chore(deps-dev): bump electron from 40.6.0 to 40.8.0 #27

	name: Security

	on:
	pull_request:
	push:
	branches: [master]

	permissions:
	contents: read
	pull-requests: read

	jobs:
	gitleaks:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- name: Gitleaks scan
	uses: gitleaks/gitleaks-action@v2
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	dependency-review:
	if: github.event_name == 'pull_request' && vars.ENABLE_DEPENDENCY_REVIEW == 'true'
	runs-on: ubuntu-latest
	permissions:
	contents: read
	pull-requests: read
	steps:
	- uses: actions/checkout@v4
	- uses: actions/dependency-review-action@v4

	audit:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: pnpm/action-setup@v4
	- uses: actions/setup-node@v4
	with:
	node-version: 20
	cache: pnpm
	- run: pnpm install --frozen-lockfile
	- name: pnpm audit
	shell: bash
	run: \|
	set +e
	output="$(pnpm audit --audit-level moderate 2>&1)"
	status=$?
	set -e

	echo "$output"

	if [ "$status" -eq 0 ]; then
	exit 0
	fi

	# npm audit API occasionally returns 500 and pnpm surfaces it as
	# ERR_PNPM_AUDIT_BAD_RESPONSE. Do not fail CI for transient upstream outages.
	if echo "$output" \| grep -q "ERR_PNPM_AUDIT_BAD_RESPONSE"; then
	echo "Skipping failure due to transient npm audit endpoint outage."
	exit 0
	fi

	# Preserve failures for real audit findings or other errors.
	exit "$status"

Provide feedback