Bump the npm_and_yarn group across 4 directories with 23 updates

[dependabot]

Bumps the npm_and_yarn group with 10 updates in the / directory:

Package	From	To
electron	22.3.27	35.7.5
electron-updater	5.3.0	6.3.0
webpack	5.84.1	5.102.1
webpack-dev-server	4.15.0	5.2.2
@adobe/css-tools	4.3.1	4.4.4
app-builder-lib	24.6.4	24.13.3
axios	1.7.2	1.13.2
braces	3.0.2	3.0.3
on-headers	1.0.2	1.1.0
ip	2.0.0	removed

Bumps the npm_and_yarn group with 2 updates in the /mobile/plugins/capacitor-splash-screen directory: braces and rollup.
Bumps the npm_and_yarn group with 2 updates in the /mobile/plugins/native-bottom-sheet directory: braces and rollup.
Bumps the npm_and_yarn group with 2 updates in the /mobile/plugins/native-dialog directory: braces and rollup.

Updates electron from 22.3.27 to 35.7.5

Release notes

Sourced from electron's releases.

electron v35.7.5

Release Notes for v35.7.5

[!WARNING] Electron 35.x.y has reached end-of-support as per the project's support policy. Developers and applications are encouraged to upgrade to a newer version of Electron.

Fixes

• Fixed an issue where shell.openPath was not non-blocking as expected. #48079 (Also in 36, 37, 38)

electron v35.7.4

Release Notes for v35.7.4

• Fix ffmpeg generation on Windows non-x64

electron v35.7.2

Release Notes for v35.7.2

Fixes

• Fixed an issue where printing PDFs with webContents.print({ silent: true }) would fail. #47645 (Also in 36, 37)

electron v35.7.0

Release Notes for v35.7.0

Other Changes

• Updated Node.js to v22.16.0. #47213

electron v35.6.0

Release Notes for v35.6.0

Features

• Added support for --no-experimental-global-navigator flag. #47416 (Also in 36, 37)
• Added support for customizing system accent color and highlighting of active window border. #47539 (Also in 36, 37)

Fixes

• Fixed a potential crash using session.clearData in some circumstances. #47410 (Also in 36, 37)
• Fixed an error when importing electron for the first time from an ESM module loaded by a CJS module in a packaged app. #47344 (Also in 36, 37)
• Fixed an issue where calling Fetch.continueResponse via debugger with WebContentsView could cause a crash. #47443 (Also in 36, 37)
• Fixed an issue where utility processes could leak file handles. #47542 (Also in 36, 37)
• Partially fixes an issue with printing a PDF via webContents.print() where the callback would not be called. #47399 (Also in 36, 37)

Other Changes

• Backported fix for 420637585. #47369

Changelog

Sourced from electron's changelog.

Breaking Changes

Breaking changes will be documented here, and deprecation warnings added to JS code where possible, at least one major version before the change is made.

Types of Breaking Changes

This document uses the following convention to categorize breaking changes:

• API Changed: An API was changed in such a way that code that has not been updated is guaranteed to throw an exception.
• Behavior Changed: The behavior of Electron has changed, but not in such a way that an exception will necessarily be thrown.
• Default Changed: Code depending on the old default may break, not necessarily throwing an exception. The old behavior can be restored by explicitly specifying the value.
• Deprecated: An API was marked as deprecated. The API will continue to function, but will emit a deprecation warning, and will be removed in a future release.
• Removed: An API or feature was removed, and is no longer supported by Electron.

Planned Breaking API Changes (39.0)

Deprecated: --host-rules command line switch

Chromium is deprecating the --host-rules switch.

You should use --host-resolver-rules instead.

Behavior Changed: window.open popups are always resizable

Per current WHATWG spec, the window.open API will now always create a resizable popup window.

To restore previous behavior:

webContents.setWindowOpenHandler((details) => {
  return {
    action: 'allow',
    overrideBrowserWindowOptions: {
      resizable: details.features.includes('resizable=yes')
    }
  }
})

Behavior Changed: shared texture OSR paint event data structure

When using shared texture offscreen rendering feature, the paint event now emits a more structured object. It moves the sharedTextureHandle, planes, modifier into a unified handle property. See the OffscreenSharedTexture API structure for more details.

Planned Breaking API Changes (38.0)

Removed: ELECTRON_OZONE_PLATFORM_HINT environment variable

The default value of the --ozone-platform flag changed to auto.

... (truncated)

Commits

• 86d839a build: correct CHECK syntax (#48106)
• 5be0be7 fix: ensure snapshot is valid (#48105)
• df232d1 ci: cleanup use new arc cluster (#48007)
• ab51554 ci: fixup mac runner hang (#47992)
• 203abdd ci: use new arc cluster (#47913)
• ea17e83 build: fix ffmpeg generation on Windows non-x64 (#47845)
• 7b5d411 build(dev-deps): drop unused @​types/webpack dep (#47806)
• def6203 build: deep update brace-expansion to resolve an audit alert (#47719)
• 28d8ed0 test: cleanup RenderFrame lifespan tests (#47795)
• ee8942d build: drop eslint-plugin-unicorn (#47690)
• Additional commits viewable in compare view

Updates electron-updater from 5.3.0 to 6.3.0

Release notes

Sourced from electron-updater's releases.

[email protected]

Minor Changes

• #8095 53cec79b Thanks @​beyondkmp! - feat: adding differential downloader for updates on macOS

Patch Changes

• #8108 3d4cc7ae Thanks @​beyondkmp! - feat: add minimumSystemVersion in electron updater

• #8304 1ac86c9e Thanks @​mmaietta! - chore: update pnpm to 9.4.0

• #8323 fa3275c0 Thanks @​mmaietta! - chore(deps): update dependency typescript to v5.5.3

• #8135 c2392de7 Thanks @​mmaietta! - fix: unstable hdiutil retry mechanism

• #8295 ac2e6a25 Thanks @​mmaietta! - fix: verify LiteralPath of update file during windows signature verification

• #8311 35a0784e Thanks @​rastiqdev! - fix(rpm-updater): stop uninstalling app before update

• #8227 48c59535 Thanks @​rotu! - fix(docs): update autoupdate docs noting that channels work with Github

• #8110 fa7982f1 Thanks @​mmaietta! - chore: entering alpha release stage

• Updated dependencies [3d4cc7ae, 1ac86c9e, ad668ae1, 445911a7, 140e2f0e, fa7982f1]:

  • [email protected]

[email protected]

Patch Changes

• #8323 fa3275c0 Thanks @​mmaietta! - chore(deps): update dependency typescript to v5.5.3

• #8311 35a0784e Thanks @​rastiqdev! - fix(rpm-updater): stop uninstalling app before update

[email protected]

Patch Changes

• #8304 1ac86c9e Thanks @​mmaietta! - chore: update pnpm to 9.4.0

• Updated dependencies [1ac86c9e, ad668ae1]:

  • [email protected]

[email protected]

Patch Changes

• #8295 ac2e6a25 Thanks @​mmaietta! - fix: verify LiteralPath of update file during windows signature verification

[email protected]

Patch Changes

• Updated dependencies [140e2f0e]:

... (truncated)

Changelog

Sourced from electron-updater's changelog.

6.3.0

Minor Changes

• #8095 53cec79b Thanks @​beyondkmp! - feat: adding differential downloader for updates on macOS

Patch Changes

• #8108 3d4cc7ae Thanks @​beyondkmp! - feat: add minimumSystemVersion in electron updater

• #8304 1ac86c9e Thanks @​mmaietta! - chore: update pnpm to 9.4.0

• #8323 fa3275c0 Thanks @​mmaietta! - chore(deps): update dependency typescript to v5.5.3

• #8135 c2392de7 Thanks @​mmaietta! - fix: unstable hdiutil retry mechanism

• #8295 ac2e6a25 Thanks @​mmaietta! - fix: verify LiteralPath of update file during windows signature verification

• #8311 35a0784e Thanks @​rastiqdev! - fix(rpm-updater): stop uninstalling app before update

• #8227 48c59535 Thanks @​rotu! - fix(docs): update autoupdate docs noting that channels work with Github

• #8110 fa7982f1 Thanks @​mmaietta! - chore: entering alpha release stage

• Updated dependencies [3d4cc7ae, 1ac86c9e, ad668ae1, 445911a7, 140e2f0e, fa7982f1]:

  • [email protected]

6.3.0-alpha.8

Patch Changes

• #8323 fa3275c0 Thanks @​mmaietta! - chore(deps): update dependency typescript to v5.5.3

• #8311 35a0784e Thanks @​rastiqdev! - fix(rpm-updater): stop uninstalling app before update

