If none of these has changed, the build process aborts and runs again ten minutes A new version of this module is published if any of It runs in a GitHub Action cron job every
deps (Object) - version numbers for Electron dependencies. total_downloads (Number) - Total downloads of all assets in the release thatįilename like. For packages not published to npm, this property will not exist. npm_package_name (String) - For packages published to npm, this will be electron or electron-prebuilt. Most releases will have an empty array for this property. npm_dist_tags (Array) - an array of npm dist-tags like "latest" or "beta". version (String) - the same thing as dist_tag, but without the v for convenient semver comparisons. You can also get this at /electron-releases/lite.json DataĮach release contains all the data returned by the As a workaround, ensure that all IPC message handlers appropriately validate `senderFrame`.Require ( 'electron-releases/lite.json' ) If the application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. If an application is sandboxed, then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs, which include `ipcRenderer`. Rather, it depends on the existing sandbox setting. The `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS.