Bump the electron group across 1 directory with 4 updates

[dependabot]

Bumps the electron group with 4 updates in the / directory: node-pty, electron, electron-updater and electron-vite.

Updates node-pty from 1.1.0-beta35 to 1.1.0

Release notes

Sourced from node-pty's releases.

v1.1.0

Changes:

Feature Requests:

• #711: Bring back the implementation for PtyClear when using conpty.dll

Bugs:

• #215: Uninstall deferred event handlers after the pty is ready
• #833: Investigate replacing the setTimeouts in the backpressure handling
• #765: increase buffer size for conpty named pipes
• #717: Leaking process information handle 'piClient.hThread'

Others:

• #843: Bump v1.1
• #841: Avoid excessive listeners on data and other events

• #840: Add default watch task
• #839: Encapsulate write queue in separate class
• #837: Remove timeouts and update details in comments
• #835: Fix string slicing for fs.write
• #838: Pull write queue logic into separate class
• #822: Fix BinSkim and CG alerts
• #832: Ensure partial writes are handled on EAGAIN
• #831: Handle writes to non-blocking pty instead of wrapping via Node's tty api
• #830: fix: do not delete prebuilds for OS mismatch
• #826: chore: remove ADO CI
• #829: fix: delete all prebuilds if not using any
• #828: feat: support to build with mingw-w64 in windows
• #824: chore: use UseNode
• #823: chore: remove excess quotes
• #820: chore: add D_FORTIFY_SOURCE flag
• #818: add "Enjoy Git" Real-world Uses
• #817: Add OpenBSD includes for termios and util
• #815: chore: update SDL flags
• #813: chore: exclude unscannable binaries
• #812: Support Buffer in write API
• #811: Update conpty to 1.23.251008001
• #809: Load native addons directly from prebuilds directory
• #807: chore: fix mismatch between shell and command
• #806: chore: fix publish pipeline parameters again

... (truncated)

Commits

• 1def577 Merge pull request #843 from microsoft/tyriar/v1.1
• 61b9b07 Bump v1.1
• d2d8fd3 Merge pull request #841 from microsoft/tyriar/215_data_listener
• fb32b06 Merge pull request #840 from microsoft/tyriar/task
• 8305f06 Avoid excessive listeners on data and other events
• 07770b6 Add default watch task
• c1ee2b1 Merge pull request #839 from microsoft/tyriar/833__refactor
• 4ab755a Merge branch 'main' into tyriar/833__refactor
• f06b58c Merge pull request #837 from microsoft/tyriar/833
• 6dda3c4 Merge branch 'main' into tyriar/833
• Additional commits viewable in compare view

Updates electron from 39.2.2 to 40.1.0

Release notes

Sourced from electron's releases.

electron v40.1.0

Release Notes for v40.1.0

Features

• DevTools errors are no longer printed to console. #49359

Fixes

• Fixed setRepresentedFilename() not setting AXDocument accessibility attribute on macOS. #49417 (Also in 39)
• Fixed a potential race condition crash when opening DevTools. #49422 (Also in 39)
• Fixed an issue in chrome://accessibility. #49560 (Also in 39, 41)
• Fixed an issue where shell.writeShortcutLink was throwing TypeError: Insufficient number of arguments when called with just [(path, options)]. #49501 (Also in 39, 41)
• Fixed crash in platform_util::Beep() on Linux. #49482 (Also in 39, 41)
• Made toplevel icon Wayland protocol work. #49414 (Also in 39)

Other Changes

• Backported fix for 473851441. #49487
• Updated Chromium to 144.0.7559.96. #49474

Unknown

• Fixed an issue where some packages weren't correctly filtered on macOS in dialogs. #49473 (Also in 38, 39, 41)

electron v40.0.0

Release Notes for v40.0.0

Stack Upgrades

• Chromium 144.0.7559.60
  • New in 144
  • New in 143
• Node v24.11.1
  • Node 24.11.1 blog post
• V8 14.4

Breaking Changes

• Deprecated clipboard API access from renderer processes #48923
• Fixed an error on debug symbol upload by moving dsym.zip to use tar.xz compression. #48952

Features

Additions

• Added "memory-eviction" as a possible reason for a child process to exit. #48362
• Added RGBAF16 output format with scRGB HDR color space support to Offscreen Rendering. #48265 (Also in 39)
• Added app.isHardwareAccelerationEnabled(). #47614 (Also in 37, 38, 39)
• Added bypassCustomProtocolHandlers option to net.request. #48883 (Also in 38, 39)
• Added methods to enable more granular accessibility support management. #48042 (Also in 37, 38, 39)
• Added support for WebSocket authentication through the login event on webContents. #49064 (Also in 39)
• Added support to import external shared texture as VideoFrame. #48831
• Added the ability to retrieve the system accent color on Linux using systemPreferences.getAccentColor. #48027 (Also in 39)
• Allowed for persisting File System API grant status within a given session. #48170 (Also in 37, 38, 39)

... (truncated)

Commits

• d0661e7 fix: chrome://accessibility drift (#49560)
• 3c9d1dc ci: reapply patches if PR base branch updates them (#49532)
• d942351 docs: correct type for process.noDeprecation (#49544)
• ac4efed fix: second argument to shell.writeShortcutLink is optional (#49501)
• db6b22a docs: add type reference links in Menu and MenuItem API documentation (#49525)
• 1b7073a chore: update patches for 40-x-y (#49513)
• cd0b34d chore: bump chromium to 144.0.7559.96 (40-x-y) (#49474)
• c37daa7 chore: cherry-pick dba49550b12d from v8 (#49487)
• e555e52 fix: return early from platform_util::Beep() on Linux if there is no default ...
• a2949e5 fix: potential devtools crash on empty (#49490)
• Additional commits viewable in compare view

Updates electron-updater from 6.7.0 to 6.7.3

Release notes

Sourced from electron-updater's releases.

[email protected]

Patch Changes

• Chore(deps): unpinning semver and updating it for app-builder-lib and electron-updater [#9349](https://github.com/electron-userland/electron-builder/tree/HEAD/packages/electron-updater/issues/9349) e043df5 @​panther7

[email protected]

Patch Changes

• Chore: bumping version packages of all packages to trigger Trusted Signing provedance release [#9362](https://github.com/electron-userland/electron-builder/tree/HEAD/packages/electron-updater/issues/9362) 030269b @​mmaietta

030269b

• [email protected]

[email protected]

Patch Changes

• #9334 21623e1b037e4509af04e767ca1c1458682b0eba Thanks @​mmaietta! - chore: remove "beta" labels from a few features

Changelog

Sourced from electron-updater's changelog.

6.7.3

Patch Changes

• Chore(deps): unpinning semver and updating it for app-builder-lib and electron-updater [#9349](https://github.com/electron-userland/electron-builder/tree/HEAD/packages/electron-updater/issues/9349) e043df5 @​panther7

6.7.2

Patch Changes

• Chore: bumping version packages of all packages to trigger Trusted Signing provedance release [#9362](https://github.com/electron-userland/electron-builder/tree/HEAD/packages/electron-updater/issues/9362) 030269b @​mmaietta

030269b

• [email protected]

6.7.1

Patch Changes

• #9334 21623e1b037e4509af04e767ca1c1458682b0eba Thanks @​mmaietta! - chore: remove "beta" labels from a few features

Commits

• 5f9c143 chore(deploy): Release v26.3.5 ([email protected]) (#9422)
• e043df5 chore(deps): unpinning semver and updating it (#9349)
• 27653af chore(deploy): Release v26.3.0 ([email protected]) (#9354)
• f0aaabf chore(deploy): Release v26.2.0 ([email protected]) (#9345)
• 21623e1 chore: cleaning up readme and removing super old boilerplate links (#9334)
• 86e5586 chore: update electron version of test fixtures to 35.7.5 (#9336)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for electron-updater since your current version.

Updates electron-vite from 4.0.1 to 5.0.0

Release notes

Sourced from electron-vite's releases.

v5.0.0

Please refer to CHANGELOG.md for details.

v5.0.0-beta.3

Please refer to CHANGELOG.md for details.

v5.0.0-beta.2

Please refer to CHANGELOG.md for details.

v5.0.0-beta.1

Please refer to CHANGELOG.md for details.

v5.0.0-beta.0

Please refer to CHANGELOG.md for details.

