chore(deps): update electron to 38.8.6 [security]

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
electron	^33.0.0 → ^38.0.0

---

Electron vulnerable to Heap Buffer Overflow in NativeImage

CVE-2024-46993 / GHSA-6r2x-8pq8-9489

More information

Details

Impact

The nativeImage.createFromPath() and nativeImage.createFromBuffer() functions call a function downstream that is vulnerable to a heap buffer overflow. An Electron program that uses either of the affected functions is vulnerable to a buffer overflow if an attacker is in control of the image's height, width, and contents.

Workaround

There are no app-side workarounds for this issue. You must update your Electron version to be protected.

Patches

• v28.3.2
• v29.3.3
• v30.0.3

For More Information

If you have any questions or comments about this advisory, email us at security@electronjs.org.

Severity

• CVSS Score: 4.4 / 10 (Medium)
• Vector String: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

References

• https://github.com/electron/electron/security/advisories/GHSA-6r2x-8pq8-9489
• https://nvd.nist.gov/vuln/detail/CVE-2024-46993
• https://github.com/advisories/GHSA-6r2x-8pq8-9489

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Electron has ASAR Integrity Bypass via resource modification

CVE-2025-55305 / GHSA-vmqv-hx8q-j7mg

More information

Details

Impact

This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted.

Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the resources folder in your app installation on Windows which these fuses are supposed to protect against.

Workarounds

There are no app side workarounds, you must update to a patched version of Electron.

Fixed Versions

• 38.0.0-beta.6
• 37.3.1
• 36.8.1
• 35.7.5

For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org

Severity

• CVSS Score: 6.1 / 10 (Medium)
• Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L

References

• https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg
• https://github.com/electron/electron/pull/48101
• https://github.com/electron/electron/pull/48102
• https://github.com/electron/electron/pull/48103
• https://github.com/electron/electron/pull/48104
• https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b
• https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1
• https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d
• https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee
• https://nvd.nist.gov/vuln/detail/CVE-2025-55305
• https://github.com/advisories/GHSA-vmqv-hx8q-j7mg

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Electron: HTTP Response Header Injection in custom protocol handlers and webRequest

CVE-2026-34767 / GHSA-4p4r-m79c-wq3v

More information

Details

Impact

Apps that register custom protocol handlers via protocol.handle() / protocol.registerSchemesAsPrivileged() or modify response headers via webRequest.onHeadersReceived may be vulnerable to HTTP response header injection if attacker-controlled input is reflected into a response header name or value.

An attacker who can influence a header value may be able to inject additional response headers, affecting cookies, content security policy, or cross-origin access controls.

Apps that do not reflect external input into response headers are not affected.

Workarounds

Validate or sanitize any untrusted input before including it in a response header name or value.

Fixed Versions

• 41.0.3
• 40.8.3
• 39.8.3
• 38.8.6

For more information

If there are any questions or comments about this advisory, send an email to security@electronjs.org

Severity

• CVSS Score: 5.9 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N

References

• https://github.com/electron/electron/security/advisories/GHSA-4p4r-m79c-wq3v
• https://nvd.nist.gov/vuln/detail/CVE-2026-34767
• https://github.com/advisories/GHSA-4p4r-m79c-wq3v

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Electron: USB device selection not validated against filtered device list

CVE-2026-34766 / GHSA-9899-m83m-qhpj

More information

Details

Impact

The select-usb-device event callback did not validate the chosen device ID against the filtered list that was presented to the handler. An app whose handler could be influenced to select a device ID outside the filtered set would grant access to a device that did not match the renderer's requested filters or was listed in exclusionFilters.

The WebUSB security blocklist remained enforced regardless, so security-sensitive devices on the blocklist were not affected. The practical impact is limited to apps with unusual device-selection logic.

Workarounds

There are no app side workarounds, you must update to a patched version of Electron.

Fixed Versions

• 41.0.0-beta.8
• 40.7.0
• 39.8.0
• 38.8.6

For more information

If there are any questions or comments about this advisory, send an email to security@electronjs.org

Severity

• CVSS Score: 3.3 / 10 (Low)
• Vector String: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

References

• https://github.com/electron/electron/security/advisories/GHSA-9899-m83m-qhpj
• https://nvd.nist.gov/vuln/detail/CVE-2026-34766
• https://github.com/advisories/GHSA-9899-m83m-qhpj

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

electron/electron (electron)

v38.8.6: electron v38.8.6

Compare Source

Release Notes for v38.8.6

[!WARNING]
Electron 38.x.y has reached end-of-support as per the project's support policy. Developers and applications are encouraged to upgrade to a newer version of Electron.

Fixes

• Added validation to protocol client methods to reject protocol names that do not conform to the RFC 3986 URI scheme grammar. #​50157 ^{(Also in 39, 40, 41)}
• Fixed an issue where additionalData passed to app.requestSingleInstanceLock on Windows could be truncated or fail to deserialize in the primary instance's second-instance event. #​50177 ^{(Also in 39, 40, 41)}
• Fixed an issue where invalid characters in custom protocol or webRequest response header values were not rejected. #​50130 ^{(Also in 39, 40, 41)}
• Fixed an issue where permission and device-chooser handlers received the top-level page origin instead of the requesting subframe's origin. #​50151 ^{(Also in 39, 40, 41)}

v38.8.4: electron v38.8.4

Compare Source

Release Notes for v38.8.4

Fixes

• Fixed memory leak when setting icons on Linux/GTK. #​49897 ^{(Also in 39, 40, 41)}

v38.8.2: electron v38.8.2

Compare Source

Release Notes for v38.8.2

Other Changes

• Backported fix for 4835695. #​49792

v38.8.1: electron v38.8.1

Compare Source

Release Notes for v38.8.1

Fixes

• Fixed an issue whereby a duplicate "Toggle Full Screen" menu item appeared in the View menu on macOS. #​49596 ^{(Also in 39, 40, 41)}
• Fixed dock menu items not respecting enabled and checked properties on macOS. #​49627 ^{(Also in 39, 40, 41)}

v38.8.0: electron v38.8.0

Compare Source

Release Notes for v38.8.0

Fixes

• Fixed an issue where menu-did-close was not emitted properly for some application menus. #​49094 ^{(Also in 39, 40)}
• Fixed an issue where systemPreferences.getAccentColor inverted the color. #​49066 ^{(Also in 37, 39)}

Other Changes

• Updated Node.js to v22.22.0. #​49388

Unknown

• Fixed an issue where some packages weren't correctly filtered on macOS in dialogs. #​49471 ^{(Also in 39, 40, 41)}

v38.7.2: electron v38.7.2

Compare Source

Release Notes for v38.7.2

Fixes

• Fixed an issue where the close callback param for menu.popup would fire when any arbitrary submenu of the given menu closed, and not the menu itself. #​49047 ^{(Also in 39, 40)}
• Fixed the issue where the parent window leave disabled after the modal window call show() multiple time. #​49020 ^{(Also in 39, 40)}

v38.7.1: electron v38.7.1

Compare Source

Release Notes for v38.7.1

Other Changes

• Backported fix for 4503289. #​49009
• Backported fix for 4573510. #​48984

v38.7.0: electron v38.7.0

Compare Source

Release Notes for v38.7.0

Features

• Added app.isHardwareAccelerationEnabled(). #​48681 ^{(Also in 37, 39)}
• Added bypassCustomProtocolHandlers option to net.request. #​48881 ^{(Also in 39, 40)}
• Automatically focus DevTools when element is inspected or breakpoint is triggered. #​48701 ^{(Also in 37, 39)}
• Enables resetting accent color to follow system accent settings if a previous color has been set via window.setAccentColor(null). #​48853 ^{(Also in 39)}

Fixes

• Corrected the appearance of tiled windows on GNOME (when frame: true), and removed resize handles from tiled edges. #​48836 ^{(Also in 39, 40)}
• Fix: ESM-from-CJS import when CJK characters are in path. #​48876 ^{(Also in 39, 40)}
• Fixed an issue where calling webContents.openDevTools({ mode: 'detach' }) would cause a crash on Wayland. #​48926 ^{(Also in 39)}
• Fixed crash on windows when UTF-8 is in path. #​48947 ^{(Also in 39, 40)}
• Fixed oom crash when optimizing certain wasm functions involving large phi nodes. #​48817 ^{(Also in 39, 40)}
• Fixed the issue where the parent window remained interactive after the modal window was opened. #​48866 ^{(Also in 39, 40)}
• Restored window's canHide property. #​48900 ^{(Also in 37, 39)}

Other Changes

• Backported fix for 4600173. #​48950

Unknown

• Fixed an issue that menu items on macOS could not be disabled under all circumstances. #​48829 ^{(Also in 39, 40)}

v38.6.0: electron v38.6.0

Compare Source

Release Notes for v38.6.0

Fixes

• Fixed an application crash when clicking or hovering over the native MacOS "Window" menu. Reverts #​48598. #​48801 ^{(Also in 39, 40)}
• Fixed an issue on Wayland (Linux) where right-clicking in the titlebar could break mouse interactions. #​48757 ^{(Also in 39, 40)}
• Fixed an issue that menu items on macOS could not be disabled under all circumstances. #​48710 ^{(Also in 37, 39)}
• Fixed draw smoothing round corner issue. #​48780 ^{(Also in 40)}
• Fixed incorrect signal variable reference in nan-spec-runner that could cause install failures to go undetected. #​48708 ^{(Also in 39)}

Other Changes

• Updated Node.js to v22.21.1. #​48615

v38.5.0: electron v38.5.0

Compare Source

Release Notes for v38.5.0

Features

• Added methods to enable more granular accessibility support management. #​48626 ^{(Also in 37, 39)}

Fixes

• Fixed a potential crash in dialog.showOpenDialog on Windows with an empty extension filter array. #​48660 ^{(Also in 37, 39)}
• Fixed an error when checking environmental variables when using remote checksums when installing Electron via npm. #​48672 ^{(Also in 37, 39)}
• Fixed an issue where trafficLightPosition would not be correctly applied when using titleBarStyle: 'customButtonsOnHover' on macOS 26. #​48620 ^{(Also in 37, 39)}
• Fixed an issue where button background on mouse hover with titleBarOverlay wasn't always calculated to provide appropriate minimum contrast. #​48595 ^{(Also in 37, 39)}
• Fixed an issue where icons didn't show up as expected on Windows Toast notifications. #​48630 ^{(Also in 39)}
• Fixed crash when inspector agent attempts to evaluate on provisional frames. #​48513 ^{(Also in 39)}

Other Changes

• Updated Chromium to 140.0.7339.249. #​48569

Documentation

• Documentation changes: #​48684

v38.4.0: electron v38.4.0

Compare Source

Release Notes for v38.4.0

Features

• Support dynamic ESM imports in non-context isolated preloads. #​48489 (Also in 39)

Fixes

• Fixed shader-f16 to work on Windows. #​48555 (Also in 37, 39)
• Fixed white flash on call to BrowserWindow.show. #​48560 (Also in 37, 39)
• Titlebar buttons now appear on the correct side of windows on Wayland in Ubuntu. #​48602 (Also in 39)

v38.3.0: electron v38.3.0

Compare Source

Release Notes for v38.3.0

Fixes

• Fixed Windows dialog.showMessageBox default button handling. #​48519 (Also in 36, 37, 39)
• Fixed an issue where shell.openExternal caused an unexpected dialog to open when there was no app suitable to open the url. #​48517 (Also in 39)
• Fixed an issue where authentication via websockets can crash. #​48539 (Also in 37, 39)
• Fixed an issue where changing the resizable property on a window would break the styles of a transparent window. #​48499 (Also in 39)

Other Changes

• Fixed a development issue where the metal toolchain could not be found when building on macOS 26. #​48473 (Also in 37, 39)
• Updated Chromium to 140.0.7339.240. #​48486
• Updated Node.js to v22.20.0. #​48381

v38.2.2: electron v38.2.2

Compare Source

Release Notes for v38.2.2

Fixes

• AccentColor set distinguishes the frame. #​48451 (Also in 37, 39)
• Fix: runtime JS error that crashes GetPackageJSON. #​48424 (Also in 37, 39)
• Fixed download button does not work in PDF Viewer. #​48409 (Also in 39)

v38.2.1: electron v38.2.1

Compare Source

Release Notes for v38.2.1

Fixes

• Fixed an issue where snapped windows aren't correctly snapped when minimized and then unminimized. #​48437 (Also in 39)

v38.2.0: electron v38.2.0

Compare Source

Release Notes for v38.2.0

Features

• Allowed for persisting File System API grant status within a given session. #​48327 (Also in 37)

Fixes

• Fixed Wayland configuration through the XDG_SESSION_TYPE environment variable. #​48309
• Fixed excessive WindowServer GPU usage on macOS Tahoe 26. #​48398 (Also in 36, 37, 39)
• Fixed high CPU usage with <input> tag on macOS 26. #​48394 (Also in 37, 39)

v38.1.2: electron v38.1.2

Compare Source

Release Notes for v38.1.2

Other Changes

• Use Local Execution, Remote Caching (LERC) for fork PRs (#​48324)
• Updated v8 (#​48338)

v38.1.1: electron v38.1.1

Compare Source

Release Notes for v38.1.1

Other Changes

• Updated Chromium to 140.0.7339.133. #​48287

v38.1.0: electron v38.1.0

Compare Source

Release Notes for v38.1.0

Other Changes

• Updated Chromium to 140.0.7339.80. #​48249
• Updated Node.js to v22.19.0. #​48221

v38.0.0: electron v38.0.0

Compare Source

Release Notes for v38.0.0

Stack Upgrades

• Chromium 140.0.7339.41
  • New in 140
  • New in 139
• Node 22.18.0
  • Node 22.18.0 blog post
• V8 14.0

Breaking Changes

• For breaking changes inherited via Chromium, see blog post

Features

Additions

• Added before-mouse-event to allow intercepting and preventing mouse events in WebContents. #​47280 (Also in 36, 37)
• Added fileBacked and purgeable fields to process.getSystemMemoryInfo() for macOS. #​48146 (Also in 37)
• Added innerWidth and innerHeight options for window.open. #​46749 (Also in 35, 36, 37)
• Added support for guid Tray constructor option on macOS to allow tray icons to maintain position across launches. #​48077 (Also in 36, 37)
• Added webFrameMain.fromFrameToken(processId, frameToken) to get a WebFrameMain instance from its frame token. #​47942
• Added sublabel functionality for menus on macOS >= 14.4. #​46887 (Also in 35, 36, 37)
• Added support for app.getRecentDocuments() on Windows and macOS. #​47924 (Also in 36, 37)
• Added support for --no-experimental-global-navigator flag. #​47370 (Also in 35, 36, 37)
• Added support for HIDDevice.collections. #​47391 (Also in 36, 37)
• Added support for screen.dipToScreenPoint(point) and screen.screenToDipPoint(point) on Linux X11. #​46211 (Also in 35, 36, 37)
• Added support for customizing system accent color and highlighting of active window border. #​47285 (Also in 35, 36, 37)
• Added support for menu item role palette and header on macOS. #​45538 (Also in 37)
• Added support for node option --experimental-network-inspection. #​46690 (Also in 35, 36, 37)
• Added the priority and priorityIncremental options to net.request(). #​42628 (Also in 36, 37)
• Adds the ability to change window accent color on Windows after initial window initialization via {get|set}AccentColor. #​47939 (Also in 36, 37)

Improvements

• Exposed win.isContentProtected() to allow developers to check window protection status. #​47242 (Also in 36, 37)
• Internally switched to using DIR_ASSETS instead of DIR_MODULE/DIR_EXE to locate assets and resources, and added "assets" as a key that can be queried via app.getPath. #​47950 (Also in 37)

Fixes

• Fixed an issue where dialog.showMessageDialog showed a window incorrectly centered to monitor instead of parent window when passed. #​48215
• Fixed an issue where users on MacOS were unable to interact with a webpage loaded via loadURL. #​47575
• Fixed broken chrome://accessibility page. #​47497

Also in earlier versions...

• Fixed addChildView() crashes when adding a closed WebContentsView. #​47099 (Also in 35, 36, 37)
• Fixed a bug where app extensions filters didn't allow for selecting app bundles in macOS file dialogs. #​47841 (Also in 36, 37)
• Fixed a bug where the Referer header was not being set correctly when using webContents.downloadURL(). #​47867 (Also in 36, 37)
• Fixed a child process crash on macOS when the running application is replaced with one that has a newer implementation triggering the sandbox. #​47783 (Also in 37)
• Fixed a crash possible when calling webContents.loadURL() from a failed webContents.loadURL() call's catch handler. #​48043 (Also in 36, 37)
• Fixed a crash that could occur when opening some dialogs as windows are closing on macOS. #​46927 (Also in 35, 36, 37)
• Fixed a crash when adding the -electron-corner-smoothing CSS rule to a stylesheet with no associated document. #​47785 (Also in 37)
• Fixed a crash when calling desktopCapturer.getSources with an empty thumbnail size. #​47652 (Also in 36, 37)
• Fixed a crash when calling some webContents functions after window.close(). #​47952 (Also in 36, 37)
• Fixed a possible crash using the WebView tag and calling focus. #​46979 (Also in 35, 36, 37)
• Fixed a potential crash using session.clearData in some circumstances. #​47361 (Also in 35, 36, 37)
• Fixed an error when importing electron for the first time from an ESM module loaded by a CJS module in a packaged app. #​46810 (Also in 35, 36, 37)
• Fixed an issue on some older Windows versions where setContentProtection didn't work as expected. #​47886 (Also in 36, 37)
• Fixed an issue where app.accessibilitySupportEnabled didn't work as expected. #​48060 (Also in 37)
• Fixed an issue where net.isOnline() always returned true in utilityProcesses. #​48151 (Also in 36, 37)
• Fixed an issue where require('node:sqlite') didn't work. #​47757 (Also in 36, 37)
• Fixed an issue where shell.openPath was not non-blocking as expected. #​48089 (Also in 36, 37)
• Fixed an issue where webContents.print did not work as expected when mediaSize was not passed. #​46937 (Also in 36, 37)
• Fixed an issue where an invalid color passed as a string to accentColor would result in a white accent color. #​47684 (Also in 37)
• Fixed an issue where calling Fetch.continueResponse via debugger with WebContentsView could cause a crash. #​47434 (Also in 35, 36, 37)
• Fixed an issue where certain operations performed in a window close callback could trigger a crash. #​47812 (Also in 36, 37)
• Fixed an issue where child windows could crash if they were opened from a fullscreen parent and have roundedCorners set to false. #​47681 (Also in 36, 37)
• Fixed an issue where filters wouldn't apply in the specific case only one was passed. #​46900 (Also in 36, 37)
• Fixed an issue where dragging sometimes didn't work after the contextmenu event was emitted. #​48224 (Also in 36, 37)
• Fixed an issue where importing from electron/utility in an ESM file threw an error at runtime. #​48019 (Also in 36, 37)
• Fixed an issue where importing from electron/utility threw a ERR_MODULE_NOT_FOUND error at runtime. #​47989 (Also in 36, 37)
• Fixed an issue where printing PDFs with webContents.print({ silent: true }) would fail. #​47378 (Also in 36, 37)
• Fixed an issue where protected transparent windows inappropriately showed a titlebar after visibility change. #​47241 (Also in 35, 36, 37)
• Fixed an issue where snapped corner state wasn't properly restored after minimizing and then restoring. #​48157 (Also in 36, 37)
• Fixed an issue where the 'suspend' and 'resume' events could be emitted in duplicate. #​47162 (Also in 35, 36, 37)
• Fixed an issue where the accent border was drawn on all windows regardless of the window's active focused status. #​47802 (Also in 36, 37)
• Fixed an issue where the accent color would be accidentally inverted when set to match the system color. #​48108 (Also in 36, 37)
• Fixed an issue where the window flickers with either a light or dark color before loading the desired background color. #​47022 (Also in 35, 36, 37)
• Fixed an issue where the window required restart in order to recognize system accent color setting change. #​47658 (Also in 36, 37)
• Fixed an issue where transparent child windows on macOS were rendering a grey block as opposed to their correct contents. #​46886 (Also in 35, 36, 37)
• Fixed an issue where utility processes could leak file handles. #​47525 (Also in 35, 36, 37)
• Fixed an issue where video scrubbing would not correctly hold the new position on playback. #​47965 (Also in 37)
• Fixed an issue where windows opened with window.open would never be offscreen. #​48026 (Also in 37)
• Fixed an issue where windows used dark theme on Linux all the time without reacting to system theme changes. #​47919 (Also in 37)
• Fixed applying background material correctly when creating windows on Windows, restored animations, and also fixed the issue where dynamically setting the background material had no effect. #​47814 (Also in 36, 37)
• Fixed compilation error when disabling extensions and pdf_viewer. #​47993 (Also in 37)
• Fixed crash in autoUpdater on macOS when zip extraction failed. #​47271 (Also in 34, 35, 36, 37)
• Fixed crash in xdg portal version detection on startup. #​47008 (Also in 35, 36, 37)
• Fixed log files written to the current working directory on Windows. #​44413 (Also in 35, 36, 37)
• Fixed opening package paths as directory when treatPackageAsDirectory is enabled on macOS. #​47077 (Also in 35, 36, 37)
• Fixed potential deadlock inside app.getLoginItemSettings on macOS. #​48094 (Also in 36, 37)
• Fixed regression with directory selection in macOS dialogs. #​47259 (Also in 35, 36, 37)
• Fixed utilityProcess running user script after process.exit is called. #​47469 (Also in 37)
• Fixed xdg portal version detection for file dialogs on linux. #​46905 (Also in 35, 36, 37)
• Partially fixes an issue with printing a PDF via webContents.print() where the callback would not be called. #​47377 (Also in 35, 36, 37)
• Restored previous window-hiding behavior of win.setContentProtected() on Windows. #​47020 (Also in 35, 36, 37)<

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm warn Unknown env config "store". This will stop working in the next major version of npm. See `npm help npmrc` for supported config options.
npm error code ERESOLVE
npm error ERESOLVE could not resolve
npm error
npm error While resolving: enzyme-adapter-react-16@1.15.8
npm error Found: react@18.3.1
npm error node_modules/react
npm error   react@"^18.3.1" from the root project
npm error   peer react@">=16.8.0" from @emotion/react@11.13.3
npm error   node_modules/@emotion/react
npm error     @emotion/react@"11.13.3" from the root project
npm error     peer @emotion/react@"^11.0.0-rc.0" from @emotion/styled@11.13.0
npm error     node_modules/@emotion/styled
npm error       @emotion/styled@"11.13.0" from the root project
npm error     1 more (react-select)
npm error   32 more (@emotion/styled, ...)
npm error
npm error Could not resolve dependency:
npm error peer react@"^16.0.0-0" from enzyme-adapter-react-16@1.15.8
npm error node_modules/enzyme-adapter-react-16
npm error   dev enzyme-adapter-react-16@"^1.15.3" from the root project
npm error
npm error Conflicting peer dependency: react@16.14.0
npm error node_modules/react
npm error   peer react@"^16.0.0-0" from enzyme-adapter-react-16@1.15.8
npm error   node_modules/enzyme-adapter-react-16
npm error     dev enzyme-adapter-react-16@"^1.15.3" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry this command with --force or --legacy-peer-deps to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /runner/cache/others/npm/_logs/2026-04-15T19_54_03_174Z-eresolve-report.txt
npm error A complete log of this run can be found in: /runner/cache/others/npm/_logs/2026-04-15T19_54_03_174Z-debug-0.log

[renovate]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.