[DevTools] upgrade electron to latest version & security improvements #26337

mondaychen · 2023-03-07T17:40:17Z

Summary

resolves #25667
This PR also resolves several security issues in the standalone app

How did you test this change?

Tested locally yarn start in react-devtools package. Everything works normal

To see the specific tasks where the Asana app for GitHub is being used, see below:
- https://app.asana.com/0/0/1204123419819195

react-sizebot · 2023-03-07T18:31:50Z

Comparing: 703c675...b4fe0ad

Critical size changes

Includes critical production bundles, as well as any change greater than 2%:

Name	+/-	Base	Current	+/- gzip	Base gzip	Current gzip
oss-stable/react-dom/cjs/react-dom.production.min.js	=	156.70 kB	156.70 kB	=	49.58 kB	49.58 kB
oss-experimental/react-dom/cjs/react-dom.production.min.js	=	158.70 kB	158.70 kB	=	50.25 kB	50.25 kB
facebook-www/ReactDOM-prod.classic.js	=	538.92 kB	538.92 kB	=	95.86 kB	95.86 kB
facebook-www/ReactDOM-prod.modern.js	=	522.78 kB	522.78 kB	=	93.55 kB	93.55 kB

Significant size changes

Includes any change greater than 0.2%:

(No significant changes)

Generated by 🚫 dangerJS against b4fe0ad

micsco · 2023-03-24T15:34:44Z

@mondaychen thanks for doing this upgrade. I've noted though that the preload.js file is missing from the package (found on npm).

This seems to be because the file wasn't added to the package.json file under the files property. I'm not able to make a contribution right now to resolve this but wanted to bring it to your attention in case you can fix it before I can.

mondaychen · 2023-03-24T15:37:40Z

Ah thanks @micsco. I'll work on a fix

resolves #26337 (comment)

mondaychen · 2023-03-24T19:49:19Z

@micsco this should have been fixed in 4.27.4. Thank you again for reporting

micsco · 2023-03-24T20:00:23Z

@mondaychen amazing, thank you for looking at this so quickly. It's not yet on npm but I'll keep an eye out for it and confirm when so.

Thanks again

…wOpenHandler()` (#26559) ## Summary The electron package was recently upgraded from ^11.1.0 to ^23.1.2 (#26337). However, the WebContents `new-window` event – that is used in the react-devtools project – was deprecated in [v12.0.0](https://releases.electronjs.org/release/v12.0.0) and removed in [v22.2.0](https://releases.electronjs.org/release/v22.2.0). The event was replaced by `webContents.setWindowOpenHandler()`. This PR replaces the `new-window` event with `webContents.setWindowOpenHandler()`. ## How did you test this change? I created a simple electron application with similar functionality: ``` const { app, BrowserWindow, shell } = require('electron') const createWindow = () => { const mainWindow = new BrowserWindow({ width: 800, height: 600 }) mainWindow.webContents.setWindowOpenHandler(({ url }) => { shell.openExternal(url) return { action: 'deny' } }) mainWindow.loadFile('index.html') } app.whenReady().then(() => { createWindow() }) ``` --------- Co-authored-by: root <[email protected]>

…wOpenHandler()` (facebook#26559) ## Summary The electron package was recently upgraded from ^11.1.0 to ^23.1.2 (facebook#26337). However, the WebContents `new-window` event – that is used in the react-devtools project – was deprecated in [v12.0.0](https://releases.electronjs.org/release/v12.0.0) and removed in [v22.2.0](https://releases.electronjs.org/release/v22.2.0). The event was replaced by `webContents.setWindowOpenHandler()`. This PR replaces the `new-window` event with `webContents.setWindowOpenHandler()`. ## How did you test this change? I created a simple electron application with similar functionality: ``` const { app, BrowserWindow, shell } = require('electron') const createWindow = () => { const mainWindow = new BrowserWindow({ width: 800, height: 600 }) mainWindow.webContents.setWindowOpenHandler(({ url }) => { shell.openExternal(url) return { action: 'deny' } }) mainWindow.loadFile('index.html') } app.whenReady().then(() => { createWindow() }) ``` --------- Co-authored-by: root <[email protected]>

…wOpenHandler()` (#26559) ## Summary The electron package was recently upgraded from ^11.1.0 to ^23.1.2 (#26337). However, the WebContents `new-window` event – that is used in the react-devtools project – was deprecated in [v12.0.0](https://releases.electronjs.org/release/v12.0.0) and removed in [v22.2.0](https://releases.electronjs.org/release/v22.2.0). The event was replaced by `webContents.setWindowOpenHandler()`. This PR replaces the `new-window` event with `webContents.setWindowOpenHandler()`. ## How did you test this change? I created a simple electron application with similar functionality: ``` const { app, BrowserWindow, shell } = require('electron') const createWindow = () => { const mainWindow = new BrowserWindow({ width: 800, height: 600 }) mainWindow.webContents.setWindowOpenHandler(({ url }) => { shell.openExternal(url) return { action: 'deny' } }) mainWindow.loadFile('index.html') } app.whenReady().then(() => { createWindow() }) ``` --------- Co-authored-by: root <[email protected]> DiffTrain build for commit 60cfeee.

[DevTools] upgrade electron to latest version

af96021

facebook-github-bot added CLA Signed React Core Team Opened by a member of the React Core Team labels Mar 7, 2023

mondaychen requested a review from tyao1 March 7, 2023 18:25

mondaychen added 2 commits March 7, 2023 13:34

fix lint

ba8c3cf

fix lint (no Number)

b4fe0ad

tyao1 approved these changes Mar 8, 2023

View reviewed changes

mondaychen merged commit aef9303 into facebook:main Mar 8, 2023

mondaychen mentioned this pull request Mar 24, 2023

[DevTools] missing file name in package.json #26469

Merged

mondaychen added a commit that referenced this pull request Mar 24, 2023

[DevTools] missing file name in package.json (#26469)

bde974a

resolves #26337 (comment)

sammy-SC mentioned this pull request Apr 5, 2023

Use native scheduler if defined sammy-SC/react#1

Closed

Willie-Boy mentioned this pull request Apr 5, 2023

[DevTools] Replace deprecated new-window with webContents.setWindowOpenHandler() #26559

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[DevTools] upgrade electron to latest version & security improvements #26337

[DevTools] upgrade electron to latest version & security improvements #26337

mondaychen commented Mar 7, 2023 •

edited

Loading

react-sizebot commented Mar 7, 2023 •

edited

Loading

micsco commented Mar 24, 2023

mondaychen commented Mar 24, 2023

mondaychen commented Mar 24, 2023

micsco commented Mar 24, 2023

[DevTools] upgrade electron to latest version & security improvements #26337

[DevTools] upgrade electron to latest version & security improvements #26337

Conversation

mondaychen commented Mar 7, 2023 • edited Loading

Summary

How did you test this change?

react-sizebot commented Mar 7, 2023 • edited Loading

Critical size changes

Significant size changes

micsco commented Mar 24, 2023

mondaychen commented Mar 24, 2023

mondaychen commented Mar 24, 2023

micsco commented Mar 24, 2023

mondaychen commented Mar 7, 2023 •

edited

Loading

react-sizebot commented Mar 7, 2023 •

edited

Loading