Update electron and electron-build version to 28.2.2 and 24.9.1 respectively #186
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updating electron and electron-build to the current latest, 28.2.2 and 24.9.1
There were breaking changes introduced with v20 of electron where renderers are sandboxed by default
Given that the application was not sandboxed originally, I have two paths forward:
isAddress
was not originally aPromise
but expected a return value. It is now a Two-way IPC request which requires aPromise
: https://www.electronjs.org/docs/latest/tutorial/ipcshellOpenExternal
was not used so I removed itAfter doing a few rounds of testing the only graphical regression I noticed was specific to the recently added Online alert pulsing animation where the box-shadow was no longer rounded. Minimal but easy enough to update.
I didn't notice any other regressions with my testing.
Note: I am updating
package.json
but I will not commityarn.lock
and this will need to be updated separately or appended to this PR. This is because the amount of changes to that file are non-trivial and me committing it would open the application to a potential dependency injection attack if not thoroughly investigated. Upgrading to yarn v4 would remove this attack vector: yarnpkg/berry#4136For now I feel it is best to continue having the primary contributors the only trusted individuals to update that file until yarn is updated.
Fixes #181