Update dependency electron to v15

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
electron	optionalDependencies	major	1.4.15 -> 15.5.5

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	CVE
High	9.9	CVE-2020-4077
High	9.8	CVE-2017-16151
High	9.8	CVE-2022-29247
High	9.0	CVE-2020-4076
High	8.8	CVE-2018-1000006
High	8.8	CVE-2018-1000118
High	7.5	CVE-2020-4075
High	7.5	CVE-2021-33623
High	7.3	CVE-2020-7788
High	7.2	CVE-2022-29257
Medium	6.8	CVE-2020-15096
Medium	5.0	CVE-2022-21718

---

Release Notes

electron/electron

v15.5.5

Compare Source

Release Notes for v15.5.5

Other Changes

• Backported fix for CVE-2022-1482. #​34040
• Backported fix for CVE-2022-1483. #​34009
• Backported fix for CVE-2022-1497. #​34075

v15.5.4

Compare Source

Release Notes for v15.5.4

Other Changes

• Backported fix for CVE-2022-1138. #​33682
• Backported fix for CVE-2022-1478. #​34045
• Backported fix for CVE-2022-1479. #​34037
• Backported fix for CVE-2022-1480. #​34019
• Backported fix for CVE-2022-1492. #​34051

v15.5.3

Compare Source

Release Notes for v15.5.3

Fixes

• Fixed a network service crash that could occur when using setCertificateVerifyProc. #​33256 (Also in 16, 17, 18)
• shell.openExternal() now reports more detailed errors on Windows. #​33656 (Also in 16, 17, 18, 19)

Other Changes

• Backported fix for CVE-2022-1134. #​33763
• Backported fix for CVE-2022-1305. #​33860
• Backported fix for CVE-2022-1310. #​33831
• Backported fix for CVE-2022-1314. #​33884
• Backported fix for CVE-2022-1364. #​33836
• Backported fix for chromium:1286816. #​33679
• Backported fix for chromium:1291482. #​33676
• Backported fix for chromium:1310761. #​33856
• Security: backported fix for CVE-2022-0116 and CVE-2022-1306. #​33852
• Security: backported fix for CVE-2022-23308. #​33670
• Security: backported fix for chromium:1280743. #​33715
• Security: backported fix for chromium:1280852. #​33673

v15.5.2

Compare Source

Release Notes for v15.5.2

Fixes

• Fixed behavior of BrowserWindow.maximize on macOS for not shown windows. #​33523 (Also in 16, 18)

Other Changes

• Security: backported fix for chromium:1260129. #​33525
• Security: backported fix for chromium:1311641. #​33606

v15.5.1

Compare Source

Release Notes for v15.5.1

Fixes

• Fixed crash when WindowButtonsProxy references cleared NSWindow. #​33487 (Also in 16, 17, 18)
• Fixed slowness when using child_process.spawn and related methods on macOS Big Sur and newer. #​33406 (Also in 16, 17, 18)

v15.5.0

Compare Source

Release Notes for v15.5.0

Features

• Added nativeTheme.inForcedColorsMode API to allow detecting forced color mode. #​33360 (Also in 16, 17, 18)

Fixes

• Fixed maximizing frameless windows by double-clicking on a draggable (title bar) region. #​33449 (Also in 16, 17, 18)

Other Changes

• Backported fix for CVE-2022-1096. #​33473
• Backported fix for chromium:1296876. #​33393

v15.4.2

Compare Source

Release Notes for v15.4.2

Fixes

• Fixed crash in the render process on reload with pending node fs.promises. #​33300 (Also in 16, 17, 18)
• Fixed drag regions on WCO windows on Windows. #​33199 (Also in 16, 17, 18)
• Fixed incorrect external memory allocation tracking in nativeImage module. #​33311 (Also in 16, 17, 18)

Other Changes

• Backported fix for 1283402. #​33245
• Backported fix for CVE-2022-0976. #​33390
• Backported fix for OSV-2021-777. #​33237
• Fixed an issue where adding/removing display changes the BrowserWindow size. #​33248 (Also in 14, 16, 17, 18)
• Security: backported fix for CVE-2022-0792. #​33222
• Security: backported fix for CVE-2022-0806. #​33242
• Security: backported fix for CVE-2022-0975. #​33342
• Security: backported fix for chromium:1281908. #​33185

v15.4.1

Compare Source

Release Notes for v15.4.1

Fixes

• Fixed an issue where alternateImages did not work properly on macOS. #​33104 (Also in 16, 17, 18)
• Strip crashpad_handler binary on Linux, reducing bundle size. #​33173 (Also in 16, 17, 18)

Other Changes

• Security: backported fix for 1291728. #​33178
• Security: backported fix for 1295786. #​33168
• Security: backported fix for chromium:1289383. #​33181

v15.4.0

Compare Source

Release Notes for v15.4.0

Features

• Added height option for Windows Control Overlay. #​33064 (Also in 16, 17)

Fixes

• Fixed an issue where webContents.savePage failed when passing a relative path instead of an absolute one. #​33018 (Also in 16, 17, 18)
• Fixed an issue where the Tray could get garbage collected incorrectly under some circumstances. #​33077 (Also in 16, 17, 18)
• Fixed command string registered via setAsDefaultProtocolClient on windows. #​33011 (Also in 14, 16, 17, 18)
• Fixed stale renderer process when application is quit while renderer is busy. #​32967 (Also in 14, 16, 17, 18)

Other Changes

• Backported fix for CVE-2022-0609. #​32901 (Also in 14)
• Backported fix for CVE-2022-0610. #​32919
• Security: backported fix for CVE-2022-0607. #​32917
• Security: backported fix for CVE-2022-0608. #​32914
• Security: backported fix for chromium:1242339. #​32796
• Security: backported fix for chromium:1258603. #​32797
• Security: backported fix for chromium:1259557. #​32799
• Security: backported fix for chromium:1262967. #​32800
• Security: backported fix for chromium:1277917. #​32786
• Security: backported fix for chromium:1281979. #​32785
• Security: backported fix for chromium:1282354. #​32783
• Security: backported fix for chromium:1283198. #​32781
• Security: backported fix for chromium:1289384. #​32912
• Security: backported fix for chromium:1289394. #​32908
• Security: backported fixes to chromium:1292537 and CVE-2022-0606. #​32904

v15.3.7

Compare Source

Release Notes for v15.3.7

Fixes

• Fixed an issue where frameless windows on Windows would incorrectly show a small frame during the loading process. #​32708 (Also in 14, 16, 17, 18)
• Fixed an issue with transparent windows failing to fire the maximize and unmaximize events on Windows. #​32688 (Also in 16, 17)
• Fixed effect when hovering over window controls on Windows in a WCO-enabled window. #​32717 (Also in 14, 16, 17, 18)
• Fixed issue where not all serial devices were exposed to the handler specified by session.setDevicePermissionHandler. #​32686 (Also in 16, 17)
• The <webview> implementation was made more robust, it no longer breaks when will-attach-webview handler modifies the internal params.instanceId. #​32855 (Also in 16, 17)

Other Changes

• Fixed crash in v8 regexp assembler. #​32770
• Security: backported fix for chromium:1039885. #​32790
• Security: backported fix for chromium:1238209. #​32798
• Security: backported fix for chromium:1248444. #​32789
• Security: backported fix for chromium:1260869. #​32791
• Security: backported fix for chromium:1261689. #​32792
• Security: backported fix for chromium:1267426. #​32793
• Security: backported fix for chromium:1267627. #​32794
• Security: backported fix for chromium:1273661. #​32795
• Security: backported fix for chromium:1274113. #​32741
• Security: backported fix for chromium:1274445,v8:7990. #​32739
• Security: backported fix for chromium:1283371. #​32779
• Security: backported fix for chromium:1283375. #​32777
• Security: backported fix for chromium:1284367. #​32775

Documentation

• Documentation changes: #​32646

v15.3.6

Compare Source

Release Notes for v15.3.6

Fixes

• Fixed a crash that occurred when user attempted to download an edited PDF. #​32537 (Also in 16, 17)
• Fixed an issue that the alert() dialog title is corrupted. #​32468 (Also in 14, 16, 17)
• Fixed an issue where ipcRenderer.postMessage would throw errors when the transfer argument was not passed. #​32458 (Also in 14, 16, 17)
• Fixed an issue where the 'maximize' and 'unmaximize' events didn't fire properly on linux. #​32498 (Also in 14, 16, 17)
• Fixed aspect ratio resize for frameless windows on macOS. #​32445 (Also in 16, 17)
• Fixed crash when calling webContents.setZoomFactor(1.0). #​32619 (Also in 13, 14, 16, 17)
• Fixed minimized BrowserWindow being restored by BrowserWindow.unmaximize(). #​32494 (Also in 14, 16, 17)
• Fixed windows with roundedCorners: false unable to be closed. #​32610 (Also in 16, 17)
• Strip symbols from crashpad_handler binary on Linux, reducing bundle size. #​32548 (Also in 16, 17)

Other Changes

• Backported fix for CVE-2021-38012. #​32012
• Backported fix for CVE-2021-38017. #​32032
• Backported fix for CVE-2021-38019. #​32015
• Backported fix for CVE-2021-4066. #​32546
• Backported fix for CVE-2021-4100. #​32184
• Security: backported fix for https://crbug.com/1275020. #​32353

v15.3.5

Compare Source

Release Notes for v15.3.5

Fixes

• Allowed specifying x64 arch on Mac Rosetta via npm_config_arch. #​32380 (Also in 16, 17)
• Bug fixed for registering protocol in windows which used to set invalid command if the execution path included space. #​32330 (Also in 14, 16, 17)
• Fixed window.open not overriding parent's webPreferences. #​32109 (Also in 16, 17)
• Fixed a crash caused by app.getLocaleCountryCode(). #​32332 (Also in 16, 17)
• Fixed crash when playing media files on Windows 7/8 or macOS 10.11/10.12. #​32213 (Also in 13, 14, 16, 17)
• Fixed incorrect skipTransformProcessType option parsing in win.setVisibleOnAllWorkspaces(). #​32396 (Also in 13, 14, 16, 17)
• No Notes. #​32245 (Also in 13, 14, 16, 17)

Other Changes

• Backported fix for CVE-2021-38006. #​32009
• Backported fix for CVE-2021-38008. #​32011
• Backported fix for CVE-2021-38018. #​32257
• Backported fix for CVE-2021-4056. #​32235
• Backported fix for CVE-2021-4057. #​32232
• Backported fix for CVE-2021-4058. #​32223
• Backported fix for CVE-2021-4059. #​32210
• Backported fix for CVE-2021-4078. #​32216
• Backported fix for CVE-2021-4079. #​32226
• Backported fix for CVE-2021-4098. #​32181
• Backported fix for CVE-2021-4099. #​32187
• Backported fix for CVE-2021-4101. #​32190

v15.3.4

Compare Source

Release Notes for v15.3.4

Fixes

• Assertion failure happening in the showSaveDialogSync() code path has been fixed. (Fixes #​31997). #​32081 (Also in 14, 16, 17)
• No Notes. #​32197 (Also in 13, 14, 16, 17)

v15.3.3

Compare Source

Release Notes for v15.3.3

Fixes

• Fixed a potential issue when setting backgroundColor on BrowserViews. #​31946 (Also in 14, 16, 17)
• Fixed respecting aspect ratio when maximum size is set on BrowserWindow. #​31956 (Also in 14, 16, 17)
• Fixed window frame glitch when calling setContentProtection. #​31830 (Also in 13, 14, 16)

