Skip to content

Bump qs and electron#33

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/multi-7b49dd01f2
Open

Bump qs and electron#33
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/multi-7b49dd01f2

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Mar 11, 2026

Removes qs. It's no longer used after updating ancestor dependency electron. These dependencies need to be updated together.

Removes qs

Updates electron from 3.0.8 to 41.0.0

Release notes

Sourced from electron's releases.

electron v41.0.0

Release Notes for v41.0.0

Stack Upgrades

Breaking Changes

  • Fixed an issue where cookie changed events weren't properly emitted in all cases. #49631

For breaking changes inherited via Chromium, see blog post

Features

Additions

  • Added --disable-geolocation command-line flag for macOS apps to disable location services. #45934
  • Added NV12 support for import shared texture. #48922 (Also in 40)
  • Added webContents.getOrCreateDevToolsTargetId(). #50176
  • Added a disclaim option to the UtilityProcess API to allow for TCC disclaiming on macOS. #49693 (Also in 39, 40)
  • Added a reason property to the Notification 'closed' event on Windows to allow developers to know the reason the Notification was dismissed. #50029 (Also in 40)
  • Added additional defence against privileged user modifications to ASAR Integrity protected applications on macOS. #48587
  • Added an usePrinterDefaultPageSize option to webContents.print() to allow using the printer's default page size. #49812
  • Added bypassCustomProtocolHandlers option to net.request. #47331 (Also in 38, 39, 40)
  • Added support for MSIX auto-updating. #49586 (Also in 39, 40)
  • Added support for WebSocket authentication through the login event on webContents. #48512 (Also in 39, 40)
  • Added support for --experimental-transform-types. #49882 (Also in 39, 40)
  • Added support for long-animation-frame script attribution (via --enable-features=AlwaysLogLOAFURL). #49773 (Also in 39, 40)
  • Added support to import external shared texture as VideoFrame. #47317 (Also in 40)
  • Added the ability to disable auto-focusing of WebContents on navigation using webPreferences.focusOnNavigation. #49511 (Also in 40)
  • Enable wasm trap handlers behind WasmTrapHandlers fuse. #49839
  • On Wayland (Linux), frameless windows now have GTK drop shadows and extended resize boundaries. To create fully frameless windows with no decorations, set hasShadow: false in the window constructor. #49885

Improvements

  • Extended actions support for Windows notifications to include buttons, select dropdowns, and replies. #49787 (Also in 40)
  • Refactored our MSIX updater code to use an upstream Chromium pattern and eliminates the need for special exception handling build flags. #49686 (Also in 39, 40)
  • Updated nativeImage.createFromNamedImage to support SF Symbol names. #48203 (Also in 39, 40)

Removed/Deprecated

  • DevTools errors are no longer printed to console. #49292 (Also in 40)

Fixes

  • Fixed CSS selector syntax in default app styles to properly apply animations to hero icons. #50033
  • Fixed ID of tray icons on Linux. #48675
  • Fixed an issue that caused the RGBAF16 shared texture format to have a keyed mutex on Windows. #49876
  • Fixed an issue where Squirrel.Mac's auto updater would fail to install new updates if the targetBundleURL was either not set or contained special characters. #49978

... (truncated)

Commits
  • 3678edf feat: WebContents.getOrCreateDevToolsTargetId() (#50176)
  • cb4d31a fix: bind offscreen paint callback to child WebContents (#50152)
  • 616a63b refactor: use WHATWG URL instead of url.parse (#50143)
  • e78e2ca fix: correct parsing of second-instance additionalData (#50154)
  • cea004c docs: fix ipc highlight lines (#50181)
  • a14f661 fix: read nodeIntegrationInWorker from per-frame WebPreferences (#50134)
  • 6435467 fix: validate protocol scheme names in setAsDefaultProtocolClient (#50155)
  • 15dd5dc fix: use requesting frame origin in permission helper and device choosers (#5...
  • 205cd53 fix: InspectorFrontendHost override in embedded windows (#50137)
  • 2c890e0 fix: validate response header names and values before AddHeader (#50132)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump qs and electron
4bea027 
Removes [qs](https://github.com/ljharb/qs). It's no longer used after updating ancestor dependency [electron](https://github.com/electron/electron). These dependencies need to be updated together.


Removes `qs`

Updates `electron` from 3.0.8 to 41.0.0
- [Release notes](https://github.com/electron/electron/releases)
- [Commits](electron/electron@v3.0.8...v41.0.0)

---
updated-dependencies:
- dependency-name: qs
  dependency-version: 
  dependency-type: indirect
- dependency-name: electron
  dependency-version: 41.0.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 11, 2026
@dependabot dependabot bot mentioned this pull request Mar 11, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants