Skip to content

Bump the npm_and_yarn group across 1 directory with 7 updates#35

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm_and_yarn-bf0af26302
Closed

Bump the npm_and_yarn group across 1 directory with 7 updates#35
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm_and_yarn-bf0af26302

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jul 3, 2025

Bumps the npm_and_yarn group with 4 updates in the / directory: electron, brace-expansion, app-builder-lib and electron-builder.

Updates electron from 27.0.3 to 37.2.0

Release notes

Sourced from electron's releases.

electron v37.2.0

Release Notes for v37.2.0

Other Changes

  • Updated Chromium to 138.0.7204.97. #47619
  • Updated Node.js to v22.17.0. #47555

electron v37.1.0

Release Notes for v37.1.0

Features

  • Added support for customizing system accent color and highlighting of active window border. #47537 (Also in 35, 36)

Fixes

  • Fixed an issue where utility processes could leak file handles. #47543 (Also in 35, 36)

electron v37.0.0

Release Notes for v37.0.0

Stack Upgrades

Breaking Changes

  • Added support for Web Serial & WebUSB blocklists. #46600
  • Fixed an issue where utility processes crashed on unhandled rejections. #45921
  • Fixed utilityProcess running user script after process.exit is called. #47492
  • Removed deprecated feature of creating a new random session by setting ProtocolResponse.session's property to null. #46264

Features

Additions

  • Added BrowserWindow.isSnapped() to indicate whether a given window has been arranged via Snap. #46079 (Also in 36)
  • Added before-mouse-event to allow intercepting and preventing mouse events in WebContents. #47364 (Also in 36)
  • Added ffmpeg.dll to delay load configuration. #46151 (Also in 34, 35, 36)
  • Added innerWidth and innerHeight options for window.open. #47039 (Also in 35, 36)
  • Added nativeTheme.shouldUseDarkColorsForSystemIntegratedUI to distinguish system and app theme. #46438 (Also in 35, 36)
  • Added scriptURL property to ServiceWorkerMain. #45863
  • Added a CSS rule for smooth corners. #45185
  • Added sublabel functionality for menus on macOS >= 14.4. #47042 (Also in 35, 36)
  • Added support for Autofill, Writing Tools and Services macOS level menu items in context menus via the new frame option in menu.popup. #45138 (Also in 36)
  • Added support for HIDDevice.collections. #47483 (Also in 36)
  • Added support for --no-experimental-global-navigator flag. #47418 (Also in 35, 36)

... (truncated)

Changelog

Sourced from electron's changelog.

Breaking Changes

Breaking changes will be documented here, and deprecation warnings added to JS code where possible, at least one major version before the change is made.

Types of Breaking Changes

This document uses the following convention to categorize breaking changes:

  • API Changed: An API was changed in such a way that code that has not been updated is guaranteed to throw an exception.
  • Behavior Changed: The behavior of Electron has changed, but not in such a way that an exception will necessarily be thrown.
  • Default Changed: Code depending on the old default may break, not necessarily throwing an exception. The old behavior can be restored by explicitly specifying the value.
  • Deprecated: An API was marked as deprecated. The API will continue to function, but will emit a deprecation warning, and will be removed in a future release.
  • Removed: An API or feature was removed, and is no longer supported by Electron.

Planned Breaking API Changes (38.0)

Removed: macOS 11 support

macOS 11 (Big Sur) is no longer supported by Chromium.

Older versions of Electron will continue to run on Big Sur, but macOS 12 (Monterey) or later will be required to run Electron v38.0.0 and higher.

Behavior Changed: window.open popups are always resizable

Per current WHATWG spec, the window.open API will now always create a resizable popup window.

To restore previous behavior:

webContents.setWindowOpenHandler((details) => {
  return {
    action: 'allow',
    overrideBrowserWindowOptions: {
      resizable: details.features.includes('resizable=yes')
    }
  }
})

Planned Breaking API Changes (37.0)

Utility Process unhandled rejection behavior change

Utility Processes will now warn with an error message when an unhandled rejection occurs instead of crashing the process.

To restore the previous behavior, you can use:

</tr></table>

... (truncated)

Commits
  • cc05e5f chore: bump chromium to 138.0.7204.97 (37-x-y) (#47619)
  • 65c062d chore: bump node to v22.17.0 (37-x-y) (#47555)
  • fc55862 fix: Reland "[accessibility] Platform node lifetime cleanups" (#47611)
  • 2856008 refactor: sync IsKillURL() with upstream impl in extension_tab_util.cc (#47595)
  • abba008 chore: bump chromium to 138.0.7204.49 (37-x-y) (#47558)
  • bbf8003 test: fix nan tests on macOS (#47607)
  • 9aedb9c perf: avoid copying a vector when calling ConvertToWeakPtrVector() (#47601)
  • 47e927a refactor: avoid copies of large objects in range based for loops (#47605)
  • e73d57c docs: update example apps (#47600)
  • 99a224e refactor: make context bridge's private keys hidden, constexpr string_views (...
  • Additional commits viewable in compare view

Updates brace-expansion from 1.1.11 to 2.0.2

Release notes

Sourced from brace-expansion's releases.

v2.0.2

  • pkg: publish on tag 2.x 14f1d91
  • fmt ed7780a
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 36603d5

juliangruber/brace-expansion@v2.0.1...v2.0.2

v1.1.12

  • pkg: publish on tag 1.x c460dbd
  • fmt ccb8ac6
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

Updates brace-expansion from 2.0.1 to 2.0.2

Release notes

Sourced from brace-expansion's releases.

v2.0.2

  • pkg: publish on tag 2.x 14f1d91
  • fmt ed7780a
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 36603d5

juliangruber/brace-expansion@v2.0.1...v2.0.2

v1.1.12

  • pkg: publish on tag 1.x c460dbd
  • fmt ccb8ac6
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

Updates app-builder-lib from 24.6.4 to 24.13.3

Release notes

Sourced from app-builder-lib's releases.

v24.13.3

What's Changed

New Contributors

Full Changelog: electron-userland/electron-builder@v24.13.2...v24.13.3

v24.13.2

What's Changed

Full Changelog: electron-userland/electron-builder@v24.13.1...v24.13.2

v24.13.1

What's Changed

Full Changelog: electron-userland/electron-builder@v24.13.0...v24.13.1

v24.13.0

What's Changed

... (truncated)

Changelog

Sourced from app-builder-lib's changelog.

24.13.3

Patch Changes

  • #8086 e6f1bebd Thanks @​Allan-Kerr! - fix(msi): build emulated arm64 MSI installers as stopgap until electron-builder-binaries wix version is updated

  • #8090 2c147add Thanks @​mmaietta! - fix(mac): sign NSIS on mac

  • #8067 18340eef Thanks @​mmaietta! - fix(deb): soft symlink instead of hardlink to handle when /opt is on a separate partition

  • Updated dependencies []:

    • dmg-builder@24.13.3
    • electron-builder-squirrel-windows@24.13.3

24.13.2

Patch Changes

  • #8059 8f4acff3 Thanks @​mmaietta! - fix: execute %SYSTEMROOT% cmd.exe directly during NSIS installer

  • #8071 eb296c9b Thanks @​mmaietta! - fix(pkg): provide BundlePreInstallScriptPath and/or BundlePostInstallScriptPath when a pre/postinstall script is provided to pkg installer

  • #8069 538dd86b Thanks @​lutzroeder! - fix: use pathToFileUrl for hooks for Windows ES module support

  • #8065 5681777a Thanks @​mmaietta! - fix(mac): only skip notarization step when notarize is explicitly false

  • Updated dependencies []:

    • dmg-builder@24.13.2
    • electron-builder-squirrel-windows@24.13.2

24.13.1

Patch Changes

  • #8052 6a4f605f Thanks @​taozhou-glean! - fix: add dmg-builder and squirrel-windows to peer dependency for pnpm

  • #8057 ccbb80de Thanks @​mmaietta! - chore: upgrading connected dependencies (typescript requires higher eslint version)

  • Updated dependencies [ccbb80de]:

    • builder-util@24.13.1
    • builder-util-runtime@9.2.4
    • dmg-builder@24.13.1
    • electron-builder-squirrel-windows@24.13.1
    • electron-publish@24.13.1

24.13.0

Minor Changes

  • #8043 bb4a8c09 Thanks @​mmaietta! - feat: allow onNodeModuleFile to return a boolean to force include the package to be copied

... (truncated)

Commits
  • cb335ec chore(deploy): Release v24.13.3 (electron-updater@6.2.0) (#8084)
  • 2c147ad fix(mac): signing NSIS on mac (#8090)
  • 18340ee fix(deb): only execute update-desktop-database and update-mime-database w...
  • e6f1beb feat(msi): build emulated arm64 MSI installers (#8086)
  • 5f0804f chore(deploy): Release 24.13.2 (#8060)
  • eb296c9 fix(pkg): provide BundlePreInstallScriptPath and/or `BundlePostInstallScrip...
  • 538dd86 fix: use pathToFileUrl for hooks for Windows ES module support (#8069)
  • 5681777 fix(mac): only skip notarization step when notarize is explicitly false (#8...
  • 8f4acff fix: execute %SYSTEMROOT% cmd.exe directly during NSIS installer (#8059)
  • 8965608 chore(deploy): Release v24.13.1 (electron-updater@6.1.9) (#8056)
  • Additional commits viewable in compare view

Updates electron-builder from 24.6.4 to 24.13.3

Changelog

Sourced from electron-builder's changelog.

24.13.3

Patch Changes

24.13.2

Patch Changes

24.13.1

Patch Changes

  • Updated dependencies [6a4f605f, ccbb80de]:
    • app-builder-lib@24.13.1
    • builder-util@24.13.1
    • builder-util-runtime@9.2.4
    • dmg-builder@24.13.1

24.13.0

Patch Changes

24.12.0

Minor Changes

Patch Changes

24.11.0

Patch Changes

... (truncated)

Commits

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

  • update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

  • fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

Commits
  • 77cd97f chore(release): 7.0.6
  • 6717de4 chore: upgrade standard-version
  • f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
  • 9a7e3b2 chore: fix build status badge
  • 0852683 chore(release): 7.0.5
  • 640d391 fix: fix escaping bug introduced by backtracking
  • bff0c87 chore: remove codecov
  • a7c6abc chore: replace travis with github workflows
  • 9b9246e chore(release): 7.0.4
  • 5ff3a07 fix: disable regexp backtracking (#160)
  • Additional commits viewable in compare view

Updates ejs from 3.1.9 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

Commits

Updates tar from 6.2.0 to 6.2.1

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group across 1 directory with 7 updates
01266bd 
Bumps the npm_and_yarn group with 4 updates in the / directory: [electron](https://github.com/electron/electron), [brace-expansion](https://github.com/juliangruber/brace-expansion), [app-builder-lib](https://github.com/electron-userland/electron-builder/tree/HEAD/packages/app-builder-lib) and [electron-builder](https://github.com/electron-userland/electron-builder/tree/HEAD/packages/electron-builder).


Updates `electron` from 27.0.3 to 37.2.0
- [Release notes](https://github.com/electron/electron/releases)
- [Changelog](https://github.com/electron/electron/blob/main/docs/breaking-changes.md)
- [Commits](electron/electron@v27.0.3...v37.2.0)

Updates `brace-expansion` from 1.1.11 to 2.0.2
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v2.0.2)

Updates `brace-expansion` from 2.0.1 to 2.0.2
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v2.0.2)

Updates `app-builder-lib` from 24.6.4 to 24.13.3
- [Release notes](https://github.com/electron-userland/electron-builder/releases)
- [Changelog](https://github.com/electron-userland/electron-builder/blob/master/packages/app-builder-lib/CHANGELOG.md)
- [Commits](https://github.com/electron-userland/electron-builder/commits/v24.13.3/packages/app-builder-lib)

Updates `electron-builder` from 24.6.4 to 24.13.3
- [Release notes](https://github.com/electron-userland/electron-builder/releases)
- [Changelog](https://github.com/electron-userland/electron-builder/blob/master/packages/electron-builder/CHANGELOG.md)
- [Commits](https://github.com/electron-userland/electron-builder/commits/v24.13.3/packages/electron-builder)

Updates `cross-spawn` from 7.0.3 to 7.0.6
- [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md)
- [Commits](moxystudio/node-cross-spawn@v7.0.3...v7.0.6)

Updates `ejs` from 3.1.9 to 3.1.10
- [Release notes](https://github.com/mde/ejs/releases)
- [Commits](mde/ejs@v3.1.9...v3.1.10)

Updates `tar` from 6.2.0 to 6.2.1
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v6.2.0...v6.2.1)

---
updated-dependencies:
- dependency-name: electron
  dependency-version: 37.2.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 2.0.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 2.0.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: app-builder-lib
  dependency-version: 24.13.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: electron-builder
  dependency-version: 24.13.3
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: cross-spawn
  dependency-version: 7.0.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ejs
  dependency-version: 3.1.10
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar
  dependency-version: 6.2.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 3, 2025
@craftxbox craftxbox closed this Jul 3, 2025
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Jul 3, 2025

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/npm_and_yarn-bf0af26302 branch July 3, 2025 05:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@craftxbox