Security: backported fix for chromium:1196683. #28638
electron v12.0.3
Release Notes for v12.0.3
Fixes
Allow loading source maps from custom protocols and asar bundles. #28616 (Also in 13)
Fixed postData parameter missing from new-window event. #28543 (Also in 13)
Fixed a bug where, when a JumpList task description exceeded 260 characters, the JumpList was empty, despite valid entries. #28525 (Also in 11, 13)
Fixed a crash when loading pepper plugins. #28373 (Also in 13)
Fixed a network process crash that could happen when using setCertificateVerifyProc with many concurrent verification requests. #28465 (Also in 11, 13)
Fixed an issue where select-serial-port callback crashes when called with an invalid serial port ID. #28618 (Also in 13)
Fixed an issue where window.print() did not work properly when printing a pdf from the pdf plugin. #28352 (Also in 13)
Fixed an issue where errors thrown in functions passed over the contextBridge could be displayed incorrectly. #28447 (Also in 13)
Fixed an issue where the thumbar disappeared after win.hide() on Windows. #28389 (Also in 10, 11, 13)
Fixed bug where TouchBarPopover and TouchBarGroup were no longer rendering. #28411 (Also in 11)
Fixed crash when using profiler in devtools. #28531
Fixed failing to request file:// resources when web security is disabled. #28560 (Also in 11, 13)
Fixed rare crash when initializing the internal PDF extension. #28452 (Also in 13)
Fixed service worker not working with custom protocol. #28355 (Also in 11, 13)
Support wasm-eval csp behind WebAssemblyCSP flag. #28575 (Also in 11, 13)
Transparent windows cannot be maximized using the Windows system menu or by double clicking the title bar. #28622 (Also in 13)
Colors returned from systemPreferences.getAccentColor(), getSystemColor and getColor are now correctly converted into the devices color space. Previously the color would have been subtly incorrect. #28172 (Also in 11, 13)
Fixed desktopCapturer.getSources() promise result sometimes never resolving. #28281 (Also in 10, 11, 13)
Fixed a rare crash on Windows that could occur when emitting certain Tray events. #28111
Fixed an issue where some Node.js modules would hang on page reload on Windows. #28337 (Also in 13)
Fixed an issue where the drag regions in BrowserViews on macOS could be off in their y-axis. #28296 (Also in 10, 11, 13)
Fixed context menus not being positioned correctly when near the edge of the screen. #28277 (Also in 11, 13)
Fixed crash when calling getBackgroundColor on a transparent window with no assigned background color. #28188 (Also in 11, 13)
Fixed intensive I/O from asar files causing ERR_FILE_NOT_FOUND after a while. #28202 (Also in 11, 13)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Bumps electron from 11.3.0 to 12.0.4.
Release notes
Sourced from electron's releases.
... (truncated)
Commits
9ce7c51
Bump v12.0.4840ac75
chore: cherry-pick 02f84c745fc0 from v8 (#28638)8115520
Bump v12.0.392e3b13
build: better error handling for release builds (#28628)93dab14
fix: enable system maximization for frameless windows except if transparent (...e100c22
fix: crash on invalid select-serial-port callback (#28618)4efeaa0
chore: cherry-pick 162efe98330e from chromium (#28601)93c6c8c
docs: define the name of the preload script (#28610)df9a01b
docs: systemPreferences.subscribeWorkspaceNotification return type (#28614)5c10eb4
fix: load source maps from custom protocols and asar bundles (#28616)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)