Changelog (v6.4.39...v6.4.40)
- security #cve-2026-45305 Harden the Parser::cleanup() regexes against catastrophic backtracking (@nicolas-grekas)
- security #cve-2026-45304 Bound collection-alias resolution in the parser (@nicolas-grekas)
- security #cve-2026-45133 Bound recursion depth in the parser (@nicolas-grekas)