dependabot[bot] opened a new pull request, #309: URL: https://github.com/apache/cordova-electron/pull/309
Bumps [electron](https://github.com/electron/electron) from 29.1.0 to 38.8.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/electron/electron/releases";>electron's releases</a>.</em></p> <blockquote> <h2>electron v38.8.6</h2> <h1>Release Notes for v38.8.6</h1> <blockquote> <p>[!WARNING] Electron 38.x.y has reached end-of-support as per the project's <a href="https://www.electronjs.org/docs/latest/tutorial/electron-timelines#version-support-policy";>support policy</a>. Developers and applications are encouraged to upgrade to a newer version of Electron.</p> </blockquote> <h2>Fixes</h2> <ul> <li>Added validation to protocol client methods to reject protocol names that do not conform to the RFC 3986 URI scheme grammar. <a href="https://redirect.github.com/electron/electron/pull/50157";>#50157</a> <!-- raw HTML omitted -->(Also in <a href="https://redirect.github.com/electron/electron/pull/50156";>39</a>, <a href="https://redirect.github.com/electron/electron/pull/50158";>40</a>, <a href="https://redirect.github.com/electron/electron/pull/50155";>41</a>)<!-- raw HTML omitted --></li> <li>Fixed an issue where <code>additionalData</code> passed to <code>app.requestSingleInstanceLock</code> on Windows could be truncated or fail to deserialize in the primary instance's <code>second-instance</code> event. <a href="https://redirect.github.com/electron/electron/pull/50177";>#50177</a> <!-- raw HTML omitted -->(Also in <a href="https://redirect.github.com/electron/electron/pull/50174";>39</a>, <a href="https://redirect.github.com/electron/electron/pull/50162";>40</a>, <a href="https://redirect.github.com/electron/electron/pull/50154";>41</a>)<!-- raw HTML omitted --></li> <li>Fixed an issue where invalid characters in custom protocol or webRequest response header values were not rejected. <a href="https://redirect.github.com/electron/electron/pull/50130";>#50130</a> <!-- raw HTML omitted -->(Also in <a href="https://redirect.github.com/electron/electron/pull/50129";>39</a>, <a href="https://redirect.github.com/electron/electron/pull/50131";>40</a>, <a href="https://redirect.github.com/electron/electron/pull/50132";>41</a>)<!-- raw HTML omitted --></li> <li>Fixed an issue where permission and device-chooser handlers received the top-level page origin instead of the requesting subframe's origin. <a href="https://redirect.github.com/electron/electron/pull/50151";>#50151</a> <!-- raw HTML omitted -->(Also in <a href="https://redirect.github.com/electron/electron/pull/50147";>39</a>, <a href="https://redirect.github.com/electron/electron/pull/50149";>40</a>, <a href="https://redirect.github.com/electron/electron/pull/50148";>41</a>)<!-- raw HTML omitted --></li> </ul> <h2>electron v38.8.4</h2> <h1>Release Notes for v38.8.4</h1> <h2>Fixes</h2> <ul> <li>Fixed memory leak when setting icons on Linux/GTK. <a href="https://redirect.github.com/electron/electron/pull/49897";>#49897</a> <!-- raw HTML omitted -->(Also in <a href="https://redirect.github.com/electron/electron/pull/49896";>39</a>, <a href="https://redirect.github.com/electron/electron/pull/49898";>40</a>, <a href="https://redirect.github.com/electron/electron/pull/49895";>41</a>)<!-- raw HTML omitted --></li> </ul> <h2>electron v38.8.2</h2> <h1>Release Notes for v38.8.2</h1> <h2>Other Changes</h2> <ul> <li>Backported fix for 483569511. <a href="https://redirect.github.com/electron/electron/pull/49792";>#49792</a></li> </ul> <h2>electron v38.8.1</h2> <h1>Release Notes for v38.8.1</h1> <h2>Fixes</h2> <ul> <li>Fixed an issue whereby a duplicate "Toggle Full Screen" menu item appeared in the View menu on macOS. <a href="https://redirect.github.com/electron/electron/pull/49596";>#49596</a> <!-- raw HTML omitted -->(Also in <a href="https://redirect.github.com/electron/electron/pull/49597";>39</a>, <a href="https://redirect.github.com/electron/electron/pull/49595";>40</a>, <a href="https://redirect.github.com/electron/electron/pull/49598";>41</a>)<!-- raw HTML omitted --></li> <li>Fixed dock menu items not respecting enabled and checked properties on macOS. <a href="https://redirect.github.com/electron/electron/pull/49627";>#49627</a> <!-- raw HTML omitted -->(Also in <a href="https://redirect.github.com/electron/electron/pull/49626";>39</a>, <a href="https://redirect.github.com/electron/electron/pull/49624";>40</a>, <a href="https://redirect.github.com/electron/electron/pull/49625";>41</a>)<!-- raw HTML omitted --></li> </ul> <h2>electron v38.8.0</h2> <h1>Release Notes for v38.8.0</h1> <h2>Fixes</h2> <ul> <li>Fixed an issue where <code>menu-did-close</code> was not emitted properly for some application menus. <a href="https://redirect.github.com/electron/electron/pull/49094";>#49094</a> <!-- raw HTML omitted -->(Also in <a href="https://redirect.github.com/electron/electron/pull/49093";>39</a>, <a href="https://redirect.github.com/electron/electron/pull/49092";>40</a>)<!-- raw HTML omitted --></li> <li>Fixed an issue where <code>systemPreferences.getAccentColor</code> inverted the color. <a href="https://redirect.github.com/electron/electron/pull/49066";>#49066</a> <!-- raw HTML omitted -->(Also in <a href="https://redirect.github.com/electron/electron/pull/49067";>37</a>, <a href="https://redirect.github.com/electron/electron/pull/48624";>39</a>)<!-- raw HTML omitted --></li> </ul> <h2>Other Changes</h2> <ul> <li>Updated Node.js to v22.22.0. <a href="https://redirect.github.com/electron/electron/pull/49388";>#49388</a></li> </ul> <h2>Unknown</h2> <ul> <li>Fixed an issue where some packages weren't correctly filtered on macOS in dialogs. <a href="https://redirect.github.com/electron/electron/pull/49471";>#49471</a> <!-- raw HTML omitted -->(Also in <a href="https://redirect.github.com/electron/electron/pull/49472";>39</a>, <a href="https://redirect.github.com/electron/electron/pull/49473";>40</a>, <a href="https://redirect.github.com/electron/electron/pull/49470";>41</a>)<!-- raw HTML omitted --></li> </ul> <h2>electron v38.7.2</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/electron/electron/commit/fbc489c43be82f0fc331560ae678a39aeaea38c8";><code>fbc489c</code></a> fix: validate protocol scheme names in <code>setAsDefaultProtocolClient</code> (<a href="https://redirect.github.com/electron/electron/issues/50157";>#50157</a>)</li> <li><a href="https://github.com/electron/electron/commit/af4f8352761358aad25db0ffeb8f858da4f7987e";><code>af4f835</code></a> fix: strictly validate sender for internal IPC reply channels (<a href="https://redirect.github.com/electron/electron/issues/50160";>#50160</a>)</li> <li><a href="https://github.com/electron/electron/commit/9d0c858be063ac1951965f2bf86829715a7888c6";><code>9d0c858</code></a> fix: validate USB device selection against filtered device list (<a href="https://redirect.github.com/electron/electron/issues/50159";>#50159</a>)</li> <li><a href="https://github.com/electron/electron/commit/e6e8269352f79b103b36d2fef21270aef093673c";><code>e6e8269</code></a> fix: potential UAF in <code>OnDownloadPathGenerated</code> (<a href="https://redirect.github.com/electron/electron/issues/50150";>#50150</a>)</li> <li><a href="https://github.com/electron/electron/commit/e17eef4d62bfaf128d8c1b17f1d0e212344888f8";><code>e17eef4</code></a> fix: read nodeIntegrationInWorker from per-frame WebPreferences (<a href="https://redirect.github.com/electron/electron/issues/50163";>#50163</a>)</li> <li><a href="https://github.com/electron/electron/commit/9ffc255d13414fae76044d235e3c877f08889c49";><code>9ffc255</code></a> fix: correct parsing of second-instance additionalData (<a href="https://redirect.github.com/electron/electron/issues/50177";>#50177</a>)</li> <li><a href="https://github.com/electron/electron/commit/07a1e9c77559bd9e2916eeb402c368bce47440a8";><code>07a1e9c</code></a> fix: prevent use-after-free in permission request callbacks (<a href="https://redirect.github.com/electron/electron/issues/50153";>#50153</a>)</li> <li><a href="https://github.com/electron/electron/commit/567435b94d5755a7782fea8b0abcbd8aac8d2e79";><code>567435b</code></a> fix: use requesting frame origin in permission helper and device choosers (<a href="https://redirect.github.com/electron/electron/issues/5";>#5</a>...</li> <li><a href="https://github.com/electron/electron/commit/5ee5aceaad3208e34a205b82b93ade48eb8c3fbb";><code>5ee5ace</code></a> fix: use proper quoting for exe paths and args on Windows (<a href="https://redirect.github.com/electron/electron/issues/50146";>#50146</a>)</li> <li><a href="https://github.com/electron/electron/commit/2d9288632f70c375c689f46d3de4b5eb76c1d040";><code>2d92886</code></a> fix: validate response header names and values before AddHeader (<a href="https://redirect.github.com/electron/electron/issues/50130";>#50130</a>)</li> <li>Additional commits viewable in <a href="https://github.com/electron/electron/compare/v29.1.0...v38.8.6";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/cordova-electron/network/alerts). </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
