Bump electron from 9.1.2 to 22.3.25 in /www/nodejs-project

[dependabot[bot]]

Bumps electron from 9.1.2 to 22.3.25.

Release notes

Sourced from electron's releases.

electron v22.3.25

Release Notes for v22.3.25

Other Changes

• Security: backported fix for CVE-2023-5217. #40026

electron v22.3.24

Release Notes for v22.3.24

Other Changes

• Security: backported fix for CVE-2023-4572. #39689
• Security: backported fix for CVE-2023-4762. #39758
• Security: backported fix for CVE-2023-4863. #39827

electron v22.3.23

Release Notes for v22.3.23

Other Changes

• Security: backported fix for CVE-2023-4427.
  • Security: backported fix for CVE-2023-4428. #39648

electron v22.3.22

Release Notes for v22.3.22

Fixes

• Fixed decorations for tiled windows on Wayland. #39568 (Also in 24, 25, 26, 27)

Other Changes

• Security: backported fix for CVE-2023-4355.
  • Security: backported fix for CVE-2023-4354.
  • Security: backported fix for CVE-2023-4353.
  • Security: backported fix for CVE-2023-4352.
  • Security: backported fix for CVE-2023-4351. #39559

Changelog

Sourced from electron's changelog.

Breaking Changes

Breaking changes will be documented here, and deprecation warnings added to JS code where possible, at least one major version before the change is made.

Types of Breaking Changes

This document uses the following convention to categorize breaking changes:

• API Changed: An API was changed in such a way that code that has not been updated is guaranteed to throw an exception.
• Behavior Changed: The behavior of Electron has changed, but not in such a way that an exception will necessarily be thrown.
• Default Changed: Code depending on the old default may break, not necessarily throwing an exception. The old behavior can be restored by explicitly specifying the value.
• Deprecated: An API was marked as deprecated. The API will continue to function, but will emit a deprecation warning, and will be removed in a future release.
• Removed: An API or feature was removed, and is no longer supported by Electron.

Planned Breaking API Changes (30.0)

Behavior Changed: cross-origin iframes now use Permission Policy to access features

Cross-origin iframes must now specify features available to a given iframe via the allow attribute in order to access them.

See documentation for more information.

Planned Breaking API Changes (29.0)

Behavior Changed: ipcRenderer can no longer be sent over the contextBridge

Attempting to send ipcRenderer as an object over the contextBridge will now result in an empty object on the receiving side of the bridge. This change was made to remove / mitigate a security footgun, you should not directly expose ipcRenderer or it's methods over the bridge. Instead provide a safe wrapper like below:

contextBridge.exposeInMainWorld('app', {
  onEvent: (cb) => ipcRenderer.on('foo', (e, ...args) => cb(args))
})

Removed: renderer-process-crashed event on app

The renderer-process-crashed event on app has been removed. Use the new render-process-gone event instead.

// Removed
app.on('renderer-process-crashed', (event, webContents, killed) => { /* ... */ })
// Replace with
app.on('render-process-gone', (event, webContents, details) => { /* ... */ })
</tr></table>

... (truncated)

Commits

• 1c1c132 chore: cherry-pick 3fbd1dca6a4d from libvpx (#40026)
• d892c2b build: fixup autoninja (#39899)
• 6132e80 build: run on circle hosts for forks (#39865)
• a953199 build: use aks backed runners for linux builds (#39838)
• 056eacf chore: cherry-pick b2eab7500a18 from chromium (#39827)
• 5f8ef81 fix: ensure app load is limited to real asar files when appropriate (#39811)
• 4995c9e chore: cherry-pick 1 changes from Release-3-M116 (#39758)
• e29cdac build: fix depot_tools patch application (#39751)
• b58903d chore: cherry-pick 1 changes from Release-2-M116 (#39689)
• 33f9dce chore: cherry-pick 2 changes from Release-1-M116 (#39648)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/EdenwareApps/Megacubo/network/alerts).

[dependabot[bot]]

Looks like electron is up-to-date now, so this is no longer needed.