Changelog

Sourced from electron-vite's changelog.

v5.0.0 (2025-12-07)

• feat(config): add build.externalizeDeps and build.bytecode config options to replace externalizeDepsPlugin and bytecodePlugin
• feat: reporter plugin for isolated builds
• feat: enhanced string protection
• feat: add isolatedEntries option for preload and renderer to build entries as standalone bundles #154
• refactor(config): move the isolateEntries options to the build option
• refactor: deprecated externalizeDepsPlugin and bytecodePlugin
• refactor(config)!: remove function resolution for nested config fields
• refactor(asset): remove redundant path normalization
• refactor: split electron plugin into preset and validator plugins
• refactor(config)!: restructure Electron Vite config interfaces
• refactor(build): simplify build logic
• refactor: replace JSON.parse/stringify with manual deep clone
• refactor(bytecodePlugin): improved bytecode bundle generation and made a new string protection plugin
• refactor(modulePath): better support for tree-shaking and code-splitting
• refactor: remove Electron 18, 19, 20, 21 build compatilibity target
• perf(buildReport): exclude node_modules from watch list
• perf(isolateEntries): transform log
• perf(isolateEntries): optimize entries transformation
• perf: build compatibility target for Electron 39
• perf(plugin): more efficient module filtering via regular expressions
• perf(plugin): no need to cache sourcemap option
• perf(plugin): lazily initialize MagicString and remove the redundant pre-check
• perf(bytecodePlugin): better way to count bytecode chunks
• perf(plugin): enhance path resolution using import.meta.dirname for ES modules
• fix(modulePath): rewrite the build input instead of merging
• fix(asset): normalize imported public asset chunk path
• fix: avoid duplicate chunk emission
• fix(modulePath): prevent duplicate asset emission
• fix(modulePath): support watch mode
• chore: fix jsdoc
• chore: improve logging message clarity and consistency
• chore(deps): update all non-major dependencies
• chore: update eslint config
• chore: replace tseslint.config with defineConfig
• chore: remove redundant external id
• chore: rename the file esm to esmShim
• docs: update

v5.0.0-beta.3 (2025-11-01)

See v5.0.0-beta.3 changelog

v5.0.0-beta.2 (2025-10-30)

See v5.0.0-beta.2 changelog

v5.0.0-beta.1 (2025-10-29)

... (truncated)

Commits

• 91368b6 release: v5.0.0
• b1fd596 docs: update
• 438e9e7 chore: fix jsdoc
• 9eba4df release: v5.0.0-beta.3
• 465690a refactor(config)!: remove function resolution for nested config fields
• 6aae378 perf(buildReport): exclude node_modules from watch list
• 9152dfc fix(modulePath): rewrite the build input instead of merging
• 0276407 refactor: deprecated externalizeDepsPlugin and bytecodePlugin
• fe7e631 refactor(config): move the isolateEntries options to the build option
• 08be346 feat(config): add build.externalizeDeps and build.bytecode config options...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​electron-updater@​6.7.0 ⏵ 6.7.3				+1
	npm/​@​types/​node@​24.10.9
	npm/​node-pty@​1.1.0-beta35 ⏵ 1.2.0-beta.10				+2
	npm/​electron-vite@​4.0.1 ⏵ 5.0.0	+1			+5
	npm/​electron@​39.2.2 ⏵ 40.1.0	+1		+1

View full report

[ravicious]

Tag build: https://github.com/gravitational/teleport.e/actions/runs/21673679666

I messed up the Wayland fix. 😑 https://github.com/gravitational/teleport.e/actions/runs/21677220593

[ravicious]

Tag build went through. The app works fine on all systems, the Wayland workaround works fine too – I haven't had any problems with opening the app on Ubuntu and Fedora which I did without the fix.

I tested node-pty with Midnight Commander on a remote host on every OS and it works fine too.

[ravicious]

This will be a bit of a PITA when switching to release branches, but it looks like we'll be backporting Go 1.25 to v18 soon, so we'll be able to update Electron there too.

a bit of a PITA = there will be a warning and some stuff might break when running tests or Storybook but most likely everything will be fine.