chore(deps-dev): bump electron-builder from 25.1.8 to 26.0.12

[dependabot]

Bumps electron-builder from 25.1.8 to 26.0.12.

Changelog

Sourced from electron-builder's changelog.

26.0.12

Patch Changes

• Updated dependencies [2d25ec8c, 7ba4fea9, 81e0c472, f24a2ce0, ad151b9d]:
  • [email protected]
  • [email protected]

26.0.11

Patch Changes

• Updated dependencies [14b96dfc, 53a81939, 70d7c855, e1ea62b0]:
  • [email protected]
  • [email protected]
  • [email protected]

26.0.10

Patch Changes

• Updated dependencies [3ce33edb, 3caab3c4, 8903c5df]:
  • [email protected]
  • [email protected]

26.0.9

Patch Changes

• Updated dependencies [22da6442, 4cc475ed, 62029b08, 67b6f71f, 69184315]:
  • [email protected]
  • [email protected]

26.0.8

Patch Changes

• Updated dependencies [7f6c3fea, 48c9f88b, 7f6c3fea]:
  • [email protected]
  • [email protected]

26.0.7

Patch Changes

• Updated dependencies [c12f86f2, 3fe27d77]:
  • [email protected]
  • [email protected]
  • [email protected]

... (truncated)

Commits

• 44c5265 chore(deploy): Release v26.0.12 (#8949)
• e4d00c6 chore(deploy): Release v26.0.11 ([email protected]) (#8930)
• 3792826 chore(deploy): Release v26.0.10 ([email protected]) (#8912)
• ea86783 chore(deploy): Release v26.0.9 (#8891)
• d26efc0 chore(deploy): Release v26.0.8 (#8878)
• 48c9f88 feat: allow usage of .cjs, .mjs, and type=module custom publishers. Add...
• 9bca417 chore(deploy): Release v26.0.7 ([email protected]) (#8866)
• f4fc04a chore(deploy): Release v26.0.6 (#8848)
• e0c1a19 chore(deploy): Release v26.0.5 (#8847)
• 6ac8f91 chore(deploy): Release v26.0.4 (#8840)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

The reviewers field in the dependabot.yml file will be removed soon. Please use the code owners file to specify reviewers for Dependabot PRs. For more information, see this blog post.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	electron-builder@​25.1.8 ⏵ 26.0.12

View full report

[socket-security]

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. It is recommended to resolve "Warn" alerts too. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Block		@electron/[email protected] has an HTTP dependency. Dependency: @electron/node-gyp@https://github.com/electron/node-gyp#06b29aafb7708acef8b3669835c8a7857ebc92d2 Location: Package overview From: package-lock.json → npm/[email protected] → npm/@electron/[email protected] ℹ Read more on: This package | This alert | What are http dependencies? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Publish the HTTP URL dependency to npm or a private package repository and consume it from there. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@electron/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		[email protected] has Install scripts. Install script: install Source: node ./script/select-7z-arch.js From: package-lock.json → npm/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What is an install script? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		[email protected] is a AI-detected potential code anomaly. Notes: While the code contains standard practices for handling file operations and ensures checks for overwriting resources, its primary purpose of injecting resources into executable files carries significant risks for malicious use, particularly in scenarios where the code may be misused for harmful modifications. Confidence: 1.00 Severity: 0.60 From: package-lock.json → npm/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report