6.3.0-alpha.7

Patch Changes

• #8304 1ac86c9e Thanks @​mmaietta! - chore: update pnpm to 9.4.0

• Updated dependencies [1ac86c9e, ad668ae1]:

  • [email protected]

6.3.0-alpha.6

Patch Changes

• #8295 ac2e6a25 Thanks @​mmaietta! - fix: verify LiteralPath of update file during windows signature verification

... (truncated)

Commits

• bfe4ecc chore(deploy): Release v25.0.0 ([email protected]) (#8337)
• 1320c0e chore(deploy): Release v25.0.0-alpha.13 ([email protected]) (alp...
• fa3275c chore(deps): update dependency typescript to v5.5.3 (#8323)
• 35a0784 fix(rpm-updater): stop uninstalling app before update (#8311)
• dd145d6 chore(deploy): Release v25.0.0-alpha.12 ([email protected]) (alp...
• 2b80b01 chore(deploy): Release v25.0.0-alpha.11 ([email protected]) (alp...
• ac2e6a2 fix: verify LiteralPath of update file during windows signature verification ...
• 5e924c2 chore(deploy): Release v25.0.0-alpha.10 ([email protected]) (alp...
• 29f6504 chore(deploy): Release v25.0.0-alpha.9 (alpha) (#8241)
• 48c5953 fix(docs): update autoupdate docs noting that channels work with Github (#8...
• Additional commits viewable in compare view

Updates webpack from 5.84.1 to 5.102.1

Release notes

Sourced from webpack's releases.

v5.102.1

Fixes

• Supported extends with env for browserslist
• Supported JSONP fragment format for web workers.
• Fixed dynamic import support in workers using browserslist.
• Fixed default defer import mangling.
• Fixed default import of commonjs externals for SystemJS format.
• Fixed context modules to the same file with different import attributes.
• Fixed typescript types.
• Improved import.meta warning messages to be more clear when used directly.
• [CSS] Fixed CC_UPPER_U parsing (E -> U) in tokenizer.

v5.102.0

Features

• Added static analyze for dynamic imports
• Added support for import file from "./file.ext" with { type: "bytes" } to get the content as Uint8Array (look at example)
• Added support for import file from "./file.ext" with { type: "text" } to get the content as text (look at example)
• Added the snapshot.contextModule to configure snapshots options for context modules
• Added the extractSourceMap option to implement the capabilities of loading source maps by comment, you don't need source-map-loader (look at example)
• The topLevelAwait experiment is now stable (you can remove experiments.topLevelAwait from your webpack.config.js)
• The layers experiment is now stable (you can remove experiments.layers from your webpack.config.js)
• Added function matcher support in rule options

Fixes

• Fixed conflicts caused by multiple concatenate modules
• Ignore import failure during HMR update with ES modules output
• Keep render module order consistent
• Prevent inlining modules that have this exports
• Removed unused timeout attribute of script tag
• Supported UMD chunk format to work in web workers
• Improved CommonJs bundle to ES module library
• Use es-lexer for mjs files for build dependencies
• Fixed support __non_webpack_require__ for ES modules
• Properly handle external modules for CSS
• AssetsByChunkName included assets from chunk.auxiliaryFiles
• Use createRequire only when output is ES module and target is node
• Typescript types

Performance Improvements

• Avoid extra calls for snapshot
• A avoid extra jobs for build dependencies
• Move import attributes to own dependencies

v5.101.3

... (truncated)

Commits

• c7ebdbd chore(release): 5.102.1
• b7530c2 fix(css): correct CC_UPPER_U typo (E -> U) (#19989)
• f3ef142 fix: defer import mangling (#19988)
• d32f171 fix: hash options types (#19987)
• 436fc7d chore(deps): bump CodSpeedHQ/action from 4.1.0 to 4.1.1 (#19986)
• c7dd066 fix: context modules with import attributes (#19984)
• 85bacbd fix: default import of commonjs externals for SystemJS format
• 7634cd2 docs: update examples (#19982)
• 9f98d80 fix: javascript parser options types (#19980)
• 8804459 chore(deps): bump CodSpeedHQ/action from 4.0.1 to 4.1.0 (#19977)
• Additional commits viewable in compare view

Updates webpack-dev-server from 4.15.0 to 5.2.2

Release notes

Sourced from webpack-dev-server's releases.

v5.2.2

5.2.2 (2025-06-03)

Bug Fixes

• "Overlay enabled" false positive (18e72ee)
• do not crush when error is null for runtime errors (#5447) (309991f)
• remove unnecessary header X_TEST (#5451) (64a6124)
• respect the allowedHosts option for cross-origin header check (#5510) (03d1214)

v5.2.1

5.2.1 (2025-03-26)

Security

• cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
• requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

• prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
• take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

v5.2.0

5.2.0 (2024-12-11)

Features

• added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

• speed up initial client bundling (145b5d0)

v5.1.0

5.1.0 (2024-09-03)

Features

• add visual progress indicators (a8f40b7)
• added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
• allow the server option to be Function (#5275) (02a1c6d)
• http2 support for connect and connect compatibility frameworks which support HTTP2 (#5267) (6509a3f)

... (truncated)

Changelog

Sourced from webpack-dev-server's changelog.

5.2.2 (2025-06-03)

Bug Fixes

• "Overlay enabled" false positive (18e72ee)
• do not crush when error is null for runtime errors (#5447) (309991f)
• remove unnecessary header X_TEST (#5451) (64a6124)
• respect the allowedHosts option for cross-origin header check (#5510) (03d1214)

5.2.1 (2025-03-26)

Security

• cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
• requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

• prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
• take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

5.2.0 (2024-12-11)

Features

• added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

• speed up initial client bundling (145b5d0)

5.1.0 (2024-09-03)

Features

• add visual progress indicators (a8f40b7)
• added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
• allow the server option to be Function (#5275) (02a1c6d)
• http2 support for connect and connect compatibility frameworks which support HTTP2 (#5267) (6509a3f)

Bug Fixes

• check the platform property to determinate the target (#5269) (c3b532c)

... (truncated)

Commits

• 195a7e6 chore(release): 5.2.2
• 620bef1 chore(deps): update (#5511)
• 03d1214 fix: respect the allowedHosts option for cross-origin header check (#5510)
• 5ba862e chore(deps-dev): bump the dependencies group across 1 directory with 7 update...
• f7fec94 chore: fix typo (#5508)
• 6ee8cd0 ci: add Node.js v24 (#5492)
• d30f963 chore: update http-proxy-middleware to ^2.0.9 (#5503)
• 66cf033 chore(deps-dev): bump the dependencies group with 2 updates (#5504)
• 4367a5c refactor: use 'String#startsWith' & replace if-then-else (#5501)
• 8e6604f chore(deps): bump the dependencies group across 1 directory with 4 updates (#...
• Additional commits viewable in compare view

Updates @adobe/css-tools from 4.3.1 to 4.4.4

Changelog

Sourced from @​adobe/css-tools's changelog.

[4.4.4] - 2025-07-22

Changed

• Switch from yarn to npm for package management
• Switch from eslint to biome for code formatting and linting
• Reformat codebase to comply with biome recommendations
• Switch from webpack to rollup for bundling

Fixed

• Fix module exports to ensure proper compatibility with bundlers
• Add validation check to prevent future export issues

[4.4.3] - 2025-05-15

Security

• Fix polynomial regular expression vulnerability on uncontrolled data
• Refactor code to enable GitHub security static analysis

Performance

• Improve parsing performance with minor optimizations
• Replace regex patterns with string search (indexOf-based) for better performance

Added

• Add new utility functions with comprehensive unit tests
• Add improved formatting for CSS Grid template areas (#283 by @​jogibear9988)

Fixed

• Fix TypeScript error with ConstructorParameters in Parcel bundler (#444)

[4.4.2] - 2025-02-12

Fixed

• Fix regular expression for parsing quoted values in parentheses

[4.4.0] - 2024-06-05

Added

• Add support for CSS @starting-style at-rule (#319)

[4.3.3] - 2024-01-24

Changed

• Update package export configuration (#271)

[4.3.2] - 2023-11-28

Security

• Fix ReDoS vulnerability with crafted CSS strings - CVE-2023-48631

Fixed

... (truncated)

Commits

• See full diff in compare view

Updates app-builder-lib from 24.6.4 to 24.13.3

Changelog

Sourced from app-builder-lib's changelog.

24.13.3

Patch Changes

• #8086 e6f1bebd Thanks @​Allan-Kerr! - fix(msi): build emulated arm64 MSI installers as stopgap until electron-builder-binaries wix version is updated

• #8090 2c147add Thanks @​mmaietta! - fix(mac): sign NSIS on mac

• #8067 18340eef Thanks @​mmaietta! - fix(deb): soft symlink instead of hardlink to handle when /opt is on a separate partition

• Updated dependencies []:

  • [email protected]
  • [email protected]

24.13.2

Patch Changes

• #8059 8f4acff3 Thanks @​mmaietta! - fix: execute %SYSTEMROOT% cmd.exe directly during NSIS installer

• #8071 eb296c9b Thanks @​mmaietta! - fix(pkg): provide BundlePreInstallScriptPath and/or BundlePostInstallScriptPath when a pre/postinstall script is provided to pkg installer

• #8069 538dd86b Thanks @​lutzroeder! - fix: use pathToFileUrl for hooks for Windows ES module support

• #8065 5681777a Thanks @​mmaietta! - fix(mac): only skip notarization step when notarize is explicitly false

• Updated dependencies []:

  • [email protected]
  • [email protected]

24.13.1

Patch Changes

• #8052 6a4f605f Thanks @​taozhou-glean! - fix: add dmg-builder and squirrel-windows to peer dependency for pnpm

• #8057 ccbb80de Thanks @​mmaietta! - chore: upgrading connected dependencies (typescript requires higher eslint version)

• Updated dependencies [ccbb80de]:

  • [email protected]
  • [email protected]
  • [email protected]
  • [email protected]
  • [email protected]

24.13.0

Minor Changes

• #8043 bb4a8c09 Thanks @​mmaietta! - feat: allow onNodeModuleFile to return a boolean to force include the package to be copied

... (truncated)

Commits

• cb335ec chore(deploy): Release v24.13.3 ([email protected]) (#8084)
• 2c147ad fix(mac): signing NSIS on mac (#8090)
• 18340ee fix(deb): only execute update-desktop-database and update-mime-database w...
• e6f1beb feat(msi): build emulated arm64 MSI installers (#8086)
• 5f0804f chore(deploy): Release 24.13.2 (#8060)
• eb296c9 fix(pkg): provide BundlePreInstallScriptPath and/or `BundlePostInstallScrip...
• 538dd86 fix: use pathToFileUrl for hooks for Windows ES module support (#8069)
• 5681777 fix(mac): only skip notarization step when notarize is explicitly false (#8...
• 8f4acff fix: execute %SYSTEMROOT% cmd.exe directly during NSIS installer (#8059)
• 8965608 chore(deploy): Release v24.13.1 ([email protected]) (#8056)
• Additional commits viewable in compare view

Updates axios from 1.7.2 to 1.13.2

Release notes

Sourced from axios's releases.

Release v1.13.2

Release notes:

Bug Fixes

• http: fix 'socket hang up' bug for keep-alive requests when using timeouts; (#7206) (8d37233)
• http: use default export for http2 module to support stubs; (#7196) (0588880)

Performance Improvements

• http: fix early loop exit; (#7202) (12c314b)

Contributors to this release

• Dmitriy Mozgovoy
• Kasper Isager Dalsgarð

Release v1.13.1

Release notes:

Bug Fixes

• http: fixed a regression that caused the data stream to be interrupted for responses with non-OK HTTP statuses; (#7193) (bcd5581)

Contributors to this release

• Anchal Singh
• Dmitriy Mozgovoy

Release v1.13.0

Release notes:

Bug Fixes

• fetch: prevent TypeError when config.env is undefined (#7155) (015faec)
• resolve issue #7131 (added spacing in mergeConfig.js) (#7133) (9b9ec98)

Features

• http: add HTTP2 support; (#7150) (d676df7)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi
• Aviraj2929
• prasoon patel
• Samyak Dandge
• Anchal Singh
• Rahul Kumar
• Amit Verma

... (truncated)

Changelog

Sourced from axios's changelog.

1.13.2 (2025-11-04)

Bug Fixes

• http: fix 'socket hang up' bug for keep-alive requests when using timeouts; (#7206) (8d37233)
• http: use default export for http2 module to support stubs; (#7196) (0588880)

Performance Improvements

• http: fix early loop exit; (#7202) (12c314b)

Contributors to this release

• Dmitriy Mozgovoy
• Kasper Isager Dalsgarð

1.13.1 (2025-10-28)

Bug Fixes

• http: fixed a regression that caused the data stream to be interrupted for responses with non-OK HTTP statuses; (#7193) (bcd5581)

Contributors to this release

• Anchal Singh
• Dmitriy Mozgovoy

1.13.0 (2025-10-27)

Bug Fixes

• fetch: prevent TypeError when config.env is ...

  Description has been truncated