renovate(deps): update dependency electron to v15 [security]

[renovate[bot]]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
electron	2.0.18 -> 15.5.5

GitHub Vulnerability Alerts

CVE-2021-39184

Impact

This vulnerability allows a sandboxed renderer to request a "thumbnail" image of an arbitrary file on the user's system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases.

All current stable versions of Electron are affected.

Patches

This was fixed with #​30728, and the following Electron versions contain the fix:

• 15.0.0-alpha.10
• 14.0.0
• 13.3.0
• 12.1.0
• 11.5.0

Workarounds

If your app enables contextIsolation, this vulnerability is significantly more difficult for an attacker to exploit.

Further, if your app does not depend on the createThumbnailFromPath API, then you can simply disable the functionality. In the main process, before the 'ready' event:

delete require('electron').nativeImage.createThumbnailFromPath

For more information

If you have any questions or comments about this advisory, email us at [email protected].

CVE-2020-15096

Impact

Apps using contextIsolation are affected.

This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.

Workarounds

There are no app-side workarounds, you must update your Electron version to be protected.

Fixed Versions

• 9.0.0-beta.21
• 8.2.4
• 7.2.4
• 6.1.11

For more information

If you have any questions or comments about this advisory:

• Email us at [email protected]

CVE-2020-4075

Impact

The vulnerability allows arbitrary local file read by defining unsafe window options on a child window opened via window.open.

Workarounds

Ensure you are calling event.preventDefault() on all new-window events where the url or options is not something you expect.

Fixed Versions

• 9.0.0-beta.21
• 8.2.4
• 7.2.4

For more information

If you have any questions or comments about this advisory:

• Email us at [email protected]

CVE-2020-4077

Impact

Apps using both contextIsolation and contextBridge are affected.

This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.

Workarounds

There are no app-side workarounds, you must update your Electron version to be protected.

Fixed Versions

• 9.0.0-beta.21
• 8.2.4
• 7.2.4

For more information

If you have any questions or comments about this advisory:

• Email us at [email protected]

CVE-2020-4076

Impact

Apps using contextIsolation are affected.

This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.

Workarounds

There are no app-side workarounds, you must update your Electron version to be protected.

Fixed Versions

• 9.0.0-beta.21
• 8.2.4
• 7.2.4

Non-Impacted Versions

• 9.0.0-beta.*

For more information

If you have any questions or comments about this advisory:

• Email us at [email protected]

CVE-2022-21718

Impact

This vulnerability allows renderers to obtain access to a random bluetooth device via the web bluetooth API if the app has not configured a custom select-bluetooth-device event handler. The device that is accessed is random and the attacker would have no way of selecting a specific device.

All current stable versions of Electron are affected.

Patches

This has been patched and the following Electron versions contain the fix:

• 17.0.0-alpha.6
• 16.0.6
• 15.3.5
• 14.2.4
• 13.6.6

Workarounds

Adding this code to your app can workaround the issue.

app.on('web-contents-created', (event, webContents) => {
  webContents.on('select-bluetooth-device', (event, devices, callback) => {
    // Prevent default behavior
    event.preventDefault();
    // Cancel the request
    callback('');
  });
});

For more information If you have any questions or comments about this advisory, email us at [email protected].

CVE-2022-29247

Impact

This vulnerability allows a renderer with JS execution to obtain access to a new renderer process with nodeIntegrationInSubFrames enabled which in turn allows effective access to ipcRenderer.

Please note the misleadingly named nodeIntegrationInSubFrames option does not implicitly grant Node.js access rather it depends on the existing sandbox setting. If your application is sandboxed then nodeIntegrationInSubFrames just gives access to the sandboxed renderer APIs (which includes ipcRenderer).

If your application then additionally exposes IPC messages without IPC senderFrame validation that perform privileged actions or return confidential data this access to ipcRenderer can in turn compromise your application / user even with the sandbox enabled.

Patches

This has been patched and the following Electron versions contain the fix:

• 18.0.0-beta.6
• 17.2.0
• 16.2.6
• 15.5.5

Workarounds

Ensure that all IPC message handlers appropriately validate senderFrame as per our security tutorial here.

For more information

If you have any questions or comments about this advisory, email us at [email protected].

