[Security] Update electron to 24.8.5 and release against CVE-2023-5217

[ShamrockLee]

CVE-2023-5217 is a heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, according to GitHub Advisory Database.

Please consider updating the Electron dependency to 24.8.5 (or any of the patched version listed by the page linked) making a security release to keep this app safe.

Thank you for this great project!

[dusansimic]

Thanks for the effort to maintain the Nix package and notify us of this security flaw 😁. Some of these CVEs are not really that critical in case of Caprine since we don't render any custom HTML pages, let alone ones created by the user (any links are actually open separately in the default browser). We will continue to update Electron so we're up to date with all security fixes but I think it's good to know that they are not always that critical, it generally depends on the app 😄.

Besides this, I'm planning on refactoring the codebase to use a JS builder so we could use ES instead of CommonJS modules which most of our dependencies currently use but Electron does not support. That way we could more easily update all other dependencies too and have all the latest security fixes.

[dusansimic]

And also, in the last issue on nixpkgs repo I saw that you made the binary package instead of one built from source since you had some trouble building the app. I'm not that experiences with NixOS but if I could be of any help, don't hesitate to reach out! 😁 You can contact me via email on my GitHub profile or the Matrix account from my website.