chore(deps-dev): bump electron from 38.8.4 to 38.8.6

[dependabot]

Bumps electron from 38.8.4 to 38.8.6.

Release notes

Sourced from electron's releases.

electron v38.8.6

Release Notes for v38.8.6

[!WARNING] Electron 38.x.y has reached end-of-support as per the project's support policy. Developers and applications are encouraged to upgrade to a newer version of Electron.

Fixes

• Added validation to protocol client methods to reject protocol names that do not conform to the RFC 3986 URI scheme grammar. #50157 (Also in 39, 40, 41)
• Fixed an issue where additionalData passed to app.requestSingleInstanceLock on Windows could be truncated or fail to deserialize in the primary instance's second-instance event. #50177 (Also in 39, 40, 41)
• Fixed an issue where invalid characters in custom protocol or webRequest response header values were not rejected. #50130 (Also in 39, 40, 41)
• Fixed an issue where permission and device-chooser handlers received the top-level page origin instead of the requesting subframe's origin. #50151 (Also in 39, 40, 41)

Commits

• fbc489c fix: validate protocol scheme names in setAsDefaultProtocolClient (#50157)
• af4f835 fix: strictly validate sender for internal IPC reply channels (#50160)
• 9d0c858 fix: validate USB device selection against filtered device list (#50159)
• e6e8269 fix: potential UAF in OnDownloadPathGenerated (#50150)
• e17eef4 fix: read nodeIntegrationInWorker from per-frame WebPreferences (#50163)
• 9ffc255 fix: correct parsing of second-instance additionalData (#50177)
• 07a1e9c fix: prevent use-after-free in permission request callbacks (#50153)
• 567435b fix: use requesting frame origin in permission helper and device choosers (#5...
• 5ee5ace fix: use proper quoting for exe paths and args on Windows (#50146)
• 2d92886 fix: validate response header names and values before AddHeader (#50130)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud