-
Notifications
You must be signed in to change notification settings - Fork 3.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update dependency electron to v15.3.5 [security] #20750
Conversation
See the guidelines for reviewing dependency updates for info on how to review dependency update PRs. |
Test summaryRun details
View run in Cypress Dashboard ➡️ FlakinessThis comment has been generated by cypress-bot as a result of this project's GitHub integration settings. You can manage this integration in this project's settings in the Cypress Dashboard |
b8e6b9e
to
e0f3423
Compare
e0f3423
to
ec0441b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
jeez, that's a wild vulnerability. no wonder they backported it so far.
Released in This comment thread has been locked. If you are still experiencing this issue after upgrading to |
This PR contains the following updates:
15.3.4
->15.3.5
GitHub Vulnerability Alerts
CVE-2022-21718
Impact
This vulnerability allows renderers to obtain access to a random bluetooth device via the web bluetooth API if the app has not configured a custom
select-bluetooth-device
event handler. The device that is accessed is random and the attacker would have no way of selecting a specific device.All current stable versions of Electron are affected.
Patches
This has been patched and the following Electron versions contain the fix:
17.0.0-alpha.6
16.0.6
15.3.5
14.2.4
13.6.6
Workarounds
Adding this code to your app can workaround the issue.
For more information
If you have any questions or comments about this advisory, email us at security@electronjs.org.
Release Notes
electron/electron
v15.3.5
Compare Source
Release Notes for v15.3.5
Fixes
npm_config_arch
. #32380 (Also in 16, 17)window.open
not overriding parent'swebPreferences
. #32109 (Also in 16, 17)skipTransformProcessType
option parsing inwin.setVisibleOnAllWorkspaces()
. #32396 (Also in 13, 14, 16, 17)Other Changes
Configuration
📅 Schedule: "" in timezone America/New_York.
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.