Skip to content

Javascript dependency: Bump electron from 41.5.0 to 42.2.0 in /runtime#9945

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/runtime/electron-42.1.0
Closed

Javascript dependency: Bump electron from 41.5.0 to 42.2.0 in /runtime#9945
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/runtime/electron-42.1.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 18, 2026
edited
Loading

Bumps electron from 41.5.0 to 42.2.0.

Release notes

Sourced from electron's releases.

electron v42.2.0

Release Notes for v42.2.0

Features

  • Allowed the --experimental-inspector-network-resource Node.js flag to be passed through Electron. #51378 (Also in 41)

Fixes

  • Fixed crash for Notification close. #51657 (Also in 41, 43)

Other Changes

  • Backported fixes for a use-after-free in touch-event queue teardown, a runtime-effect validation gap in Skia image filters, and an integer overflow in the GLSL translator. #51646
  • Backported fixes for an out-of-bounds write in WebAudio worklet setup, a heap overflow in the ANGLE GL backend, a use-after-free in the GTK Wayland platform, an accessibility tree-state validation issue, and an integer overflow in text bidi handling. #51666
  • Improved performance of app.getApplicationNameForProtocol() on Linux. #51628

Documentation

  • Documentation changes: #51688

electron v42.1.0

Release Notes for v42.1.0

Fixes

  • Fixed a crash in the macOS Touch ID WebAuthn prompt caused by a missing string resource, and added touchID.promptReason to app.configureWebAuthn() to customize the prompt text. #51594 (Also in 41, 43)
  • Fixed a crash on MacOS when a user clicked into a title bar or top view. #51605 (Also in 43)

Other Changes

  • Improved performance of webRequest header conversions and several other gin converter hot paths. #51607 (Also in 43)
  • Improved performance of native event emission, IPC dispatch, and option-dictionary parsing. #51614 (Also in 41)

electron v42.0.1

Release Notes for v42.0.1

Fixes

  • Fixed DesktopCapturer crash on macOS. #51506
  • Fixed ELECTRON_INSTALL_PLATFORM being ignored when resolving the Electron executable path during postinstall, which caused path.txt to be written for the host platform instead of the requested target and made isInstalled() always re-download on subsequent installs. #51370
  • Fixed app.getLoginItemSettings() returning undefined for executableWillLaunchAtLogin on macOS; the property is now always a boolean. #51507 (Also in 40, 41)
  • Fixed a potential race condition crash when closing DevTools. #51473 (Also in 41)

Other Changes

  • Updated Chromium to 148.0.7778.97. #51517

electron v42.0.0

Release Notes for v42.0.0

Stack Upgrades

... (truncated)

Commits
  • 87740a8 fix: skip current instance's child processes in Windows orphan killer (#51686)
  • db2296d docs: update Notification 'failed' support info (#51688)
  • c084f3d feat: allow --experimental-inspector-network-resource node flag (#51378)
  • 365cd49 docs: update Azure Artifact Signing and EV cert docs (#51677)
  • 4f2f73d fix: Crash for Notification close (#51657)
  • 71627f0 chore: cherry-pick 5 changes from chromium, angle (42-x-y) (#51666)
  • 2c8e90d perf: use GIO instead of xdg-mime for app.getApplicationNameForProtocol()...
  • 9f5cd23 refactor: SafeStorage never emits, so do not inherit from EventEmitter (#5105...
  • 9d75899 chore: cherry-pick 3 changes from chromium, skia, angle (42-x-y) (#51646)
  • 804962d test: wait for navigation to settle in loadURL tests (#51644)
  • Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
electron [>= 36.3.a, < 36.4]

@dependabot dependabot Bot added the Dependencies Pull requests that update a dependency file label May 18, 2026
@dependabot dependabot Bot mentioned this pull request May 18, 2026
Closed
@asheshv asheshv mentioned this pull request May 20, 2026
Merged
6 tasks
asheshv added a commit that referenced this pull request May 20, 2026
@asheshv
chore: Apply non-breaking dependency updates from open dependabot PRs (
aad2dfd 
…#9954)

Python:
- requirements.txt: google-auth-oauthlib 1.3.1 -> 1.4.0
  (#9929 / #9931), gated so Python 3.9 stays on 1.3.1 (1.4.0
  requires python_version >= 3.10). Mirrors the existing
  boto3 1.42.*/1.43.* split.
- tools/requirements.txt: requests >=2.33.1 -> >=2.34.2 on
  python_version > '3.9' (#9943 / #9944).
- web/regression/requirements.txt: selenium 4.43.0 -> 4.44.0
  (#9946). The selenium pin already requires Python >=3.10 in
  master, so the bump introduces no new 3.9 gap.

JavaScript (web/package.json, web/yarn.lock):
- postcss 8.5.12 -> 8.5.14 (#9874 / #9889)
- @tanstack/react-query 5.100.5 -> 5.100.9 (#9878)
- ip-address 10.1.0 -> 10.1.1 (#9918)
- packageManager pin yarn@4.14.0 -> yarn@4.15.0 and regenerate
  yarn.lock at lockfile __metadata.version 10. CI runs yarn
  4.15.0 with hardened mode on public PRs and refuses to migrate
  the lockfile from version 9 (yarn 4.14.x) to 10; master passes
  today only because hardened mode is PR-only.

Electron runtime (runtime/package.json, runtime/yarn.lock):
- axios 1.16.0 -> 1.16.1 (#9948)
- eslint 10.3.0 -> 10.4.0 (#9947)

Skipped (genuine breaking changes, deferred to follow-up PRs):
- @mui/material 7 -> 9 (#9843)
- @mui/x-date-pickers 8 -> 9 (#9888)
- cryptography 47.0.* -> 48.0.* (#9926 / #9932)
- paramiko 3.5.1 -> 5.0.0 (#9927 / #9930)
- electron 41.5.0 -> 42.1.0 (#9945)

Verified in an isolated worktree:

  - jest:        140/0/0 suites, 824/0/0 tests
  - eslint:      clean (web + runtime, both silent)
  - pycodestyle: 0 violations project-wide

Each version was cross-checked against the corresponding
dependabot PR diff via `gh pr diff`. Each Python bump was
cross-checked against PyPI's requires_python so Python 3.9
support stays intact.
@dependabot
Javascript dependency: Bump electron from 41.5.0 to 42.2.0 in /runtime
33cc69b 
Bumps [electron](https://github.com/electron/electron) from 41.5.0 to 42.2.0.
- [Release notes](https://github.com/electron/electron/releases)
- [Commits](electron/electron@v41.5.0...v42.2.0)

---
updated-dependencies:
- dependency-name: electron
  dependency-version: 42.1.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Javascript dependency: Bump electron from 41.5.0 to 42.1.0 in /runtime Javascript dependency: Bump electron from 41.5.0 to 42.2.0 in /runtime May 20, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/runtime/electron-42.1.0 branch from 02de1f7 to 33cc69b Compare May 20, 2026 09:51
@asheshv asheshv mentioned this pull request May 20, 2026
Open
5 tasks
@asheshv
Copy link
Copy Markdown
Contributor

asheshv commented May 20, 2026

Superseded by #9959, which bumps electron to ^42.1.0 in runtime/package.json and also closes a supply-chain gap in the Linux/Mac packaging scripts (they previously resolved the packaged electron version via npm info electron version, pulling whatever currently carried the npm latest dist-tag). The packaged version now comes from runtime/package.json. Thanks dependabot!

@asheshv asheshv closed this May 20, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 20, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/runtime/electron-42.1.0 branch May 20, 2026 10:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@asheshv