Bump electron from 37.3.1 to 39.2.6

[dependabot]

Bumps electron from 37.3.1 to 39.2.6.

Release notes

Sourced from electron's releases.

electron v39.2.6

Release Notes for v39.2.6

Fixes

• Fixed visual artifacts while resizing a window on Windows. #49138

Other Changes

• Updated Chromium to 142.0.7444.226. #49137

electron v39.2.5

Release Notes for v39.2.5

Fixes

• Fixed a Windows notification issue where clicking a native notification would result in an application hang on certain Windows environments. #49130 (Also in 40)
• Fixed an issue where menu-did-close was not emitted properly for some application menus. #49093 (Also in 38, 40)
• Reduced amount of visual artifacts while resizing a window on Windows. #49076

Other Changes

• Fixed devtools element panel flickering when with node inspection. #49044 (Also in 40)

electron v39.2.4

Release Notes for v39.2.4

Fixes

• Fixed an issue where the close callback param for menu.popup would fire when any arbitrary submenu of the given menu closed, and not the menu itself. #49045 (Also in 38, 40)
• Fixed crash when reading system certificates via nodejs tls module. #49042 (Also in 40)
• Fixed the issue where the parent window leave disabled after the modal window call show() multiple time. #49019 (Also in 38, 40)

Other Changes

• Updated Chromium to 142.0.7444.177. #49037

electron v39.2.3

Release Notes for v39.2.3

• Updated Chromium to 142.0.7444.175.

electron v39.2.2

Release Notes for v39.2.2

Fixes

• Fixed crash when creating event object for IPC events. #48992 (Also in 40)

electron v39.2.1

Release Notes for v39.2.1

Fixes

... (truncated)

Commits

• f2d1cb2 fix: visual artifacts while resizing on Windows (#49138)
• ef9b416 chore: bump chromium to 142.0.7444.226 (39-x-y) (#49137)
• 6e97bca fix: run toast creation on background thread (#49130)
• c511fc5 chore: reclaim macOS disk space (#49121)
• 22dfbb0 ci: use clang problem matcher with nan spec runner (#49099)
• 85913a3 fix: ensure menu-did-close is emitted for application menus (#49093)
• a327629 ci: don't build yarn modules for linux arm (#49088)
• 7deed2b fix: reduce visual artifacts while resizing on Windows (#49076)
• 65fc06a chore: backport 744f40f from devtools-frontend (#49044)
• 245e70a test: fixup test failures on linux (#49059)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	electron@​37.3.1 ⏵ 39.2.6	+1		+1	+1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Potential code anomaly (AI signal): npm electron is 100.0% likely to have a medium risk anomaly Notes: This package runs a local install script (install.js) during postinstall and depends on tooling that downloads and extracts remote binaries. If install.js or the modules it invokes download and execute remote code or write files outside expected locations, that could enable telemetry, remote code execution, or filesystem tampering. You should inspect install.js and any code run by @electron/get to ensure no unexpected network endpoints, undocumented telemetry, or arbitrary command execution occurs. The package metadata otherwise appears consistent with the official Electron project. Confidence: 1.00 Severity: 0.60 From: ? → npm/[email protected] ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report