chore(deps): bump electron 41.5.0 -> 42.1.0 and pin packaged version

[asheshv]

Summary

Bumps the desktop runtime to electron 42 (supersedes dependabot #9945) and closes a pre-existing supply-chain gap in the Linux/Mac packaging scripts that I noticed while verifying the bump.

electron 41.5.0 → 42.1.0 (runtime/package.json, runtime/yarn.lock)

The three electron 42 breaking changes are no-ops for pgAdmin:

Breaking change	pgAdmin usage	Verdict
macOS UNNotification API — unsigned apps fail to emit notifications	grep -rn "new Notification|electron.*Notification" runtime/src/js/ → no matches. The only notification reference (pgadmin.js:211) is a UI-toast comment, not the Electron Notification API.	No impact
postinstall no longer downloads electron — first bin script run does it lazily	Production packaging fetches the binary via wget from GitHub releases in pkg/{linux,mac}/build-functions.sh, never via postinstall. Dev workflow (yarn start) still works — electron downloads on first invocation.	No impact
Offscreen rendering default device scale factor	grep -rn "offscreen|setDeviceScaleFactor|webContents.*offscreen" runtime/src/js/ → no matches.	No impact

Net change in runtime/yarn.lock is mostly deletions — electron 42 ships @electron/get 5.x which dropped the large transitive dep tree that backed the old postinstall download path.

Supply-chain hardening — pkg/{linux,mac}/build-functions.sh

Both build scripts resolved the packaged electron version via:

ELECTRON_VERSION=\"\$(npm info electron version)\"

That pulls whatever currently carries the latest dist-tag on the npm registry. Any newly published electron release — including a hypothetical malicious one — would land in shipped binaries without review, regardless of what runtime/package.json pins. This existed long before this PR; I'm fixing it here because the electron 42 bump is what made me notice.

Replaced with sed-based extraction from runtime/package.json and a loud exit 1 if extraction returns empty:

ELECTRON_VERSION=\$(sed -nE 's/.*\"electron\":[[:space:]]*\"\^?([0-9.]+)\".*/\1/p' \\
    \"\${SOURCE(_)DIR}/runtime/package.json\" | head -1)
if [ -z \"\${ELECTRON_VERSION}\" ]; then
    echo \"ERROR: could not resolve electron version from runtime/package.json\" >&2
    exit 1
fi

Windows packaging (pkg/win32/installer.iss.in) is unaffected — it bundles a pre-built tree, no electron download step.

Test plan

• yarn install in /runtime → resolves electron 42.2.0 within ^42.1.0
• yarn run linter in /runtime → clean (silent)
• sed extraction smoke-tested against the new runtime/package.json → returns 42.1.0
• Verified electron 42 binary boots on macOS Sequoia 15.7.5 after ad-hoc codesigning (codesign --force --deep --sign -). Sequoia's com.apple.provenance xattr + unsigned wget'd binary triggers Mach IPC errors otherwise — production builds are properly signed via pkg/mac/build.sh so this doesn't apply.
• Snapshot/nightly builds across Linux/Mac/Windows pick up electron 42 cleanly via the new sed-pinned path (manual verification)

Supersedes

• Dependabot Javascript dependency: Bump electron from 41.5.0 to 42.2.0 in /runtime #9945 (will close once this lands)

Note for macOS Sequoia developers

After yarn install in /runtime, ad-hoc sign the downloaded electron binary before running yarn start:

```sh
codesign --force --deep --sign - node_modules/electron/dist/Electron.app
```

This is a Sequoia + unsigned-wget'd-electron interaction (not specific to electron 42), but it'll bite more devs now that electron 42 defers the download to first run. We can add a darwin-only postinstall in a follow-up if it gets annoying.

Summary by CodeRabbit

• Chores
  • Upgraded Electron runtime to version 42.1.0.
  • Updated build processes for Linux and macOS platforms to improve runtime version resolution consistency.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: fcb59fda-35d6-47db-b774-05811a6d4582

📥 Commits

Reviewing files that changed from the base of the PR and between aad2dfd and 2f72774.

⛔ Files ignored due to path filters (1)

• runtime/yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (3)

• pkg/linux/build-functions.sh
• pkg/mac/build-functions.sh
• runtime/package.json

---

Walkthrough

The pull request replaces non-deterministic npm queries with pinned Electron version parsing. runtime/package.json is updated to Electron 42.1.0, and both Linux and macOS build scripts extract this version directly from the file with validation guards instead of calling npm info electron version.

Changes

Deterministic Runtime Build Versioning

Layer / File(s)	Summary
Pinned version and build script parsing runtime/package.json, pkg/linux/build-functions.sh, pkg/mac/build-functions.sh	runtime/package.json pins Electron to 42.1.0, and both build scripts replace npm info queries with regex and sed parsing from package.json, including error handling that exits the build if version extraction fails.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• pgadmin-org/pgadmin4#9870: Updates Electron version entries in runtime/package.json that directly supply the version values parsed by the refactored build scripts.
• pgadmin-org/pgadmin4#9834: Modifies runtime/package.json's Electron dependency, which becomes the source for the new deterministic version resolution logic.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately captures the main changes: bumping Electron from 41.5.0 to 42.1.0 and pinning the packaged version in build scripts.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/electron-42

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}