Skip to content

Bump electron from 40.0.0 to 43.0.0#95

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/electron-43.0.0
Open

Bump electron from 40.0.0 to 43.0.0#95
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/electron-43.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown

Bumps electron from 40.0.0 to 43.0.0.

Release notes

Sourced from electron's releases.

electron v43.0.0

Release Notes for v43.0.0

Stack Upgrades

Breaking Changes

  • File downloads will open by default in the user's Downloads folder (or Home directory if Downloads doesn't exist). #49868
  • Fix: If a nativeImage was passed an image with a color profile, its pixel values will now be normalized to SRGB. This ensures that two visually identical images after color space application will receive similar pixel values when converted to a nativeImage. #51565
  • On Linux, frameless windows now have rounded corners by default, just like on macOS and Windows. Rounded corners can be disabled on all platforms by setting roundedCorners: false on the window. #52111
  • Removed showHiddenFiles support from the dialog API on Linux. #51880

Features

Additions

  • Added Clone method to WebContents. #49959
  • Added JS stack trace to crash reports on renderer OOM. #50043 (Also in 42)
  • Added Linux support for app.getApplicationInfoForProtocol(). #51297 (Also in 42)
  • Added Notification.remove(), removeAll(), and removeGroup() static methods for macOS. #51690 (Also in 42)
  • Added Notification.getHistory() for macOS, allowing developers to restore all delivered notifications still present in Notification Center. #50325 (Also in 42)
  • Added accessibilityLabel property to MenuItem constructor options and properties for defining screen-reader-friendly labels. #50240
  • Added allowExtensions privilege to protocol.registerSchemesAsPrivileged() to enable Chrome extensions on custom protocols. #49951 (Also in 40, 41, 42)
  • Added app.configureWebAuthn() to enable the Touch ID platform authenticator for WebAuthn on macOS, and a select-webauthn-account session event for choosing between multiple discoverable credentials. #51255 (Also in 41, 42)
  • Added globalShortcut.setSuspended() and globalShortcut.isSuspended() methods to temporarily suspend and resume global shortcut handling. #50425 (Also in 42)
  • Added id and groupId options to the Notification constructor on macOS. id allows custom identifiers for notifications, and groupId visually groups notifications together in Notification Center. #50097 (Also in 42)
  • Added nv12 OSR pixel format support for professional use. #49799
  • Added view.setBackgroundBlur. #51076
  • Added webContents.copyVideoFrameAt(x, y) and webContents.saveVideoFrameAs(x, y) methods. #48149
  • Added id, groupId, and groupTitle support for Windows notifications. #50328 (Also in 42)
  • Added nativeTheme.shouldDifferentiateWithoutColor on macOS. #49912 (Also in 41, 42)
  • Added session support to net module requests from utility process. #51279 (Also in 42)
  • Added support for heap profiling via contentTracing.enableHeapProfiling(). #50826 (Also in 41, 42)
  • Added support for importing shared textures using the nv16 pixel format. #50728 (Also in 42)
  • Added support for the urgency option in Notifications on Windows. #50225 (Also in 41, 42)
  • Added support for using a proxy during yarn install. #50322 (Also in 39, 40, 41, 42)
  • Allowed the --experimental-inspector-network-resource Node.js flag to be passed through Electron. #49689 (Also in 41, 42)
  • Enabled ThinLTO on macOS builds. #51819 (Also in 42)
  • Enabled profile-guided optimization for V8 builtins in release builds, improving JavaScript builtin performance (Array, String, RegExp, etc.). #50416 (Also in 40, 41, 42)
  • Feat: SF Symbol customisation. #48911
  • Fixed contentTracing module to capture Node.js trace categories. #50591

Improvements

  • Improved app startup performance — the main process now boots from an embedded Node.js startup snapshot, framework bundles and preload scripts are cached as compiled V8 bytecode, and sandboxed renderer startup data is pushed ahead of navigation instead of fetched via blocking IPC. Preload stack traces now show the correct file path and line number. #51792 (Also in 42)

... (truncated)

Commits
  • 5147ac2 test: fix lost-event race in custom-protocol-panel devtools fixture (#52194)
  • 765def3 ci: improve lint job code reuse (#52180)
  • 07f9757 fix: remove 1px frame background color from the top of frameless windows on L...
  • 2e29d7f build: register Electron.app with LaunchServices before macOS tests (#52186)
  • 3a77e4a fix: inherit iframe sandbox flags in windows opened on the OpenURL navigation...
  • 3846728 chore: bump chromium to 150.0.7871.46 (43-x-y) (#52123)
  • c0d5334 ci: calculate rerun apply patches date from first run attempt (#52075)
  • 4a2ff4b build: only run gn-typescript-definitions for default toolchain (#52165)
  • c3d3305 chore: cherry-pick 1 changes from chromium (#52168)
  • dad4f73 fix: use the registering session for ProtocolResponse.url requests (#52131)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note

Medium Risk
Major Electron upgrades affect the entire desktop shell (Chromium/Node ABI, downloads, and possible breaking API behavior). The unchanged rebuild:electron target (40.0.0) risks native module mismatch until aligned with 43.

Overview
Bumps the dev dependency electron from 40 to 43 in package.json and refreshes package-lock.json (root package version 0.0.70).

The lockfile reflects Electron’s newer install stack: @electron/get v5, @electron-internal/extract-zip instead of extract-zip, optional undici, and a Node ≥22.12 requirement for downloading/installing Electron. Several transitive packages tied to the old download path (e.g. global-agent, got, yauzl) drop out of the tree; semver is consolidated at 7.8.5 in places that previously nested 7.7.3.

This is a major Electron jump (Chromium/Node/V8 upgrades per upstream release notes), so runtime and packaging behavior can change even though application source is untouched in this diff. rebuild:electron still sets npm_config_target=40.0.0 for better-sqlite3; that script was not updated in this PR and may need to match 43.0.0 for native rebuilds against the new runtime.

Reviewed by Cursor Bugbot for commit eed0b1d. Bugbot is set up for automated code reviews on this repo. Configure here.

Bumps [electron](https://github.com/electron/electron) from 40.0.0 to 43.0.0.
- [Release notes](https://github.com/electron/electron/releases)
- [Commits](electron/electron@v40.0.0...v43.0.0)

---
updated-dependencies:
- dependency-name: electron
  dependency-version: 43.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 1, 2026

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes using high effort and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit eed0b1d. Configure here.

Comment thread package.json
"@tailwindcss/cli": "^4.1.18",
"canvas-confetti": "^1.9.4",
"electron": "^40.0.0",
"electron": "^43.0.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale Electron rebuild target

High Severity

The electron dependency was updated to ^43.0.0, but the rebuild:electron script still targets Electron 40. This causes native modules like better-sqlite3 to be built for the wrong ABI, leading to loading failures or crashes when running the app with Electron 43. This affects start, dev, and test:e2e scripts.

Additional Locations (1)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit eed0b1d. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants