Skip to content

Update dependency electron to v18 [SECURITY] #59

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency electron to v18 [SECURITY] #59

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link

@renovate renovate bot commented Apr 26, 2021
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
electron ^3.0.13 -> ^18.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2020-15096

Impact

Apps using contextIsolation are affected.

This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.

Workarounds

There are no app-side workarounds, you must update your Electron version to be protected.

Fixed Versions

  • 9.0.0-beta.21
  • 8.2.4
  • 7.2.4
  • 6.1.11

For more information

If you have any questions or comments about this advisory:

CVE-2020-4075

Impact

The vulnerability allows arbitrary local file read by defining unsafe window options on a child window opened via window.open.

Workarounds

Ensure you are calling event.preventDefault() on all new-window events where the url or options is not something you expect.

Fixed Versions

  • 9.0.0-beta.21
  • 8.2.4
  • 7.2.4

For more information

If you have any questions or comments about this advisory:

CVE-2020-4077

Impact

Apps using both contextIsolation and contextBridge are affected.

This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.

Workarounds

There are no app-side workarounds, you must update your Electron version to be protected.

Fixed Versions

  • 9.0.0-beta.21
  • 8.2.4
  • 7.2.4

For more information

If you have any questions or comments about this advisory:

CVE-2020-4076

Impact

Apps using contextIsolation are affected.

This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.

Workarounds

There are no app-side workarounds, you must update your Electron version to be protected.

Fixed Versions

  • 9.0.0-beta.21
  • 8.2.4
  • 7.2.4

Non-Impacted Versions

  • 9.0.0-beta.*

For more information

If you have any questions or comments about this advisory:

CVE-2021-39184

Impact

This vulnerability allows a sandboxed renderer to request a "thumbnail" image of an arbitrary file on the user's system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases.

All current stable versions of Electron are affected.

Patches

This was fixed with #​30728, and the following Electron versions contain the fix:

  • 15.0.0-alpha.10
  • 14.0.0
  • 13.3.0
  • 12.1.0
  • 11.5.0

Workarounds

If your app enables contextIsolation, this vulnerability is significantly more difficult for an attacker to exploit.

Further, if your app does not depend on the createThumbnailFromPath API, then you can simply disable the functionality. In the main process, before the 'ready' event:

delete require('electron').nativeImage.createThumbnailFromPath

For more information

If you have any questions or comments about this advisory, email us at [email protected].

CVE-2022-29257

Impact

This vulnerability allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components.

Please note that this kind of attack would require significant privileges in your own auto updating infrastructure and the ease of that attack entirely depends on your infrastructure security.

Patches

This has been patched and the following Electron versions contain the fix:

  • 18.0.0-beta.6
  • 17.2.0
  • 16.2.0
  • 15.5.0

Workarounds

There are no workarounds for this issue, please update to a patched version of Electron.

For more information

If you have any questions or comments about this advisory, email us at [email protected]

CVE-2022-36077

Impact

When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as file://some.website.com/, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.

Patches

This issue has been fixed in all current stable versions of Electron. Specifically, these versions contain the fixes:

  • 21.0.0-beta.1
  • 20.0.1
  • 19.0.11
  • 18.3.7

We recommend all apps upgrade to the latest stable version of Electron.

Workarounds

If upgrading isn't possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the WebContents.on('will-redirect') event, for all WebContents:

app.on('web-contents-created', (e, webContents) => {
  webContents.on('will-redirect', (e, url) => {
    if (/^file:/.test(url)) e.preventDefault()
  })
})

For more information

If you have any questions or comments about this advisory, email us at [email protected].

Credit

Thanks to user @​coolcoolnoworries for reporting this issue.

Release Notes

electron/electron

v18.3.7: electron v18.3.7

Compare Source

Release Notes for v18.3.7

Fixes

  • Fixed WCO not responding to touch events on windows. #​35177 (Also in 19, 20)
  • Fixed webContents.getUserAgent() incorrectly returning an empty string unless previously set. #​35130 (Also in 17, 19, 20)
  • Fixed an issue in which calling setBounds() after e.preventDefault in a 'will-move' or 'will-resize' event wouldn't change the window's shape until the mouse button was released. #​35082 (Also in 19, 20)
  • Fixed context menu not showing all items on macOS when dock is not hidden. #​35198 (Also in 19)
  • None. #​35171 (Also in 19, 20)

Other Changes

v18.3.6: electron v18.3.6

Compare Source

Release Notes for v18.3.6

Fixes

  • Fixed a crash when calling BrowserWindow.setEnabled(). #​34973 (Also in 19, 20)
  • Fixed a potential crash when changing window settings after initializing WCO with an invalid titleBarStyle. #​34873 (Also in 17, 19, 20)
  • Fixed alwaysOnTop BrowserWindow option for X11 Linux. #​34911 (Also in 19, 20)
  • Fixed an issue where BrowserWindows on macOS were incorrectly marked as resizable. #​34907 (Also in 19, 20)
  • Fixed an issue where Windows Control Overlay buttons did not respect maximizable/minimizable/closable states of a BrowserWindow. #​34720 (Also in 17, 19, 20)
  • Fixed an issue where calling BrowserWindow.setRepresentedFilename on macOS with titlebarStyle: 'hiddenInset' or titlebarStyle: 'hidden' inadvertently moves the traffic light location. #​34847 (Also in 19, 20)
  • Fixed an issue where some BrowserWindows opened from new links wouldn't properly load URLs. #​34910 (Also in 19)
  • Fixed an issue where the minimize button with WCO enabled would incorrectly be highlighted in some cases. #​34838 (Also in 17, 19, 20)
  • Fixed an issue with background colors being improperly applied to BrowserViews on Windows. #​33478 (Also in 16)
  • Fixed empty app_id when running under wayland. #​34877 (Also in 19, 20)
  • Fixed missing Sec-CH-UA headers and empty navigator.userAgentData. #​34758 (Also in 17, 19, 20)
  • Fixed symbol generation on 32-bit Windows release builds. #​35096 (Also in 19, 20)
  • Prevent brief display of "Ozone X11" in window title on Linux. #​34943

Other Changes

v18.3.5: electron v18.3.5

Compare Source

Release Notes for v18.3.5

Fixes

  • Fixed a performance problem in crashReporter.start() on macOS. #​34640 (Also in 17, 19, 20)
  • Fixed an error where setWindowOpenHandler() would crash if the callback threw an error. #​34627 (Also in 19, 20)
  • Fixed an issue where calling w.setWindowButtonVisibility(true) immediately after exiting fullscreen fails to show window buttons. #​34673 (Also in 19, 20)
  • Fixed an issue where draggable regions were not recalculated when BrowserView bounds changed on Windows. #​34610 (Also in 19, 20)

Other Changes

v18.3.4: electron v18.3.4

Compare Source

Release Notes for v18.3.4

Fixes

  • Fixed an issue where normal bounds would not be appropriately updated if the user minimized with the minimize button. #​34485 (Also in 19, 20)
  • Fixed an issue where passing { name: 'All Files', extensions: ['*'] } in the filters param of open or save dialogs on Linux would disallow choosing files without an extension. #​34518 (Also in 19, 20)

Other Changes

v18.3.3: electron v18.3.3

Compare Source

Release Notes for v18.3.3

Fixes

  • Fixed a crash when loading a same-origin URL after a render process crash. #​34430 (Also in 19, 20)
  • Fixed potential crash in WebFrameMain when performing a cross-origin navigation. #​34415 (Also in 19, 20)

v18.3.2: electron v18.3.2

Compare Source

Release Notes for v18.3.2

Fixes

  • Fixed an issue where pressing escape would not un-fullscreen on Windows or Linux in some circumstances. #​34361 (Also in 19)
  • Fixed an issue where zombie windows can be created if window.close() is called during a fullscreen transition. #​34392 (Also in 17, 19, 20)

Other Changes

  • Enable 16k page sizes support for linux arm64. #​34385

v18.3.1: electron v18.3.1

Compare Source

Release Notes for v18.3.1

Fixes

  • Fixed crash when calling navigator.serial.getPorts(). #​34327 (Also in 17, 19)

Other Changes

  • Added a TRACE call named crash_reporter::Start under the electron category for crash_reporter::Start(). #​34325 (Also in 17, 19)

v18.3.0: electron v18.3.0

Compare Source

Release Notes for v18.3.0

Fixes

  • Fixed a crash when calling loadExtension on an extension directory that's missing a manifest file. #​34304 (Also in 16, 17, 19)
  • Fixed an issue where bounds changes were incorrectly delayed in the case where a window was moved or resized and event.preventDefault was called in either will-resize or will-move on Windows. #​34284 (Also in 16, 17, 19)
  • Fixed an issue where running second instances of the same application would cause a deadlock on Windows. #​34295 (Also in 19)
  • Fixed potential crash with WebFrameMain when navigating between cross-origin websites. #​34293 (Also in 19)
  • Fixed service worker registration with custom protocols. #​34291 (Also in 19)

v18.2.4: electron v18.2.4

Compare Source

Release Notes for v18.2.4

Fixes

  • Fixed an issue where tray items wouldn't highlight in some scenarios on macOS. #​34207 (Also in 16, 17, 19)
  • Fixed crash on startup on old Ubuntu versions. #​34155
  • SIGUSR1 is no longer handled when the node_cli_inspect fuse is disabled. #​34180 (Also in 16, 17)

Other Changes

  • Backported fix for chromium:1320614. #​34202
  • Updated Chromium to 100.0.4896.160. #​34171

v18.2.3: electron v18.2.3

Compare Source

Release Notes for v18.2.3

Fixes

  • Fixed a crash in safeStorage on Linux. #​34148 (Also in 19)
  • Fixed building node modules with Visual Studio 2017. #​34110 (Also in 19)

v18.2.2: electron v18.2.2

Compare Source

Release Notes for v18.2.2

Fixes

  • Fixed a crash on Windows when opening apps in multiple, separate user sessions. #​34161 (Also in 19)
  • Fixed an OSR crash happening when input select items were rendered. #​34092 (Also in 17, 19)
  • Fixed an issue where calling SetLoginItemSettings() could potentially cause network volumes to be incorrectly mounted. #​34106 (Also in 17, 19)
  • Fixed crash on startup due to missing gtk symbol on older distros. #​34150 (Also in 19)

Other Changes

v18.2.0: electron v18.2.0

Compare Source

Release Notes for v18.2.0

Features

  • Fixed an issue where the PDF Viewer would fail if a user attempted to reload. #​33711 (Also in 19)

Fixes

  • Fixed an issue with the app.requestSingleInstanceLock() API where it would sometimes hang. #​33778

Other Changes

  • Fixed child_process.spawn ENOENT error with cwd option. #​33871 (Also in 16, 17, 19)
  • Updated Chromium to 100.0.4896.143. #​33948

v18.1.0: electron v18.1.0

Compare Source

Release Notes for v18.1.0

Features

  • Enabled systemPreferences.subscribe{Local|Workspace}Notification to take a null value for the event parameter. #​33771

Fixes

  • Fixed crash when img without alt is shown with accessibility features enabled. #​33843 (Also in 19)
  • Fixed crash when opening gtk file dialogs due to mismatched versions. #​33812 (Also in 19)

Other Changes

  • Updated Chromium to 100.0.4896.127. #​33730

v18.0.4: electron v18.0.4

Compare Source

Release Notes for v18.0.4

Fixes

  • Apply senderFrame details to ipcMain port event. #​33782 (Also in 16, 17)
  • Fixed an issue where Escape keyboard events would not be properly propagated to the parent window after entering fullscreen and then exiting it again on Windows. #​33787
  • Fixed the built-in PDF renderer. #​33664
  • shell.openExternal() now reports more detailed errors on Windows. #​33659 (Also in 15, 16, 17, 19)
  • shell.openExternal() now reports more detailed errors on Windows. #​33705 (Also in 15, 16, 17, 19)

Other Changes

  • Backported fix for chromium:1297731, b/218211225. #​33708

v18.0.3: electron v18.0.3

Compare Source

Release Notes for v18.0.3

Other Changes

  • Updated Chromium to 100.0.4896.75. #​33619

v18.0.2: electron v18.0.2

Compare Source

Release Notes for v18.0.2

Fixes

  • Fixed a potential crash in Browser.getFocusedWindow() when child windows are closed. #​33538 (Also in 17)
  • Fixed an issue where the the window bounds would incorrectly change if BrowserWindow.unmaximize was called on a window whose user bounds were maximized. #​33550 (Also in 16, 17)
  • Fixed behavior of BrowserWindow.maximize on macOS for not shown windows. #​33537 (Also in 15, 16)
  • Fixed incorrect return value of app.requestSingleInstanceLock() when setting non-existent user data folder. #​33592 (Also in 16, 17, 19)
  • Fixed issues with frameless window animations and styling. #​33610 (Also in 19)
  • Fixed potential crash while generating accessibility trees for certain images. #​33616 (Also in 19)

v18.0.1: electron v18.0.1

Compare Source

Release Notes for v18.0.1

Fixes

  • Fixed an issue where Pointer Lock behavior could not be properly exited. #​32828
  • Fixed crash when WindowButtonsProxy references cleared NSWindow. #​33490 (Also in 15, 16, 17)
  • Fixed crash when running under Wayland caused by calling X11 functions. #​33498 (Also in 17)

Other Changes

  • Updated Chromium to 100.0.4896.60. #​33501

v18.0.0: electron v18.0.0

Compare Source

Release Notes for v18.0.0

Stack Upgrades

Breaking Changes

  • Removed the old BrowserWindowProxy-based implementation of window.open. This also removes the nativeWindowOpen option from webPreferences. #​29405

Features

Additions
  • Added 'focus' and 'blur' events to WebContents. #​25873
  • Added BrowserWindow method to change the button color, symbol color, and height of a window with WCO enabled. #​33440
  • Added nativeTheme.inForcedColorsMode API to allow detecting forced color mode. #​33357 (Also in 15, 16, 17)
  • Added Substitutions menu roles on macOS: showSubstitutions, toggleSmartQuotes, toggleSmartDashes, toggleTextReplacement. #​32024
  • Added first-instance-ack event to the app.requestSingleInstanceLock() flow, so that users can pass some data back from the second instance to the first instance. #​31460
  • Added height option for Windows Control Overlay. #​31222 (Also in 15, 16, 17)
  • Added ses.setCodeCachePath() API for setting code cache directory. #​33286 (Also in 17)
  • Added rawHeaders to IncomingMessage. #​31853
  • Added support for more color formats in setBackgroundColor. #​33364
  • Added warning that preload scripts will be sandboxed by default beginning in Electron 20. #​33203
  • Support obsolete blowfish ciphers bf-{cbc,cfb,ecb} through the Node.js crypto API. #​32356 (Also in 17)

Fixes

  • Fixed a V8 crash that could happen randomly in non-sandboxed renderer processes. #​33260
  • Fixed a bug where BrowserWindow.fromWebContents would return undefined during the browser-window-created event. #​33316
  • Fixed an issue where First Party Sets were not correctly loaded on app launch. #​33345
  • Fixed an issue where new bounds set via setBounds was not correctly applied if the user was moving or resizing the window concurrently on Windows. #​33375
  • Fixed an issue where pages would not properly print on macOS due to a rendering failure. #​32813
  • Fix: initialize asar support in worker threads. #​33396
  • Fixed the IncrementCapturerCount regression introduced by 13.0.0-beta.21. #​33371
Also in earlier versions....
  • Allowed specifying x64 arch on Mac Rosetta via npm_config_arch. #​32266 (Also in 15, 16, 17)
  • Assertion failure happening in the showSaveDialogSync() code path has been fixed. (Fixes #​31997). #​32049 (Also in 14, 15, 16, 17)
  • Bug fixed for registering protocol in windows which used to set invalid command if the execution path included space. #​32220 (Also in 14, 15, 16, 17)
  • Fire 'show' event when a BrowserWindow is shown via maximize(). #​33214 (Also in 16, 17)
  • Fixed BrowserWindow.showInactive restoring a maximized window to non-maximized on Windows. #​33022 (Also in 16, 17)
  • Fixed VoiceOver not reading typed words correctly in MAS builds. #​32543 (Also in 17)
  • Fixed maxWidth not working in BrowserWindow constructor options. #​32628 (Also in 17)
  • Fixed window.open not overriding parent's webPreferences. #​32057 (Also in 15, 16, 17)
  • Fixed a crash caused by app.getLocaleCountryCode(). #​32256 (Also in 15, 16, 17)
  • Fixed a crash that occurred when a user attempted to print a document either with window.print(), the print button in the PDF viewer, or with BrowserWindow.webContents() and clicked cancel in the resulting print dialog. #​32632 (Also in 17)
  • Fixed a crash that occurred when user attempted to download an edited PDF. #​32512 (Also in 15, 16, 17)
  • Fixed a crash when starting VoiceOver on macOS. #​32564 (Also in 17)
  • Fixed a network service crash that could occur when using setCertificateVerifyProc. #​33253 (Also in 17)
  • Fixed a potential crash in v8 by using allocation type: kOld in v8 ScriptOrModule legacy lifetime. #​32339 (Also in 17)
  • Fixed a potential crash when importing media files or custom file types. #​31881 (Also in 16, 17)
  • Fixed a potential issue when setting backgroundColor on BrowserViews. #​31863 (Also in 14, 15, 16, 17)
  • Fixed an issue that the alert() dialog title is corrupted. #​32434 (Also in 14, 15, 16, 17)
  • Fixed an issue where BrowserView layout bounds where limited to it's visible bounds. #​33399 (Also in 17)
  • Fixed an issue where Chrom DevTools settings didn't persist between loads. #​33206 (Also in 17)
  • Fixed an issue where alternateImages did not work properly on macOS. #​33107 (Also in 15, 16, 17)
  • Fixed an issue where ipcRenderer.postMessage would throw errors when the transfer argument was not passed. #​32433 (Also in 14, 15, 16, 17)
  • Fixed an issue where webContents.openDevTools({ mode }) did not work for certain dock positions. #​32946 (Also in 17)
  • Fixed an issue where webContents.savePage failed when passing a relative path instead of an absolute one. #​33019 (Also in 15, 16, 17)
  • Fixed an issue where adding/removing display changes the BrowserWindow size. #​33250 (Also in 14, 15, 16, 17)
  • Fixed an issue where calling screen capture on macOS does not properly release underlying OS capture mechanisms. #​32435 (Also in 17)
  • Fixed an issue where clicking "Open in Containing Folder" in the Sources tab in Devtools caused a crash. #​33197 (Also in 16, 17)
  • Fixed an issue where frameless vibrant windows would not show transparency correctly on macOS. #​32593 (Also in 16, 17)
  • Fixed an issue where frameless windows on Windows would incorrectly show a small frame during the loading process. #​32714 (Also in 14, 15, 16, 17)
  • Fixed an issue where if backgroundColor was set to undefined, vibrancy failed to work and the backgroundColor would show up as white. #​32517 (Also in 16, 17)
  • Fixed an issue where setting window maxHeight or maxWidth made it so the width and height could no longer be resized. #​33119 (Also in 17)
  • Fixed an issue where the 'maximize' and 'unmaximize' events didn't fire properly on linux. #​32441 (Also in 14, 15, 16, 17)
  • Fixed an issue where the Tray could get garbage collected incorrectly under some circumstances. #​33074 (Also in 15, 16, 17)
  • Fixed an issue with transparent windows failing to fire the maximize and unmaximize events on Windows. #​32643 (Also in 17)
  • Fixed an occasional crash on Mac when spawning a child process. #​33117 (Also in 17)
  • Fixed aspect ratio resize for frameless windows on macOS. #​32287 (Also in 15, 16, 17)
  • Fixed broken event loop in renderer process when process reuse is enabled on windows platform. #​33361 (Also in 16, 17)
  • Fixed broken transparency option in offscreen window rendering. #​33053 (Also in 16, 17)
  • Fixed command string registered via setAsDefaultProtocolClient on windows. #​33013 (Also in 14, 15, 16, 17)
  • Fixed console windows from ELECTRON_RUN_AS_NODE instances. #​31963 (Also in 16, 17)
  • Fixed crash in the render process on reload with pending node fs.promises. #​33302 (Also in 15, 16, 17)
  • Fixed crash when calling webContents.setZoomFactor(1.0). #​32604 (Also in 13, 14, 15, 16, 17)
  • Fixed crash when playing media files on Windows 7/8 or macOS 10.11/10.12. #​32046 (Also in 13, 14, 15, 16, 17)
  • Fixed drag regions on WCO windows on Windows. #​33202 (Also in 15, 16, 17)
  • Fixed effect when hovering over window controls on Windows in a WCO-enabled window. #​32723 (Also in 14, 15, 16, 17)
  • Fixed incorrect skipTransformProcessType option parsing in win.setVisibleOnAllWorkspaces(). #​32364 (Also in 13, 14, 15, 16, 17)
  • Fixed incorrect external memory allocation tracking in nativeImage module. #​33305 (Also in 15, 16, 17)
  • Fixed issue where not all serial devices were exposed to the handler specified by session.setDevicePermissionHandler. #​32651 (Also in 17)
  • Fixed maximizing frameless windows by double-clicking on a draggable (title bar) region. #​33446 (Also in 15, 16, 17)
  • Fixed minimized BrowserWindow being restored by BrowserWindow.unmaximize(). #​32438 (Also in 14, 15, 16, 17)
  • Fixed possible race conditions between frame state and electron ipc. #​32851 (Also in 17)
  • Fixed potential crash on Windows and Linux when using desktopCapturer.getSources. #​32052 (Also in 16, 17)
  • Fixed regression where console windows would open for execSync and some spawnSync calls for Windows users. #​32340 (Also in 16, 17)
  • Fixed respecting aspect ratio when maximum size is set on BrowserWindow. #​29101 (Also in 14, 15, 16, 17)
  • Fixed slowness when using child_process.spawn and related methods on macOS Big Sur and newer. #​33407 (Also in 16, 17)
  • Fixed stale renderer process when application is quit whil

@renovate renovate bot changed the title Pin dependency electron to v3.1.13 [SECURITY] Pin dependency electron to 3.1.13 [SECURITY] May 9, 2021
@renovate renovate bot changed the title Pin dependency electron to 3.1.13 [SECURITY] Pin dependency electron to v3.1.13 [SECURITY] May 15, 2021
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch 2 times, most recently from 66532af to 82d7b4b Compare May 15, 2021 22:44
@renovate renovate bot changed the title Pin dependency electron to v3.1.13 [SECURITY] Update dependency electron to v9 [SECURITY] May 15, 2021
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from 82d7b4b to ef4121c Compare May 21, 2021 09:59
@renovate renovate bot changed the title Update dependency electron to v9 [SECURITY] Pin dependency electron to v3.1.13 [SECURITY] May 21, 2021
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from ef4121c to 77dc356 Compare May 21, 2021 14:10
@renovate renovate bot changed the title Pin dependency electron to v3.1.13 [SECURITY] Update dependency electron to v9 [SECURITY] May 21, 2021
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from 77dc356 to a087d32 Compare May 22, 2021 13:19
@renovate renovate bot changed the title Update dependency electron to v9 [SECURITY] Pin dependency electron to v3.1.13 [SECURITY] May 22, 2021
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from a087d32 to 352c862 Compare May 22, 2021 15:02
@renovate renovate bot changed the title Pin dependency electron to v3.1.13 [SECURITY] Update dependency electron to v9 [SECURITY] May 22, 2021
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from 352c862 to 17ac64d Compare May 26, 2021 08:45
@renovate renovate bot changed the title Update dependency electron to v9 [SECURITY] Pin dependency electron to v3.1.13 [SECURITY] May 26, 2021
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from 17ac64d to 0057640 Compare May 26, 2021 10:47
@renovate renovate bot changed the title Pin dependency electron to v3.1.13 [SECURITY] Update dependency electron to v9 [SECURITY] May 26, 2021
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from 0057640 to b9ae504 Compare May 29, 2021 19:33
@renovate renovate bot changed the title Update dependency electron to v9 [SECURITY] Pin dependency electron to v3.1.13 [SECURITY] May 29, 2021
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from b9ae504 to 70a06da Compare May 29, 2021 20:40
@renovate renovate bot changed the title Pin dependency electron to v3.1.13 [SECURITY] Update dependency electron to v9 [SECURITY] May 29, 2021
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from 70a06da to c1f1271 Compare May 30, 2021 04:51
@renovate renovate bot changed the title Update dependency electron to v9 [SECURITY] Pin dependency electron to v3.1.13 [SECURITY] May 30, 2021
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from c1f1271 to 0f34aef Compare May 30, 2021 07:03
@renovate renovate bot changed the title Pin dependency electron to v3.1.13 [SECURITY] Update dependency electron to v9 [SECURITY] May 30, 2021
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from 0f34aef to 74a4004 Compare May 31, 2021 07:52
@renovate renovate bot changed the title Update dependency electron to v9 [SECURITY] Pin dependency electron to v3.1.13 [SECURITY] May 31, 2021
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from 74a4004 to 7c910d2 Compare May 31, 2021 09:28
@renovate renovate bot changed the title Pin dependency electron to v3.1.13 [SECURITY] Update dependency electron to v9 [SECURITY] May 31, 2021
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from 7c910d2 to b0b79c6 Compare June 1, 2021 20:14
@renovate renovate bot changed the title Update dependency electron to v9 [SECURITY] Pin dependency electron to v3.1.13 [SECURITY] Jun 1, 2021
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from b0b79c6 to d833be6 Compare June 1, 2021 22:12
@renovate renovate bot changed the title Pin dependency electron to v3.1.13 [SECURITY] Update dependency electron to v9 [SECURITY] Jun 1, 2021
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from d833be6 to 2192a63 Compare June 2, 2021 13:50
@renovate renovate bot changed the title Update dependency electron to v9 [SECURITY] Pin dependency electron to v3.1.13 [SECURITY] Jun 2, 2021
@renovate renovate bot changed the title Pin dependency electron to v3.1.13 [SECURITY] Update dependency electron to 9.4.0 [SECURITY] Jun 2, 2021
@renovate renovate bot changed the title Update dependency electron to 9.4.0 [SECURITY] Update dependency electron to 11.5.0 [SECURITY] Oct 19, 2021
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from 2192a63 to 2ed7183 Compare March 7, 2022 14:21
@renovate renovate bot changed the title Update dependency electron to 11.5.0 [SECURITY] Update dependency electron to 13.6.6 [SECURITY] Mar 26, 2022
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from 2ed7183 to c40f9ab Compare March 26, 2022 14:20
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from c40f9ab to 03c4000 Compare April 24, 2022 22:50
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from 03c4000 to f1a1c12 Compare May 15, 2022 20:40
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from f1a1c12 to 70885e4 Compare June 18, 2022 13:55
@renovate renovate bot changed the title Update dependency electron to 13.6.6 [SECURITY] Update dependency electron to 15.5.5 [SECURITY] Jun 18, 2022
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from 70885e4 to 976d1b1 Compare September 25, 2022 17:18
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from 976d1b1 to b7a52f0 Compare November 20, 2022 12:18
@renovate renovate bot changed the title Update dependency electron to 15.5.5 [SECURITY] Update dependency electron to 18.3.7 [SECURITY] Nov 20, 2022
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from b7a52f0 to 02b1dfc Compare March 18, 2023 06:04
@renovate renovate bot changed the title Update dependency electron to 18.3.7 [SECURITY] Update dependency electron to v18 [SECURITY] Mar 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant