chore: bump up electron version to v35.7.5 [SECURITY] (#13561)

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs
from Renovate will soon appear from 'Mend'. Learn more
[here](https://redirect.github.com/renovatebot/renovate/discussions/37842).

This PR contains the following updates:

| Package | Change | Age | Confidence |
|---|---|---|---|
| [electron](https://redirect.github.com/electron/electron) | [`35.5.1`
-> `35.7.5`](https://renovatebot.com/diffs/npm/electron/35.5.1/35.7.5) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/electron/35.7.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron/35.5.1/35.7.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2025-55305](https://redirect.github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg)

### Impact
This only impacts apps that have the `embeddedAsarIntegrityValidation`
and `onlyLoadAppFromAsar`
[fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled.
Apps without these fuses enabled are not impacted.

Specifically this issue can only be exploited if your app is launched
from a filesystem the attacker has write access too. i.e. the ability to
edit files inside the `resources` folder in your app installation on
Windows which these fuses are supposed to protect against.

### Workarounds
There are no app side workarounds, you must update to a patched version
of Electron.

### Fixed Versions
* `38.0.0-beta.6`
* `37.3.1`
* `36.8.1`
* `35.7.5`

### For more information
If you have any questions or comments about this advisory, email us at
[security@electronjs.org](mailto:security@electronjs.org)

---

### Release Notes

<details>
<summary>electron/electron (electron)</summary>

###
[`v35.7.5`](https://redirect.github.com/electron/electron/releases/tag/v35.7.5):
electron v35.7.5

[Compare
Source](https://redirect.github.com/electron/electron/compare/v35.7.4...v35.7.5)

##### Release Notes for v35.7.5

> \[!WARNING]
> Electron 35.x.y has reached end-of-support as per the project's
[support
policy](https://www.electronjs.org/docs/latest/tutorial/electron-timelines#version-support-policy).
Developers and applications are encouraged to upgrade to a newer version
of Electron.

##### Fixes

- Fixed an issue where `shell.openPath` was not non-blocking as
expected.
[#&#8203;48079](https://redirect.github.com/electron/electron/pull/48079)
<span style="font-size:small;">(Also in
[36](https://redirect.github.com/electron/electron/pull/48088),
[37](https://redirect.github.com/electron/electron/pull/48088),
[38](https://redirect.github.com/electron/electron/pull/48088))</span>

###
[`v35.7.4`](https://redirect.github.com/electron/electron/releases/tag/v35.7.4):
electron v35.7.4

[Compare
Source](https://redirect.github.com/electron/electron/compare/v35.7.2...v35.7.4)

##### Release Notes for v35.7.4

- Fix ffmpeg generation on Windows non-x64

###
[`v35.7.2`](https://redirect.github.com/electron/electron/releases/tag/v35.7.2):
electron v35.7.2

[Compare
Source](https://redirect.github.com/electron/electron/compare/v35.7.0...v35.7.2)

##### Release Notes for v35.7.2

##### Fixes

- Fixed an issue where printing PDFs with `webContents.print({ silent:
true })` would fail.
[#&#8203;47645](https://redirect.github.com/electron/electron/pull/47645)
<span style="font-size:small;">(Also in
[36](https://redirect.github.com/electron/electron/pull/47624),
[37](https://redirect.github.com/electron/electron/pull/47397))</span>

###
[`v35.7.0`](https://redirect.github.com/electron/electron/releases/tag/v35.7.0):
electron v35.7.0

[Compare
Source](https://redirect.github.com/electron/electron/compare/v35.6.0...v35.7.0)

##### Release Notes for v35.7.0

##### Other Changes

- Updated Node.js to v22.16.0.
[#&#8203;47213](https://redirect.github.com/electron/electron/pull/47213)

###
[`v35.6.0`](https://redirect.github.com/electron/electron/releases/tag/v35.6.0):
electron v35.6.0

[Compare
Source](https://redirect.github.com/electron/electron/compare/v35.5.1...v35.6.0)

##### Release Notes for v35.6.0

##### Features

- Added support for `--no-experimental-global-navigator` flag.
[#&#8203;47416](https://redirect.github.com/electron/electron/pull/47416)
<span style="font-size:small;">(Also in
[36](https://redirect.github.com/electron/electron/pull/47417),
[37](https://redirect.github.com/electron/electron/pull/47418))</span>
- Added support for customizing system accent color and highlighting of
active window border.
[#&#8203;47539](https://redirect.github.com/electron/electron/pull/47539)
<span style="font-size:small;">(Also in
[36](https://redirect.github.com/electron/electron/pull/47538),
[37](https://redirect.github.com/electron/electron/pull/47537))</span>

##### Fixes

- Fixed a potential crash using `session.clearData` in some
circumstances.
[#&#8203;47410](https://redirect.github.com/electron/electron/pull/47410)
<span style="font-size:small;">(Also in
[36](https://redirect.github.com/electron/electron/pull/47411),
[37](https://redirect.github.com/electron/electron/pull/47412))</span>
- Fixed an error when importing `electron` for the first time from an
ESM module loaded by a CJS module in a packaged app.
[#&#8203;47344](https://redirect.github.com/electron/electron/pull/47344)
<span style="font-size:small;">(Also in
[36](https://redirect.github.com/electron/electron/pull/47343),
[37](https://redirect.github.com/electron/electron/pull/47342))</span>
- Fixed an issue where calling `Fetch.continueResponse` via debugger
with `WebContentsView` could cause a crash.
[#&#8203;47443](https://redirect.github.com/electron/electron/pull/47443)
<span style="font-size:small;">(Also in
[36](https://redirect.github.com/electron/electron/pull/47442),
[37](https://redirect.github.com/electron/electron/pull/47444))</span>
- Fixed an issue where utility processes could leak file handles.
[#&#8203;47542](https://redirect.github.com/electron/electron/pull/47542)
<span style="font-size:small;">(Also in
[36](https://redirect.github.com/electron/electron/pull/47541),
[37](https://redirect.github.com/electron/electron/pull/47543))</span>
- Partially fixes an issue with printing a PDF via `webContents.print()`
where the callback would not be called.
[#&#8203;47399](https://redirect.github.com/electron/electron/pull/47399)
<span style="font-size:small;">(Also in
[36](https://redirect.github.com/electron/electron/pull/47400),
[37](https://redirect.github.com/electron/electron/pull/47398))</span>

##### Other Changes

- Backported fix for
[`4206375`](https://redirect.github.com/electron/electron/commit/420637585).
[#&#8203;47369](https://redirect.github.com/electron/electron/pull/47369)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45MS4xIiwidXBkYXRlZEluVmVyIjoiNDEuOTcuMTAiLCJ0YXJnZXRCcmFuY2giOiJjYW5hcnkiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
This commit is contained in:
renovate[bot]
2025-09-21 18:47:57 +00:00
committed by GitHub
parent ebf75e4d31
commit 2f38953cf9
+3 -3
View File
@@ -20804,15 +20804,15 @@ __metadata:
linkType: hard
"electron@npm:^35.0.0":
version: 35.5.1
resolution: "electron@npm:35.5.1"
version: 35.7.5
resolution: "electron@npm:35.7.5"
dependencies:
"@electron/get": "npm:^2.0.0"
"@types/node": "npm:^22.7.7"
extract-zip: "npm:^2.0.1"
bin:
electron: cli.js
checksum: 10/765752c94c3bea799f62fb0a75049a10452ff97e791a96111f36b97293ffed9240b27dbc083c01f7a2c7172e84b6b394b07c9aaf91d57783958b2adb4e570579
checksum: 10/f3757f0b6f21ddd5ebf8b83becdaa3e47dc13473e5375e6e6aee638d7029e73d08d6a4170b37ad8c594057da139e7cdf4c8b82b70c2c1ad0306abdcc274c5fee
languageName: node
linkType: hard