chore(deps): update [email protected]

- Update to `[email protected]`. - Fix obsolete electron security section in the development docs. Signed-off-by: Akos Kitta <[email protected]>
kittaakos · Sep 1, 2023 · 62736fa · 62736fa
1 parent b1bf3be
commit 62736fa
Show file tree

Hide file tree

Showing 3 changed files with 161 additions and 187 deletions.
diff --git a/docs/development.md b/docs/development.md
@@ -20,7 +20,7 @@ In Electron, the process that runs the main entry JavaScript file is called the
 
 By default, whenever the _Electron main_ process creates a web page, it will instantiate a new `BrowserWindow` instance. Since Electron uses Chromium for displaying web pages, Chromium's multi-process architecture is also used. Each web page in Electron runs in its own process, which is called the renderer process. Each `BrowserWindow` instance runs the web page in its own renderer process. When a `BrowserWindow` instance is destroyed, the corresponding renderer process is also terminated. The main process manages all web pages and their corresponding renderer processes. Each renderer process is isolated and only cares about the web page running in it.<sup>[[1]]</sup>
 
-In normal browsers, web pages usually run in a sandboxed environment, and accessing native resources are disallowed. However, Electron has the power to use Node.js APIs in the web pages allowing lower-level OS interactions. Due to security reasons, accessing native resources is an undesired behavior in the IDE. So by convention, we do not use Node.js APIs. (Note: the Node.js integration is [not yet disabled](https://github.com/eclipse-theia/theia/issues/2018) although it is not used). In the IDE, only the _backend_ allows OS interaction.
+In normal browsers, web pages usually run in a sandboxed environment, and accessing native resources are disallowed. However, Electron has the power to use Node.js APIs in the web pages allowing lower-level OS interactions. Due to security reasons, accessing native resources is an undesired behavior in the IDE. So [`nodeIntegration`](https://www.electronjs.org/docs/latest/tutorial/security#2-do-not-enable-nodejs-integration-for-remote-content) is disabled, and [context isolation](https://www.electronjs.org/docs/latest/tutorial/context-isolation) is enabled.
 
 The _backend_ process is responsible for:
 

diff --git a/electron-app/package.json b/electron-app/package.json
@@ -28,8 +28,8 @@
     "compression-webpack-plugin": "^9.0.0",
     "copy-webpack-plugin": "^8.1.1",
     "dateformat": "^5.0.3",
-    "electron": "^23.2.4",
-    "electron-builder": "23.6.0",
+    "electron": "^25.5.0",
+    "electron-builder": "^24.6.3",
     "electron-notarize": "^1.1.1",
     "execa": "^7.1.1",
     "file-type": "^18.5.0",