Skip to content

chore(deps): update dependency electron to v35 [security]#287

Open
renovate[bot] wants to merge 1 commit intodevelopfrom
renovate/npm-electron-vulnerability
Open

chore(deps): update dependency electron to v35 [security]#287
renovate[bot] wants to merge 1 commit intodevelopfrom
renovate/npm-electron-vulnerability

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Oct 5, 2023
edited
Loading

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
electron ^11.0.0^35.0.0 age confidence

Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API

CVE-2021-39184 / GHSA-mpjm-v997-c4h4

More information

Details

Impact

This vulnerability allows a sandboxed renderer to request a "thumbnail" image of an arbitrary file on the user's system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases.

All current stable versions of Electron are affected.

Patches

This was fixed with #​30728, and the following Electron versions contain the fix:

  • 15.0.0-alpha.10
  • 14.0.0
  • 13.3.0
  • 12.1.0
  • 11.5.0
Workarounds

If your app enables contextIsolation, this vulnerability is significantly more difficult for an attacker to exploit.

Further, if your app does not depend on the createThumbnailFromPath API, then you can simply disable the functionality. In the main process, before the 'ready' event:

delete require('electron').nativeImage.createThumbnailFromPath
For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org.

Severity

  • CVSS Score: 6.8 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Renderers can obtain access to random bluetooth device without permission in Electron

CVE-2022-21718 / GHSA-3p22-ghq8-v749

More information

Details

Impact

This vulnerability allows renderers to obtain access to a random bluetooth device via the web bluetooth API if the app has not configured a custom select-bluetooth-device event handler. The device that is accessed is random and the attacker would have no way of selecting a specific device.

All current stable versions of Electron are affected.

Patches

This has been patched and the following Electron versions contain the fix:

  • 17.0.0-alpha.6
  • 16.0.6
  • 15.3.5
  • 14.2.4
  • 13.6.6
Workarounds

Adding this code to your app can workaround the issue.

app.on('web-contents-created', (event, webContents) => {
  webContents.on('select-bluetooth-device', (event, devices, callback) => {
    // Prevent default behavior
    event.preventDefault();
    // Cancel the request
    callback('');
  });
});

For more information
If you have any questions or comments about this advisory, email us at security@electronjs.org.

Severity

  • CVSS Score: 3.4 / 10 (Low)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

AutoUpdater module fails to validate certain nested components of the bundle

CVE-2022-29257 / GHSA-77xc-hjv8-ww97

More information

Details

Impact

This vulnerability allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components.

Please note that this kind of attack would require significant privileges in your own auto updating infrastructure and the ease of that attack entirely depends on your infrastructure security.

Patches

This has been patched and the following Electron versions contain the fix:

  • 18.0.0-beta.6
  • 17.2.0
  • 16.2.0
  • 15.5.0
Workarounds

There are no workarounds for this issue, please update to a patched version of Electron.

For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org

Severity

  • CVSS Score: 6.6 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Exfiltration of hashed SMB credentials on Windows via file:// redirect

CVE-2022-36077 / GHSA-p2jh-44qj-pf2v

More information

Details

Impact

When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as file://some.website.com/, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.

Patches

This issue has been fixed in all current stable versions of Electron. Specifically, these versions contain the fixes:

  • 21.0.0-beta.1
  • 20.0.1
  • 19.0.11
  • 18.3.7

We recommend all apps upgrade to the latest stable version of Electron.

Workarounds

If upgrading isn't possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the WebContents.on('will-redirect') event, for all WebContents:

app.on('web-contents-created', (e, webContents) => {
  webContents.on('will-redirect', (e, url) => {
    if (/^file:/.test(url)) e.preventDefault()
  })
})
For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org.

Credit

Thanks to user @​coolcoolnoworries for reporting this issue.

Severity

  • CVSS Score: 5.4 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Electron vulnerable to out-of-package code execution when launched with arbitrary cwd

CVE-2023-39956 / GHSA-7x97-j373-85x5

More information

Details

Impact

Apps that are launched as command line executables are impacted. E.g. if your app exposes itself in the path as myapp --help

Specifically this issue can only be exploited if the following conditions are met:

  • Your app is launched with an attacker-controlled working directory
  • The attacker has the ability to write files to that working directory

This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance. Please bear this in mind when reporting similar issues in the future.

Workarounds

There are no app side workarounds, you must update to a patched version of Electron.

Fixed Versions
  • 26.0.0-beta.13
  • 25.5.0
  • 24.7.1
  • 23.3.13
  • 22.3.19
For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org

Severity

  • CVSS Score: 6.1 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Electron affected by libvpx's heap buffer overflow in vp8 encoding

CVE-2023-5217 / GHSA-qqvq-6xgj-jw8g

More information

Details

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Severity

  • CVSS Score: 8.8 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

ASAR Integrity bypass via filetype confusion in electron

CVE-2023-44402 / GHSA-7m48-wc93-9g85

More information

Details

Impact

This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS.

Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the resources folder in your app installation on Windows which these fuses are supposed to protect against.

Workarounds

There are no app side workarounds, you must update to a patched version of Electron.

Fixed Versions
  • 27.0.0-alpha.7
  • 26.2.1
  • 25.8.1
  • 24.8.3
  • 22.3.24
For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org

Severity

  • CVSS Score: 6.1 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Electron vulnerable to Heap Buffer Overflow in NativeImage

CVE-2024-46993 / GHSA-6r2x-8pq8-9489

More information

Details

Impact

The nativeImage.createFromPath() and nativeImage.createFromBuffer() functions call a function downstream that is vulnerable to a heap buffer overflow. An Electron program that uses either of the affected functions is vulnerable to a buffer overflow if an attacker is in control of the image's height, width, and contents.

Workaround

There are no app-side workarounds for this issue. You must update your Electron version to be protected.

Patches
  • v28.3.2
  • v29.3.3
  • v30.0.3
For More Information

If you have any questions or comments about this advisory, email us at security@electronjs.org.

Severity

  • CVSS Score: 4.4 / 10 (Medium)
  • Vector String: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Electron has ASAR Integrity Bypass via resource modification

CVE-2025-55305 / GHSA-vmqv-hx8q-j7mg

More information

Details

Impact

This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted.

Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the resources folder in your app installation on Windows which these fuses are supposed to protect against.

Workarounds

There are no app side workarounds, you must update to a patched version of Electron.

Fixed Versions
  • 38.0.0-beta.6
  • 37.3.1
  • 36.8.1
  • 35.7.5
For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org

Severity

  • CVSS Score: 6.1 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Release Notes

electron/electron (electron)

v35.7.5: electron v35.7.5

Compare Source

Release Notes for v35.7.5

[!WARNING]
Electron 35.x.y has reached end-of-support as per the project's support policy. Developers and applications are encouraged to upgrade to a newer version of Electron.

Fixes

  • Fixed an issue where shell.openPath was not non-blocking as expected. #​48079 (Also in 36, 37, 38)

v35.7.4: electron v35.7.4

Compare Source

Release Notes for v35.7.4

  • Fix ffmpeg generation on Windows non-x64

v35.7.2: electron v35.7.2

Compare Source

Release Notes for v35.7.2

Fixes

  • Fixed an issue where printing PDFs with webContents.print({ silent: true }) would fail. #​47645 (Also in 36, 37)

v35.7.0: electron v35.7.0

Compare Source

Release Notes for v35.7.0

Other Changes

v35.6.0: electron v35.6.0

Compare Source

Release Notes for v35.6.0

Features

  • Added support for --no-experimental-global-navigator flag. #​47416 (Also in 36, 37)
  • Added support for customizing system accent color and highlighting of active window border. #​47539 (Also in 36, 37)

Fixes

  • Fixed a potential crash using session.clearData in some circumstances. #​47410 (Also in 36, 37)
  • Fixed an error when importing electron for the first time from an ESM module loaded by a CJS module in a packaged app. #​47344 (Also in 36, 37)
  • Fixed an issue where calling Fetch.continueResponse via debugger with WebContentsView could cause a crash. #​47443 (Also in 36, 37)
  • Fixed an issue where utility processes could leak file handles. #​47542 (Also in 36, 37)
  • Partially fixes an issue with printing a PDF via webContents.print() where the callback would not be called. #​47399 (Also in 36, 37)

Other Changes

v35.5.1: electron v35.5.1

Compare Source

Release Notes for v35.5.1

Fixes

  • Fixed addChildView() crashes when adding a closed WebContentsView. #​47339
  • Fixed crash in autoUpdater on macOS when zip extraction failed. #​47299 (Also in 34, 36, 37)
  • Fixed crash when pausing in loops due to missing context when desugared. #​47286

Other Changes

v35.5.0: electron v35.5.0

Compare Source

Release Notes for v35.5.0

Features

  • Added innerWidth and innerHeight options for window.open. #​47045 (Also in 36, 37)
  • Added sublabel functionality for menus on macOS >= 14.4. #​47041 (Also in 36, 37)
  • Added support for screen.dipToScreenPoint(point) and screen.screenToDipPoint(point) on Linux X11. #​47124 (Also in 36, 37)
  • Added support for node option --experimental-network-inspection. #​47029 (Also in 36, 37)

Fixes

  • Fixed a possible crash in shell.readShortcutLink. #​47226 (Also in 36)
  • Fixed an issue where protected transparent windows inappropriately showed a titlebar after visibility change. #​47265 (Also in 36, 37)
  • Fixed an issue where the 'suspend' and 'resume' events could be emitted in duplicate. #​47190 (Also in 36, 37)
  • Fixed an issue where the backgroundMaterial feature did not work in a frameless window on initial window creation. #​47236 (Also in 36)
  • Fixed opening package paths as directory when treatPackageAsDirectory is enabled on macOS. #​47110 (Also in 36, 37)
  • Fixed regression with directory selection in macOS dialogs. #​47276 (Also in 36, 37)

Other Changes

v35.4.0: electron v35.4.0

Compare Source

Release Notes for v35.4.0

Features

  • Added support for system-context-menu on Linux. #​46977 (Also in 36)

Fixes

  • Fixed a possible crash using the WebView tag and calling focus. #​47035 (Also in 36, 37)
  • Fixed an issue where the window flickers with either a light or dark color before loading the desired background color. #​47052 (Also in 36, 37)
  • Fixed crash in xdg portal version detection on startup. #​47025 (Also in 36, 37)
  • Restored previous window-hiding behavior of win.setContentProtected() on Windows. #​47034 (Also in 36, 37)

Other Changes

v35.3.0: electron v35.3.0

Compare Source

Release Notes for v35.3.0

Fixes

  • Fixed a crash that could occur when opening some dialogs as windows are closing on macOS. #​46953 (Also in 36, 37)
  • Fixed an issue where transparent child windows on macOS were rendering a grey block as opposed to their correct contents. #​46889 (Also in 36, 37)
  • Fixed display id validation errors on certain versions of windows 10. #​46873
  • Fixed log files written to the current working directory on Windows. #​46911 (Also in 36, 37)
  • Fixed xdg portal version detection for file dialogs on linux. #​46936 (Also in 36, 37)

Other Changes

  • Added support for --js-flags=--perf-prof on macOS. #​46877 (Also in 36)

v35.2.2: electron v35.2.2

Compare Source

Release Notes for v35.2.2

Fixes

  • Fixed electron.shell.openExternal and electron.shell.openPath to honor user-defined system defaults on Linux. #​46789 (Also in 33, 34, 36)
  • Fixed a possible crash when using navigator.bluetooth.requestDevice and the select-bluetooth-device event. #​46784 (Also in 34, 36)
  • Fixed a potential crash when closing a window with child windows. #​46774 (Also in 34, 36)
  • Fixed build error with enable_electron_extensions=false. #​46840 (Also in 34, 36)
  • Fixed crash when renderer process crashes while webview is reloading. #​46769 (Also in 34, 36)
  • Fixed documentation to mark Window.autoHideMenuBar as supported on Linux and Windows. #​46829 (Also in 34, 36)
  • Fixed the visibleOnAllWorkspaces property on Linux. #​46861
  • Fixed the border style of windows with vibrancy on macOS. #​46772 (Also in 36)
  • Fixed the issue where maximizing and restoring the window does not respect the corner radius settings, and the corner radius is incorrect in fullscreen mode. #​46847 (Also in 36)

v35.2.1: electron v35.2.1

Compare Source

Release Notes for v35.2.1

Fixes

  • Fixed Minimize menu button to follow set window minimizability on Windows. #​46715 (Also in 34, 36)
  • Fixed a potential crash in utilityProcess.postMessage when calling with an invalid transferable. #​46666 (Also in 36)
  • Fixed case where file dialog filters would get mixed up, if a * filter was included. #​46721 (Also in 34, 36)
  • Fixed crash on reconversion with google IME and editcontext on macOS. #​46700 (Also in 34, 36)
  • Microtasks are no longer (incorrectly) run by serializing values, including when sending IPC. #​46684 (Also in 34, 36)

v35.2.0: electron v35.2.0

Compare Source

Release Notes for v35.2.0

Features

  • Added nativeTheme.shouldUseDarkColorsForSystemIntegratedUI to distinguish system and app theme. #​46599 (Also in 36)

Fixes

  • Fixed ElectronAccessibilityUI bug. #​46591 (Also in 33, 34, 36)
  • Fixed a possible BrowserWindow crash caused by closing a parent window with focus or blur events. #​46581 (Also in 34, 36)
  • Fixed an error when calling window.emit('close') after toggling fullscreen mode. #​46620 (Also in 36)
  • Fixed an inverted conditional in the above PR that caused broken window borders in some circumstances on Wayland. #​46644 (Also in 33, 34, 36)
  • Fixed an issue where badly formatted switches could cause crashes in app.commandLine functions. #​46631 (Also in 36)
  • Fixed an issue with --inspect-brk failing in packaged apps. #​46583 (Also in 36)
  • Fixed an issue with the assert Node.js module in the renderer process. #​46632 (Also in 36)
  • Fixed several paint and white flash issues on macOS. #​46628 (Also in 36)

Other Changes

  • Fixed an issue where printing from the renderer process crashes the main process when no printers are installed in the system or there's not a default printer. #​46616 (Also in 34, 36)
  • Updated Chromium to 134.0.6998.205. #​46655

v35.1.5: electron v35.1.5

Compare Source

Release Notes for v35.1.5

Fixes

  • Fixed a potential crash in parentPort. #​46495 (Also in 34, 36)

Unknown

v35.1.4: electron v35.1.4

Compare Source

Release Notes for v35.1.4

Fixes

  • Fix: don't copy 'package.json's out of ASAR file. #​46478 (Also in 36)
  • Fixed a bug that could cause some maximized windows on Linux to report an incorrect window state. #​46464 (Also in 34, 36)
  • Fixed a possible crash using Node.js on some arm32 devices. #​46461 (Also in 36)
  • Fixed crash on application exit with pending app.getGPUInfo promise. #​46470 (Also in 34, 36)

v35.1.3: electron v35.1.3

Compare Source

Release Notes for v35.1.3

Fixes

  • Fixed a crash that could occur when dragging and dropping files into the browser. #​46311 (Also in 36)
  • Fixed an issue where context-menu event weren't emitted as expected on Windows in draggable regions. #​46334 (Also in 34, 36)
  • Fixed an issue where calling UtilityProcess.fork prior to the app ready event would cause a crash. #​46403 (Also in 34, 36)
  • Fixed flickering and ghosting artifacts in transparent windows on macOS. #​46392 (Also in 36)
  • Fixed memory leak in AutofillPopupView. #​46413 (Also in 34, 36)
  • Fixed the issue where rounded corners disappear momentarily when closing on Windows 11. #​46408 (Also in 36)
  • When a menu item on macOS is disabled (enabled = false), it is now greyed out. #​46341 (Also in 34, 36)

Other Changes

  • Updated Chromium to 134.0.6998.179. #​46313

v35.1.2: electron v35.1.2

Compare Source

Release Notes for v35.1.2

Fixes

  • Fixed an issue where navigationHistory.restore() failed to restore the userAgent if it was overridden. #​46300 (Also in 34, 36)

Other Changes

v35.1.1: electron v35.1.1

Compare Source

Release Notes for v35.1.1

Fixes

  • Fixed build failure when building with printing disabled. #​46285 (Also in 34, 36)

v35.1.0: electron v35.1.0

Compare Source

Release Notes for v35.1.0

Features

  • Added ffmpeg.dll to delay load configuration. #​46172 (Also in 34, 36)

Fixes

  • Fixed NODE_OPTIONS parsing for child processes on macOS. #​46244 (Also in 34, 36)
  • Fixed a crash seen on Linux when calling webContents.print(). #​46147 (Also in 36)
  • Fixed an issue where system-context-menu incorrectly fired for all regions in frameless windows. #​46178 (Also in [33](https://r

Note

PR body was truncated to here.

@renovate renovate Bot requested a review from kristjank as a code owner October 5, 2023 19:10
@renovate
Copy link
Copy Markdown
Contributor Author

renovate Bot commented Oct 5, 2023
edited
Loading

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json
npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: ang-jsoneditor@1.10.4
npm ERR! Found: jsoneditor@9.1.9
npm ERR! node_modules/jsoneditor
npm ERR!   jsoneditor@"^9.0.0" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer jsoneditor@"^7.0.2" from ang-jsoneditor@1.10.4
npm ERR! node_modules/ang-jsoneditor
npm ERR!   ang-jsoneditor@"^1.10.0" from the root project
npm ERR! 
npm ERR! Conflicting peer dependency: jsoneditor@7.5.0
npm ERR! node_modules/jsoneditor
npm ERR!   peer jsoneditor@"^7.0.2" from ang-jsoneditor@1.10.4
npm ERR!   node_modules/ang-jsoneditor
npm ERR!     ang-jsoneditor@"^1.10.0" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /tmp/renovate/cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate/cache/others/npm/_logs/2024-02-24T03_57_00_478Z-debug-0.log

@renovate renovate Bot changed the title chore(deps): update dependency electron to v22 [security] chore(deps): update dependency electron to v22 [security] - autoclosed Feb 24, 2024
@renovate renovate Bot closed this Feb 24, 2024
@renovate renovate Bot deleted the renovate/npm-electron-vulnerability branch February 24, 2024 01:34
@renovate renovate Bot changed the title chore(deps): update dependency electron to v22 [security] - autoclosed chore(deps): update dependency electron to v22 [security] Feb 24, 2024
@renovate renovate Bot reopened this Feb 24, 2024
@renovate renovate Bot restored the renovate/npm-electron-vulnerability branch February 24, 2024 03:56
@renovate renovate Bot force-pushed the renovate/npm-electron-vulnerability branch from 7f6d15d to 8005bfb Compare February 24, 2024 03:57
@renovate renovate Bot force-pushed the renovate/npm-electron-vulnerability branch from 8005bfb to 1181f78 Compare July 1, 2025 00:16
@renovate renovate Bot changed the title chore(deps): update dependency electron to v22 [security] chore(deps): update dependency electron to v28 [security] Jul 1, 2025
@renovate
Copy link
Copy Markdown
Contributor Author

renovate Bot commented Jul 1, 2025
edited
Loading

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json
npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: ang-jsoneditor@1.10.4
npm ERR! Found: jsoneditor@9.1.9
npm ERR! node_modules/jsoneditor
npm ERR!   jsoneditor@"^9.0.0" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer jsoneditor@"^7.0.2" from ang-jsoneditor@1.10.4
npm ERR! node_modules/ang-jsoneditor
npm ERR!   ang-jsoneditor@"^1.10.0" from the root project
npm ERR! 
npm ERR! Conflicting peer dependency: jsoneditor@7.5.0
npm ERR! node_modules/jsoneditor
npm ERR!   peer jsoneditor@"^7.0.2" from ang-jsoneditor@1.10.4
npm ERR!   node_modules/ang-jsoneditor
npm ERR!     ang-jsoneditor@"^1.10.0" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /runner/cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /runner/cache/others/npm/_logs/2026-04-29T17_10_13_026Z-debug-0.log

@renovate renovate Bot force-pushed the renovate/npm-electron-vulnerability branch from 1181f78 to c69a16b Compare September 4, 2025 02:39
@renovate renovate Bot changed the title chore(deps): update dependency electron to v28 [security] chore(deps): update dependency electron to v35 [security] Sep 4, 2025
@renovate renovate Bot changed the title chore(deps): update dependency electron to v35 [security] chore(deps): update dependency electron to v35 [security] - autoclosed Mar 27, 2026
@renovate renovate Bot closed this Mar 27, 2026
@renovate renovate Bot deleted the renovate/npm-electron-vulnerability branch March 27, 2026 02:51
@renovate renovate Bot changed the title chore(deps): update dependency electron to v35 [security] - autoclosed chore(deps): update dependency electron to v35 [security] Mar 31, 2026
@renovate renovate Bot reopened this Mar 31, 2026
@renovate renovate Bot force-pushed the renovate/npm-electron-vulnerability branch 2 times, most recently from c69a16b to 66c7933 Compare March 31, 2026 17:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kristjank kristjank Awaiting requested review from kristjank kristjank is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants