Skip to content

Update dependency electron to v28 [SECURITY] #47

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency electron to v28 [SECURITY] #47

wants to merge 1 commit into from
+1 −1

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 5, 2023
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
electron 13.6.9 -> 28.3.2 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-29257

Impact

This vulnerability allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components.

Please note that this kind of attack would require significant privileges in your own auto updating infrastructure and the ease of that attack entirely depends on your infrastructure security.

Patches

This has been patched and the following Electron versions contain the fix:

  • 18.0.0-beta.6
  • 17.2.0
  • 16.2.0
  • 15.5.0

Workarounds

There are no workarounds for this issue, please update to a patched version of Electron.

For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org

CVE-2022-36077

Impact

When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as file://some.website.com/, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.

Patches

This issue has been fixed in all current stable versions of Electron. Specifically, these versions contain the fixes:

  • 21.0.0-beta.1
  • 20.0.1
  • 19.0.11
  • 18.3.7

We recommend all apps upgrade to the latest stable version of Electron.

Workarounds

If upgrading isn't possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the WebContents.on('will-redirect') event, for all WebContents:

app.on('web-contents-created', (e, webContents) => {
  webContents.on('will-redirect', (e, url) => {
    if (/^file:/.test(url)) e.preventDefault()
  })
})

For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org.

Credit

Thanks to user @​coolcoolnoworries for reporting this issue.

CVE-2023-39956

Impact

Apps that are launched as command line executables are impacted. E.g. if your app exposes itself in the path as myapp --help

Specifically this issue can only be exploited if the following conditions are met:

  • Your app is launched with an attacker-controlled working directory
  • The attacker has the ability to write files to that working directory

This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance. Please bear this in mind when reporting similar issues in the future.

Workarounds

There are no app side workarounds, you must update to a patched version of Electron.

Fixed Versions

  • 26.0.0-beta.13
  • 25.5.0
  • 24.7.1
  • 23.3.13
  • 22.3.19

For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org

CVE-2023-5217

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2023-44402

Impact

This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS.

Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the resources folder in your app installation on Windows which these fuses are supposed to protect against.

Workarounds

There are no app side workarounds, you must update to a patched version of Electron.

Fixed Versions

  • 27.0.0-alpha.7
  • 26.2.1
  • 25.8.1
  • 24.8.3
  • 22.3.24

For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org

CVE-2024-46993

Impact

The nativeImage.createFromPath() and nativeImage.createFromBuffer() functions call a function downstream that is vulnerable to a heap buffer overflow. An Electron program that uses either of the affected functions is vulnerable to a buffer overflow if an attacker is in control of the image's height, width, and contents.

Workaround

There are no app-side workarounds for this issue. You must update your Electron version to be protected.

Patches

  • v28.3.2
  • v29.3.3
  • v30.0.3

For More Information

If you have any questions or comments about this advisory, email us at security@electronjs.org.

Release Notes

electron/electron (electron)

v28.3.2: electron v28.3.2

Compare Source

Release Notes for v28.3.2

Fixes

  • Fixed an issue where console.log() in AudioWorkletGlobalScope produced incorrect output. #​41895
  • Rename patches/devtools_frontend to patches/devtools-frontend. #​42212

Other Changes

v28.3.1: electron v28.3.1

Compare Source

Release Notes for v28.3.1

Fixes

  • Fixed an issue on Windows where silent printing resulted in comically tiny renderer output. #​41837 (Also in 29, 30)

Other Changes

v28.3.0: electron v28.3.0

Compare Source

Release Notes for v28.3.0

Features

  • Added proxy configuring support for requests made with net module from utility process. #​41744 (Also in 29, 30)

Fixes

  • Fixed a bug where a window with maximization disabled and WCO enabled would still show its maximization button. #​41806

Other Changes

v28.2.10: electron v28.2.10

Compare Source

Release Notes for v28.2.10

Fixes

  • Fixed crash in Notification::Close() under libnotify 0.8.x with portal environment. #​41709 (Also in 29, 30)
  • Fixed usage of Storage.{get|set|clear}Cookies via the Chrome DevTools Protocol. #​41738 (Also in 29, 30)

Other Changes

Documentation

v28.2.9: electron v28.2.9

Compare Source

Release Notes for v28.2.9

Fixes

  • Fixed shell.showItemInFolder not opening Windows Explorer if the passed path contains forward slashes. #​41670 (Also in 29, 30)
  • Fixed an issue where the serial-port-added event improperly respected filters set by serial.requestPort(). #​41637 (Also in 29, 30)

Other Changes

v28.2.8: electron v28.2.8

Compare Source

Release Notes for v28.2.8

Other Changes

v28.2.7: electron v28.2.7

Compare Source

Release Notes for v28.2.7

Fixes

  • Fixed chrome://process-internals failing to load. #​41541 (Also in 29, 30)
  • Fixed an issue where user-did-{resign|become}-active were not emitted properly on macOS. #​41526 (Also in 29, 30)

Other Changes

v28.2.6: electron v28.2.6

Compare Source

Release Notes for v28.2.6

Fixes

  • Fixed a crash that can result from some kinds of dynamic imports. #​41491
  • Fixed an issue where webContents.print(options) failed if options was not passed or undefined is passed. #​41478 (Also in 29, 30)
  • Fixed saving traces from devtools performance panel. #​41492

Other Changes

v28.2.5: electron v28.2.5

Compare Source

Release Notes for v28.2.5

Other Changes

v28.2.4: electron v28.2.4

Compare Source

Release Notes for v28.2.4

Fixes

  • CSS style -webkit-app-region: drag; has no effect in full screen mode. #​41330 (Also in 27, 29)

Other Changes

v28.2.3: electron v28.2.3

Compare Source

Release Notes for v28.2.3

Fixes

  • Fixed a crash that started occurring sporadically with some types of macOS window close. #​41298 (Also in 29)
  • Fixed an issue where webContents.printToPDF could fail when certain combinations of margins and pageSize values are passed. #​41267 (Also in 29)
  • Fixed an issue where crashes in node::Environment destruction potentially wouldn't be propagated to the NodeService exit handler. #​41302 (Also in 27, 29)
  • Fixed an issue where zoom level settings did not persist per-session for webviews. #​41268 (Also in 27)

Other Changes

  • Updated Chromium to 120.0.6099.283. #​41262

v28.2.2: electron v28.2.2

Compare Source

Release Notes for v28.2.2

Fixes

  • Fixed an issue where select-usb-device did not respect the filter option in navigator.usb.requestDevice(). #​41198 (Also in 27, 29)

Other Changes

v28.2.1: electron v28.2.1

Compare Source

Release Notes for v28.2.1

Fixes

  • Apply module search paths restriction on worker and child process. #​41137 (Also in 27, 29)
  • Fixed a potential async_hooks crash when listening for the restore event on Windows after minimizing a maximized BrowserWindow. #​41145 (Also in 27, 29)
  • Fixed an issue where Request objects did not correctly copy headers into fetches. #​41103
  • Fixed an issue where non-modal windows with vibrancy could have incorrectly rounded corners on Sonoma. #​41036 (Also in 27, 29)
  • Fixed an issue where the printBackground option in webContents.printToPDF did not work as expected. #​41179 (Also in 29)
  • Fixed forked child process not able to send IPC message under some cases on macOS. #​41101 (Also in 26, 27, 29)
  • Fixed on-screen-keyboard not hiding for webviews under some cases. #​41150 (Also in 27, 29)

Other Changes

v28.2.0: electron v28.2.0

Compare Source

Release Notes for v28.2.0

Features

  • Added net module to utility process. #​40967 (Also in 27, 29)

Fixes

  • Fixed session.fromPartition() key lookup bug. #​41083 (Also in 29)
  • Fixed a potential crash when calling dialog.showMessageBoxSync. #​41042 (Also in 27, 29)
  • Fixed a potential renderer crash when inspecting elements. #​40981
  • Fixed macOS bug that causes window maximize button to be disabled in full-screen mode. #​41028 (Also in 27, 29)

Other Changes

  • Updated Chromium to 120.0.6099.227. #​41075

v28.1.4: electron v28.1.4

Compare Source

Release Notes for v28.1.4

Fixes

  • Fixed an issue where inAppPurchase.getProducts and inAppPurchase.purchasedProduct did not resolve as expected. #​40956 (Also in 27, 29)

Other Changes

v28.1.3: electron v28.1.3

Compare Source

Release Notes for v28.1.3

Fixes

  • Fixed a crash resultant from trying to listen to power-related events before the ready event was emitted on Linux. #​40924 (Also in 26, 27, 29)

v28.1.2: electron v28.1.2

Compare Source

Release Notes for v28.1.2

Fixes

  • Fixed a partition alloc ref count check for higher MacOS versions. #​40765 (Also in 29)
  • Fixed default protocol handler behavior on Windows. #​40909
  • Fixed the enabled/disabled behavior of the maximize/fullscreen button of macOS windows. #​40896 (Also in 27, 29)
  • Unset all Node envs in node process when parent is a foreign process. #​40880 (Also in 26, 27, 29)

Other Changes

  • Updated Chromium to 120.0.6099.199. #​40762

v28.1.1: electron v28.1.1

Compare Source

Release Notes for v28.1.1

Fixes

  • Fixed incorrect title bar shown on frameless transparent windows. #​40867 (Also in 27, 29)

v28.1.0: electron v28.1.0

Compare Source

Release Notes for v28.1.0

Features

  • Added an option in protocol.registerSchemesAsPrivileged to allow V8 code cache in custom schemes. #​40709 (Also in 27)

Fixes

  • Fixed documentation of the default --inspect port. #​40743 (Also in 27)
  • Prevent node mode to be used as script runner by other apps on macOS. #​40710 (Also in 26, 27)

Other Changes

v28.0.0: electron v28.0.0

Compare Source

Release Notes for 28.0.0

Stack Upgrades

Breaking Changes

  • The BrowserWindow.getTrafficLightPosition() and BrowserWindow.setTrafficLightPosition() methods have been removed. #​39479
  • The app.runningUnderRosettaTranslation() method has been removed. #​39956
  • The ipcRenderer.sendTo() method has been removed. #​39087
  • The scroll-touch-{begin,end,edge} events have been removed. #​39814
  • Setting backgroundThrottling to false will disable frames throttling in the BrowserWindow for all WebContents displayed by it. #​38924

Features

Additions
  • Enabled ESM support. #​37535
  • The UtilityProcess API now supports ESM entrypoints. #​40047
  • Added several properties to the display object including detected, maximumCursorSize, and nativeOrigin. #​40554
  • Added support for ELECTRON_OZONE_PLATFORM_HINT environment variable on Linux. #​39792

In addition to enabling ESM support in Electron itself, Electron Forge also supports using ESM to package, build and develop Electron applications. You can find this support in Forge v7.0.0 or higher: https://github.com/electron/forge/releases/tag/v7.0.0

  • Added API to help apps know when to avoid semitransparent backgrounds. #​39631 (Also in 26, 27)
  • Added getWebRTCUDPPortRange and setWebRTCUDPPortRange APIs to specify UDP port range for WebRTC. #​39046
  • Added keyboardLock to ses.setPermissionRequestHandler(handler). #​40460 (Also in 26, 27)
  • Added mouse-enter and mouse-leave Tray events for Windows. #​40072
  • Added a generateTaggedPDF option to webContents.printToPDF() to allow generating tagged (accessible) PDFs. #​39563
  • Added a tabbingIdentifier property to BrowserWindow. #​39980 (Also in 26, 27)
  • Added middle click mouse event to tray icon. #​39926
  • Added several properties to the display object including detected, maximumCursorSize, and nativeOrigin. #​40554
  • Added support for ELECTRON_OZONE_PLATFORM_HINT environment variable on Linux. #​39792
  • Added support for chrome.scripting extension APIs. #​39395 (Also in 25, 26, 27)
  • Added support for several more extensions manifest keys including host_permissions, author, and short_name. #​39599 (Also in 26, 27)
  • Added the ability to send HTTP headers with webContents.downloadURL(). #​39455 (Also in 25, 26, 27)
  • Changed systemPreferences.getColor(name) to return an RGBA hex value (#RRGGBBAA) instead of a plain RGB (#RRGGBB) value. #​38960
  • Honor XDG dark theme preferences on Linux. #​38977 (Also in 25, 26, 27)
  • Improved compatibility with CommonJS modules in sandboxed preload scripts by passing dummy module.exports. #​39484
Improvements
  • Improved fork() and execve() performance for child_process API on Linux. #​39253
  • Fixed resizing performance issue on macOS. #​40586 (Also in 26, 27)
  • Fixed opaque window performance regression on DWM. #​39895 (Also in 27)
  • Re-enabled partition alloc on macOS. #​40230
Removed/Deprecated
  • The app.runningUnderRosettaTranslation property has been deprecated. #​39897 (Also in 25, 26, 27)
  • The gpu-process-crashed event on app has been deprecated. #​40195
  • The renderer-process-crashed event on app and crashed event on WebContents and <webview> have been deprecated. #​40089

Fixes

  • Fixed an issue that prevented MessagePorts from being garbage collected when not referenced. #​40201
  • Fixed app incorrectly activating panel windows on macOS Sonoma. #​40465
  • Fixed file paths passed to shell.showItemInFolder not being escaped in Linux. #​40562
  • Fixed loading nested ESM dependencies in node_modules. Support the throwIfNoEntry option in fs.statSync/fs.lstatSync in asar files. #​40224
  • Fixed same-party cookie functionality for first party sets. #​40526
  • Use activateIgnoringOtherApps for focusing non-panels on macOS. #​40621
Also in earlier versions...
  • Fixed Windows Mica / Acrylic background material effects on frameless windows. #​39708 (Also in 27)
  • Fixed BrowserView.setBounds() calls not painting view in new bounds in some cases. #​39994 (Also in 25, 26, 27)
  • Fixed app.runningUnderARM64Translation() always returning true on ARM64. #​39920 (Also in 25, 26, 27)
  • Fixed will-navigate not being emitted when pressing links in chrome: pages. #​40525 (Also in 27)
  • Fixed a webContents.capturePage() issue that caused an empty image to be returned for fully-occluded windows on Linux and Windows. #​40185 (Also in 25, 26, 27)
  • Fixed a potential issue with async_hook corruption in some error contexts. #​40594 (Also in 26, 27)
  • Fixed an error changing file format in dialog.showOpenDialog on macOS. #​40346 (Also in 27)
  • Fixed an error where listening to certain chrome.tabs events would throw incorrectly. #​39729 (Also in 25, 26, 27)
  • Fixed an issue where BrowserWindows could crash on macOS with frame: false and roundedCorners: false when going fullscreen. #​39747 (Also in 25, 26, 27)
  • Fixed an issue where WebViews could sometimes crash on unload. #​40445 (Also in 26, 27)
  • Fixed an issue where Windows Toast notifications weren't properly dismissed from the Action Center on notification.close() if they'd previously been dismissed. #​40243 (Also in 26, 27)
  • Fixed an issue where BrowserViews that had their bounds set prior to being added to a BrowserWindow could have unexpected incorrect offsets. #​39605 (Also in 25, 26, 27)
  • Fixed an issue where chrome://gpu failed to load. #​39556 (Also in 25, 26, 27)
  • Fixed an issue where navigator.keyboard.lock() did not work per latest expected behavior. #​40389 (Also in 26, 27)
  • Fixed an issue where webContents.print could fail when options is a frozen object. #​39985 (Also in 25, 26, 27)
  • Fixed an issue where accelerators representing DOM keys were not correctly converted in webContents.sendInputEvent(). #​39776 (Also in 25, 26, 27)
  • Fixed an issue where calling loadURL during some webContents url loading events could crash. #​40143 (Also in 24, 25, 26, 27)
  • Fixed an issue where calling show() on a child BrowserWindow would show all other children attached to the same parent on macOS. #​40062 (Also in 24, 25, 26, 27)
  • Fixed an issue where certain properties of chrome.tabs Tab objects were not properly considered privileged. #​39595 (Also in 25, 26, 27)
  • Fixed an issue where child windows opened when the parent window is already fullscreen did not respect the child windows' fullscreenability and resizability settings. #​39620 (Also in 24, 25, 26, 27)
  • Fixed an issue where closing and opening a minimized DevTools window would not work as expected. #​40091 (Also in 25, 26, 27)
  • Fixed an issue where pressing the escape key did not exit PDF presentation mode. #​39616 (Also in 25, 26, 27)
  • Fixed an issue where the Node.js assert module did not work in the renderer process. #​39540 (Also in 24, 25, 26, 27)
  • Fixed an issue where using webcrypto.subtle.importKey() could error and fail if SharedArrayBuffers are not defined. #​40070 (Also in 27)
  • Fixed an issue where vibrant windows incorrectly have square corners when they're modals on macOS. #​39979 (Also in 25, 26, 27)
  • Fixed an issue with applying vibrancy on non-transparent windows on macOS. #​40109 (Also in 27)
  • Fixed an issue with webContents interaction with fullscreen and WCO on macOS. #​40219 (Also in 25, 26, 27)
  • Fixed an unexpectedly thrown error in some unsupported chrome extensions. #​40514 (Also in 26, 27)
  • Fixed crash on shutdown in TLS sockets with Node.js HTTP/2 connections. #​39928 (Also in 25, 26, 27)
  • Fixed decorations for tiled windows on Wayland. #​39523 (Also in 22, 24, 25, 26, 27)
  • Fixed deprecated gpu-process-crashed / renderer-process-crashed events being emitted twice and with incorrect arguments. #​40090 (Also in 22, 24, 25, 26, 27)
  • Fixed devtools to allow restoring saved dock state on Windows. #​39734 (Also in 25, 26, 27)
  • Fixed how screen readers are detected on Windows to reduce false positives. #​39988 (Also in 27)
  • Fixed issue where titlebar would be transparent for transparent windows that are fullscreen. #​39759 (Also in 25, 26, 27)
  • Fixed launch failure with child_process.spawn() on windows affected by launching store applications. #​40101 (Also in 25, 26, 27)
  • Fixed missing type for Electron.TitleBarOverlay. #​39799 (Also in 26, 27)
  • Fixed problem with bounds of maximized window when toggling BrowserWindow.setResizable(). #​40582 (Also in 26, 27)
  • Fixed problem with promise resolved to early when browser initiated in-page navigation. #​39597 (Also in 25, 26, 27)
  • Fixed redundant permission dialogs while screen sharing on Wayland. #​40192 (Also in 26, 27)
  • Fixed regeneration of thumbnail toolbar buttons after restarting Explorer on Windows. #​39551 (Also in 24, 25, 26)
  • Fixed rendering on Linux due to broken shader cache compilation with driver updates. #​40450 (Also in 27)
  • Fixed window size constraints not working on macOS. #​39975 (Also in 27)
  • Functions called over the contextBridge are now called with the expected receiver (this). #​40263 (Also in 27)
  • Support Region Capture API with tab MediaStream. #​39074 (Also in 25, 26, 27)
  • Fixed build failure when PDF viewer is disabled. #​39990 (Also in 25, 26, 27)
  • Fixed build failure when enable_electron_extensions=false. #​40032 (Also in 25, 26, 27)

Notices

End of Support for 25.x.y

Electron 25.x.y has reached end-of-support as per the project's support policy. Developers and applications are encouraged to upgrade to a newer version of Electron.

v27.3.11: electron v27.3.11

Compare Source

Release Notes for v27.3.11

27-x-y end of support

Electron 27.x.y has reached end-of-support as per the project's support policy.
Developers and applications are encouraged to upgrade to a newer version of Electron.

Other Changes

v27.3.10: electron v27.3.10

Compare Source

Release Notes for v27.3.10

Other Changes

v27.3.9: electron v27.3.9

Compare Source

Release Notes for v27.3.9

Other Changes

v27.3.8: electron v27.3.8

Compare Source

Release Notes for v27.3.8

Other Changes

  • Security: b

@renovate
Copy link
Contributor Author

renovate bot commented Oct 5, 2023
edited
Loading

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json
npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: @cucumber/electron@4.1.3
npm ERR! Found: electron@22.3.25
npm ERR! node_modules/electron
npm ERR!   dev electron@"22.3.25" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer electron@">=12 <14" from @cucumber/electron@4.1.3
npm ERR! node_modules/@cucumber/electron
npm ERR!   dev @cucumber/electron@"4.1.3" from the root project
npm ERR! 
npm ERR! Conflicting peer dependency: electron@13.6.9
npm ERR! node_modules/electron
npm ERR!   peer electron@">=12 <14" from @cucumber/electron@4.1.3
npm ERR!   node_modules/@cucumber/electron
npm ERR!     dev @cucumber/electron@"4.1.3" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /tmp/renovate/cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate/cache/others/npm/_logs/2024-05-08T19_27_10_417Z-debug-0.log

@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch 10 times, most recently from 8f8a184 to bf9d29e Compare October 13, 2023 00:55
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch 12 times, most recently from cd3033b to 42f89df Compare October 23, 2023 19:24
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch 6 times, most recently from e9a3b32 to 9ead22e Compare October 30, 2023 22:39
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from 9ead22e to c5cf279 Compare October 31, 2023 01:20
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch 9 times, most recently from f50c0b4 to 576fd50 Compare June 3, 2025 02:49
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch 6 times, most recently from 1d4bf8f to 3f5db0a Compare June 10, 2025 21:08
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch 2 times, most recently from 5d22f5a to 33eb1ed Compare June 16, 2025 18:03
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch 9 times, most recently from c96355a to ce3462f Compare July 1, 2025 00:35
@renovate renovate bot changed the title Update dependency electron to v22 [SECURITY] Update dependency electron to v28 [SECURITY] Jul 1, 2025
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from ce3462f to 35a3eab Compare July 2, 2025 10:01
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from 35a3eab to cdaaf58 Compare July 8, 2025 00:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants