fix(deps): update dependency electron to v40.8.5 [security]#4467
Open
renovate[bot] wants to merge 2 commits intomainfrom
Open
fix(deps): update dependency electron to v40.8.5 [security]#4467renovate[bot] wants to merge 2 commits intomainfrom
renovate[bot] wants to merge 2 commits intomainfrom
Conversation
renovate
Bot
added
dependencies
renovate
Bot
force-pushed
the
renovate/npm-electron-vulnerability
branch
from
bb21e36 to
c0aadb3
Compare
renovate
Bot
changed the title
renovate
Bot
changed the title
auto-merge was automatically disabled
April 8, 2026 08:57
Pull request was closed
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/npm-electron-vulnerability
branch
2 times, most recently
from
c0aadb3 to
eba6063
Compare
|
❌ The last analysis has failed. |
renovate
Bot
changed the title
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/npm-electron-vulnerability
branch
2 times, most recently
from
eba6063 to
54024f4
Compare
* chore(deps): update dependency TreesitterExcavationSite to v0.4.1 v0.3.0 of the library changed LOC counting (trailing newlines no longer counted), causing off-by-1 diffs in golden files * feat(analysis): add TSX language support to UnifiedParser * fix(analysis): replace fixed sleep with polling in ProjectInputReader The fixed 100ms sleep was insufficient on CI after the TreeSitter v0.4.1 dependency bump (1.5 MB JAR), which slightly increased JVM startup time. The upstream svnlogparser process no longer wrote its sync flag within 100ms, so modify read an empty stdin and skipped writing the output file. Replace with a polling loop (50ms interval, 500ms max) that exits as soon as data is available, making the pipe chain robust to JVM startup variance. * fix(analysis): resolve SonarCloud quality gate failures for TSX support * fix(analysis): complete mean_complexity_per_function descriptor in tsx fixture * fix(analysis): add missing link and analyzers to mean_complexity_per_function descriptor --------- Co-authored-by: Ulrike Kiesel <ulrike.kiesel@maibornwolff.de>
renovate
Bot
force-pushed
the
renovate/npm-electron-vulnerability
branch
from
54024f4 to
502e3e0
Compare
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
40.6.1→40.8.5Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Electron: USB device selection not validated against filtered device list
CVE-2026-34766 / GHSA-9899-m83m-qhpj
More information
Details
Impact
The
select-usb-deviceevent callback did not validate the chosen device ID against the filtered list that was presented to the handler. An app whose handler could be influenced to select a device ID outside the filtered set would grant access to a device that did not match the renderer's requestedfiltersor was listed inexclusionFilters.The WebUSB security blocklist remained enforced regardless, so security-sensitive devices on the blocklist were not affected. The practical impact is limited to apps with unusual device-selection logic.
Workarounds
There are no app side workarounds, you must update to a patched version of Electron.
Fixed Versions
41.0.0-beta.840.7.039.8.038.8.6For more information
If there are any questions or comments about this advisory, send an email to security@electronjs.org
Severity
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Electron: HTTP Response Header Injection in custom protocol handlers and webRequest
CVE-2026-34767 / GHSA-4p4r-m79c-wq3v
More information
Details
Impact
Apps that register custom protocol handlers via
protocol.handle()/protocol.registerSchemesAsPrivileged()or modify response headers viawebRequest.onHeadersReceivedmay be vulnerable to HTTP response header injection if attacker-controlled input is reflected into a response header name or value.An attacker who can influence a header value may be able to inject additional response headers, affecting cookies, content security policy, or cross-origin access controls.
Apps that do not reflect external input into response headers are not affected.
Workarounds
Validate or sanitize any untrusted input before including it in a response header name or value.
Fixed Versions
41.0.340.8.339.8.338.8.6For more information
If there are any questions or comments about this advisory, send an email to security@electronjs.org
Severity
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Electron: Unquoted executable path in app.setLoginItemSettings on Windows
CVE-2026-34768 / GHSA-jfqx-fxh3-c62j
More information
Details
Impact
On Windows,
app.setLoginItemSettings({openAtLogin: true})wrote the executable path to theRunregistry key without quoting. If the app is installed to a path containing spaces, an attacker with write access to an ancestor directory may be able to cause a different executable to run at login instead of the intended app.On a default Windows install, standard system directories are protected against writes by standard users, so exploitation typically requires a non-standard install location.
Workarounds
Install the application to a path without spaces, or to a location where all ancestor directories are protected against unauthorized writes.
Fixed Versions
41.0.0-beta.840.8.039.8.138.8.6For more information
If there are any questions or comments about this advisory, send an email to security@electronjs.org
Severity
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:LReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference
CVE-2026-34769 / GHSA-9wfr-w7mm-pc7f
More information
Details
Impact
An undocumented
commandLineSwitcheswebPreference allowed arbitrary switches to be appended to the renderer process command line. Apps that constructwebPreferencesby spreading untrusted configuration objects may inadvertently allow an attacker to inject switches that disable renderer sandboxing or web security controls.Apps are only affected if they construct
webPreferencesfrom external or untrusted input without an allowlist. Apps that use a fixed, hardcodedwebPreferencesobject are not affected.Workarounds
Do not spread untrusted input into
webPreferences. Use an explicit allowlist of permitted preference keys when constructingBrowserWindoworwebContentsoptions from external configuration.Fixed Versions
41.0.0-beta.840.7.039.8.038.8.6For more information
If there are any questions or comments about this advisory, send an email to security@electronjs.org
Severity
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:HReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Electron: Use-after-free in PowerMonitor on Windows and macOS
CVE-2026-34770 / GHSA-jjp3-mq3x-295m
More information
Details
Impact
Apps that use the
powerMonitormodule may be vulnerable to a use-after-free. After the nativePowerMonitorobject is garbage-collected, the associated OS-level resources (a message window on Windows, a shutdown handler on macOS) retain dangling references. A subsequent session-change event (Windows) or system shutdown (macOS) dereferences freed memory, which may lead to a crash or memory corruption.All apps that access
powerMonitorevents (suspend,resume,lock-screen, etc.) are potentially affected. The issue is not directly renderer-controllable.Workarounds
There are no app side workarounds, you must update to a patched version of Electron.
Fixed Versions
41.0.0-beta.840.8.039.8.138.8.6For more information
If there are any questions or comments about this advisory, please email security@electronjs.org
Severity
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission callbacks
CVE-2026-34771 / GHSA-8337-3p73-46f4
More information
Details
Impact
Apps that register an asynchronous
session.setPermissionRequestHandler()may be vulnerable to a use-after-free when handling fullscreen, pointer-lock, or keyboard-lock permission requests. If the requesting frame navigates or the window closes while the permission handler is pending, invoking the stored callback dereferences freed memory, which may lead to a crash or memory corruption.Apps that do not set a permission request handler, or whose handler responds synchronously, are not affected.
Workarounds
Respond to permission requests synchronously, or deny fullscreen, pointer-lock, and keyboard-lock requests if an asynchronous flow is required.
Fixed Versions
41.0.0-beta.840.7.039.8.038.8.6For more information
If there are any questions or comments about this advisory, please email security@electronjs.org
Severity
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Electron: Use-after-free in download save dialog callback
CVE-2026-34772 / GHSA-9w97-2464-8783
More information
Details
Impact
Apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down while a native save-file dialog is open for a download, dismissing the dialog dereferences freed memory, which may lead to a crash or memory corruption.
Apps that do not destroy sessions at runtime, or that do not permit downloads, are not affected.
Workarounds
Avoid destroying sessions while a download save dialog may be open. Cancel pending downloads before session teardown.
Fixed Versions
41.0.0-beta.740.7.039.8.038.8.6For more information
If there are any questions or comments about this advisory, please email security@electronjs.org
Severity
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:LReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows
CVE-2026-34773 / GHSA-mwmh-mq4g-g6gr
More information
Details
Impact
On Windows,
app.setAsDefaultProtocolClient(protocol)did not validate the protocol name before writing to the registry. Apps that pass untrusted input as the protocol name may allow an attacker to write to arbitrary subkeys underHKCU\Software\Classes\, potentially hijacking existing protocol handlers.Apps are only affected if they call
app.setAsDefaultProtocolClient()with a protocol name derived from external or untrusted input. Apps that use a hardcoded protocol name are not affected.Workarounds
Validate the protocol name matches
/^[a-zA-Z][a-zA-Z0-9+.-]*$/before passing it toapp.setAsDefaultProtocolClient().Fixed Versions
41.0.040.8.139.8.138.8.6For more information
If there are any questions or comments about this advisory, please email security@electronjs.org
Severity
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Electron: Use-after-free in offscreen child window paint callback
CVE-2026-34774 / GHSA-532v-xpq5-8h95
More information
Details
Impact
Apps that use offscreen rendering and allow child windows via
window.open()may be vulnerable to a use-after-free. If the parent offscreenWebContentsis destroyed while a child window remains open, subsequent paint frames on the child dereference freed memory, which may lead to a crash or memory corruption.Apps are only affected if they use offscreen rendering (
webPreferences.offscreen: true) and theirsetWindowOpenHandlerpermits child windows. Apps that do not use offscreen rendering, or that deny child windows, are not affected.Workarounds
Deny child window creation from offscreen renderers in your
setWindowOpenHandler, or ensure child windows are closed before the parent is destroyed.Fixed Versions
41.0.040.7.039.8.1For more information
If there are any questions or comments about this advisory, please email security@electronjs.org
Severity
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes
CVE-2026-34775 / GHSA-xwr5-m59h-vwqr
More information
Details
Impact
The
nodeIntegrationInWorkerwebPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers spawned in frames configured withnodeIntegrationInWorker: falsecould still receive Node.js integration.Apps are only affected if they enable
nodeIntegrationInWorker. Apps that do not usenodeIntegrationInWorkerare not affected.Workarounds
Avoid enabling
nodeIntegrationInWorkerin apps that also open child windows or embed content with differing webPreferences.Fixed Versions
41.0.040.8.439.8.438.8.6For more information
If there are any questions or comments about this advisory, please email security@electronjs.org
Severity
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Electron: Out-of-bounds read in second-instance IPC on macOS and Linux
CVE-2026-34776 / GHSA-3c8v-cfp5-9885
More information
Details
Impact
On macOS and Linux, apps that call
app.requestSingleInstanceLock()were vulnerable to an out-of-bounds heap read when parsing a crafted second-instance message. Leaked memory could be delivered to the app'ssecond-instanceevent handler.This issue is limited to processes running as the same user as the Electron app.
Apps that do not call
app.requestSingleInstanceLock()are not affected. Windows is not affected by this issue.Workarounds
There are no app side workarounds, developers must update to a patched version of Electron.
Fixed Versions
41.0.040.8.139.8.138.8.6For more information
If there are any questions or comments about this advisory, please email security@electronjs.org
Severity
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:LReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Electron: Incorrect origin passed to permission request handler for iframe requests
CVE-2026-34777 / GHSA-r5p7-gp4j-qhrx
More information
Details
Impact
When an iframe requests
fullscreen,pointerLock,keyboardLock,openExternal, ormediapermissions, the origin passed tosession.setPermissionRequestHandler()was the top-level page's origin rather than the requesting iframe's origin. Apps that grant permissions based on the origin parameter orwebContents.getURL()may inadvertently grant permissions to embedded third-party content.The correct requesting URL remains available via
details.requestingUrl. Apps that already checkdetails.requestingUrlare not affected.Workarounds
In your
setPermissionRequestHandler, inspectdetails.requestingUrlrather than the origin parameter orwebContents.getURL()when deciding whether to grantfullscreen,pointerLock,keyboardLock,openExternal, ormediapermissions.Fixed Versions
41.0.040.8.139.8.138.8.6For more information
If there are any questions or comments about this advisory, please email security@electronjs.org
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Electron: Service worker can spoof executeJavaScript IPC replies
CVE-2026-34778 / GHSA-xj5x-m3f3-5x3h
More information
Details
Impact
A service worker running in a session could spoof reply messages on the internal IPC channel used by
webContents.executeJavaScript()and related methods, causing the main-process promise to resolve with attacker-controlled data.Apps are only affected if they have service workers registered and use the result of
webContents.executeJavaScript()(orwebFrameMain.executeJavaScript()) in security-sensitive decisions.Workarounds
Do not trust the return value of
webContents.executeJavaScript()for security decisions. Use dedicated, validated IPC channels for security-relevant communication with renderers.Fixed Versions
41.0.040.8.139.8.138.8.6For more information
If there are any questions or comments about this advisory, please email security@electronjs.org
Severity
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Electron: AppleScript injection in app.moveToApplicationsFolder on macOS
CVE-2026-34779 / GHSA-5rqw-r77c-jp79
More information
Details
Impact
On macOS,
app.moveToApplicationsFolder()used an AppleScript fallback path that did not properly handle certain characters in the application bundle path. Under specific conditions, a crafted launch path could lead to arbitrary AppleScript execution when the user accepted the move-to-Applications prompt.Apps are only affected if they call
app.moveToApplicationsFolder(). Apps that do not use this API are not affected.Workarounds
There are no app side workarounds, developers must update to a patched version of Electron.
Fixed Versions
41.0.0-beta.840.8.039.8.138.8.6For more information
If there are any questions or comments about this advisory, please email security@electronjs.org
Severity
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:LReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Electron: Context Isolation bypass via contextBridge VideoFrame transfer
CVE-2026-34780 / GHSA-jfqg-hf23-qpw2
More information
Details
Impact
Apps that pass
VideoFrameobjects (from the WebCodecs API) across thecontextBridgeare vulnerable to a context isolation bypass. An attacker who can execute JavaScript in the main world (for example, via XSS) can use a bridgedVideoFrameto gain access to the isolated world, including any Node.js APIs exposed to the preload script.Apps are only affected if a preload script returns, resolves, or passes a
VideoFrameobject to the main world viacontextBridge.exposeInMainWorld(). Apps that do not bridgeVideoFrameobjects are not affected.Workarounds
Do not pass
VideoFrameobjects acrosscontextBridge. If an app needs to transfer video frame data, serialize it to anArrayBufferorImageBitmapbefore bridging.Fixed Versions
41.0.0-beta.840.7.039.8.0For more information
If there are any questions or comments about this advisory, please email security@electronjs.org
Severity
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:HReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Electron: Use-after-free in offscreen shared texture release() callback
CVE-2026-34764 / GHSA-8x5q-pvf5-64mp
More information
Details
Impact
Apps that use offscreen rendering with GPU shared textures may be vulnerable to a use-after-free. Under certain conditions, the
release()callback provided on apaintevent texture can outlive its backing native state, and invoking it after that point dereferences freed memory in the main process, which may lead to a crash or memory corruption.Apps are only affected if they use offscreen rendering with
webPreferences.offscreen: { useSharedTexture: true }. Apps that do not enable shared-texture offscreen rendering are not affected.Workarounds
Ensure
texture.release()is called promptly after the texture has been consumed, before the texture object becomes unreachable.Fixed Versions
42.0.0-alpha.541.1.040.8.539.8.5For more information
If there are any questions or comments about this advisory, send an email to security@electronjs.org
Severity
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:LReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Electron: Named window.open targets not scoped to the opener's browsing context
CVE-2026-34765 / GHSA-f3pv-wv63-48x8
More information
Details
Impact
When a renderer calls
window.open()with a target name, Electron did not correctly scope the named-window lookup to the opener's browsing context group. A renderer could navigate an existing child window that was opened by a different, unrelated renderer if both used the same target name. If that existing child was created with more permissivewebPreferences(viasetWindowOpenHandler'soverrideBrowserWindowOptions), content loaded by the second renderer inherits those permissions.Apps are only affected if they open multiple top-level windows with differing trust levels and use
setWindowOpenHandlerto grant child windows elevatedwebPreferencessuch as a privileged preload script. Apps that do not elevate child window privileges, or that use a single top-level window, are not affected.Apps that additionally grant
nodeIntegration: trueorsandbox: falseto child windows (contrary to the security recommendations) may be exposed to arbitrary code execution.Workarounds
Deny
window.open()in renderers that load untrusted content by returning{ action: 'deny' }fromsetWindowOpenHandler. Avoid granting child windows more permissivewebPreferencesthan their opener.Fixed Versions
42.0.0-alpha.541.1.040.8.539.8.5For more information
If you have any questions or comments about this advisory, email us at security@electronjs.org
Severity
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:LReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Electron: Crash in clipboard.readImage() on malformed clipboard image data
CVE-2026-34781 / GHSA-f37v-82c4-4x64
More information
Details
Impact
Apps that call
clipboard.readImage()may be vulnerable to a denial of service. If the system clipboard contains image data that fails to decode, the resulting null bitmap is passed unchecked to image construction, triggering a controlled abort and crashing the process.Apps are only affected if they call
clipboard.readImage(). Apps that do not read images from the clipboard are not affected. This issue does not allow memory corruption or code execution.Workarounds
Validate that the clipboard contains image data via
clipboard.availableFormats()before callingclipboard.readImage(). Note this only narrows the window — upgrading to a fixed version is recommended.Fixed Versions
42.0.0-alpha.541.1.040.8.539.8.5For more information
If you have any questions or comments about this advisory, email us at security@electronjs.org
Severity
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:LReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Release Notes
electron/electron (electron)
v40.8.5: electron v40.8.5Compare Source
Release Notes for v40.8.5
Fixes
clipboard.readImage()when the clipboard contains malformed image data. #50491 (Also in 39, 41, 42)release()after the texture object was garbage collected. #50500 (Also in 39, 41, 42)Other Changes
v40.8.4: electron v40.8.4Compare Source
Release Notes for v40.8.4
Fixes
nodeIntegrationInWorkeroverrides insetWindowOpenHandlerwere not honored for child windows sharing a renderer process with their opener. #50467 (Also in 38, 39, 41)Other Changes
4859353. #504414893813. #504494847510,4871177. #50460v40.8.3: electron v40.8.3Compare Source
Release Notes for v40.8.3
Fixes
fscopy methods. #50287 (Also in 39, 41, 42)v40.8.2: electron v40.8.2Compare Source
Release Notes for v40.8.2
Other Changes
v40.8.1: electron v40.8.1Compare Source
Release Notes for v40.8.1
Fixes
autoUpdater.quitAndInstall()could fail ifcheckForUpdates()was called again after an update was already downloaded. #50216 (Also in 39, 41)additionalDatapassed toapp.requestSingleInstanceLockon Windows could be truncated or fail to deserialize in the primary instance'ssecond-instanceevent. #50162 (Also in 38, 39, 41)screen.getCursorScreenPoint()crashed on Wayland when it was called before aBrowserWindowhad been created. #50104 (Also in 39, 41)setBoundson aWebContentsViewcould trigger redundantpage-favicon-updatedevents even when the favicon had not changed. #50084 (Also in 39, 41)trafficLightPositionfrom minimization on macOS. #50207 (Also in 39, 41)Other Changes
v40.8.0: electron v40.8.0Compare Source
Release Notes for v40.8.0
Features
reasonproperty to the Notification 'closed' event on Windows to allow developers to know the reason the Notification was dismissed. #50030 (Also in 41)Fixes
Other Changes
v40.7.0: electron v40.7.0Compare Source
Release Notes for v40.7.0
Features
--experimental-transform-types. #49883 (Also in 39, 41)Fixes
safeStoragefailing to clean up legacy keychain entries when migrating to suffixed account names on macOS, and fixed first launch creating entries with the wrong (unsuffixed) account name. #49817app.on('continue-activity')on cold launch whenNSUserActivity.userInfowas nil. #50005 (Also in 39, 41)VideoFrameobjects returned throughcontextBridgehad an incorrect prototype. #50022 (Also in 39, 41)toastXmlcould cause a Notification crash. #49952 (Also in 41)win.setFullScreen(false)when not in fullscreen on Linux. #49994 (Also in 41)menu-will-closeevent when closed after any submenu has been open. #49963 (Also in 41)Other Changes
Configuration
📅 Schedule: (in timezone Europe/Berlin)
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.