joplin-desktop: use electron_36

[fugidev]

Electron 35 is EOL and being deprecated in nixpkgs.

Upstream currently still uses v35 in the latest stable release, next one should use v37.

A bug when using Electron 37 was reported: #440567
Using Electron 36, the bug does not occur according to my tests, so I think it's best to update to this version for now.

Things done

• Built on platform:
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• Tested, as applicable:
  • NixOS tests in nixos/tests.
  • Package tests at passthru.tests.
  • Tests in lib/tests or pkgs/test for functions and "core" functionality.
• Ran nixpkgs-review on this PR. See nixpkgs-review usage.
• Tested basic functionality of all binary files, usually in ./result/bin/.
• Nixpkgs Release Notes
  • Package update: when the change is major or breaking.
• NixOS Release Notes
  • Module addition: when adding a new NixOS module.
  • Module update: when the change is significant.
• Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other READMEs.

---

Add a 👍 reaction to pull requests you find important.

[ThanePatrol]

Haven't seen build results but it looks like you built it so lgtm :)

[nixpkgs-ci]

Backport failed for release-25.05, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally and resolve any conflicts.

git fetch origin release-25.05
git worktree add -d .worktree/backport-442657-to-release-25.05 origin/release-25.05
cd .worktree/backport-442657-to-release-25.05
git switch --create backport-442657-to-release-25.05
git cherry-pick -x 5f619c0c3ccbc17946cc117599d26c2e1b829588

[fugidev]

Can't be backported because all of the recent commits haven't been either. On the release-25.05 branch, this package is still being built from the AppImage – version 3.3.12, which uses Electron 35.2.1. What is the best course of action here?

a) backport everything to release-25.05 (possibly breaking changes, although no major breakage has been reported from unstable users)
b) mark the package on release-25.05 as insecure (should be no big deal for end users as it's a from-binary packaging)
c) don't do anything?

I think b would be best, what do you think @pyrox0? I can take care of it then.

[pyrox0]

I'd prefer A, but if B makes your life easier then that's okay with me as well. Would it be possible to skip bumping the package and just bump the electron bin version it uses? Then we wouldn't have to mark insecure but wouldn't risk breaking changes for joplin users either.

[fugidev]

Hmm, I think just using a newer Electron won't work, because the app is compiled against a specific version. I could however try backporting the source build without bumping the package version. If that turns out not to be trivial, I would rather mark the package as insecure tho. Is it okay to ping you for a review on a follow up PR? :)

[pyrox0]

pinging me would be A-OK!