Skip to content

chore(deps): update dependency electron to v35.7.5 [security] #136

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update dependency electron to v35.7.5 [security] #136

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Sep 6, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
electron 35.4.035.7.5 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2025-55305

Impact

This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted.

Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the resources folder in your app installation on Windows which these fuses are supposed to protect against.

Workarounds

There are no app side workarounds, you must update to a patched version of Electron.

Fixed Versions

  • 38.0.0-beta.6
  • 37.3.1
  • 36.8.1
  • 35.7.5

For more information

If you have any questions or comments about this advisory, email us at [email protected]

Release Notes

electron/electron (electron)

v35.7.5: electron v35.7.5

Compare Source

Release Notes for v35.7.5

[!WARNING]
Electron 35.x.y has reached end-of-support as per the project's support policy. Developers and applications are encouraged to upgrade to a newer version of Electron.

Fixes

  • Fixed an issue where shell.openPath was not non-blocking as expected. #​48079 (Also in 36, 37, 38)

v35.7.4: electron v35.7.4

Compare Source

Release Notes for v35.7.4

  • Fix ffmpeg generation on Windows non-x64

v35.7.2: electron v35.7.2

Compare Source

Release Notes for v35.7.2

Fixes

  • Fixed an issue where printing PDFs with webContents.print({ silent: true }) would fail. #​47645 (Also in 36, 37)

v35.7.0: electron v35.7.0

Compare Source

Release Notes for v35.7.0

Other Changes

v35.6.0: electron v35.6.0

Compare Source

Release Notes for v35.6.0

Features

  • Added support for --no-experimental-global-navigator flag. #​47416 (Also in 36, 37)
  • Added support for customizing system accent color and highlighting of active window border. #​47539 (Also in 36, 37)

Fixes

  • Fixed a potential crash using session.clearData in some circumstances. #​47410 (Also in 36, 37)
  • Fixed an error when importing electron for the first time from an ESM module loaded by a CJS module in a packaged app. #​47344 (Also in 36, 37)
  • Fixed an issue where calling Fetch.continueResponse via debugger with WebContentsView could cause a crash. #​47443 (Also in 36, 37)
  • Fixed an issue where utility processes could leak file handles. #​47542 (Also in 36, 37)
  • Partially fixes an issue with printing a PDF via webContents.print() where the callback would not be called. #​47399 (Also in 36, 37)

Other Changes

v35.5.1: electron v35.5.1

Compare Source

Release Notes for v35.5.1

Fixes

  • Fixed addChildView() crashes when adding a closed WebContentsView. #​47339
  • Fixed crash in autoUpdater on macOS when zip extraction failed. #​47299 (Also in 34, 36, 37)
  • Fixed crash when pausing in loops due to missing context when desugared. #​47286

Other Changes

v35.5.0: electron v35.5.0

Compare Source

Release Notes for v35.5.0

Features

  • Added innerWidth and innerHeight options for window.open. #​47045 (Also in 36, 37)
  • Added sublabel functionality for menus on macOS >= 14.4. #​47041 (Also in 36, 37)
  • Added support for screen.dipToScreenPoint(point) and screen.screenToDipPoint(point) on Linux X11. #​47124 (Also in 36, 37)
  • Added support for node option --experimental-network-inspection. #​47029 (Also in 36, 37)

Fixes

  • Fixed a possible crash in shell.readShortcutLink. #​47226 (Also in 36)
  • Fixed an issue where protected transparent windows inappropriately showed a titlebar after visibility change. #​47265 (Also in 36, 37)
  • Fixed an issue where the 'suspend' and 'resume' events could be emitted in duplicate. #​47190 (Also in 36, 37)
  • Fixed an issue where the backgroundMaterial feature did not work in a frameless window on initial window creation. #​47236 (Also in 36)
  • Fixed opening package paths as directory when treatPackageAsDirectory is enabled on macOS. #​47110 (Also in 36, 37)
  • Fixed regression with directory selection in macOS dialogs. #​47276 (Also in 36, 37)

Other Changes

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from 8904fd1 to 44c0efc Compare September 25, 2025 18:43
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from 44c0efc to 2504ae2 Compare October 21, 2025 10:35
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from 2504ae2 to c0ceae8 Compare November 10, 2025 19:52
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from c0ceae8 to c38c778 Compare November 18, 2025 20:05
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from c38c778 to bd72c3c Compare December 3, 2025 19:54
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from bd72c3c to d97edb4 Compare December 31, 2025 17:12
@renovate renovate bot force-pushed the renovate/npm-electron-vulnerability branch from d97edb4 to 21a7ea4 Compare January 8, 2026 17:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant