Bump electron from 37.4.0 to 38.2.1

[dependabot]

Electron 38 drops support for macOS 11. This means we cannot backport it to v18 and older release branches, at least not straight away. Fortunately, Go 1.25 also dropped support for macOS 11 (#59104), so with v19 we'll just make it so that our clients require macOS 12+.

Down the line we might backport Go 1.25 to v18 and we can backport Electron's update at that point as well. See the discussion on Slack.

Original PR body

Bumps electron from 37.4.0 to 38.2.0.

Release notes

Sourced from electron's releases.

electron v38.2.0

Release Notes for v38.2.0

Features

• Allowed for persisting File System API grant status within a given session. #48327 (Also in 37)

Fixes

• Fixed Wayland configuration through the XDG_SESSION_TYPE environment variable. #48309
• Fixed excessive WindowServer GPU usage on macOS Tahoe 26. #48398 (Also in 36, 37, 39)
• Fixed high CPU usage with <input> tag on macOS 26. #48394 (Also in 37, 39)

electron v38.1.2

Release Notes for v38.1.2

Other Changes

• Use Local Execution, Remote Caching (LERC) for fork PRs [(#48324)](electron/electron#48324)
• Updated v8 [(#48338)](electron/electron#48338)

electron v38.1.1

Release Notes for v38.1.1

Other Changes

• Updated Chromium to 140.0.7339.133. #48287

electron v38.1.0

Release Notes for v38.1.0

Other Changes

• Updated Chromium to 140.0.7339.80. #48249
• Updated Node.js to v22.19.0. #48221

electron v38.0.0

Release Notes for v38.0.0

Stack Upgrades

• Chromium 140.0.7339.41
  • New in 140
  • New in 139
• Node 22.18.0
  • Node 22.18.0 blog post
• V8 14.0

Breaking Changes

• For breaking changes inherited via Chromium, see blog post

Features

... (truncated)

Commits

• 81db417 fix: MacOS 26 Tahoe - stop overriding private cornerMask API to fix WindowSer...
• 5dfeee6 fix: disable NSAutoFillHeuristicController on macOS 26 (#48394)
• 2982cd7 test: rerun failed tests individually (#48387)
• 3179f61 fix: set ozone platform for wayland (#48309)
• 526dfe2 build: update build tools to get siso for forks fix (#48345) (#48350)
• cf9d044 feat: add fileSystem to ses.setPermissionCheckHandler (#48327)
• 99feff3 docs: mention setContentProtection macOS limitations (#48367)
• d60ae17 chore: cherry-pick ec6c18478382 from v8 (#48337)
• f43348e ci: Use Local Execution, Remote Caching (LERC) for fork PRS (#48323)
• 5e51c88 chore: bump chromium to 140.0.7339.133 (38-x-y) (#48287)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​node-pty@​1.1.0-beta34 ⏵ 1.1.0-beta35	+1		+1	+3
	npm/​electron@​37.4.0 ⏵ 38.2.1	+1		+1	+1

View full report

[ravicious]

Tag builds:

• https://github.com/gravitational/teleport.e/actions/runs/18199997135
  • Failed because of outdated node-abi
• https://github.com/gravitational/teleport.e/actions/runs/18217437402
  • Some random failures unrelated to Electron
• https://github.com/gravitational/teleport.e/actions/runs/18320940831
  • Teleport tarball failure with no logs
• https://github.com/gravitational/teleport.e/actions/runs/18350591390

[ravicious]

@gzdunek So this update works, almost. It breaks window focus on Ubuntu and Fedora. Instead of focusing on the window, it shows a system notification saying "Teleport Connect is ready". I confirmed that this is broken by the Electron update and not recent changes to window management – it works fine on master.

I haven't found an issue related to the focus problem. I can create it, but I think for now we can merge the update? The window doesn't get focus, but at least there's the notification.

Another thing is that because of electron/electron#48321, when running it in a Fedora VM I had to start the app twice because the initial start doesn't show the app window. This should be the case only in VMs.

Screen recordings

Electron 38 (bad)

ubuntu-electron-38.mov

Electron 37 (good)

ubuntu-electron-37.mov

[gzdunek]

Agree, we can merge it. Hopefully, the bug will be fixed by the time we release v19.

[ravicious]

I created an issue here. electron/electron#48737

[ravicious]

Well, it turns out that this is just how things will be on Linux from now on, so we have to live with the fact that app.focus() now works similar to Windows there. I updated the Electron update checklist so that it's something we expect.

[gzdunek]

Agree, we can merge it. Hopefully, the bug will be fixed by the time we release v19.