonical link: https://commits.webkit.org/314768@main
Canonical link:
https://commits.webkit.org/305877.759@eng/backports-misc-01KTZ349QSG5WHQ3VCB0N8PF24
Commit: b928de477a91cd3d2977e709d425c9f05c77601f
https://github.com/WebKit/WebKit/commit/b928de477a91cd3d2977e709d425c9f05c77601f
Author: Sosuke Suzuki <[email protected]>
Date: 2026-06-14 (Sun, 14 Jun 2026)
Changed paths:
A JSTests/stress/temporal-iso8601-parse-bounds.js
M Source/JavaScriptCore/runtime/ISO8601.cpp
Log Message:
-----------
Cherry-pick 314612@main (d58bad697e50).
https://bugs.webkit.org/show_bug.cgi?id=316366
[JSC] `ISO8601::parseDate` reads past the end of the buffer for short
invalid strings
https://bugs.webkit.org/show_bug.cgi?id=316366
Reviewed by Yusuke Suzuki.
The month/day length guards in parseDate only applied to the Date format, so
short truncated strings like "0", "2024-01-" or "2024-05" reached unchecked
buffer dereferences via PlainYearMonth/PlainMonthDay parsing (and via the
year-less month parsing path for all formats), crashing Release builds with
a
span bounds trap. Check the remaining length at every month/day read
regardless of format, and require a day to follow a consumed day separator
so
trailing-hyphen strings are rejected instead of read out of bounds.
Test: JSTests/stress/temporal-iso8601-parse-bounds.js
* JSTests/stress/temporal-iso8601-parse-bounds.js: Added.
(shouldBe):
(throw.new.Error):
* Source/JavaScriptCore/runtime/ISO8601.cpp:
(JSC::ISO8601::parseDate):
Canonical link: https://commits.webkit.org/314612@main
Canonical link:
https://commits.webkit.org/305877.760@eng/backports-misc-01KTZ349QSG5WHQ3VCB0N8PF24
Commit: a00bc591ba343d295c8775fe6bec53e265a229ef
https://github.com/WebKit/WebKit/commit/a00bc591ba343d295c8775fe6bec53e265a229ef
Author: Chris Dumez <[email protected]>
Date: 2026-06-14 (Sun, 14 Jun 2026)
Changed paths:
A
LayoutTests/fetch/request-clone-without-target-address-space-crash-expected.txt
A LayoutTests/fetch/request-clone-without-target-address-space-crash.html
M Source/WebCore/Modules/fetch/FetchRequest.cpp
Log Message:
-----------
Cherry-pick 314444@main (a3f3cda54a85).
https://bugs.webkit.org/show_bug.cgi?id=316157
Crash in FetchRequest::initializeWith() when LocalNetworkAccess is enabled
https://bugs.webkit.org/show_bug.cgi?id=316157
Reviewed by Youenn Fablet.
When constructing a Request from another Request without specifying
targetAddressSpace in the init dictionary (e.g. `new Request(other)`),
FetchRequest::initializeWith() dereferenced the empty
std::optional<IPAddressSpace> from FetchRequestInit::targetAddressSpace,
which traps with hardened libc++. The IDL member has no default value, so
the optional is std::nullopt whenever the caller omits it.
Inherit the target address space from the input request when init does
not specify one, mirroring the behavior of FetchRequest::clone().
Test: fetch/request-clone-without-target-address-space-crash.html
*
LayoutTests/fetch/request-clone-without-target-address-space-crash-expected.txt:
Added.
* LayoutTests/fetch/request-clone-without-target-address-space-crash.html:
Added.
* Source/WebCore/Modules/fetch/FetchRequest.cpp:
(WebCore::FetchRequest::initializeWith):
Canonical link: https://commits.webkit.org/314444@main
Canonical link:
https://commits.webkit.org/305877.761@eng/backports-misc-01KTZ349QSG5WHQ3VCB0N8PF24
Commit: 24ea0a3131450c73f4beb4cb1b9cf490b2e610fa
https://github.com/WebKit/WebKit/commit/24ea0a3131450c73f4beb4cb1b9cf490b2e610fa
Author: Chris Dumez <[email protected]>
Date: 2026-06-14 (Sun, 14 Jun 2026)
Changed paths:
M Source/WebCore/Modules/fetch/FetchBodySource.cpp
Log Message:
-----------
Cherry-pick 314443@main (349e1d854950).
https://bugs.webkit.org/show_bug.cgi?id=316156
Fix potential null deference under globalObjectFromBodyOwner()
https://bugs.webkit.org/show_bug.cgi?id=316156
Reviewed by Youenn Fablet.
The code clearly deals with the context being null initially but then
unconditionally deferences it.
* Source/WebCore/Modules/fetch/FetchBodySource.cpp:
(WebCore::globalObjectFromBodyOwner):
Canonical link: https://commits.webkit.org/314443@main
Canonical link:
https://commits.webkit.org/305877.762@eng/backports-misc-01KTZ349QSG5WHQ3VCB0N8PF24
Compare: https://github.com/WebKit/WebKit/compare/8ded39b7705d...24ea0a313145
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