CVE-2022-29257

Impact

This vulnerability allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components.

Please note that this kind of attack would require significant privileges in your own auto updating infrastructure and the ease of that attack entirely depends on your infrastructure security.

Patches

This has been patched and the following Electron versions contain the fix:

• 18.0.0-beta.6
• 17.2.0
• 16.2.0
• 15.5.0

Workarounds

There are no workarounds for this issue, please update to a patched version of Electron.

For more information

If you have any questions or comments about this advisory, email us at [email protected]

---

Release Notes

electron/electron

v15.5.5

Compare Source

Release Notes for v15.5.5

Other Changes

• Backported fix for CVE-2022-1482. #​34040
• Backported fix for CVE-2022-1483. #​34009
• Backported fix for CVE-2022-1497. #​34075

v15.5.4

Compare Source

Release Notes for v15.5.4

Other Changes

• Backported fix for CVE-2022-1138. #​33682
• Backported fix for CVE-2022-1478. #​34045
• Backported fix for CVE-2022-1479. #​34037
• Backported fix for CVE-2022-1480. #​34019
• Backported fix for CVE-2022-1492. #​34051

v15.5.3

Compare Source

Release Notes for v15.5.3

Fixes

• Fixed a network service crash that could occur when using setCertificateVerifyProc. #​33256 (Also in 16, 17, 18)
• shell.openExternal() now reports more detailed errors on Windows. #​33656 (Also in 16, 17, 18, 19)

Other Changes

• Backported fix for CVE-2022-1134. #​33763
• Backported fix for CVE-2022-1305. #​33860
• Backported fix for CVE-2022-1310. #​33831
• Backported fix for CVE-2022-1314. #​33884
• Backported fix for CVE-2022-1364. #​33836
• Backported fix for chromium:1286816. #​33679
• Backported fix for chromium:1291482. #​33676
• Backported fix for chromium:1310761. #​33856
• Security: backported fix for CVE-2022-0116 and CVE-2022-1306. #​33852
• Security: backported fix for CVE-2022-23308. #​33670
• Security: backported fix for chromium:1280743. #​33715
• Security: backported fix for chromium:1280852. #​33673

v15.5.2

Compare Source

Release Notes for v15.5.2

Fixes

• Fixed behavior of BrowserWindow.maximize on macOS for not shown windows. #​33523 (Also in 16, 18)

Other Changes

• Security: backported fix for chromium:1260129. #​33525
• Security: backported fix for chromium:1311641. #​33606

v15.5.1

Compare Source

Release Notes for v15.5.1

Fixes

• Fixed crash when WindowButtonsProxy references cleared NSWindow. #​33487 (Also in 16, 17, 18)
• Fixed slowness when using child_process.spawn and related methods on macOS Big Sur and newer. #​33406 (Also in 16, 17, 18)

v15.5.0

Compare Source

Release Notes for v15.5.0

Features

• Added nativeTheme.inForcedColorsMode API to allow detecting forced color mode. #​33360 (Also in 16, 17, 18)

Fixes

• Fixed maximizing frameless windows by double-clicking on a draggable (title bar) region. #​33449 (Also in 16, 17, 18)

Other Changes

• Backported fix for CVE-2022-1096. #​33473
• Backported fix for chromium:1296876. #​33393

v15.4.2

Compare Source

Release Notes for v15.4.2

Fixes

• Fixed crash in the render process on reload with pending node fs.promises. #​33300 (Also in 16, 17, 18)
• Fixed drag regions on WCO windows on Windows. #​33199 (Also in 16, 17, 18)
• Fixed incorrect external memory allocation tracking in nativeImage module. #​33311 (Also in 16, 17, 18)

Other Changes

• Backported fix for 1283402. #​33245
• Backported fix for CVE-2022-0976. #​33390
• Backported fix for OSV-2021-777. #​33237
• Fixed an issue where adding/removing display changes the BrowserWindow size. #​33248 (Also in 14, 16, 17, 18)
• Security: backported fix for CVE-2022-0792. #​33222
• Security: backported fix for CVE-2022-0806. #​33242
• Security: backported fix for CVE-2022-0975. #​33342
• Security: backported fix for chromium:1281908. #​33185

v15.4.1

Compare Source

Release Notes for v15.4.1

Fixes

• Fixed an issue where alternateImages did not work properly on macOS. #​33104 (Also in 16, 17, 18)
• Strip crashpad_handler binary on Linux, reducing bundle size. #​33173 (Also in 16, 17, 18)

Other Changes

• Security: backported fix for 1291728. #​33178
• Security: backported fix for 1295786. #​33168
• Security: backported fix for chromium:1289383. #​33181

v15.4.0

Compare Source

Release Notes for v15.4.0

Features

• Added height option for Windows Control Overlay. #​33064 (Also in 16, 17)

Fixes

• Fixed an issue where webContents.savePage failed when passing a relative path instead of an absolute one. #​33018 (Also in 16, 17, 18)
• Fixed an issue where the Tray could get garbage collected incorrectly under some circumstances. #​33077 (Also in 16, 17, 18)
• Fixed command string registered via setAsDefaultProtocolClient on windows. #​33011 (Also in 14, 16, 17, 18)
• Fixed stale renderer process when application is quit while renderer is busy. #​32967 (Also in 14, 16, 17, 18)

Other Changes

• Backported fix for CVE-2022-0609. #​32901 (Also in 14)
• Backported fix for CVE-2022-0610. #​32919
• Security: backported fix for CVE-2022-0607. #​32917
• Security: backported fix for CVE-2022-0608. #​32914
• Security: backported fix for chromium:1242339. #​32796
• Security: backported fix for chromium:1258603. #​32797
• Security: backported fix for chromium:1259557. #​32799
• Security: backported fix for chromium:1262967. #​32800
• Security: backported fix for chromium:1277917. #​32786
• Security: backported fix for chromium:1281979. #​32785
• Security: backported fix for chromium:1282354. #​32783
• Security: backported fix for chromium:1283198. #​32781
• Security: backported fix for chromium:1289384. #​32912
• Security: backported fix for chromium:1289394. #​32908
• Security: backported fixes to chromium:1292537 and CVE-2022-0606. #​32904

v15.3.7

Compare Source

Release Notes for v15.3.7

Fixes

• Fixed an issue where frameless windows on Windows would incorrectly show a small frame during the loading process. #​32708 (Also in 14, 16, 17, 18)
• Fixed an issue with transparent windows failing to fire the maximize and unmaximize events on Windows. #​32688 (Also in 16, 17)
• Fixed effect when hovering over window controls on Windows in a WCO-enabled window. #​32717 (Also in 14, 16, 17, 18)
• Fixed issue where not all serial devices were exposed to the handler specified by session.setDevicePermissionHandler. #​32686 (Also in 16, 17)
• The <webview> implementation was made more robust, it no longer breaks when will-attach-webview handler modifies the internal params.instanceId. #​32855 (Also in 16, 17)

Other Changes

• Fixed crash in v8 regexp assembler. #​32770
• Security: backported fix for chromium:1039885. #​32790
• Security: backported fix for chromium:1238209. #​32798
• Security: backported fix for chromium:1248444. #​32789
• Security: backported fix for chromium:1260869. #​32791
• Security: backported fix for chromium:1261689. #​32792
• Security: backported fix for chromium:1267426. #​32793
• Security: backported fix for chromium:1267627. #​32794
• Security: backported fix for chromium:1273661. #​32795
• Security: backported fix for chromium:1274113. #​32741
• Security: backported fix for chromium:1274445,v8:7990. #​32739
• Security: backported fix for chromium:1283371. #​32779
• Security: backported fix for chromium:1283375. #​32777
• Security: backported fix for chromium:1284367. #​32775

Documentation

• Documentation changes: #​32646

v15.3.6

Compare Source

Release Notes for v15.3.6

Fixes

• Fixed a crash that occurred when user attempted to download an edited PDF. #​32537 (Also in 16, 17)
• Fixed an issue that the alert() dialog title is corrupted. #​32468 (Also in 14, 16, 17)
• Fixed an issue where ipcRenderer.postMessage would throw errors when the transfer argument was not passed. #​32458 (Also in 14, 16, 17)
• Fixed an issue where the 'maximize' and 'unmaximize' events didn't fire properly on linux. #​32498 (Also in 14, 16, 17)
• Fixed aspect ratio resize for frameless windows on macOS. #​32445 (Also in 16, 17)
• Fixed crash when calling webContents.setZoomFactor(1.0). #​32619 (Also in 13, 14, 16, 17)
• Fixed minimized BrowserWindow being restored by BrowserWindow.unmaximize(). #​32494 (Also in 14, 16, 17)
• Fixed windows with roundedCorners: false unable to be closed. #​32610 (Also in 16, 17)
• Strip symbols from crashpad_handler binary on Linux, reducing bundle size. #​32548 (Also in 16, 17)

Other Changes

• Backported fix for CVE-2021-38012. #​32012
• Backported fix for CVE-2021-38017. #​32032
• Backported fix for CVE-2021-38019. #​32015
• Backported fix for CVE-2021-4066. #​32546
• Backported fix for CVE-2021-4100. #​32184
• Security: backported fix for https://crbug.com/1275020. #​32353

v15.3.5

Compare Source

Release Notes for v15.3.5

Fixes

• Allowed specifying x64 arch on Mac Rosetta via npm_config_arch. #​32380 (Also in 16, 17)
• Bug fixed for registering protocol in windows which used to set invalid command if the execution path included space. #​32330 (Also in 14, 16, 17)
• Fixed window.open not overriding parent's webPreferences. #​32109 (Also in 16, 17)
• Fixed a crash caused by app.getLocaleCountryCode(). #​32332 (Also in 16, 17)
• Fixed crash when playing media files on Windows 7/8 or macOS 10.11/10.12. #​32213 (Also in 13, 14, 16, 17)
• Fixed incorrect skipTransformProcessType option parsing in win.setVisibleOnAllWorkspaces(). #​32396 (Also in 13, 14, 16, 17)
• No Notes. #​32245 (Also in 13, 14, 16, 17)

Other Changes

• Backported fix for CVE-2021-38006. #​32009
• Backported fix for CVE-2021-38008. #​32011
• Backported fix for CVE-2021-38018. #​32257
• Backported fix for CVE-2021-4056. #​32235
• Backported fix for CVE-2021-4057. #​32232
• Backported fix for CVE-2021-4058. #​32223
• Backported fix for CVE-2021-4059. #​32210
• Backported fix for CVE-2021-4078. #​32216
• Backported fix for CVE-2021-4079. #​32226
• Backported fix for CVE-2021-4098. #​32181
• Backported fix for CVE-2021-4099. #​32187
• Backported fix for CVE-2021-4101. #​32190

v15.3.4

Compare Source

Release Notes for v15.3.4

Fixes

• Assertion failure happening in the showSaveDialogSync() code path has been fixed. (Fixes #​31997). #​32081 (Also in 14, 16, 17)
• No Notes. #​32197 (Also in 13, 14, 16, 17)

v15.3.3

Compare Source

Release Notes for v15.3.3

Fixes

• Fixed a potential issue when setting backgroundColor on BrowserViews. #​31946 (Also in 14, 16, 17)
• Fixed respecting aspect ratio when maximum size is set on BrowserWindow. #​31956 (Also in 14, 16, 17)
• Fixed window frame glitch when calling setContentProtection. #​31830 (Also in 13, 14, 16)

Other Changes

• Backported fix for CVE-2021-38005. #​31919
• Backported fix for CVE-2021-38007. #​31910
• Backported fix for CVE-2021-38009. #​31927
• Backported fix for CVE-2021-38010. #​31902
• Backported fix for CVE-2021-38011. #​31899

v15.3.2

Compare Source

Release Notes for v15.3.2

Fixes

• Fixed BrowserView.setBackgroundColor() not working correctly. #​31844 (Also in 16)
• Fixed an issue where BrowserView may sometimes crash on browserView.webContents.destroy(). #​31841 (Also in 16)
• Fixed an issue where BrowserViews crashed if view.webContents.destroy() is called after loading a URL. #​31826 (Also in 14, 16)
• Fixed an issue where playing media would open Accessibility permissions dialog on macOS. #​31836 (Also in 16)
• Fixed crash in GTK open dialog when trying to preview huge image files. #​31820 (Also in 14, 16)
• Fixed default label text in GTK dialogs. #​31823 (Also in 14, 16)

v15.3.1

Compare Source

Release Notes for v15.3.1

Features

• Added warning when ipcRenderer.sendSync() is called with no listeners for channel on ipcMain. #​31434 (Also in 13, 14, 16)

Fixes

• Changed WebHID to use disable-hid-blocklist flag to enable FIDO devices. #​31649 (Also in 16)
• Fixed <webview> background transparency regression. #​31701 (Also in 14)
• Fixed clipboard.writeBuffer(), clipboard.readBuffer() and clipboard.read()'s ability to manipulate platform-specific clipboard formats. #​31720 (Also in 16)
• Fixed a crash when a BrowserWindow is closed subsequent to its webContents being destroyed. #​31644 (Also in 14, 16)
• Fixed a tracing agent-related crash when initializing Node.js in service workers. #​31476 (Also in 14, 16)
• Fixed an issue where Content-Disposition filenames would be incorrectly truncated at the first comma for a filename attachment which contained one. #​31693 (Also in 13, 14, 16)
• Fixed an issue where MediaMetadata did not work properly. #​31534 (Also in 13, 14, 16)
• Fixed an issue where app.getPath('crashDumps') returned an incorrect path for Linux. #​31712 (Also in 16)
• Fixed an issue where clipboard.read() could cause crashes with custom clipboard formats. #​31591 (Also in 16)
• Fixed an issue which caused print settings to not work properly when printing silently. #​31616 (Also in 13, 14, 16)
• Fixed clipboard.read to once again work like clipboard.readBuffer. #​31651 (Also in 16)
• Fixed crash when using sync dialog APIs immediately after async dialog APIs. #​31658 (Also in 16)
• Fixed event with invalid timestamp in trace log. #​31422 (Also in 14, 16)

Other Changes

• Backported fix for CVE-2021-37981. #​31497
• Backported fix for CVE-2021-37985. #​31516
• Backported fix for CVE-2021-37987. #​31539
• Backported fix for CVE-2021-37989. #​31523
• Backported fix for CVE-2021-37992. #​31519
• Backported fix for CVE-2021-37996. #​31543
• Backported fix for chromium:1245870. #​31501
• Backported fix for chromium:1252858. #​31680

v15.3.0

Compare Source

Release Notes for v15.3.0

Features

• Began passing securityOrigin in details for permission request handlers for media requests in addition to permission check handlers. #​31417 (Also in 13, 14, 16)

Fixes

• Fixed a potential crash when setting nativeTheme.themeSource on macOS. #​31429 (Also in 14, 16)
• Fixed possible 'Object has been destroyed' error when calling window.open with a frame name and using setWindowOpenHandler. #​31468 (Also in 14, 16)
• Generate valid config.gypi file in Node.js headers. #​31442 (Also in 14, 16)
• Removes several Chromium private APIs from Mac Apple Store builds. #​31483 (Also in 16)

Other Changes

• Changed Web Serial to use ses.setDevicePermissionHandler to allow developers more control over Web Serial permissioning. #​31418 (Also in 16)

v15.2.0

Compare Source

Release Notes for v15.2.0

Features

• Added commandLine.removeSwitch to allow apps to remove command line switches from Chromiums internal command line representation. #​31326 (Also in 16)

Fixes

• Fixed a JavaScript exception from webContents if render frame was disposed in WebFrameMain, resets the value of render_frame_disposed_ after updating render frame host. #​31426 (Also in 16)
• Fixed black window when screen capturing a content-protected BrowserWindow on Windows 10. #​31385 (Also in 16)
• Fixed crash when changing zoom level for webview. #​31376 (Also in 14, 16)

Other Changes

• Updated Chromium to 94.0.4606.81. #​31351

v15.1.2

Compare Source

Release Notes for v15.1.2

Fixes

• Fixed an potential crash in WebContents::MessageTo when a render frame has been destroyed. #​31334
• Fixed issue where non-resizable frameless windows aren't draggable. #​31299 (Also in 14, 16)

Other Changes

• Backported fix for 1251688. #​31297
• Updated Chromium to 94.0.4606.71. #​31234

v15.1.1

Compare Source

Release Notes for v15.1.1

Fixes

• Fixed "Failed to serialize arguments" error when emitting 'context-menu' event for webview. #​31279
• Removed expired DST Root CA X3 from the bundled trust store. #​31219

v15.1.0

Compare Source

Release Notes for v15.1.0

Features

• Added WebHID support. #​31095 (Also in 16)
• Added frame property to the params object of the 'context-menu' event. #​31057
• Added isMainFrame argument to 'certificate-error' event. #​31038
• Added textWidth option to dialog.showMessageBox() / dialog.showMessageBoxSync(). #​31088 (Also in 16)

Fixes

• Fixed Let's Encrypt DST Root CA X3 certificate expiration. #​31218 (Also in 12, 13, 14, 16)
• Fixed a crash in navigator.fonts.query(). #​30985 (Also in 14)
• Fixed an issue where BrowserView dragging behavior was inconsistent with MacOS window dragging. #​31177 (Also in 13, 14, 16)
• Fixed an issue where button labels in file choosers were improperly localized on Linux. #​31066 (Also in 14, 16)
• Fixed an issue where changes to draggable regions in a BrowserWindow incorrectly affected those in an attached BrowserView. #​31198 (Also in 13, 14, 16)
• Fixed an issue where non-resizable non-fullscreenable windows with aspect ratios set could return incorrect results for isMaximized(). #​31041 (Also in 13, 14)
• Fixed an issue where out-of-focus BrowserViews could not be immediately dragged. #​31100 (Also in 13, 14, 16)
• Fixed an issue where some calls to crypto.createPrivateKey made with algorithms unsupported by BoringSSL cause a crash when invoking methods on their return values. #​31137 (Also in 16)
• Fixed black border around the page after resizing is disabled. #​31081 (Also in 13, 14, 16)
• Fixed crash caused by double free when destroying WebContents. #​31133 (Also in 14, 16)
• Fixed crash in v8 due to (Check failed: !regexp_stack_->is_in_use()). #​31144 (Also in 13, 14, 16)

Other Changes

• Updated Chromium to 94.0.4606.61. #​31112

v15.0.0

Compare Source

Release Notes for v15.0.0

Stack Upgrades

• Chromium 94.0.4606.51.
  • New in 94
• Node v16.5.0.
  • 16.5.0
  • 16.4.2
  • 16.4.1
  • 16.4.0
  • 16.3.0
  • 16.2.0
  • 16.1.0
  • 16.0.0
  • 15 ChangeLog
  • 14 ChangeLog
• V8
  • v9.4 blog post

Breaking Changes

• nativeWindowOpen: true is now the default. #​28552

Features

Additions

• Added 'dom-ready' event to WebFrameMain which emits when the frame's document is ready.
  • Added 'frame-created' event to WebContents which emits when a frame is created in the page. #​30801
• Added <webview>.sendToFrame() / frameId to 'ipc-message' event. #​30704
• Added <webview> 'did-redirect-navigation' event. #​30664
• Added app.configureHostResolver API for configuring DNS-over-HTTPS. #​30775
• Added location and modifiers to the event properties provided in the 'before-input-event' WebContents event. #​29850
• Added safeStorage string encryption API. #​30430
• Added signal option to dialog.showMessageBox. #​26102
• Added webContents.fromDevToolsTargetId(targetId) to lookup a WebContents instance from an associated Chrome DevTools Protocol TargetID. #​30733 (Also in 14)
• Added an Electron Fuse for enforcing code signatures on the app.asar file your application loads. Requires the latest asar module. #​30900
• Added experimental cookie encryption support behind an Electron Fuse. #​27524 (Also in 13, 14)
• Added fuses to disable NODE_OPTIONS and --inspect debug arguments in packaged apps. #​30420
• Added missing resourceType conversions for webRequest listener details: font, ping, cspReport, media, webSocket. #​29902 (Also in 14)
• Added new MenuItem.userAccelerator property to read user-assigned macOS accelerator overrides. #​26682
• Added new app.runningUnderARM64Translation property to detect when running under Rosetta on Apple Silicon, or WOW on Windows for ARM. #​29168
• Added new imageAnimationPolicy web preference to control how images are animated. #​29095
• Added resize edge info to BrowserWindow's will-resize event. #​29199
• Added support for Windows Control Overlay on Windows. #​30497 (Also in [14](https://togithub.com/electron/el

[renovate[bot]]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: yarn.lock

This script must be run as root