Skip to content

[Snyk] Upgrade electron from 33.2.0 to 35.0.0 #76

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

[Snyk] Upgrade electron from 33.2.0 to 35.0.0 #76

wants to merge 1 commit into from

Conversation

nerdy-tech-com-gitub
Copy link
Owner

@nerdy-tech-com-gitub nerdy-tech-com-gitub commented Mar 27, 2025
edited by sourcery-ai bot
Loading

snyk-top-banner

Snyk has created this PR to upgrade electron from 33.2.0 to 35.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

  • The recommended version is 68 versions ahead of your current version.

  • The recommended version was released 23 days ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Use After Free
SNYK-JS-ELECTRON-9056160		 211 No Known Exploit
medium severity Access Restriction Bypass
SNYK-JS-ELECTRON-8381013		 211 No Known Exploit
critical severity Out-of-bounds Write
SNYK-JS-ELECTRON-8642944		 211 No Known Exploit
high severity External Control of Assumed-Immutable Web Parameter
SNYK-JS-ELECTRON-8642946		 211 No Known Exploit
high severity Out-of-bounds Read
SNYK-JS-ELECTRON-8642948		 211 No Known Exploit
high severity Out-of-bounds Write
SNYK-JS-ELECTRON-8738830		 211 No Known Exploit
high severity Out-of-bounds Write
SNYK-JS-ELECTRON-8738832		 211 No Known Exploit
high severity Use After Free
SNYK-JS-ELECTRON-8738834		 211 No Known Exploit
high severity Out-of-bounds Read
SNYK-JS-ELECTRON-8738836		 211 No Known Exploit
medium severity Heap-based Buffer Overflow
SNYK-JS-ELECTRON-8738839		 211 No Known Exploit
Release notes
Package name: electron
  • 35.0.0 - 2025-03-04

    Release Notes for v35.0.0

    Stack Upgrades

    Breaking Changes

    • Added excludeUrls to webRequest filter and deprecated the use of empty arrays in urls property. #45678
    • Added fromVersionID on ServiceWorkers to get an instance of ServiceWorkerMain. #45341
    • Deprecated getPreloads and setPreloads on Session. #45329
    • Fixed file chooser dialogs for flaptak applications. #44426 (Also in 34)
    • Moved 'console-message' arguments into event object. #43617
    • The systemPreferences.isAeroGlassEnabled() API has been deprecated and will be removed without replacement. #45554

    Features

    Additions

    • Added APIs to manage shared dictionaries for compression efficiency using Brotli or ZStandard. The new APIs are session.getSharedDictionaryUsageInfo(), session.getSharedDictionaryInfo(options), session.clearSharedDictionaryCache(), and session.clearSharedDictionaryCacheForIsolationKey(options). #44750 (Also in 33, 34)
    • Added NSPrefersDisplaySafeAreaCompatibilityMode = false to Info.plist to remove "Scale to fit below built-in camera." from app options. #45357 (Also in 33, 34)
    • Added ServiceWorkerMain class to interact with service workers in the main process. #45341
      • Added running-status-changed event on ServiceWorkers to indicate when a service worker's running status has changed.
      • Added startWorkerForScope on ServiceWorkers to start a worker that may have been previously stopped.
    • Added WebFrameMain.collectJavaScriptCallStack() for accessing the JavaScript call stack of unresponsive renderers. #44204 (Also in 33, 34)
    • Added contextBridge.executeInMainWorld to safely execute code across world boundaries. #45330
    • Added frame to 'console-message' event. #43617
    • Added query-session-end event and improved session-end events on Windows. #44598
    • Added view.getVisible(). #45409 (Also in 34)
    • Added webContents.navigationHistory.restore(index, entries) API that allows restoration of navigation history. #45583 (Also in 34)
    • Added optional animation parameter to BrowserWindow.setVibrancy. #35987
    • Added permission support for document.executeCommand("paste"). #45471 (Also in 33, 34)
    • Added support for roundedCorners BrowserWindow constructor option on Windows. #45740 (Also in 34)
    • Added support for service worker preload scripts. #45408
    • Support Portal's globalShortcuts. Electron must be run with --enable-features=GlobalShortcutsPortal in order to have the feature working. #45297

    Improvements

    • Performance improvements when processing microtasks. #44439 (Also in 32, 33, 34)
    • Redesigned preload script APIs by introducing registerPreloadScript, unregisterPreloadScript, getPreloadScripts on Session.#45329

    Removed/Deprecated

    • Removed 240 FPS limit when use shared texture OSR. #45781

    Fixes

    • Fixed webContents.print() after switch to OOP printing on macOS and Linux. #45285
    • Fixed an issue where the renderer process crashed when loading about:blank in subframes. #45758
    • Fixed broken OOP window.print() on macOS/Linux. #45259
    • Fixed desktopCapturer.getSources not returning electron windows on Windows. #45000
    • Fixed spellcheck suggestions not correctly populating on Windows. #45763
    • Optimized webFrame.getZoomLevel and webFrame.getZoomFactor APIs. #45557
    • Re-enables the MacWebContentsOcclusion feature flag for Mac, with plans to make it enabled by default in a future release. #45801

    Also in earlier versions...

    • Addressed two possible crashes in the File System Access API. #45261 (Also in 34)
    • Backported fix for a upstream bug that cause Offscreen Rendering to stutter. #45660 (Also in 32, 33, 34)
    • Fixed WebFrameMain crash related to accessing speculative frames that have been destroyed. #45686 (Also in 33, 34)
    • Fixed chrome.i18n extension API being unavailable in service workers. #45031 (Also in 31, 32, 33, 34)
    • Fixed trace-startup not working on macOS. #44257 (Also in 32, 33, 34)
    • Fixed v8.setHeapSnapshotNearHeapLimit api in main and utility process, along with support for --diagnostic-dir Node.js cli flag to specify the directory to save the heap snapshots. #45632 (Also in 33, 34)
    • Fixed a bug where the default path didn't always correctly fill the Name field in KDialogs on Linux. #45420 (Also in 34)
    • Fixed a crash that could occur in OSR on window close. #45630 (Also in 34)
    • Fixed a crash that could occur when calling shell.readShortcutLink on Windows. #44784 (Also in 33, 34)
    • Fixed a crash when calling shell.readShortcutLink caused by PKEY_AppUserModel_ToastActivatorCLSID sometimes being represented by a string uuid. #45348 (Also in 33, 34)
    • Fixed a potential crash in chrome.tabs.update(). #45302 (Also in 33, 34)
    • Fixed a potential crash when calling legacy getUserMedia with an invalid chromeMediaSourceId. #45755 (Also in 34)
    • Fixed a potential issues permissions in the Pointer Lock API after focus loss and regain. #45628 (Also in 34)
    • Fixed an issue where RTL tooltips could be incorrect when using WCO on Windows. #45425 (Also in 33, 34)
    • Fixed an issue where Windows Control Overlay didn't work with some window configurations. #45477 (Also in 33, 34)
    • Fixed an issue where EventSource was undefined in both renderer and worker processes when Node.js integration was enabled. #44475 (Also in 32, 33, 34)
    • Fixed an issue where WebContentsViews were being improperly removed. #44656 (Also in 31, 32, 33, 34)
    • Fixed an issue where contextmenu events wouldn't be correctly dispatched in draggable regions on Linux. #45841 (Also in 34)
    • Fixed an issue where resize wasn't being emitted for single-pixel resizes on Windows. #44700 (Also in 32, 33, 34)
    • Fixed an issue where a utilityProcess pid would not be undefined after exit. #44677 (Also in 32, 33, 34)
    • Fixed an issue where buttons shown under the Window Controls Overlay API were missing tooltips. #44721 (Also in 32, 33, 34)
    • Fixed an issue where closing a window after printing on Linux triggered a crash. #44246 (Also in 31, 32, 33, 34)
    • Fixed an issue where drag-dropping two directories would cause getAsFileSystemHandle to never resolve. #45256 (Also in 33, 34)
    • Fixed an issue where print scaling could be too small during silent print. #45262 (Also in 34)
    • Fixed an issue where selection of multiple directories with the dialog module didn't work on Linux. #45394 (Also in 34)
    • Fixed an issue where the exit event could be emitted twice from the utilityProcess. #44243 (Also in 31, 32, 33, 34)
    • Fixed an issue where the webContents context-menu event was not emitted when using -webkit-app-region: drag. #44761 (Also in 32, 33, 34)
    • Fixed an issue where the windows control overlay was unexpectedly visible in fullscreen on Linux. #44621 (Also in 31, 32, 33, 34)
    • Fixed an issue where windows on Windows with backgroundMaterial lost effect on maximization. #45525 (Also in 34)
    • Fixed an possible crash when using draggable regions and BaseWindows to get the context-menu event. #44940 (Also in 32, 33, 34)
    • Fixed build failure when the PDF viewer is disabled. #44960 (Also in 33, 34)
    • Fixed calling setAlwaysOnTop on a hidden window which is then shown with showInactive on Linux under X11. #44078 (Also in 31, 32, 33, 34)
    • Fixed crash in gin::wrappable::secondweakcallback. #45378 (Also in 33, 34)
    • Fixed crash in net api when utility process exits. #44574 (Also in 32, 33, 34)
    • Fixed crash on startup with asan build on macOS. #45569 (Also in 33, 34)
    • Fixed crash when accessing WebFrameMain frames and name attributes on destroyed frames. #45508 (Also in 33, 34)
    • Fixed crash when network process terminates while a net log is running. #44406 (Also in 31, 32, 33, 34)
    • Fixed crash when rendering super menu accelerator on linux. #44341 (Also in 32, 33, 34)
    • Fixed custom spell checker getting stuck in infinite loop using 100% CPU. #45001 (Also in 31, 32, 33, 34)
    • Fixed drag and drop icons not showing on Windows. #45777 (Also in 34)
    • Fixed external window focus when using shell.openExternal. #44408 (Also in 33, 34)
    • Fixed file preview window reappearing when calling win.closeFilePreview twice on macOS. #45664 (Also in 32, 33, 34)
    • Fixed issue where 'contextmenu' event is emitted twice on macOS. #44978 (Also in 34)
    • Fixed issue with missing index arg for webContents.canGoToOffset. #44989 (Also in 32, 33, 34)
    • Fixed race condition in which WebContents appears as white screen on VDI machines without hardware acceleration capabilities. #44318 (Also in 32, 33, 34)
    • Fixed regression with dynamic dependency on libgdk_pixbuf. #44423 (Also in 32, 33, 34)
    • Fixed segfault when moving WebContentsView between BrowserWindows. #44599 (Also in 31, 32, 33, 34)
    • Fixed the path for a needed library used for mksnapshot. #45546 (Also in 32, 33, 34)
    • Fixed theme does not work in DevTools. #44114 (Also in 32, 33, 34)
    • Fixed update file extension bug. #44296 (Also in 33, 34)
    • Fixed web worker scripts failing to load for chrome extensions. #45708 (Also in 32, 33, 34)
    • Return 0 exit code for normal termination of the utility process. #44726 (Also in 32, 33, 34)
    • The avoidClosingConnections option for session.clearData now properly defaults to false when the dataTypes option is not set. #45187 (Also in 33, 34)

    Other Changes

    • Added more helpful logging if Node.js fails to initialize. #45317
    • Backported fix for 387258077,383070811. #45496
    • Fixed all -Wunsafe-buffer-usage Clang warnings and enabled the compiler warning in new builds. #44056
    • Fixed an issue where a deprecation warning was being incorrectly emitted for frameless windows on macOS. #44728 (Also in 33, 34)

    Documentation

    Notices

    End of Support for 32.x.y

    Electron 32.x.y has reached end-of-support as per the project's support policy. Developers and applications are encouraged to upgrade to a newer version of Electron.

  • 35.0.0-beta.13 - 2025-03-03

    Note: This is a beta release. Please file new issues for any bugs you find in it.

    This release is published to npm under the beta tag and can be installed via npm install electron@beta, or npm install electron@35.0.0-beta.13.

    Release Notes for v35.0.0-beta.13

    Other Changes

    • Updated Chromium to 134.0.6998.44. #45845
  • 35.0.0-beta.12 - 2025-02-28

    Note: This is a beta release. Please file new issues for any bugs you find in it.

    This release is published to npm under the beta tag and can be installed via npm install electron@beta, or npm install electron@35.0.0-beta.12.

    Release Notes for v35.0.0-beta.12

    Fixes

    • Fixed an issue where contextmenu events wouldn't be correctly dispatched in draggable regions on Linux. #45841

    Other Changes

    • Fixed 35.0.0-beta.11 build issue. #45838
  • 35.0.0-beta.11 - 2025-02-27
  • 35.0.0-beta.10 - 2025-02-25
  • 35.0.0-beta.9 - 2025-02-24
  • 35.0.0-beta.8 - 2025-02-21
  • 35.0.0-beta.7 - 2025-02-17
  • 35.0.0-beta.6 - 2025-02-13
  • 35.0.0-beta.5 - 2025-02-10
  • 35.0.0-beta.4 - 2025-02-07
  • 35.0.0-beta.3 - 2025-02-06
  • 35.0.0-beta.2 - 2025-02-05
  • 35.0.0-beta.1 - 2025-02-03
  • 35.0.0-alpha.5 - 2025-01-29
  • 35.0.0-alpha.4 - 2025-01-24
  • 35.0.0-alpha.3 - 2025-01-23
  • 35.0.0-alpha.2 - 2025-01-20
  • 35.0.0-alpha.1 - 2025-01-15
  • 34.4.0 - 2025-03-26
  • 34.3.4 - 2025-03-20
  • 34.3.3 - 2025-03-12
  • 34.3.2 - 2025-03-10
  • 34.3.1 - 2025-03-06
  • 34.3.0 - 2025-02-26
  • 34.2.0 - 2025-02-13
  • 34.1.1 - 2025-02-07
  • 34.1.0 - 2025-02-05
  • 34.0.2 - 2025-01-29
  • 34.0.1 - 2025-01-22
  • 34.0.0 - 2025-01-14
  • 34.0.0-beta.16 - 2025-01-09
  • 34.0.0-beta.15 - 2025-01-07
  • 34.0.0-beta.14 - 2024-12-23
  • 34.0.0-beta.13 - 2024-12-19
  • 34.0.0-beta.12 - 2024-12-16
  • 34.0.0-beta.11 - 2024-12-11
  • 34.0.0-beta.10 - 2024-12-09
  • 34.0.0-beta.9 - 2024-12-05
  • 34.0.0-beta.8 - 2024-12-02
  • 34.0.0-beta.7 - 2024-11-28
  • 34.0.0-beta.6 - 2024-11-25
  • 34.0.0-beta.5 - 2024-11-21
  • 34.0.0-beta.4 - 2024-11-18
  • 34.0.0-beta.3 - 2024-11-15
  • 34.0.0-beta.2 - 2024-11-14
  • 34.0.0-beta.1 - 2024-11-12
  • 34.0.0-alpha.9 - 2024-11-11
  • 34.0.0-alpha.8 - 2024-11-07
  • 34.0.0-alpha.7 - 2024-11-04
  • 34.0.0-alpha.6 - 2024-10-31
  • 34.0.0-alpha.5 - 2024-10-28
  • 34.0.0-alpha.4 - 2024-10-25
  • 34.0.0-alpha.3 - 2024-10-23
  • 34.0.0-alpha.2 - 2024-10-17
  • 34.0.0-alpha.1 - 2024-10-16
  • 33.4.7 - 2025-03-26
  • 33.4.6 - 2025-03-20
  • 33.4.5 - 2025-03-13
  • 33.4.4 - 2025-03-10
  • 33.4.3 - 2025-03-06

    Release Notes for v33.4.3

    Other Changes

    • Fixed an issue where native Node.js addons including uv.h before node.h don't compile as expected. #45872
    • Security: backported fix for 383772517.
    • Security: backported fix for CVE-2025-0995.
  • 33.4.2 - 2025-02-27
  • 33.4.1 - 2025-02-15
  • 33.4.0 - 2025-02-06
  • 33.3.2 - 2025-01-22
  • 33.3.1 - 2025-01-06
  • 33.3.0 - 2024-12-05
  • 33.2.1 - 2024-11-27
  • 33.2.0 - 2024-11-07
from electron GitHub release notes

Important

  • Warning: This PR contains a major version upgrade, and may be a breaking change.
  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Summary by Sourcery

Upgrade Electron from version 33.2.0 to 35.0.0

Bug Fixes:

  • Resolves multiple security vulnerabilities in Electron, including high and critical severity issues

Enhancements:

  • Updates Electron to a newer major version with performance improvements and new features

@snyk-bot
feat: upgrade electron from 33.2.0 to 35.0.0
21162c4 
Snyk has created this PR to upgrade electron from 33.2.0 to 35.0.0.

See this package in npm:
electron

See this project in Snyk:
https://app.snyk.io/org/nerds-github/project/7ac3a559-e245-43bc-aea8-6d68ed454985?utm_source=github&utm_medium=referral&page=upgrade-pr
@sourcery-ai Sourcery AI
Copy link

sourcery-ai bot commented Mar 27, 2025
edited
Loading

Reviewer's Guide by Sourcery

This pull request upgrades the electron dependency from version 33.2.0 to 35.0.0. This upgrade includes several security fixes, new features, improvements, and bug fixes as detailed in the release notes.

No diagrams generated as the changes look simple and do not need a visual representation.

File-Level Changes

Change Details Files
The pull request upgrades the electron dependency from version 33.2.0 to 35.0.0.
  • Updated electron dependency to version 35.0.0.
 apps/main/package.json
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!
  • Generate a plan of action for an issue: Comment @sourcery-ai plan on
    an issue to generate a plan of action for it.

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

sourcery-ai[bot]
sourcery-ai bot reviewed Mar 27, 2025
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have skipped reviewing this pull request. Here's why:

  • It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
  • We don't review packaging changes - Let us know if you'd like us to change this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nerdy-tech-com-gitub @snyk-bot