Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency electron to v9.4.0 #323

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Update dependency electron to v9.4.0 #323

wants to merge 1 commit into from

Conversation

mend-for-github-com[bot]
Copy link

@mend-for-github-com mend-for-github-com bot commented Mar 25, 2021
edited

This PR contains the following updates:

Package Type Update Change
electron devDependencies minor 9.0.5 -> 9.4.0

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
Medium 6.5 CVE-2020-26272 #30
High 7.5 CVE-2020-15174 #102
Medium 5.6 CVE-2020-15215 #245

Release Notes

electron/electron

v9.4.0

Compare Source

Release Notes for v9.4.0

Fixes

  • Added Electron DLLs like libGLESv2.dll to symbol server. #​26967 (Also in 10, 11, 12)
  • Fixed systemPreferences.effectiveAppearance returning systemPreferences.getAppLevelAppearance(). #​26881 (Also in 10, 11, 12)
  • Fixed an issue where event.reply could sometimes not deliver a reply to an IPC message when cross-site iframes were present. #​26928 (Also in 10, 11, 12)
  • Fixed an issue where some buttons were un-clickable in some BrowserViews with draggable regions enabled. #​26745 (Also in 10, 11)
  • Fixed an issue whereby a corrupted async_hooks stack would crash the renderer when throwing some errors in the renderer process. #​26748 (Also in 10, 11)
  • Fixed an occasional crash on Windows related to NativeViewHost::SetParentAccessible. #​26950 (Also in 10, 11, 12)
  • Fixed usage of --disable-dev-shm-usage for apps using --no-sandbox on linux. #​26806

Other Changes

v9.3.5

Compare Source

Release Notes for v9.3.5

Fixes

  • Fixed <webview> render-process-gone event dispatch. #​26576
  • Fixed LC_ALL environment variable getting changed in Electron. #​26508 (Also in 10, 11)
  • Fixed debug.log files being created under working directory on windows. #​26267 (Also in 10)
  • Fixed draggable regions stops working when devtools is opened on macOS. #​26506 (Also in 10, 11)

Other Changes

Unknown

v9.3.4

Compare Source

Release Notes for v9.3.4

Fixes

  • Fixed an issue where Hover Text on macOS Catalina did not work without VoiceOver also being enabled. #​26244 (Also in 10, 11)
  • Fixed an issue where draggable regions did not work exclusively on BrowserViews. #​26261 (Also in 10, 11)
  • Fixed an issue where draggable regions were not properly updated on BrowserViews when a containing BrowserWindow was resized. #​26322 (Also in 10, 11)
  • Fixed calling app.commandLine.appendSwitch('lang') not changing app's locale. #​26242 (Also in 10, 11)

Other Changes

v9.3.3

Compare Source

Release Notes for v9.3.3

Fixes

  • Browser views will properly resize within windows. #​26034 (Also in 10, 11)
  • Fix: gdi printing in silent printing mode. #​25724 (Also in 10, 11)
  • Fixed NativeImage.getScaleFactors() always returning the same value. #​25904 (Also in 10, 11)
  • Fixed a crash in printing on Windows. #​26066 (Also in 10, 11)
  • Fixed an issue where Windows notifications with timeoutType of 'never' did not work properly. #​25862 (Also in 10, 11)
  • Fixed an issue where Save as PDF from PDF Viewer Print dialog failed and sometimes crashed. #​26067 (Also in 10, 11)
  • Fixed an issue where frameless windows showed window controls after being in simple fullscreen mode on macOS. #​26128 (Also in 10, 11)
  • Fixed an issue where some Node.js module API calls hung in the renderer process after reloads when render process reuse was enabled. #​25924 (Also in 10, 11)
  • Fixed an issue where the PDF annotations button existed in a broken state. #​26004
  • Fixed bug that meant require.resolve paths option was ignored. #​26035 (Also in 10, 11)
  • Fixed maximized frameless window bleeding to other monitors. #​25980 (Also in 8, 10, 11)
  • Fixed memory leak on macOS when using dialog.showMessageBox API. #​26098 (Also in 8, 10, 11)

Other Changes

v9.3.2

Compare Source

Release Notes for v9.3.2

Fixes

  • Fixed CORS not being disabled by webSecurity: false. #​25505 (Also in 9, 10, 11)
  • Fixed ready-to-show event not emitted on some machines. #​25490 (Also in 9, 10, 11)
  • Fixed a crash in app.importCertificate() on Linux. #​25538 (Also in 9, 10, 11)
  • Fixed a crash when closing window in an event listener after exiting fullscreen on macOS. #​25605 (Also in 9, 10, 11)
  • Fixed an issue that could cause a normally-exiting process to fail with an "illegal access" message and exit code 7. #​25502 (Also in 8, 9, 10, 11)
  • Fixed an issue where an error would be displayed when using webContents.print() if no default was set and no device name provided. #​25607 (Also in 9, 10, 11)
  • Fixed crash when application launched from UNUserNotificationCenter notification (via a native node module). #​25739 (Also in 9, 10, 11)
  • Fixed crashes caused by attempting to modify destroyed views. #​25609 (Also in 9, 10, 11)
  • Fixed memory leak when creating "Services" menu. #​25689 (Also in 9, 10, 11)
  • Fixed unsubscribe from observers when window is closing. #​25586 (Also in 9, 10, 11)
  • Updated Node root certs to use NSS 3.56. #​25364 (Also in 8, 9, 10, 11)

Other Changes

Unknown

  • Fixed extension background page devtools not being openable. #​25567 (Also in 9, 10, 11)

v9.3.1

Compare Source

Release Notes for v9.3.1

Fixes

  • Added missing module delay loads on windows to reduce per process reference set impact. #​25437 (Also in 9, 10, 11)
  • Fixed a crash in the renderer process when invoking the Badging API. #​25371 (Also in 9, 10, 11)
  • Fixed a memory leak in net.request(). #​25382
  • Fixed multiple dock icons being left in system when calling dock.show/hide on macOS. #​25301 (Also in 8, 9, 10, 11)

Other Changes

Unknown

  • Added support for some chrome.management APIs. #​25344 (Also in 9, 10, 11)

v9.3.0

Compare Source

Release Notes for v9.3.0

Features

  • Added back a previously broken visibleOnFullScreen option for setVisibleOnAllWorkspaces. #​25126
  • Added the currencyCode field that Apple's StoreKit in-app-purchasing library provides but has not been added to the Product object that inAppPurchase.getProducts returns. #​25085

Fixes

  • Fixed powerMonitor not emitting suspend/resume events on some Windows machines. #​25165
  • Fixed an issue where filters set in dialogs on macOS would have nondeterministic ordering. #​25194
  • Fixed an issue where notifications with a reply button could potentially be destroyed too early when a user clicked on the notification body before replying. #​25101
  • Fixed frameless window's size being changed when restored from minimized state. #​25045
  • Fixed network permission error when there are multiple WebContents sharing same session are created with web security disabled. #​25179
  • Fixed node's TLS stack not allowing renegotiation. #​25041
  • Fixed the following issues for frameless when maximized on Windows * fix unreachable task bar when auto hidden with position top
  • fix 1px extending to secondary monitor
  • fix 1px overflowing into taskbar at certain resolutions
  • fix white line on top of window under 4k resolutions. #​25218
  • Fixed window size being changed after unmaximizing. #​25133

Unknown

  • Fixed not working WebSQLDatabase in extension background pages. #​25070

v9.2.1

Compare Source

Release Notes for v9.2.1

Fixes

  • fix loading shared worker scripts over custom protocol
  • fix crash when loading worker scripts with nodeIntegration enabled. #​24750
  • Fixed a crash that could occur when using in-memory sessions. #​25002
  • Fixed an issue where some Node.js methods would not work with URL instances constructed in the renderer process. #​24862
  • Fixed an issue where the Save button did not function in PDF previews. #​24996
  • Fixed inactive windows having active titlebar on Windows. #​24873
  • Fixed missing guid parameter in Linux crash reports. #​24898
  • Increased maximum length for crash keys from 127B to 20KB. #​24854
  • [a11y] fix an issue where voiceover doesn't read the first item selected from a ARIA combobox. #​25004

Other Changes

Unknown

  • Fixed issues with CORS when making requests from extensions. #​24915

v9.2.0

Compare Source

Release Notes for v9.2.0

Features

  • Added new worldSafeExecuteJavaScript webPreference to ensure that the return values from webFrame.executeJavaScript are world safe when context isolation is enabled. #​24712 (Also in 10)

Fixes

  • Fixed a crash that could happen when using hookWindowMessage on Windows. #​24769 (Also in 10)
  • Fixed an issue where suspend/resume were emitted twice on macOS. #​24845 (Also in 8, 10)
  • Fixed crash when navigating from a page with webview that has inherited zoom level. #​24764 (Also in 8, 10)
  • Save crash reports locally when uploadToServer: false on linux. #​24788 (Also in 10)
  • Fixed an a11y regression where children reported an index in parent greater than the parent child count. #​24765

v9.1.2

Compare Source

Release Notes for v9.1.2

Fixes

  • Fix: remove unnecessary corner mask overriding to increase window resize performance. #​24702
  • Fixed an issue where VoiceOver was unable to navigate from the top-level window back into the web contents. #​24699
  • Protocol response streams are now destroyed if the request is aborted. #​24657

Other Changes

  • Improved the performance of sending JS primitives over the context bridge. #​24746

v9.1.1

Compare Source

Release Notes for v9.1.1

Fixes

  • Fixed a termination crash on Web Workers with Node.js integration enabled. #​24464
  • Fixed an issue where webContents.print() would sometimes hang with invalid settings. #​24508
  • Fixed an issue where cpu and heap profiling in Node.js did not work properly with --cpu-prof, --heap-prof, and related CLI flags. #​24541
  • Fixed an issue where macOS window vibrancy active state did not always match the active state of the window. #​24533
  • Fixed broken --trace-sync-io flag in Node.js. #​24648
  • Fixed clipboard.readBuffer returning incorrect value. #​24469
  • Fixed potentially invalid duplex mode settings on Linux. #​24547

Other Changes

  • Fix: DCHECK failure in value.IsHeapObject() in objectsdebug.cc. (Chromium security issue 1084820). #​24566
  • Fix: XSS on chrome://histograms/ with a compromised renderer. (Chromium security issue 1073409). #​24625
  • Fix: crash when executing debugger.sendCommand. (Chromium security issue 1016278). #​24620
  • Fix: heap-use-after-free in content::NavigationRequest::OnWillProcessResponseProcessed. (Chromium security issue 1090543). #​24569
  • Fix: heap-use-after-free in ui::AXTreeSerializerblink (Chromium security issue 1065122). #​24557
  • Fix: iframe in victim page can detect Scroll To Text Fragment activation. (Chromium security issue 1042986). #​24624
  • Fix: integer overflow in GrTextBlob::Make. (Chromium security issue 1080481). #​24586
  • Fix: javascript URI sandbox flags aren't propagated in a blank string case. (Chromium security issue 1074340). #​24621
  • Fix: memcpy-param-overlap in AudioBuffer::copyFromChannel. (Chromium security issue 1081722). #​24582
  • Fix: remove leaks of post-redirect URL for <script> in the CSP reports and stacktraces of errors (Chromium security issue 1074317). #​24560
  • Fix: update webrtc root certificate. (Chromium security issue 978779). #​24617
  • Fix: upgrade SQLite to 3.32.1. (Chromium security issue 1087629). #​24554
  • Fix: use-after-free in devtools console. (Chromium security issue 986051). #​24614
  • Fix: use-of-uninitialized-value in amr_read_header. (Chromium security issue 1065731). #​24594
  • Fix: usrsctp is called with pointer as network address. (Chromium security issue 1076703). #​24563

Documentation

v9.1.0

Compare Source

Release Notes for v9.1.0

Features

  • Added support for MessagePort in the main process. #​24323
  • Added support for suspend and resume events to Windows. #​24283
  • Added support for suspend and resume events to macOS. #​24294
  • Expose sessionId associated with a target from debugger module. #​24398
  • Implemented systemPreferences.getMediaAccessStatus() on Windows. #​24312

Fixes

  • Fixed an intermittent high-CPU usage problem caused a system clock issue during sleep. #​24415
  • Fixed an issue where some old notifications were not properly removed from the Notification Center on macOS. #​24406
  • Fixed bug on macOS where the main window could be targeted for a focus event when it was disabled behind a modal. #​24354
  • If you want to rebase/retry this PR, check this box.

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by WhiteSource label Mar 25, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by WhiteSource
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants