Skip to content

Commit

Permalink
chore(deps): update [email protected]
Browse files Browse the repository at this point in the history
 - Update to `[email protected]`.
 - Fix obsolete electron security section in the development docs.

Signed-off-by: Akos Kitta <[email protected]>
  • Loading branch information
Akos Kitta authored and kittaakos committed Sep 26, 2023
1 parent bb4b145 commit ed2d8ad
Show file tree
Hide file tree
Showing 3 changed files with 161 additions and 187 deletions.
2 changes: 1 addition & 1 deletion docs/development.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ In Electron, the process that runs the main entry JavaScript file is called the

By default, whenever the _Electron main_ process creates a web page, it will instantiate a new `BrowserWindow` instance. Since Electron uses Chromium for displaying web pages, Chromium's multi-process architecture is also used. Each web page in Electron runs in its own process, which is called the renderer process. Each `BrowserWindow` instance runs the web page in its own renderer process. When a `BrowserWindow` instance is destroyed, the corresponding renderer process is also terminated. The main process manages all web pages and their corresponding renderer processes. Each renderer process is isolated and only cares about the web page running in it.<sup>[[1]]</sup>

In normal browsers, web pages usually run in a sandboxed environment, and accessing native resources are disallowed. However, Electron has the power to use Node.js APIs in the web pages allowing lower-level OS interactions. Due to security reasons, accessing native resources is an undesired behavior in the IDE. So by convention, we do not use Node.js APIs. (Note: the Node.js integration is [not yet disabled](https://github.com/eclipse-theia/theia/issues/2018) although it is not used). In the IDE, only the _backend_ allows OS interaction.
In normal browsers, web pages usually run in a sandboxed environment, and accessing native resources are disallowed. However, Electron has the power to use Node.js APIs in the web pages allowing lower-level OS interactions. Due to security reasons, accessing native resources is an undesired behavior in the IDE. So [`nodeIntegration`](https://www.electronjs.org/docs/latest/tutorial/security#2-do-not-enable-nodejs-integration-for-remote-content) is disabled, and [context isolation](https://www.electronjs.org/docs/latest/tutorial/context-isolation) is enabled.

The _backend_ process is responsible for:

Expand Down
4 changes: 2 additions & 2 deletions electron-app/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,8 @@
"compression-webpack-plugin": "^9.0.0",
"copy-webpack-plugin": "^8.1.1",
"dateformat": "^5.0.3",
"electron": "^23.2.4",
"electron-builder": "23.6.0",
"electron": "^25.5.0",
"electron-builder": "^24.6.3",
"electron-notarize": "^1.1.1",
"execa": "^7.1.1",
"file-type": "^18.5.0",
Expand Down
Loading

0 comments on commit ed2d8ad

Please sign in to comment.