Sourced from electron's releases.

electron v9.1.1

Release Notes for v9.1.1

Fixes

• Fixed a termination crash on Web Workers with Node.js integration enabled. #24464
• Fixed an issue where webContents.print() would sometimes hang with invalid settings. #24508
• Fixed an issue where cpu and heap profiling in Node.js did not work properly with --cpu-prof, --heap-prof, and related CLI flags. #24541
• Fixed an issue where macOS window vibrancy active state did not always match the active state of the window. #24533
• Fixed broken --trace-sync-io flag in Node.js. #24648
• Fixed clipboard.readBuffer returning incorrect value. #24469
• Fixed potentially invalid duplex mode settings on Linux. #24547

Other Changes

• Fix: DCHECK failure in value.IsHeapObject() in objectsdebug.cc. (Chromium security issue 1084820). #24566
• Fix: XSS on chrome://histograms/ with a compromised renderer. (Chromium security issue 1073409). #24625
• Fix: crash when executing debugger.sendCommand. (Chromium security issue 1016278). #24620
• Fix: heap-use-after-free in content::NavigationRequest::OnWillProcessResponseProcessed. (Chromium security issue 1090543). #24569
• Fix: heap-use-after-free in ui::AXTreeSerializerblink (Chromium security issue 1065122). #24557
• Fix: iframe in victim page can detect Scroll To Text Fragment activation. (Chromium security issue 1042986). #24624
• Fix: integer overflow in GrTextBlob::Make. (Chromium security issue 1080481). #24586
• Fix: javascript URI sandbox flags aren't propagated in a blank string case. (Chromium security issue 1074340). #24621
• Fix: memcpy-param-overlap in AudioBuffer::copyFromChannel. (Chromium security issue 1081722). #24582
• Fix: remove leaks of post-redirect URL for <script> in the CSP reports and stacktraces of errors (Chromium security issue 1074317). #24560
• Fix: update webrtc root certificate. (Chromium security issue 978779). #24617
• Fix: upgrade SQLite to 3.32.1. (Chromium security issue 1087629). #24554
• Fix: use-after-free in devtools console. (Chromium security issue 986051). #24614
• Fix: use-of-uninitialized-value in amr_read_header. (Chromium security issue 1065731). #24594
• Fix: usrsctp is called with pointer as network address. (Chromium security issue 1076703). #24563

Documentation

• Documentation changes: #24516

electron v9.1.0

Release Notes for v9.1.0

Features

• Added support for MessagePort in the main process. #24323
• Added support for suspend and resume events to Windows. #24283
• Added support for suspend and resume events to macOS. #24294
• Expose sessionId associated with a target from debugger module. #24398
• Implemented systemPreferences.getMediaAccessStatus() on Windows. #24312

Fixes

• Fixed an intermittent high-CPU usage problem caused a system clock issue during sleep. #24415
• Fixed an issue where some old notifications were not properly removed from the Notification Center on macOS. #24406

• 88d54af Bump v9.1.1
• d7b6d3f fix: broken --trace-sync-io flag in Node.js (#24648)
• 9307bf2 chore: cherry-pick fix from chromium issue 1042986 (#24624)
• 539b5c5 chore: cherry-pick fix from chromium issue 1016278 (#24620)
• 06b8c9b chore: cherry-pick fix from chromium issue 1074340 (#24621)
• f640215 chore: cherry-pick fix from chromium issue 1073409 (#24625)
• 44341c2 chore: cherry-pick fix from chromium issue 978779 (#24617)
• 3fad4f2 chore: cherry-pick fix from chromium issue 986051 (#24614)
• 61ae10a chore: cherry-pick fix from chromium issue 1065731 (#24594)
• 9ddc69b chore: cherry-pick fix from chromium issue 1080481 (#24586)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)