From 2f38953cf911f03a466355dea2d22077a277f9df Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 21 Sep 2025 18:47:57 +0000 Subject: [PATCH] chore: bump up electron version to v35.7.5 [SECURITY] (#13561) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842). This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [electron](https://redirect.github.com/electron/electron) | [`35.5.1` -> `35.7.5`](https://renovatebot.com/diffs/npm/electron/35.5.1/35.7.5) | [![age](https://developer.mend.io/api/mc/badges/age/npm/electron/35.7.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron/35.5.1/35.7.5?slim=true)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2025-55305](https://redirect.github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg) ### Impact This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled. Apps without these fuses enabled are not impacted. Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `resources` folder in your app installation on Windows which these fuses are supposed to protect against. ### Workarounds There are no app side workarounds, you must update to a patched version of Electron. ### Fixed Versions * `38.0.0-beta.6` * `37.3.1` * `36.8.1` * `35.7.5` ### For more information If you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org) --- ### Release Notes
electron/electron (electron) ### [`v35.7.5`](https://redirect.github.com/electron/electron/releases/tag/v35.7.5): electron v35.7.5 [Compare Source](https://redirect.github.com/electron/electron/compare/v35.7.4...v35.7.5) ##### Release Notes for v35.7.5 > \[!WARNING] > Electron 35.x.y has reached end-of-support as per the project's [support policy](https://www.electronjs.org/docs/latest/tutorial/electron-timelines#version-support-policy). Developers and applications are encouraged to upgrade to a newer version of Electron. ##### Fixes - Fixed an issue where `shell.openPath` was not non-blocking as expected. [#​48079](https://redirect.github.com/electron/electron/pull/48079) (Also in [36](https://redirect.github.com/electron/electron/pull/48088), [37](https://redirect.github.com/electron/electron/pull/48088), [38](https://redirect.github.com/electron/electron/pull/48088)) ### [`v35.7.4`](https://redirect.github.com/electron/electron/releases/tag/v35.7.4): electron v35.7.4 [Compare Source](https://redirect.github.com/electron/electron/compare/v35.7.2...v35.7.4) ##### Release Notes for v35.7.4 - Fix ffmpeg generation on Windows non-x64 ### [`v35.7.2`](https://redirect.github.com/electron/electron/releases/tag/v35.7.2): electron v35.7.2 [Compare Source](https://redirect.github.com/electron/electron/compare/v35.7.0...v35.7.2) ##### Release Notes for v35.7.2 ##### Fixes - Fixed an issue where printing PDFs with `webContents.print({ silent: true })` would fail. [#​47645](https://redirect.github.com/electron/electron/pull/47645) (Also in [36](https://redirect.github.com/electron/electron/pull/47624), [37](https://redirect.github.com/electron/electron/pull/47397)) ### [`v35.7.0`](https://redirect.github.com/electron/electron/releases/tag/v35.7.0): electron v35.7.0 [Compare Source](https://redirect.github.com/electron/electron/compare/v35.6.0...v35.7.0) ##### Release Notes for v35.7.0 ##### Other Changes - Updated Node.js to v22.16.0. [#​47213](https://redirect.github.com/electron/electron/pull/47213) ### [`v35.6.0`](https://redirect.github.com/electron/electron/releases/tag/v35.6.0): electron v35.6.0 [Compare Source](https://redirect.github.com/electron/electron/compare/v35.5.1...v35.6.0) ##### Release Notes for v35.6.0 ##### Features - Added support for `--no-experimental-global-navigator` flag. [#​47416](https://redirect.github.com/electron/electron/pull/47416) (Also in [36](https://redirect.github.com/electron/electron/pull/47417), [37](https://redirect.github.com/electron/electron/pull/47418)) - Added support for customizing system accent color and highlighting of active window border. [#​47539](https://redirect.github.com/electron/electron/pull/47539) (Also in [36](https://redirect.github.com/electron/electron/pull/47538), [37](https://redirect.github.com/electron/electron/pull/47537)) ##### Fixes - Fixed a potential crash using `session.clearData` in some circumstances. [#​47410](https://redirect.github.com/electron/electron/pull/47410) (Also in [36](https://redirect.github.com/electron/electron/pull/47411), [37](https://redirect.github.com/electron/electron/pull/47412)) - Fixed an error when importing `electron` for the first time from an ESM module loaded by a CJS module in a packaged app. [#​47344](https://redirect.github.com/electron/electron/pull/47344) (Also in [36](https://redirect.github.com/electron/electron/pull/47343), [37](https://redirect.github.com/electron/electron/pull/47342)) - Fixed an issue where calling `Fetch.continueResponse` via debugger with `WebContentsView` could cause a crash. [#​47443](https://redirect.github.com/electron/electron/pull/47443) (Also in [36](https://redirect.github.com/electron/electron/pull/47442), [37](https://redirect.github.com/electron/electron/pull/47444)) - Fixed an issue where utility processes could leak file handles. [#​47542](https://redirect.github.com/electron/electron/pull/47542) (Also in [36](https://redirect.github.com/electron/electron/pull/47541), [37](https://redirect.github.com/electron/electron/pull/47543)) - Partially fixes an issue with printing a PDF via `webContents.print()` where the callback would not be called. [#​47399](https://redirect.github.com/electron/electron/pull/47399) (Also in [36](https://redirect.github.com/electron/electron/pull/47400), [37](https://redirect.github.com/electron/electron/pull/47398)) ##### Other Changes - Backported fix for [`4206375`](https://redirect.github.com/electron/electron/commit/420637585). [#​47369](https://redirect.github.com/electron/electron/pull/47369)
--- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> --- yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index ae8b7ef24e..4ce3c4d09e 100644 --- a/yarn.lock +++ b/yarn.lock @@ -20804,15 +20804,15 @@ __metadata: linkType: hard "electron@npm:^35.0.0": - version: 35.5.1 - resolution: "electron@npm:35.5.1" + version: 35.7.5 + resolution: "electron@npm:35.7.5" dependencies: "@electron/get": "npm:^2.0.0" "@types/node": "npm:^22.7.7" extract-zip: "npm:^2.0.1" bin: electron: cli.js - checksum: 10/765752c94c3bea799f62fb0a75049a10452ff97e791a96111f36b97293ffed9240b27dbc083c01f7a2c7172e84b6b394b07c9aaf91d57783958b2adb4e570579 + checksum: 10/f3757f0b6f21ddd5ebf8b83becdaa3e47dc13473e5375e6e6aee638d7029e73d08d6a4170b37ad8c594057da139e7cdf4c8b82b70c2c1ad0306abdcc274c5fee languageName: node linkType: hard