[security] build(deps-dev): bump electron from 11.0.0 to 11.2.1

[dependabot-preview]

Bumps electron from 11.0.0 to 11.2.1.

Release notes

Sourced from electron's releases.

electron v11.2.1

Release Notes for v11.2.1

Fixes

• Apps requesting the CAMERA_PAN_TILT_ZOOM permission will have the permission request handler called with a permission string of "media" instead of "font-access". #27423
• Fixed crash when a keyboard event immediately precedes calling browserWindow.close() on Windows. #27357 (Also in 10, 12)
• Fixed shutdown crash when quitting with in-progress downloads. #27419 (Also in 10, 12)
• Increase stack size on windows x64 to 8MB. #27385 (Also in 10, 12)
• Updated the ICU time zone database to the latest 2020f version. #27369

Other Changes

• Backported the fix to CVE-2021-21120 from sqlite. #27424
• Backported the fix to chromium:1160534. #27443
• Backported the fixes to the save file dialog related CVE-2021-21123, CVE-2021-21129, CVE-2021-21130, CVE-2021-21131, CVE-2021-21141. #27437
• Security: backported fix for chromium:1161654. #27411

electron v11.2.0

Release Notes for v11.2.0

Features

• Made win.setAspectRatio() work on Windows. #27203 (Also in 12)

Fixes

• Fixed a crash that could occur on app quit when using the remote module. #27069 (Also in 12)
• Fixed an issue where BrowserViews couldn't be effectively reparented. #27219 (Also in 12)
• Fixed an issue where non-draggable regions on BrowserViews could have incorrectly calculated bounds. #27183 (Also in 10, 12)
• Fixed an issue where some draggable regions were not clickable when loaded into BrowserViews on Windows. #27178 (Also in 10, 12)
• Fixed the pretty-print JavaScript feature in DevTools not functioning correctly. #27102

Other Changes

• Updated Chromium to 87.0.4280.141. #27213

Unknown

• Fixed chrome.webRequest extensions API not intercepting any requests. #27096 (Also in 10, 12)

electron v11.1.1

Release Notes for v11.1.1

Fixes

• Fixed protocol methods not being accessible via remote.protocol. #27044 (Also in 12)
• Fixed readdir/readdirSync (w/ withFileTypes) failing on a deep directory within archive. #27010 (Also in 12)
• Fixed a memory leak in desktopCapturer.getSources. #27056 (Also in 10, 12)
• Fixed an issue where SIGINT was improperly handled in Node.js processes. #26972 (Also in 10, 12)
• Fixed an issue where renderer process stack traces were broken with contextIsolation enabled. #26997 (Also in 12)
• Fixed an issue where some async_hooks were not properly emitted after an error in the renderer process. #26991 (Also in 12)
• Fixed an issue whereby remote.screen EventEmitter methods are undefined in the renderer. #26989 (Also in 12)

... (truncated)

Commits

• 8805b99 Bump v11.2.1
• 47adc0a chore: cherry-pick f9add3b8e5 from chromium. (#27443)
• 1559dc7 chore: cherry-pick f62f983b56623f0e from sqlite. (#27424)
• 207dbb8 fix: actually clear pending requests in DevToolsAgentHost (#27439)
• 3bda527 chore: cherry-pick 96db1e0, fd08636 and bc9cb11 from chromium. (#27437)
• e3b76f7 chore: cherry-pick ffd6ff5a61b9 from v8 (#27411)
• 6be5244 fix: apply tzdata2020f to ICU (#27369)
• f398ba0 fix: incorrect case in content::PermissionType mapping (#27423)
• aa4f355 fix: Shutdown crash in DownloadItem callback (#27419)
• 095de81 ci: fix broken homebrew cache (#27409)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

We've just been alerted that this update fixes a security vulnerability:

Sourced from The GitHub Security Advisory Database.

IPC messages delivered to the wrong frame in Electron

Impact

IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame.

If your app does ANY of the following, then it is impacted by this issue:

• Uses remote
• Calls webContents.sendToFrame
• Calls event.reply in an IPC message handler

Patches

This has been fixed in the following versions:

... (truncated)

Affected versions: [">= 11.0.0 < 11.1.0"]