Skip to content

chore(deps): bump electron to 37.3.0 fix #737 #753

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
zerob13 merged 1 commit into from
Aug 19, 2025
Merged

chore(deps): bump electron to 37.3.0 fix #737 #753

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@
"class-variance-authority": "^0.7.1",
"clsx": "^2.1.1",
"dompurify": "^3.2.6",
"electron": "^36.7.4",
"electron": "^37.3.0",
Copy link
Contributor

@coderabbitai coderabbitai bot Aug 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

Sanity checks for Electron 37 migration (native deps, security flags, deprecated APIs)

Before merge, please validate:

  • Native modules rebuilt against Electron 37: sharp, better-sqlite3-multiple-ciphers.
  • No usage of deprecated/insecure Electron patterns that could break with newer Chromium/Node.
  • Builds/package on all targets via electron-builder still succeed.

Run this sweep locally to spot common pitfalls:

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Scanning for remote module usage (should be absent):"
rg -nP -C2 '(require\(["\']electron["\']\)\.remote|from\s+["\']@electron/remote["\'])' || echo "OK: no remote module found"

echo -e "\nScanning for risky webPreferences (prefer contextIsolation: true, nodeIntegration: false, webviewTag: false):"
rg -nP -C2 'webPreferences\s*:\s*{[^}]*}' --type js --type ts --type tsx --type vue | rg -nP -C0 '(enableRemoteModule\s*:\s*true|contextIsolation\s*:\s*false|nodeIntegration\s*:\s*true|webviewTag\s*:\s*true)' || echo "OK: no risky flags found"

echo -e "\nList possible native modules that must rebuild for Electron 37 ABI:"
jq -r '.dependencies // {} | keys[]' package.json | rg -n 'sharp|better-sqlite3|node-api|sqlite3|ffi|node-pty|keytar' || true

echo -e "\nConfirm postinstall rebuild hook (electron-builder install-app-deps) present:"
rg -n 'electron-builder install-app-deps' package.json || echo "WARN: electron-builder rebuild hook not detected"

echo -e "\nTip: validate packaging on each platform:"
echo "  pnpm run build:win   | pnpm run build:mac   | pnpm run build:linux"

Length of output: 244

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Scanning for remote module usage (should be absent):"
# Use double quotes and escape inner quotes to avoid single-quote conflicts
rg -nP -C2 "(require\\([\"']electron[\"']\\)\\.remote|from\\s+[\"']@electron/remote[\"'])" || echo "OK: no remote module found"

echo -e "\nScanning for risky webPreferences (prefer contextIsolation: true, nodeIntegration: false, webviewTag: false):"
rg -nP -C2 "webPreferences\s*:\s*{[^}]*}" --type js --type ts --type tsx --type vue \
  | rg -nP -C0 "(enableRemoteModule\s*:\s*true|contextIsolation\s*:\s*false|nodeIntegration\s*:\s*true|webviewTag\s*:\s*true)" \
  || echo "OK: no risky flags found"

echo -e "\nList possible native modules that must rebuild for Electron 37 ABI:"
jq -r '.dependencies // {} | keys[]' package.json \
  | rg -E '^(sharp|better-sqlite3(-multiple-ciphers)?|node-api|sqlite3|ffi|node-pty|keytar)$' || true

echo -e "\nConfirm postinstall rebuild hook (electron-builder install-app-deps) present:"
rg -n '"electron-builder install-app-deps"' package.json || echo "WARN: electron-builder rebuild hook not detected"

echo -e "\nTip: validate packaging on each platform:"
echo "  pnpm run build:win   | pnpm run build:mac   | pnpm run build:linux"

Length of output: 2109

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "1) Scanning for deprecated remote module usage:"
rg -nP -C2 "(require\(['\"]electron['\"]\)\.remote|from\s+['\"]@electron/remote['\"])" || echo "✔ OK: no remote module found"

echo -e "\n2) Scanning for risky webPreferences flags:"
rg -nP -C2 "webPreferences\s*:\s*{[^}]*}" --glob "*.{js,ts,tsx,vue}" \
  | rg -nP "(enableRemoteModule\s*:\s*true|contextIsolation\s*:\s*false|nodeIntegration\s*:\s*true|webviewTag\s*:\s*true)" \
  && echo "⚠️ Risky flags detected above" || echo "✔ OK: no risky flags found"

echo -e "\n3) Checking for native modules needing rebuild (Electron 37 ABI):"
jq -r '.dependencies? | keys[]' package.json \
  | grep -E '^(sharp|better-sqlite3(-multiple-ciphers)?|node-api|sqlite3|ffi|node-pty|keytar)$' \
  && echo "⚠️ Native modules above must be rebuilt" || echo "✔ OK: none of the listed native modules present"

echo -e "\n4) Verifying postinstall hook for electron-builder rebuild:"
grep -n '"install-app-deps"' package.json \
  && echo "✔ electron-builder install-app-deps hook found" \
  || echo "⚠️ WARN: electron-builder rebuild hook not detected"

echo -e "\n\nNext steps: run packaging on each platform:"
echo "  pnpm run build:win   | pnpm run build:mac   | pnpm run build:linux"

Length of output: 1606

Critical: Rebuild native modules & add missing postinstall rebuild hook

✅ No deprecated remote module usage found
✅ No insecure webPreferences flags detected

⚠️ Native modules requiring Electron 37 ABI rebuild detected:
• better-sqlite3-multiple-ciphers
• sharp

⚠️ Postinstall hook for electron-builder install-app-deps is missing

Please address before merge:

  • Add or update your "postinstall" script in package.json to run electron-builder install-app-deps (ensures native modules are rebuilt automatically).
  • Manually rebuild sharp and better-sqlite3-multiple-ciphers against Electron 37 (e.g. pnpm rebuild sharp better-sqlite3-multiple-ciphers or via install-app-deps).
  • Verify packaging on all platforms:
    pnpm run build:win | pnpm run build:mac | pnpm run build:linux
🤖 Prompt for AI Agents 
In package.json around line 133, native modules (better-sqlite3-multiple-ciphers
and sharp) need rebuilding for Electron v37 and the project lacks a postinstall
hook to run electron-builder's install-app-deps; add or update the "postinstall"
script to run "electron-builder install-app-deps" so native modules are rebuilt
automatically, and after that run a manual rebuild (e.g., pnpm rebuild sharp
better-sqlite3-multiple-ciphers or run the postinstall) and verify packaging on
all platforms using pnpm run build:win | pnpm run build:mac | pnpm run
build:linux.

"electron-builder": "26.0.12",
"electron-vite": "^4.0.0",
"jsdom": "^26.1.0",
Expand Down
Loading