Other Changes

• Backported fix for CVE-2021-38005. #​31919
• Backported fix for CVE-2021-38007. #​31910
• Backported fix for CVE-2021-38009. #​31927
• Backported fix for CVE-2021-38010. #​31902
• Backported fix for CVE-2021-38011. #​31899

v15.3.2

Compare Source

Release Notes for v15.3.2

Fixes

• Fixed BrowserView.setBackgroundColor() not working correctly. #​31844 (Also in 16)
• Fixed an issue where BrowserView may sometimes crash on browserView.webContents.destroy(). #​31841 (Also in 16)
• Fixed an issue where BrowserViews crashed if view.webContents.destroy() is called after loading a URL. #​31826 (Also in 14, 16)
• Fixed an issue where playing media would open Accessibility permissions dialog on macOS. #​31836 (Also in 16)
• Fixed crash in GTK open dialog when trying to preview huge image files. #​31820 (Also in 14, 16)
• Fixed default label text in GTK dialogs. #​31823 (Also in 14, 16)

v15.3.1

Compare Source

Release Notes for v15.3.1

Features

• Added warning when ipcRenderer.sendSync() is called with no listeners for channel on ipcMain. #​31434 (Also in 13, 14, 16)

Fixes

• Changed WebHID to use disable-hid-blocklist flag to enable FIDO devices. #​31649 (Also in 16)
• Fixed <webview> background transparency regression. #​31701 (Also in 14)
• Fixed clipboard.writeBuffer(), clipboard.readBuffer() and clipboard.read()'s ability to manipulate platform-specific clipboard formats. #​31720 (Also in 16)
• Fixed a crash when a BrowserWindow is closed subsequent to its webContents being destroyed. #​31644 (Also in 14, 16)
• Fixed a tracing agent-related crash when initializing Node.js in service workers. #​31476 (Also in 14, 16)
• Fixed an issue where Content-Disposition filenames would be incorrectly truncated at the first comma for a filename attachment which contained one. #​31693 (Also in 13, 14, 16)
• Fixed an issue where MediaMetadata did not work properly. #​31534 (Also in 13, 14, 16)
• Fixed an issue where app.getPath('crashDumps') returned an incorrect path for Linux. #​31712 (Also in 16)
• Fixed an issue where clipboard.read() could cause crashes with custom clipboard formats. #​31591 (Also in 16)
• Fixed an issue which caused print settings to not work properly when printing silently. #​31616 (Also in 13, 14, 16)
• Fixed clipboard.read to once again work like clipboard.readBuffer. #​31651 (Also in 16)
• Fixed crash when using sync dialog APIs immediately after async dialog APIs. #​31658 (Also in 16)
• Fixed event with invalid timestamp in trace log. #​31422 (Also in 14, 16)

Other Changes

• Backported fix for CVE-2021-37981. #​31497
• Backported fix for CVE-2021-37985. #​31516
• Backported fix for CVE-2021-37987. #​31539
• Backported fix for CVE-2021-37989. #​31523
• Backported fix for CVE-2021-37992. #​31519
• Backported fix for CVE-2021-37996. #​31543
• Backported fix for chromium:1245870. #​31501
• Backported fix for chromium:1252858. #​31680

v15.3.0

Compare Source

Release Notes for v15.3.0

Features

• Began passing securityOrigin in details for permission request handlers for media requests in addition to permission check handlers. #​31417 (Also in 13, 14, 16)

Fixes

• Fixed a potential crash when setting nativeTheme.themeSource on macOS. #​31429 (Also in 14, 16)
• Fixed possible 'Object has been destroyed' error when calling window.open with a frame name and using setWindowOpenHandler. #​31468 (Also in 14, 16)
• Generate valid config.gypi file in Node.js headers. #​31442 (Also in 14, 16)
• Removes several Chromium private APIs from Mac Apple Store builds. #​31483 (Also in 16)

Other Changes

• Changed Web Serial to use ses.setDevicePermissionHandler to allow developers more control over Web Serial permissioning. #​31418 (Also in 16)

v15.2.0

Compare Source

Release Notes for v15.2.0

Features

• Added commandLine.removeSwitch to allow apps to remove command line switches from Chromiums internal command line representation. #​31326 (Also in 16)

Fixes

• Fixed a JavaScript exception from webContents if render frame was disposed in WebFrameMain, resets the value of render_frame_disposed_ after updating render frame host. #​31426 (Also in 16)
• Fixed black window when screen capturing a content-protected BrowserWindow on Windows 10. #​31385 (Also in 16)
• Fixed crash when changing zoom level for webview. #​31376 (Also in 14, 16)

Other Changes

• Updated Chromium to 94.0.4606.81. #​31351

v15.1.2

Compare Source

Release Notes for v15.1.2

Fixes

• Fixed an potential crash in WebContents::MessageTo when a render frame has been destroyed. #​31334
• Fixed issue where non-resizable frameless windows aren't draggable. #​31299 (Also in 14, 16)

Other Changes

• Backported fix for 1251688. #​31297
• Updated Chromium to 94.0.4606.71. #​31234

v15.1.1

Compare Source

Release Notes for v15.1.1

Fixes

• Fixed "Failed to serialize arguments" error when emitting 'context-menu' event for webview. #​31279
• Removed expired DST Root CA X3 from the bundled trust store. #​31219

v15.1.0

Compare Source

Release Notes for v15.1.0

Features

• Added WebHID support. #​31095 (Also in 16)
• Added frame property to the params object of the 'context-menu' event. #​31057
• Added isMainFrame argument to 'certificate-error' event. #​31038
• Added textWidth option to dialog.showMessageBox() / dialog.showMessageBoxSync(). #​31088 (Also in 16)

Fixes

• Fixed Let's Encrypt DST Root CA X3 certificate expiration. #​31218 (Also in 12, 13, 14, 16)
• Fixed a crash in navigator.fonts.query(). #​30985 (Also in 14)
• Fixed an issue where BrowserView dragging behavior was inconsistent with MacOS window dragging. #​31177 (Also in 13, 14, 16)
• Fixed an issue where button labels in file choosers were improperly localized on Linux. #​31066 (Also in 14, 16)
• Fixed an issue where changes to draggable regions in a BrowserWindow incorrectly affected those in an attached BrowserView. #​31198 (Also in 13, 14, 16)
• Fixed an issue where non-resizable non-fullscreenable windows with aspect ratios set could return incorrect results for isMaximized(). #​31041 (Also in 13, 14)
• Fixed an issue where out-of-focus BrowserViews could not be immediately dragged. #​31100 (Also in 13, 14, 16)
• Fixed an issue where some calls to crypto.createPrivateKey made with algorithms unsupported by BoringSSL cause a crash when invoking methods on their return values. #​31137 (Also in 16)
• Fixed black border around the page after resizing is disabled. #​31081 (Also in 13, 14, 16)
• Fixed crash caused by double free when destroying WebContents. #​31133 (Also in 14, 16)
• Fixed crash in v8 due to (Check failed: !regexp_stack_->is_in_use()). #​31144 (Also in 13, 14, 16)

Other Changes

• Updated Chromium to 94.0.4606.61. #​31112

v15.0.0

Compare Source

Release Notes for v15.0.0

Stack Upgrades

• Chromium 94.0.4606.51.
  • New in 94
• Node v16.5.0.
  • 16.5.0
  • 16.4.2
  • 16.4.1
  • 16.4.0
  • 16.3.0
  • 16.2.0
  • 16.1.0
  • 16.0.0
  • 15 ChangeLog
  • 14 ChangeLog
• V8
  • v9.4 blog post

Breaking Changes

• nativeWindowOpen: true is now the default. #​28552

Features

Additions

• Added 'dom-ready' event to WebFrameMain which emits when the frame's document is ready.
  • Added 'frame-created' event to WebContents which emits when a frame is created in the page. #​30801
• Added <webview>.sendToFrame() / frameId to 'ipc-message' event. #​30704
• Added <webview> 'did-redirect-navigation' event. #​30664
• Added app.configureHostResolver API for configuring DNS-over-HTTPS. #​30775
• Added location and modifiers to the event properties provided in the 'before-input-event' WebContents event. #​29850
• Added safeStorage string encryption API. #​30430
• Added signal option to dialog.showMessageBox. #​26102
• Added webContents.fromDevToolsTargetId(targetId) to lookup a WebContents instance from an associated Chrome DevTools Protocol TargetID. #​30733 (Also in 14)
• Added an Electron Fuse for enforcing code signatures on the app.asar file your application loads. Requires the latest asar module. #​30900
• Added experimental cookie encryption support behind an Electron Fuse. #​27524 (Also in 13, 14)
• Added fuses to disable NODE_OPTIONS and --inspect debug arguments in packaged apps. #​30420
• Added missing resourceType conversions for webRequest listener details: font, ping, cspReport, media, webSocket. #​29902 (Also in 14)
• Added new MenuItem.userAccelerator property to read user-assigned macOS accelerator overrides. #​26682
• Added new app.runningUnderARM64Translation property to detect when running under Rosetta on Apple Silicon, or WOW on Windows for ARM. #​29168
• Added new imageAnimationPolicy web preference to control how images are animated. #​29095
• Added resize edge info to BrowserWindow's will-resize event. #​29199
• Added support for Windows Control Overlay on Windows. #​30497 (Also in 14)
• Added support for Windows Control Overlay on macOS. #​29253 (Also in 14)
• Added support for debug URLs such as chrome://gpucrash. #​29404 (Also in 13, 14)
• Added support for directing Chromium logging to a file with --log-file=.../path/to/file.log. Also, it's now possible to enable logging from JavaScript by appending command-line switches during the first JS tick. #​25089 (Also in 14)
• Added support for sending Blobs over the context bridge. #​29247

Improvements

• Extended continue-activity event API to support webpageURL property from NSUserActivity. #​30042

Fixes

• Fixed a crash when selecting and opening files in a native file dialog on Mac. #​30936
• Fixed a crash when selecting files in a native file dialog on Windows and Linux. #​30927
• Fixed an issue where GDK_BACKEND was being propagated to subprocesses on Linux. #​28898
• Fixed potential crash when programmatically closing a draggable frameless child window. #​31027
• Fixed typescript export definitions such that not-exported values are not declared in the exports interface. #​28712
• Installing the electron package on an M1 macbook while using an x64 version of node will now automatically download the arm64 version of Electron instead of the x64 version. #​29953

Also in earlier versions....

• Electron Fuses are now in a consistent order across platforms. #​29599 (Also in 13, 14)
• Fixed an issue where fs.promises.readFile would improperly error when passing a FileHandle to the path argument. #​29528 (Also in 12, 13, 14)
• Fixed BrowserWindow's backgroundColor option not having an effect. #​30777 (Also in 14)
• Fixed CORS preflight request always being cancelled when connecting via proxy requiring authentication for apps that had registered WebRequest listeners. #​29266 (Also in 12, 13, 14)
• Fixed documentEdited status not updating close button for frameless window on macOS. #​30392 (Also in 13, 14)
• Fixed requestFullscreen inside webview does not make the element take fullscreen. #​29952 (Also in 12, 13, 14)
• Fixed select-bluetooth-device firing on Windows. #​29591 (Also in 12, 13, 14)
• Fixed a crash in the repl when SharedArrayBuffer is disabled. #​30483 (Also in 14)
• Fixed a crash when process.exit is called and nativeWindowOpen is enabled. #​30238 (Also in 14)
• Fixed a crash when calling the webContents.on('login') callback synchronously. #​30068 (Also in 12, 13, 14)</