🚨 [security] Upgrade electron: 16.0.9 → 17.3.0 (major)

[depfu]

---

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

---

Here is everything you need to know about this upgrade. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ electron (16.0.9 → 17.3.0) · Repo

Security Advisories 🚨

🚨 Renderers can obtain access to random bluetooth device without permission in Electron

Impact

This vulnerability allows renderers to obtain access to a random bluetooth device via the web bluetooth API if the app has not configured a custom select-bluetooth-device event handler. The device that is accessed is random and the attacker would have no way of selecting a specific device.

All current stable versions of Electron are affected.

Patches

This has been patched and the following Electron versions contain the fix:

• 17.0.0-alpha.6
• 16.0.6
• 15.3.5
• 14.2.4
• 13.6.6

Workarounds

Adding this code to your app can workaround the issue.

app.on('web-contents-created', (event, webContents) => {
  webContents.on('select-bluetooth-device', (event, devices, callback) => {
    // Prevent default behavior
    event.preventDefault();
    // Cancel the request
    callback('');
  });
});

For more information
If you have any questions or comments about this advisory, email us at [email protected].

Release Notes

17.3.0

Release Notes for v17.3.0

Features

• Added nativeTheme.inForcedColorsMode API to allow detecting forced color mode. #33358 (Also in 15, 16, 18)

Fixes

• Fix: initialize asar support in worker threads. #33395 (Also in 18)
• Fixed maximizing frameless windows by double-clicking on a draggable (title bar) region. #33445 (Also in 15, 16, 18)
• Fixed slowness when using child_process.spawn and related methods on macOS Big Sur and newer. #33408 (Also in 16, 18)
• Fixed the IncrementCapturerCount regression introduced by 13.0.0-beta.21. #33430 (Also in 18)

Other Changes

• Updated Chromium to 98.0.4758.141. #33483

17.2.0

Release Notes for v17.2.0

Features

• Added ses.setCodeCachePath() API for setting code cache directory. #33285 (Also in 18)

Fixes

• Fire 'show' event when a BrowserWindow is shown via maximize(). #33213 (Also in 16, 18)
• Fixed a network service crash that could occur when using setCertificateVerifyProc. #33254 (Also in 18)
• Fixed an issue where BrowserView layout bounds where limited to it's visible bounds. #33398 (Also in 18)
• Fixed an issue where Chrome DevTools settings didn't persist between loads. #33273 (Also in 18)
• Fixed an issue where clicking "Open in Containing Folder" in the Sources tab in Devtools caused a crash. #33196 (Also in 16, 18)
• Fixed broken event loop in renderer process when process reuse is enabled on windows platform. #33362 (Also in 16, 18)
• Fixed crash in the render process on reload with pending node fs.promises. #33335 (Also in 15, 16, 18)
• Fixed drag regions on WCO windows on Windows. #33201 (Also in 15, 16, 18)
• Fixed incorrect external memory allocation tracking in nativeImage module. #33306 (Also in 15, 16, 18)
• Theoretical fix for a crash we're seeing when closing multiple child windows at the same time on macOS. #33283 (Also in 18)

Other Changes

• Fixed an issue where adding/removing display changes the BrowserWindow size. #33251 (Also in 14, 15, 16, 18)
• Fixed an issue where moving a window created in a scaled display to a regular display would increase the window size. #33231

17.1.2

Release Notes for v17.1.2

Fixes

• Fixed an issue where setting window maxHeight or maxWidth made it so the width and height could no longer be resized. #33118 (Also in 18)
• Strip crashpad_handler binary on Linux, reducing bundle size. #33176 (Also in 15, 16, 18)

17.1.1

Release Notes for v17.1.1

Fixes

• Fixed an issue where alternateImages did not work properly on macOS. #33105 (Also in 15, 16, 18)
• Fixed an issue where the Tray could get garbage collected incorrectly under some circumstances. #33076 (Also in 15, 16, 18)
• Fixed an occasional crash on Mac when spawning a child process. #33116 (Also in 18)
• Fixed broken transparency option in offscreen window rendering. #33052 (Also in 16, 18)

Other Changes

• Updated Chromium to 98.0.4758.109. #33085

17.1.0

Release Notes for v17.1.0

Features

• Added height option for Windows Control Overlay. #32939

Fixes

• Fixed BrowserWindow.showInactive restoring a maximized window to non-maximized on Windows. #33021 (Also in 16, 18)
• Fixed a crash that occurred when a user attempted to print a document either with window.print(), the print button in the PDF viewer, or with BrowserWindow.webContents() and clicked cancel in the resulting print dialog. #33015
• Fixed an issue where webContents.openDevTools({ mode }) did not work for certain dock positions. #32945 (Also in 18)
• Fixed an issue where webContents.savePage failed when passing a relative path instead of an absolute one. #33016 (Also in 15, 16, 18)
• Fixed command string registered via setAsDefaultProtocolClient on windows. #33012 (Also in 14, 15, 16, 18)
• Fixed stale renderer process when application is quit while renderer is busy. #32970 (Also in 14, 15, 16, 18)

Other Changes

• Chore: backport EPROTOTYPE fixes from libuv. #32943 (Also in 16, 18)
• Updated Chromium to 98.0.4758.102. #32906

17.0.1

Release Notes for v17.0.1

Fixes

• Fixed an issue where frameless windows on Windows would incorrectly show a small frame during the loading process. #32707 (Also in 14, 15, 16, 18)
• Fixed effect when hovering over window controls on Windows in a WCO-enabled window. #32719 (Also in 14, 15, 16, 18)
• Fixed possible race conditions between frame state and electron ipc. #32815

Other Changes

• Updated Chromium to 98.0.4758.82. #32832

17.0.0

Release Notes for v17.0.0

Stack Upgrades

• Chromium 98.0.4758.74
  • New in 98
  • New in 97
• Node V16.13.0
  • v16.13.0 release notes
  • v16.12.0 release notes
  • v16.11.0 release notes
  • v16.10.0 release notes
• V8 v9.8
  • V8 9.7 blog post

Breaking Changes

• desktopCapturer.getSources is now only available in the main process. #30720

Features

Additions

• Added WebHID support. #30213 (Also in 15, 16)
• Added commandLine.removeSwitch to allow apps to remove command line switches from Chromiums internal command line representation. #30933 (Also in 15, 16)
• Added textWidth option to dialog.showMessageBox() / dialog.showMessageBoxSync(). #30474 (Also in 15, 16)
• Added webContents.getMediaSourceId(), can be used with getUserMedia to get a stream for a WebContents. #31204
• Added missing info to in-app purchase's transaction and product structures. #32602
• Added new data parameter to app.requestSingleInstanceLock(). #30891 (Also in 16)
• Added warning when ipcRenderer.sendSync() is called with no listeners for channel on ipcMain. #31344 (Also in 13, 14, 15, 16)
• Began passing securityOrigin in details for permission request handlers for media requests in addition to permission check handlers. #31357 (Also in 13, 14, 15, 16)
• Support obsolete blowfish ciphers bf-{cbc,cfb,ecb} through the Node.js crypto API. #32439

Removed/Deprecated

• Deprecates webContents.getPrinters() and introduces webContents.getPrintersAsync(). #31023

Fixes

• Fixed maxWidth not working in BrowserWindow constructor options. #32637
• Fixed VoiceOver not reading typed words correctly in MAS builds. #32567
• Fixed a crash when starting VoiceOver on macOS. #32578
• Fixed a potential crash in v8 by using allocation type: kOld in v8 ScriptOrModule legacy lifetime. #32355
• Fixed an issue where calling screen capture on macOS does not properly release underlying OS capture mechanisms. #32464
• Fixed issue where not all serial devices were exposed to the handler specified by session.setDevicePermissionHandler. #32685
• Fixed an issue with transparent windows failing to fire the maximize and unmaximize events on Windows. #32690
• Fixed draggable regions not updating unless a relayout occurs. #32638

Also in earlier versions....

• Allowed specifying x64 arch on Mac Rosetta via npm_config_arch. #32382 (Also in 15, 16)
• Assertion failure happening in the showSaveDialogSync() code path has been fixed. (Fixes #31997). #32083 (Also in 14, 15, 16)
• Bug fixed for registering protocol in windows which used to set invalid command if the execution path included space. #32329 (Also in 14, 15, 16)
• Changed WebHID to use disable-hid-blocklist flag to enable FIDO devices. #31626 (Also in 15, 16)
• Enables support for navigator.keyboard.lock(). #31572 (Also in 16)
• Fixed "Failed to serialize arguments" error when emitting 'context-menu' event for webview. #31259 (Also in 15, 16)
• Fixed Let's Encrypt DST Root CA X3 certificate expiration. #31213 (Also in 12, 13, 14, 15, 16)
• Fixed <webview> background transparency regression. #31722 (Also in 16)
• Fixed BrowserView.setBackgroundColor() not working correctly. #31746 (Also in 16)
• Fixed clipboard.writeBuffer(), clipboard.readBuffer() and clipboard.read()'s ability to manipulate platform-specific clipboard formats. #31116 (Also in 15, 16)
• Fixed window.open not overriding parent's webPreferences. #32107 (Also in 15, 16)
• Fixed a JavaScript exception from webContents if render frame was disposed in WebFrameMain, resets the value of render_frame_disposed_ after updating render frame host. #31401 (Also in 14, 15, 16)
• Fixed a crash caused by app.getLocaleCountryCode(). #32322 (Also in 15, 16)
• Fixed a crash that occurred when user attempted to download an edited PDF. #32539 (Also in 15, 16)
• Fixed a crash when a BrowserWindow is closed subsequent to its webContents being destroyed. #31620 (Also in 14, 15, 16)
• Fixed a potential crash when importing media files or custom file types. #31884 (Also in 16)
• Fixed a potential crash when setting nativeTheme.themeSource on macOS. #31329 (Also in 14, 15, 16)
• Fixed a potential issue when setting backgroundColor on BrowserViews. #31948 (Also in 14, 15, 16)
• Fixed a tracing agent-related crash when initializing Node.js in service workers. #31459 (Also in 14, 15, 16)
• Fixed an issue that the alert() dialog title is corrupted. #32469 (Also in 14, 15, 16)
• Fixed an issue where BrowserView dragging behavior was inconsistent with MacOS window dragging. #31114 (Also in 13, 14, 15, 16)
• Fixed an issue where BrowserView may sometimes crash on browserView.webContents.destroy(). #31796 (Also in 15, 16)
• Fixed an issue where BrowserViews crashed if view.webContents.destroy() is called after loading a URL. #31794 (Also in 14, 15, 16)
• Fixed an issue where Content-Disposition filenames would be incorrectly truncated at the first comma for a filename attachment which contained one. #31669 (Also in 13, 14, 15, 16)
• Fixed an issue where MediaMetadata did not work properly. #31492 (Also in 13, 14, 15, 16)
• Fixed an issue where app.getPath('crashDumps') returned an incorrect path for Linux. #31668 (Also in 15, 16)
• Fixed an issue where clipboard.read() could cause crashes with custom clipboard formats. #31566 (Also in 15, 16)
• Fixed an issue where ipcRenderer.postMessage would throw errors when the transfer argument was not passed. #32459 (Also in 14, 15, 16)
• Fixed an issue where button labels in file choosers were improperly localized on Linux. #30888 (Also in 14, 15, 16)
• Fixed an issue where changes to draggable regions in a BrowserWindow incorrectly affected those in an attached BrowserView. #31085 (Also in 13, 14, 15, 16)
• Fixed an issue where frameless vibrant windows would not show transparency correctly on macOS. #32649 (Also in 16)
• Fixed an issue where if backgroundColor was set to undefined, vibrancy failed to work and the backgroundColor would show up as white. #32653 (Also in 16)
• Fixed an issue where out-of-focus BrowserViews could not be immediately dragged. #31062 (Also in 13, 14, 15, 16)
• Fixed an issue where playing media would open Accessibility permissions dialog on macOS. #31805 (Also in 15, 16)
• Fixed an issue where some calls to crypto.createPrivateKey made with algorithms unsupported by BoringSSL cause a crash when invoking methods on their return values. #31087 (Also in 15, 16)
• Fixed an issue where the 'maximize' and 'unmaximize' events didn't fire properly on linux. #32492 (Also in 14, 15, 16)
• Fixed an issue where transparency was not always set correctly on webContents. #31685 (Also in 16)
• Fixed an issue where windows with vibrancy types set on them would incorrectly have a white instead of transparent background. #31493 (Also in 16)
• Fixed an issue which caused print settings to not work properly when printing silently. #31489 (Also in 13, 14, 15, 16)
• Fixed an potential crash in WebContents::MessageTo when a render frame has been destroyed. #31289 (Also in 13, 14, 15, 16)
• Fixed aspect ratio resize for frameless windows on macOS. #32447 (Also in 15, 16)
• Fixed behaviour on posix when passing lists into app.requestSingleInstanceLock(additionalData) API. #31661 (Also in 16)
• Fixed black border around the page after resizing is disabled. #31021 (Also in 13, 14, 15, 16)
• Fixed black window when screen capturing a content-protected BrowserWindow on Windows 10. #31340 (Also in 13, 14, 15, 16)
• Fixed clipboard.read to once again work like clipboard.readBuffer. #31623 (Also in 15, 16)
• Fixed console windows from ELECTRON_RUN_AS_NODE instances. #31972 (Also in 16)
• Fixed crash caused by GetHostNameW on Windows 7. #31804 (Also in 16)
• Fixed crash caused by double free when destroying WebContents. #31104 (Also in 14, 15, 16)
• Fixed crash in GTK open dialog when trying to preview huge image files. #31799 (Also in 14, 15, 16)
• Fixed crash in v8 due to (Check failed: !regexp_stack_->is_in_use()). #31102 (Also in 13, 14, 15, 16)
• Fixed crash when calling webContents.setZoomFactor(1.0). #32621 (Also in 13, 14, 15, 16)
• Fixed crash when changing zoom level for webview. #31350 (Also in 14, 15, 16)
• Fixed crash when playing media files on Windows 7/8 or macOS 10.11/10.12. #32214 (Also in 13, 14, 15, 16)
• Fixed crash when using singleton api with packaged apps on macOS. #31608 (Also in 16)
• Fixed crash when using sync dialog APIs immediately after async dialog APIs. #31606 (Also in 15, 16)
• Fixed default label text in GTK dialogs. #31798 (Also in 14, 15, 16)
• Fixed default setting used when setting an insecure cookie on a secure site. #31800 (Also in 16)
• Fixed event with invalid timestamp in trace log. #31349 (Also in 14, 15, 16)
• Fixed incorrect skipTransformProcessType option parsing in win.setVisibleOnAllWorkspaces(). #32398 (Also in 13, 14, 15, 16)
• Fixed issue where non-resizable frameless windows aren't draggable. #30925 (Also in 13, 14, 15, 16)
• Fixed minimized BrowserWindow being restored by BrowserWindow.unmaximize(). #32496 (Also in 14, 15, 16)
• Fixed possible 'Object has been destroyed' error when calling window.open with a frame name and using setWindowOpenHandler. #31208 (Also in 14, 15, 16)
• Fixed potential crash on Windows and Linux when using desktopCapturer.getSources. #32070 (Also in 16)
• Fixed regression where console windows would open for execSync and some spawnSync calls for Windows users. #32378 (Also in 16)
• Fixed respecting aspect ratio when maximum size is set on BrowserWindow. #31958 (Also in 14, 15, 16)
• Fixed window frame glitch when calling setContentProtection. #31768 (Also in 14, 16)
• Fixed windows with roundedCorners: false unable to be closed. #32612 (Also in 15, 16)
• Generate valid config.gypi file in Node.js headers. #31404 (Also in 14, 15, 16)
• Having a secure CSP will no longer cause a CSP violation warning to appear in console. #30991 (Also in 16)
• Removes several Chromium private enterprise APIs from Mac Apple Store builds. #31482 (Also in 12, 13, 14, 15, 16)
• Strip symbols from crashpad_handler binary on Linux, reducing bundle size. #32549 (Also in 15, 16)
• The <webview> implementation was made more robust, it no longer breaks when will-attach-webview handler modifies the internal params.instanceId. #32430 (Also in 16)
• ~/.config/{App Name} will no longer be incorrectly deleted if it is a symlink on unix systems. #31777 (Also in 16)

Other Changes

• Changed Web Serial to use ses.setDevicePermissionHandler to allow developers more control over Web Serial permissioning. #31181 (Also in 15, 16)

Documentation

• Documentation changes
  • #32449

End of Support for 13.x.y

Electron 13.x.y has reached end-of-support. As per Electron's new 8-week cadence, we are supporting the latest four versions of Electron until May 2022, with the release of Electron 19. After Electron 19 is released, we'll return to supporting the latest three major versions, as well as the alpha, beta, and nightly releases.

E17 (Feb'22)	E18 (Mar'22)	E19 (May'22)
17.x.y	18.x.y	19.x.y
16.x.y	17.x.y	18.x.y
15.x.y	16.x.y	17.x.y
14.x.y	15.x.y	--

16.0.10

Release Notes for v16.0.10

Fixes

• Fixed BrowserWindow.showInactive restoring a maximized window to non-maximized on Windows. #33020 (Also in 17, 18)
• Fixed an issue where webContents.savePage failed when passing a relative path instead of an absolute one. #33017 (Also in 15, 17, 18)
• Fixed broken transparency option in offscreen window rendering. #33051
• Fixed command string registered via setAsDefaultProtocolClient on windows. #33010 (Also in 14, 15, 17, 18)
• Fixed stale renderer process when application is quit while renderer is busy. #32969 (Also in 14, 15, 17, 18)

Other Changes

• Backported fix for CVE-2022-0609. #32900
• Backported fix for CVE-2022-0610. #32918
• Chore: backport EPROTOTYPE fixes from libuv. #32942 (Also in 17, 18)
• Security: backported fix for CVE-2022-0607. #32916
• Security: backported fix for chromium:1039885. #32803
• Security: backported fix for chromium:1258603. #32809
• Security: backported fix for chromium:1262967. #32807
• Security: backported fix for chromium:1267426. #32805
• Security: backported fix for chromium:1267627. #32806
• Security: backported fix for chromium:1274376. #32808
• Security: backported fix for chromium:1289384. #32911
• Security: backported fix for chromium:1289394. #32907
• Security: backported fixes to chromium:1292537 and CVE-2022-0606. #32903

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)