search

CSS-Electronics / cancloud

CANcloud - open source telematics platform
Apache License 2.0
50 stars 26 forks source link

Bump electron and browser-run #29

Open dependabot[bot] opened 1 year ago

dependabot[bot] commented 1 year ago

Bumps electron to 26.4.3 and updates ancestor dependency browser-run. These dependencies need to be updated together.

Updates electron from 1.8.8 to 26.4.3

Release notes

Sourced from electron's releases.

electron v26.4.3

Release Notes for v26.4.3

Fixes

  • Fixed an issue where navigator.keyboard.lock() did not work per latest expected behavior. #40387 (Also in 27, 28)
  • Fixed crash in renderer process due to partition allocator when sandbox is disabled. #40377

electron v26.4.2

Release Notes for v26.4.2

Fixes

  • Fixed failing build when enable_electron_extensions=false. #40269 (Also in 25, 27)

Other Changes

  • Security: backported fix for chromium:1491912. #40265

electron v26.4.1

Release Notes for v26.4.1

Fixes

  • Fixed an issue where Windows Toast notifications weren't properly dismissed from the Action Center on notification.close() if they'd previously been dismissed. #40242 (Also in 27, 28)
  • Fixed an issue where fully occluded windows would return an empty image from webContents.capturePage() on Windows and Linux. #40187 (Also in 25, 27, 28)
  • Fixed an issue with webContents interaction with fullscreen and WCO on macOS. #40218 (Also in 25, 27, 28)
  • Fixed some redundant permission dialogs while screen sharing on Wayland. #40191 (Also in 27, 28)

Other Changes

  • Security: backported fix for 1486316.
    • Security: backported fix for CVE-2023-5218.
    • Security: backported fix for 1472365.
    • Security: backported fix for 1472366. #40209

electron v26.4.0

Release Notes for v26.4.0

Fixes

  • Fixed an issue where calling loadURL during some webContents url loading events could crash. #40163 (Also in 24, 25, 27)
  • Fixed an issue where calling show() on a child BrowserWindow would show all other children attached to the same parent on macOS. #40107 (Also in 24, 25, 27)
  • Fixed an issue where closing and opening a minimized DevTools window would not work as expected. #40118 (Also in 25, 27)
  • Fixed deprecated gpu-process-crashed / renderer-process-crashed events being emitted twice and with incorrect arguments. #40112 (Also in 22, 24, 25, 27)

Other Changes

  • Fixed launch failure with child_process.spawn on windows affected by launching store applications. #40127 (Also in 25, 27)
  • Security: backported fix for 1480184.
    • Security: backported fix for 1481179. #40077

electron v26.3.0

... (truncated)

Changelog

Sourced from electron's changelog.

Breaking Changes

Breaking changes will be documented here, and deprecation warnings added to JS code where possible, at least one major version before the change is made.

Types of Breaking Changes

This document uses the following convention to categorize breaking changes:

  • API Changed: An API was changed in such a way that code that has not been updated is guaranteed to throw an exception.
  • Behavior Changed: The behavior of Electron has changed, but not in such a way that an exception will necessarily be thrown.
  • Default Changed: Code depending on the old default may break, not necessarily throwing an exception. The old behavior can be restored by explicitly specifying the value.
  • Deprecated: An API was marked as deprecated. The API will continue to function, but will emit a deprecation warning, and will be removed in a future release.
  • Removed: An API or feature was removed, and is no longer supported by Electron.

Planned Breaking API Changes (29.0)

Behavior Changed: ipcRenderer can no longer be sent over the contextBridge

Attempting to send ipcRenderer as an object over the contextBridge will now result in an empty object on the receiving side of the bridge. This change was made to remove / mitigate a security footgun, you should not directly expose ipcRenderer or it's methods over the bridge. Instead provide a safe wrapper like below:

contextBridge.exposeInMainWorld('app', {
  onEvent: (cb) => ipcRenderer.on('foo', (e, ...args) => cb(args))
})

Removed: renderer-process-crashed event on app

The renderer-process-crashed event on app has been removed. Use the new render-process-gone event instead.

// Removed
app.on('renderer-process-crashed', (event, webContents, killed) => { /* ... */ })

// Replace with
app.on('render-process-gone', (event, webContents, details) => { /* ... */ })

Removed: crashed event on WebContents and <webview>

The crashed events on WebContents and <webview> have been removed. Use the new render-process-gone event instead.

// Removed
win.webContents.on('crashed', (event, killed) => { /* ... */ })
</tr></table>

... (truncated)

Commits
  • 35a9e69 build: actually show github upload output if verbose is true. (#40397)
  • 92c9342 fix: crash when thread isolated pool is enabled in the renderer process (#40377)
  • c00c8de fix: navigator.keyboard.lock() fullscreen exit handling (#40387)
  • 237d120 build: fix ":electron_lib_arc" / "chromium_src:chrome_lib_arc" dependencies (...
  • 0a1b719 build: upload slow, more time good (#40335)
  • 6f663c7 test: add spec for app.getAppMetrics() for utility process (#40319)
  • b77eb9c test: add spec for child-process-gone event for utility process (#40309)
  • 3703625 fix: failing build with enable_electron_extensions=false (#40269)
  • bec47bc chore: implement no-op chrome.action extension APIs (#40259)
  • 37882e8 chore: cherry-pick f666cceb92c2 from dawn (#40265)
  • Additional commits viewable in compare view


Updates browser-run from 5.0.0 to 12.0.0

Release notes

Sourced from browser-run's releases.

v12.0.0

  • pkg: add engines.node 3d00688
  • upgrade np caa4abb
  • upgrade electron-stream b3d3845
  • fix test dbe0ff4
  • switch from node-core-test to test 237a459
  • Revert "update electron-stream" 08b0f3e
  • update electron-stream b8ed25c

https://github.com/juliangruber/browser-run/compare/v11.0.0...v12.0.0

v11.0.0

  • update package-lock.json 6397daa
  • modernize (#160) b54ff7b

https://github.com/juliangruber/browser-run/compare/v10.1.0...v11.0.0

v10.1.0

  • add sandbox option ba26284
  • bump electron-stream to 9.1.0 fc691a2

https://github.com/juliangruber/browser-run/compare/v10.0.0...v10.1.0

v10.0.0

  • Electron update for Apple M1 support (#158) 45d09e7

https://github.com/juliangruber/browser-run/compare/v9.0.0...v10.0.0

v9.0.0

  • swap in yargs for optimist and patch a few other security vulnerabilities (#157) dc1f389

https://github.com/juliangruber/browser-run/compare/v8.0.0...v9.0.0

v8.0.0

  • remove makefile 40e3922
  • Bumping electron-stream to v8.0.0 (#156) 9046c3b

https://github.com/juliangruber/browser-run/compare/v7.0.2...v8.0.0

v7.0.2

  • pkg: add release script 057388c
  • bump browser-launcher to 2.0.0 0a55479

https://github.com/juliangruber/browser-run/compare/v7.0.1...v7.0.2

Commits


You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/CSS-Electronics/cancloud/network/alerts).

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.