Skip to content

build(deps): bump the npm_and_yarn group across 7 directories with 4 updates#49

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/pkgs/applications/editors/uivonim/npm_and_yarn-c87c441b5e
Open

build(deps): bump the npm_and_yarn group across 7 directories with 4 updates#49
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/pkgs/applications/editors/uivonim/npm_and_yarn-c87c441b5e

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 3, 2026

Bumps the npm_and_yarn group with 1 update in the /pkgs/applications/editors/uivonim directory: electron.
Bumps the npm_and_yarn group with 1 update in the /pkgs/applications/networking/browsers/vieb directory: electron.
Bumps the npm_and_yarn group with 1 update in the /pkgs/applications/networking/instant-messengers/deltachat-desktop directory: electron.
Bumps the npm_and_yarn group with 1 update in the /pkgs/applications/office/micropad directory: electron.
Bumps the npm_and_yarn group with 1 update in the /pkgs/servers/web-apps/lemmy directory: serialize-javascript.
Bumps the npm_and_yarn group with 1 update in the /pkgs/tools/admin/meshcentral directory: node-forge.
Bumps the npm_and_yarn group with 1 update in the /pkgs/tools/admin/pgadmin directory: handlebars.

Updates electron from 12.0.9 to 39.8.4

Release notes

Sourced from electron's releases.

electron v39.8.4

Release Notes for v39.8.4

Fixes

  • Fixed an issue where nodeIntegrationInWorker overrides in setWindowOpenHandler were not honored for child windows sharing a renderer process with their opener. #50468 (Also in 38, 40, 41)
  • Fixed crash when handling JavaScript dialogs from windows opened with invalid or empty URLs. #50400 (Also in 40, 41, 42)
  • Fixed improper focus tracking in BaseWindow on MacOS. #50338 (Also in 40, 41, 42)
  • Fixed window freeze when failing to enter/exit fullscreen on macOS. #50341 (Also in 40, 41, 42)

Other Changes

  • Added support for using a proxy during yarn install. #50349 (Also in 40, 41, 42)
  • Backported fix for 485935305. #50440
  • Backported fix for 489381399. #50443
  • Backported fix for chromium:475877320. #50436
  • Backported fixes for 484751092, 487117772. #50461

electron v39.8.3

Release Notes for v39.8.3

Fixes

  • Added additional ASAR support to additional fs copy methods. #50284 (Also in 40, 41, 42)
  • Fixed user resizing of transparent windows on win32 platform. #50300 (Also in 40, 41, 42)

electron v39.8.2

Release Notes for v39.8.2

Other Changes

  • Backported fix for b/491421267. #50230

electron v39.8.1

Release Notes for v39.8.1

Fixes

  • Added validation to protocol client methods to reject protocol names that do not conform to the RFC 3986 URI scheme grammar. #50156 (Also in 38, 40, 41)
  • Fixed an issue on macOS where calling autoUpdater.quitAndInstall() could fail if checkForUpdates() was called again after an update was already downloaded. #50215 (Also in 40, 41)
  • Fixed an issue where Chrome Devtools menus may not appear in certain embedded windows. #50136 (Also in 40, 41)
  • Fixed an issue where additionalData passed to app.requestSingleInstanceLock on Windows could be truncated or fail to deserialize in the primary instance's second-instance event. #50174 (Also in 38, 40, 41)
  • Fixed an issue where screen.getCursorScreenPoint() crashed on Wayland when it was called before a BrowserWindow had been created. #50106 (Also in 40, 41)
  • Fixed an issue where calling setBounds on a WebContentsView could trigger redundant page-favicon-updated events even when the favicon had not changed. #50086 (Also in 40, 41)
  • Fixed an issue where invalid characters in custom protocol or webRequest response header values were not rejected. #50129 (Also in 38, 40, 41)
  • Fixed an issue where permission and device-chooser handlers received the top-level page origin instead of the requesting subframe's origin. #50147 (Also in 38, 40, 41)
  • Fixed an issue where traffic light buttons would flash at position (0,0) when restoring a window with a custom trafficLightPosition from minimization on macOS. #50208 (Also in 40, 41)
  • Fixed bug where opening a message box immediately upon closing a child window may cause the parent window to freeze on Windows. #50190 (Also in 40, 41)
  • Fixed menu bar hiding after a call to win.setFullScreen(false) when not in fullscreen on Linux. #49995 (Also in 40, 41)
  • Fixed shutdown crash on windows when hidden titlebar is enabled. #50054 (Also in 40, 41)
  • Reverted AltGr key fix that caused menu bar to no longer show on Windows. #50109 (Also in 40, 41)

... (truncated)

Commits
  • 7007907 chore: cherry-pick 3 changes from chromium (#50461)
  • 2c8b6ee chore: cherry-pick fbfb27470bf6 from chromium (#50436)
  • 4c64377 chore: cherry-pick 50b057660b4d from chromium (#50440)
  • 0ef0561 fix: read nodeIntegrationInWorker from per-frame WebPreferences (#50122) (#50...
  • 64373df chore: cherry-pick 074d472db745 from chromium (#50443)
  • 13e4407 fix: don't re-parse URL unnecessarily when handling dialogs (#50400)
  • 16a0385 ci: output build cache hit rate as GHA annotation (#50369)
  • 00a492d chore: Respect HTTP(S) proxy env variable for Yarn (#50349)
  • 290a77b fix: correctly track BaseWindow::IsActive() on MacOS (#50338)
  • 87baa17 fix: ensure WebContents::WasShown runs when window is shown (#50341)
  • Additional commits viewable in compare view

Updates electron from 17.0.1 to 39.8.4

Release notes

Sourced from electron's releases.

electron v39.8.4

Release Notes for v39.8.4

Fixes

  • Fixed an issue where nodeIntegrationInWorker overrides in setWindowOpenHandler were not honored for child windows sharing a renderer process with their opener. #50468 (Also in 38, 40, 41)
  • Fixed crash when handling JavaScript dialogs from windows opened with invalid or empty URLs. #50400 (Also in 40, 41, 42)
  • Fixed improper focus tracking in BaseWindow on MacOS. #50338 (Also in 40, 41, 42)
  • Fixed window freeze when failing to enter/exit fullscreen on macOS. #50341 (Also in 40, 41, 42)

Other Changes

  • Added support for using a proxy during yarn install. #50349 (Also in 40, 41, 42)
  • Backported fix for 485935305. #50440
  • Backported fix for 489381399. #50443
  • Backported fix for chromium:475877320. #50436
  • Backported fixes for 484751092, 487117772. #50461

electron v39.8.3

Release Notes for v39.8.3

Fixes

  • Added additional ASAR support to additional fs copy methods. #50284 (Also in 40, 41, 42)
  • Fixed user resizing of transparent windows on win32 platform. #50300 (Also in 40, 41, 42)

electron v39.8.2

Release Notes for v39.8.2

Other Changes

  • Backported fix for b/491421267. #50230

electron v39.8.1

Release Notes for v39.8.1

Fixes

  • Added validation to protocol client methods to reject protocol names that do not conform to the RFC 3986 URI scheme grammar. #50156 (Also in 38, 40, 41)
  • Fixed an issue on macOS where calling autoUpdater.quitAndInstall() could fail if checkForUpdates() was called again after an update was already downloaded. #50215 (Also in 40, 41)
  • Fixed an issue where Chrome Devtools menus may not appear in certain embedded windows. #50136 (Also in 40, 41)
  • Fixed an issue where additionalData passed to app.requestSingleInstanceLock on Windows could be truncated or fail to deserialize in the primary instance's second-instance event. #50174 (Also in 38, 40, 41)
  • Fixed an issue where screen.getCursorScreenPoint() crashed on Wayland when it was called before a BrowserWindow had been created. #50106 (Also in 40, 41)
  • Fixed an issue where calling setBounds on a WebContentsView could trigger redundant page-favicon-updated events even when the favicon had not changed. #50086 (Also in 40, 41)
  • Fixed an issue where invalid characters in custom protocol or webRequest response header values were not rejected. #50129 (Also in 38, 40, 41)
  • Fixed an issue where permission and device-chooser handlers received the top-level page origin instead of the requesting subframe's origin. #50147 (Also in 38, 40, 41)
  • Fixed an issue where traffic light buttons would flash at position (0,0) when restoring a window with a custom trafficLightPosition from minimization on macOS. #50208 (Also in 40, 41)
  • Fixed bug where opening a message box immediately upon closing a child window may cause the parent window to freeze on Windows. #50190 (Also in 40, 41)
  • Fixed menu bar hiding after a call to win.setFullScreen(false) when not in fullscreen on Linux. #49995 (Also in 40, 41)
  • Fixed shutdown crash on windows when hidden titlebar is enabled. #50054 (Also in 40, 41)
  • Reverted AltGr key fix that caused menu bar to no longer show on Windows. #50109 (Also in 40, 41)

... (truncated)

Commits
  • 7007907 chore: cherry-pick 3 changes from chromium (#50461)
  • 2c8b6ee chore: cherry-pick fbfb27470bf6 from chromium (#50436)
  • 4c64377 chore: cherry-pick 50b057660b4d from chromium (#50440)
  • 0ef0561 fix: read nodeIntegrationInWorker from per-frame WebPreferences (#50122) (#50...
  • 64373df chore: cherry-pick 074d472db745 from chromium (#50443)
  • 13e4407 fix: don't re-parse URL unnecessarily when handling dialogs (#50400)
  • 16a0385 ci: output build cache hit rate as GHA annotation (#50369)
  • 00a492d chore: Respect HTTP(S) proxy env variable for Yarn (#50349)
  • 290a77b fix: correctly track BaseWindow::IsActive() on MacOS (#50338)
  • 87baa17 fix: ensure WebContents::WasShown runs when window is shown (#50341)
  • Additional commits viewable in compare view

Updates electron from 18.3.15 to 41.1.1

Release notes

Sourced from electron's releases.

electron v39.8.4

Release Notes for v39.8.4

Fixes

  • Fixed an issue where nodeIntegrationInWorker overrides in setWindowOpenHandler were not honored for child windows sharing a renderer process with their opener. #50468 (Also in 38, 40, 41)
  • Fixed crash when handling JavaScript dialogs from windows opened with invalid or empty URLs. #50400 (Also in 40, 41, 42)
  • Fixed improper focus tracking in BaseWindow on MacOS. #50338 (Also in 40, 41, 42)
  • Fixed window freeze when failing to enter/exit fullscreen on macOS. #50341 (Also in 40, 41, 42)

Other Changes

  • Added support for using a proxy during yarn install. #50349 (Also in 40, 41, 42)
  • Backported fix for 485935305. #50440
  • Backported fix for 489381399. #50443
  • Backported fix for chromium:475877320. #50436
  • Backported fixes for 484751092, 487117772. #50461

electron v39.8.3

Release Notes for v39.8.3

Fixes

  • Added additional ASAR support to additional fs copy methods. #50284 (Also in 40, 41, 42)
  • Fixed user resizing of transparent windows on win32 platform. #50300 (Also in 40, 41, 42)

electron v39.8.2

Release Notes for v39.8.2

Other Changes

  • Backported fix for b/491421267. #50230

electron v39.8.1

Release Notes for v39.8.1

Fixes

  • Added validation to protocol client methods to reject protocol names that do not conform to the RFC 3986 URI scheme grammar. #50156 (Also in 38, 40, 41)
  • Fixed an issue on macOS where calling autoUpdater.quitAndInstall() could fail if checkForUpdates() was called again after an update was already downloaded. #50215 (Also in 40, 41)
  • Fixed an issue where Chrome Devtools menus may not appear in certain embedded windows. #50136 (Also in 40, 41)
  • Fixed an issue where additionalData passed to app.requestSingleInstanceLock on Windows could be truncated or fail to deserialize in the primary instance's second-instance event. #50174 (Also in 38, 40, 41)
  • Fixed an issue where screen.getCursorScreenPoint() crashed on Wayland when it was called before a BrowserWindow had been created. #50106 (Also in 40, 41)
  • Fixed an issue where calling setBounds on a WebContentsView could trigger redundant page-favicon-updated events even when the favicon had not changed. #50086 (Also in 40, 41)
  • Fixed an issue where invalid characters in custom protocol or webRequest response header values were not rejected. #50129 (Also in 38, 40, 41)
  • Fixed an issue where permission and device-chooser handlers received the top-level page origin instead of the requesting subframe's origin. #50147 (Also in 38, 40, 41)
  • Fixed an issue where traffic light buttons would flash at position (0,0) when restoring a window with a custom trafficLightPosition from minimization on macOS. #50208 (Also in 40, 41)
  • Fixed bug where opening a message box immediately upon closing a child window may cause the parent window to freeze on Windows. #50190 (Also in 40, 41)
  • Fixed menu bar hiding after a call to win.setFullScreen(false) when not in fullscreen on Linux. #49995 (Also in 40, 41)
  • Fixed shutdown crash on windows when hidden titlebar is enabled. #50054 (Also in 40, 41)
  • Reverted AltGr key fix that caused menu bar to no longer show on Windows. #50109 (Also in 40, 41)

... (truncated)

Commits
  • 7007907 chore: cherry-pick 3 changes from chromium (#50461)
  • 2c8b6ee chore: cherry-pick fbfb27470bf6 from chromium (#50436)
  • 4c64377 chore: cherry-pick 50b057660b4d from chromium (#50440)
  • 0ef0561 fix: read nodeIntegrationInWorker from per-frame WebPreferences (#50122) (#50...
  • 64373df chore: cherry-pick 074d472db745 from chromium (#50443)
  • 13e4407 fix: don't re-parse URL unnecessarily when handling dialogs (#50400)
  • 16a0385 ci: output build cache hit rate as GHA annotation (#50369)
  • 00a492d chore: Respect HTTP(S) proxy env variable for Yarn (#50349)
  • 290a77b fix: correctly track BaseWindow::IsActive() on MacOS (#50338)
  • 87baa17 fix: ensure WebContents::WasShown runs when window is shown (#50341)
  • Additional commits viewable in compare view

Updates electron from 17.1.2 to 39.8.4

Release notes

Sourced from electron's releases.

electron v39.8.4

Release Notes for v39.8.4

Fixes

  • Fixed an issue where nodeIntegrationInWorker overrides in setWindowOpenHandler were not honored for child windows sharing a renderer process with their opener. #50468 (Also in 38, 40, 41)
  • Fixed crash when handling JavaScript dialogs from windows opened with invalid or empty URLs. #50400 (Also in 40, 41, 42)
  • Fixed improper focus tracking in BaseWindow on MacOS. #50338 (Also in 40, 41, 42)
  • Fixed window freeze when failing to enter/exit fullscreen on macOS. #50341 (Also in 40, 41, 42)

Other Changes

  • Added support for using a proxy during yarn install. #50349 (Also in 40, 41, 42)
  • Backported fix for 485935305. #50440
  • Backported fix for 489381399. #50443
  • Backported fix for chromium:475877320. #50436
  • Backported fixes for 484751092, 487117772. #50461

electron v39.8.3

Release Notes for v39.8.3

Fixes

  • Added additional ASAR support to additional fs copy methods. #50284 (Also in 40, 41, 42)
  • Fixed user resizing of transparent windows on win32 platform. #50300 (Also in 40, 41, 42)

electron v39.8.2

Release Notes for v39.8.2

Other Changes

  • Backported fix for b/491421267. #50230

electron v39.8.1

Release Notes for v39.8.1

Fixes

  • Added validation to protocol client methods to reject protocol names that do not conform to the RFC 3986 URI scheme grammar. #50156 (Also in 38, 40, 41)
  • Fixed an issue on macOS where calling autoUpdater.quitAndInstall() could fail if checkForUpdates() was called again after an update was already downloaded. #50215 (Also in 40, 41)
  • Fixed an issue where Chrome Devtools menus may not appear in certain embedded windows. #50136 (Also in 40, 41)
  • Fixed an issue where additionalData passed to app.requestSingleInstanceLock on Windows could be truncated or fail to deserialize in the primary instance's second-instance event. #50174 (Also in 38, 40, 41)
  • Fixed an issue where screen.getCursorScreenPoint() crashed on Wayland when it was called before a BrowserWindow had been created. #50106 (Also in 40, 41)
  • Fixed an issue where calling setBounds on a WebContentsView could trigger redundant page-favicon-updated events even when the favicon had not changed. #50086 (Also in 40, 41)
  • Fixed an issue where invalid characters in custom protocol or webRequest response header values were not rejected. #50129 (Also in 38, 40, 41)
  • Fixed an issue where permission and device-chooser handlers received the top-level page origin instead of the requesting subframe's origin. #50147 (Also in 38, 40, 41)
  • Fixed an issue where traffic light buttons would flash at position (0,0) when restoring a window with a custom trafficLightPosition from minimization on macOS. #50208 (Also in 40, 41)
  • Fixed bug where opening a message box immediately upon closing a child window may cause the parent window to freeze on Windows. #50190 (Also in 40, 41)
  • Fixed menu bar hiding after a call to win.setFullScreen(false) when not in fullscreen on Linux. #49995 (Also in 40, 41)
  • Fixed shutdown crash on windows when hidden titlebar is enabled. #50054 (Also in 40, 41)
  • Reverted AltGr key fix that caused menu bar to no longer show on Windows. #50109 (Also in 40, 41)

... (truncated)

Commits
  • 7007907 chore: cherry-pick 3 changes from chromium (#50461)
  • 2c8b6ee chore: cherry-pick fbfb27470bf6 from chromium (#50436)
  • 4c64377 chore: cherry-pick 50b057660b4d from chromium (#50440)
  • 0ef0561 fix: read nodeIntegrationInWorker from per-frame WebPreferences (#50122) (#50...
  • 64373df chore: cherry-pick 074d472db745 from chromium (#50443)
  • 13e4407 fix: don't re-parse URL unnecessarily when handling dialogs (#50400)
  • 16a0385 ci: output build cache hit rate as GHA annotation (#50369)
  • 00a492d chore: Respect HTTP(S) proxy env variable for Yarn (#50349)
  • 290a77b fix: correctly track BaseWindow::IsActive() on MacOS (#50338)
  • 87baa17 fix: ensure WebContents::WasShown runs when window is shown (#50341)
  • Additional commits viewable in compare view

Updates serialize-javascript from 6.0.2 to 7.0.5

Release notes

Sourced from serialize-javascript's releases.

v7.0.5

Fixes

  • Improve robustness and validation for array-like object serialization.
  • Fix an issue where certain object structures could lead to excessive CPU usage.

For more details, please see GHSA-qj8w-gfj5-8c6v.

v7.0.4

What's Changed

Full Changelog: yahoo/serialize-javascript@v7.0.3...v7.0.4

v7.0.3

  • fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207) 2e609d0
  • build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#206) 42b7cdb

yahoo/serialize-javascript@v7.0.2...v7.0.3

v7.0.2

What's Changed

Full Changelog: yahoo/serialize-javascript@v7.0.1...v7.0.2

v7.0.1

What's Changed

New Contributors

Full Changelog: yahoo/serialize-javascript@v7.0.0...v7.0.1

v7.0.0

Breaking Changes

  • requires Node.js v20+

What's Changed

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for serialize-javascript since your current version.


Updates node-forge from 1.3.1 to 1.4.0

Changelog

Sourced from node-forge's changelog.

1.4.0 - 2026-03-24

Security

  • HIGH: Denial of Service in BigInteger.modInverse()
    • A Denial of Service (DoS) vulnerability exists due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU.
    • Reported by Kr0emer.
    • CVE ID: CVE-2026-33891
    • GHSA ID: GHSA-5gfm-wpxj-wjgq
  • HIGH: Signature forgery in RSA-PKCS due to ASN.1 extra field.
    • RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing "garbage" bytes within the ASN.1 structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This issue is similar to CVE-2022-24771, but adds bytes in an addition field within the ASN.1 structure, rather than outside of it.
    • Additionally, forge does not validate that signatures include a minimum of 8 bytes of padding as defined by the specification, providing attackers additional space to construct Bleichenbacher forgeries.
    • Reported as part of a U.C. Berkeley security research project by:
      • Austin Chu, Sohee Kim, and Corban Villa.
    • CVE ID: CVE-2026-33894
    • GHSA ID: GHSA-ppp5-5v6c-4jwp
  • HIGH: Signature forgery in Ed25519 due to missing S < L check.
    • Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order (S >= L). A valid signature and its S + L variant both verify in forge, while Node.js crypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the specification. This class of signature malleability has been exploited in practice to bypass authentication and authorization logic (see CVE-2026-25793, CVE-2022-35961). Applications relying on signature uniqueness (i.e., dedup by signature bytes, replay tracking, signed-object canonicalization checks) may be bypassed.
    • Reported as part of a U.C. Berkeley security research project by:
      • Austin Chu, Sohee Kim, and Corban Villa.
    • CVE ID: CVE-2026-33895
    • GHSA ID: GHSA-q67f-28xg-22rw
  • HIGH: basicConstraints bypass in certificate chain verification.
    • pki.verifyCertificateChain() does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions. This allows any leaf certificate (without these extensions) to act as a CA and sign other certificates, which node-forge will accept as valid.
    • Reported by Doruk Tan Ozturk (@​peaktwilight) - doruk.ch
    • CVE ID: CVE-2026-33896
    • GHSA ID: GHSA-2328-f5f3-gj25

... (truncated)

Commits

@dependabot
build(deps): bump the npm_and_yarn group across 7 directories with 4 …
b40853a 
…updates

Bumps the npm_and_yarn group with 1 update in the /pkgs/applications/editors/uivonim directory: [electron](https://github.com/electron/electron).
Bumps the npm_and_yarn group with 1 update in the /pkgs/applications/networking/browsers/vieb directory: [electron](https://github.com/electron/electron).
Bumps the npm_and_yarn group with 1 update in the /pkgs/applications/networking/instant-messengers/deltachat-desktop directory: [electron](https://github.com/electron/electron).
Bumps the npm_and_yarn group with 1 update in the /pkgs/applications/office/micropad directory: [electron](https://github.com/electron/electron).
Bumps the npm_and_yarn group with 1 update in the /pkgs/servers/web-apps/lemmy directory: [serialize-javascript](https://github.com/yahoo/serialize-javascript).
Bumps the npm_and_yarn group with 1 update in the /pkgs/tools/admin/meshcentral directory: [node-forge](https://github.com/digitalbazaar/forge).
Bumps the npm_and_yarn group with 1 update in the /pkgs/tools/admin/pgadmin directory: [handlebars](https://github.com/handlebars-lang/handlebars.js).


Updates `electron` from 12.0.9 to 39.8.4
- [Release notes](https://github.com/electron/electron/releases)
- [Commits](electron/electron@v12.0.9...v39.8.4)

Updates `electron` from 17.0.1 to 39.8.4
- [Release notes](https://github.com/electron/electron/releases)
- [Commits](electron/electron@v12.0.9...v39.8.4)

Updates `electron` from 18.3.15 to 41.1.1
- [Release notes](https://github.com/electron/electron/releases)
- [Commits](electron/electron@v12.0.9...v39.8.4)

Updates `electron` from 17.1.2 to 39.8.4
- [Release notes](https://github.com/electron/electron/releases)
- [Commits](electron/electron@v12.0.9...v39.8.4)

Updates `serialize-javascript` from 6.0.2 to 7.0.5
- [Release notes](https://github.com/yahoo/serialize-javascript/releases)
- [Commits](yahoo/serialize-javascript@v6.0.2...v7.0.5)

Updates `node-forge` from 1.3.1 to 1.4.0
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@v1.3.1...v1.4.0)

Updates `handlebars` from 4.7.7 to 4.7.9
- [Release notes](https://github.com/handlebars-lang/handlebars.js/releases)
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md)
- [Commits](handlebars-lang/handlebars.js@v4.7.7...v4.7.9)

---
updated-dependencies:
- dependency-name: electron
  dependency-version: 39.8.4
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: electron
  dependency-version: 39.8.4
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: electron
  dependency-version: 41.1.1
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: electron
  dependency-version: 39.8.4
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: serialize-javascript
  dependency-version: 7.0.5
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: node-forge
  dependency-version: 1.4.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: handlebars
  dependency-version: 4.7.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants