kewde / electron-sandbox-boilerplate

A simple example for a (more reasonably) secure electron application, by enabling the sandbox and forcing communication over IPC.
MIT License
73 stars 14 forks source link

Bump electron from 1.7.12 to 7.2.4 in /sandbox-preload-extended #22

Closed dependabot[bot] closed 3 years ago

dependabot[bot] commented 4 years ago

Bumps electron from 1.7.12 to 7.2.4.

Release notes

Sourced from electron's releases.

electron v7.2.4

Release Notes for v7.2.4

Fixes

  • Fixed Promise timeout issue when running Electron as Node. #23324
  • Fixed a use-after-free error that could happen if a Tray was destroyed while showing a custom context menu. #23182
  • Fixed an issue where windows without nativeWindowOpen: true could invoke the non-native-open path. #23224
  • Fixed memory leak when using contextBridge with sandbox=true. #23232
  • MacOS VoiceOver is now able to find its way back into web contents after it navigated "out" of an application. #23174

electron v7.2.3

Release Notes for v7.2.3

Fixes

  • Security: Ensure proxy object is created in the correct context a9bead22

electron v7.2.2

Release Notes for v7.2.2

Fixes

  • Fixed a potential crash on invalid zoomFactor values when setting the zoom factor of a webpage. #22710
  • Fixed an issue with maximizable state persistence of BrowserWindows on macOS. #23019
  • Fixed an issue with possible creation of a messageBox which cannot be dismissed on macOS. #23089
  • Fixed an occasional crash when closing all BrowserWindows. #23024
  • Security: Backported fix for CVE-2020-6426: inappropriate implementation in V8. #23043
  • Security: backported a fix for crbug.com/1065094. #23059
  • Security: backported fix for a potential buffer overrun in WebRTC audio encoding. #23037
  • Security: backported fix for site isolation bypass in dedicated workers. #23040
  • Security: backported the fix to CVE-2020-6452: potential container-overflow in MediaStream mojo. #23044

Other Changes

  • Security: Backport fix for buffer underflow in DWrite. #22979
  • Security: Backported fix for use after free in file chooser. #22981
  • Security: backport fix for CVE-2020-6451: Use after free in WebAudio. #22945
  • Security: backport fix for use after free in VideoEncodeAccelerator. #22983
  • Security: backported fix for CVE-2019-20503: Out of bounds read in usersctplib. #22986
  • Security: backported fix for CVE-2020-6422: Use after free in WebGL. #23017
  • Security: backported fix for CVE-2020-6423: Use after free in audio. #23048
  • Security: backported fix for CVE-2020-6427: Use after free in audio. #23015
  • Security: backported fix for CVE-2020-6428: Use after free in audio. #23013
  • Security: backported fix for CVE-2020-6429: Use after free in audio. #23011
  • Security: backported fix for CVE-2020-6449: Use after free in audio. #23009
  • Security: backported fix for use-after-poison in WebAudio (crbug.com/1023810). #22869
  • Security: backported fix for use-after-poison in WebAudio. #22943
Commits
  • 0552e0d Bump v7.2.4
  • c87b474 refactor: port window-setup to use ctx bridge instead of being run in the mai...
  • 69683de fix: use Node's microtasks policy in node_main.cc (#23154) (#23324)
  • 8148b76 style: use build/include_directory for NOLINT (#23266) (#23304)
  • 7dfcb5e fix: block custom window.open when nativeWindowOpen is true (#23188) (#23224)
  • 0b3bf1e fix: do not mutate ipc instances across contexts (#23239)
  • fd529ac fix: do not allow child windows to specify their own preload script (#23229)
  • 3909001 fix: ensure that functions are not retained beyond their context being releas...
  • 039be2e build: improve patch filename remembering (#23070) (#23184)
  • fb6f604 fix: heap-use-after-free in tray.popUpContextMenu (#22842) (#23182)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by electron-nightly, a new releaser for electron since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/kewde/electron-sandbox-boilerplate/network/alerts).
dependabot[bot] commented 3 years ago

Superseded by #25.