build(deps-dev): [Security] Bump electron from 7.3.3 to 12.0.7

[dependabot-preview]

Bumps electron from 7.3.3 to 12.0.7. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

IPC messages delivered to the wrong frame in Electron

Impact

IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame.

If your app does ANY of the following, then it is impacted by this issue:

• Uses remote
• Calls webContents.sendToFrame
• Calls event.reply in an IPC message handler

Patches

This has been fixed in the following versions:

• 9.4.0
• 10.2.0
• 11.1.0
• 12.0.0-beta.9

Workarounds

There are no workarounds for this issue.

For more information

... (truncated)

Affected versions: < 9.4.0

Release notes

Sourced from electron's releases.

electron v12.0.7

Release Notes for v12.0.7

Fixes

• Allow Node.js to manage microtasks queue by using explicit microtasks policy before calling uv_run(). #28972 (Also in 11, 13)
• Fixed <webview> focus / blur events not working with contextIsolation enabled. #29024 (Also in 10, 11, 13)
• Fixed an issue where drag regions on macOS would be offset incorrectly when no drag regions were set,. #29019 (Also in 11, 13)
• Fixed an issue where the window couldn't be closed if a user tried to quit with a message box showing. #28989 (Also in 13)

Other Changes

• Improved performance of napi_threadsafe_function. #29047 (Also in 13)

electron v12.0.6

Release Notes for v12.0.6

Fixes

• Fixed a crash when calling shell.trashItem() from the renderer process. #28787 (Also in 13)
• Fixed an issue where multiple calls to window.setFullScreen could cause problems. #28772 (Also in 11, 13)
• Fixed an issue where some dialogs would stop working on macOS if window.hide() was called while they were open. #28695 (Also in 11, 13)
• Fixed an issue where windows in simpleFullscreen mode were not properly resizing when display metrics changed. #28869 (Also in 11, 13)
• Fixed the window-all-closed event being emitted while the last BrowserWindow was still in the process of being closed. #28913 (Also in 11, 13)
• No longer set backgroundColor in default-app when opening custom files / URLs. #28841 (Also in 10, 11, 13)

Other Changes

• Security: backported fix for 1192552. #28818
• Security: backported fix for CVE-2021-21222. #28815
• Security: backported fix for CVE-2021-21226. #28806
• Security: backported fix to CVE-2021-21223. #28812
• Security: backported fix to CVE-2021-21225. #28809
• Security: backported fix to CVE-2021-21227. #28861
• Security: backported fix to CVE-2021-21230. #28901
• Security: backported fix to CVE-2021-21231. #28904
• Security: backported fix to CVE-2021-21233. #28872
• Security: backported fix to chromium:1155297. #28821

electron v12.0.5

Release Notes for v12.0.5

Fixes

• Fixed the handler set with setWindowOpenHandler not being invoked when a link was middle-clicked or shift-clicked. #28664 (Also in 13)

Other Changes

• Updated Chromium to 89.0.4389.128. #28659

electron v12.0.4

Release Notes for v12.0.4

... (truncated)

Commits

• 8d55658 Bump v12.0.7
• 47431a5 chore: cherry-pick 7abc7e45b2 from node (#29047)
• 6fd4bb2 fix: drag region BrowserView calculations on macOS (#29019)
• 546cb98 fix: <webview> focus / blur events don't work with contextIsolation enabled (...
• c542671 docs: menu must be added on whenReady (#29042)
• 5512f1d spec: attempt to fix flaky nativeTheme spec (#29034)
• 70e2fc5 Revert "Bump v12.0.7"
• 37c30e1 Bump v12.0.7
• 67e3206 Revert "Bump v12.0.7"
• 20ac113 Bump v12.0.7
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)