chore(deps): upgrade Electron 23 → 42 + build toolchain#358
Conversation
Upgrade the shipped Electron runtime from EOL 23 to current 42.4.1
(Node 24 / V8 13.8 / Chromium 148) and bump the build tooling that
gates it.
- electron 27 (dev) / 23 (shipped) -> 42.4.1 (package.json,
release/app/package.json, electron-builder-setapp.json)
- @electron/rebuild 3.6 -> 4.0.4: 3.x bundled a node-abi with no ABI
entry for Electron 42 ("Could not detect abi for version 42.4.1")
- electron-builder 24.13.3 -> 26.15.3: v24 predates Electron 42
- devEngines: migrate to the valid npm schema (runtime/packageManager);
the old { node: ">=20.x" } shape crashes npm 10.9 (Node 22+ toolchain)
- electron-builder 26 schema migrations:
- mac.notarize: { teamId } -> true (teamId now via APPLE_TEAM_ID env)
- win signing opts moved under win.signtoolOptions
Build toolchain must run on Node >= 22.12 (Electron 42 requirement).
Verified locally on macOS arm64: native rebuild, webpack build,
electron-builder package, and app boot (proxy + UI) all succeed; the
embedded Electron Framework is 42.4.1.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@electron-builder-setapp.json`:
- Line 41: The notarize configuration in electron-builder-setapp.json has been
changed from an object containing an inline teamId to simply true, which means
the macOS notarization process now depends entirely on environment variables for
authentication instead of having credentials embedded in the configuration file.
Before deploying this change to production builds, ensure that one of the three
supported authentication methods is properly configured in your CI environment:
either the API Key method with APPLE_API_KEY, APPLE_API_KEY_ID, and
APPLE_API_ISSUER variables; or the Apple ID method with APPLE_ID,
APPLE_APP_SPECIFIC_PASSWORD, and APPLE_TEAM_ID variables; or the Keychain method
with APPLE_KEYCHAIN and APPLE_KEYCHAIN_PROFILE variables. Verify that these
environment variables are wired up in your CI configuration before attempting
any signed builds to prevent notarization failures at release time.
In `@package.json`:
- Around line 340-349: The runtime version constraint in devEngines.runtime is
set to ">=20" but the Electron 42 tooling chain requires Node.js >= 22.12.
Update the runtime.version field from ">=20" to ">=22.12" to match the actual
toolchain requirement. Additionally, change the onFail property from "warn" to
"error" to ensure that incompatible Node versions cause the build to fail
explicitly rather than silently proceeding with potentially broken rebuilds and
packaging operations.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: fbf21927-1921-4a2a-b128-fa0a172db593
⛔ Files ignored due to path filters (2)
package-lock.jsonis excluded by!**/package-lock.jsonrelease/app/package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (3)
electron-builder-setapp.jsonpackage.jsonrelease/app/package.json
| "notarize": { | ||
| "teamId": "YQ5FZQ855D" | ||
| }, | ||
| "notarize": true, |
There was a problem hiding this comment.
🔒 Security & Privacy | 🟡 Minor
🧩 Analysis chain
🌐 Web query:
electron-builder mac notarize true required environment variables APPLE_TEAM_ID notarytool
💡 Result:
To enable notarization in electron-builder (by setting mac.notarize: true), you must provide authentication credentials via environment variables [1][2]. Electron-builder uses these to integrate with @electron/notarize and the required Apple notarytool [3][4]. You must specify one of the following sets of environment variables to activate the notarization step [1][5]: 1. API Key Authentication (Recommended): - APPLE_API_KEY - APPLE_API_KEY_ID - APPLE_API_ISSUER 2. Apple ID Authentication: - APPLE_ID (Your Apple Developer account login email) - APPLE_APP_SPECIFIC_PASSWORD (Generated at appleid.apple.com) - APPLE_TEAM_ID (Your Apple Developer Team ID) 3. Keychain Authentication: - APPLE_KEYCHAIN - APPLE_KEYCHAIN_PROFILE When using Option 2, APPLE_TEAM_ID is strictly required to identify the team associated with your notarization request [3][6]. Ensure your app has the Hardened Runtime enabled (default in electron-builder) as it is a prerequisite for notarization on macOS 10.15+ [1][7]. For security, it is strongly recommended to use API Key authentication (Option 1) or store credentials in the macOS Keychain using xcrun notarytool store-credentials (Option 3) rather than hardcoding passwords [1][3].
Citations:
- 1: https://www.electron.build/mac
- 2: https://www.electron.build/electron-builder.interface.macconfiguration
- 3: https://github.com/electron/electron-notarize
- 4: feat: Make notarization with Apple ID more usable electron-userland/electron-builder#8159
- 5: https://electron-userland-electron-builder-63.mintlify.app/configuration/mac
- 6: Fetch teamId from environment variables instead of hardcoding in package.json electron-userland/electron-builder#7812
- 7: https://www.electron.build/docs/features/code-signing/
🏁 Script executed:
cat -n electron-builder-setapp.json | head -50Repository: requestly/http-interceptor-desktop-app
Length of output: 1703
🏁 Script executed:
git log --oneline -n 20 -- electron-builder-setapp.jsonRepository: requestly/http-interceptor-desktop-app
Length of output: 243
🏁 Script executed:
git show af4b2a0 -- electron-builder-setapp.json | head -100Repository: requestly/http-interceptor-desktop-app
Length of output: 3343
🏁 Script executed:
find . -type f -name "*electron-builder*" -o -name "*builder*" | grep -E "\.(json|js)$" | head -20Repository: requestly/http-interceptor-desktop-app
Length of output: 207
🏁 Script executed:
git log --all --oneline -S "notarize" -- "*.json"Repository: requestly/http-interceptor-desktop-app
Length of output: 582
🏁 Script executed:
git show 5c9fb9f -- "*setapp*" | head -150Repository: requestly/http-interceptor-desktop-app
Length of output: 3204
Confirm notarization credentials are supplied via env now that teamId is removed.
Switching notarize from { teamId: "YQ5FZQ855D" } to true makes electron-builder's built-in notarytool flow depend entirely on environment variables. With no inline teamId, the build now requires one of these authentication methods:
- API Key (recommended):
APPLE_API_KEY,APPLE_API_KEY_ID,APPLE_API_ISSUER - Apple ID:
APPLE_ID,APPLE_APP_SPECIFIC_PASSWORD,APPLE_TEAM_ID - Keychain:
APPLE_KEYCHAIN,APPLE_KEYCHAIN_PROFILE
Otherwise notarization will fail at release time. The PR already flags CI env configuration as pending, so please ensure these are wired up before cutting a signed build.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@electron-builder-setapp.json` at line 41, The notarize configuration in
electron-builder-setapp.json has been changed from an object containing an
inline teamId to simply true, which means the macOS notarization process now
depends entirely on environment variables for authentication instead of having
credentials embedded in the configuration file. Before deploying this change to
production builds, ensure that one of the three supported authentication methods
is properly configured in your CI environment: either the API Key method with
APPLE_API_KEY, APPLE_API_KEY_ID, and APPLE_API_ISSUER variables; or the Apple ID
method with APPLE_ID, APPLE_APP_SPECIFIC_PASSWORD, and APPLE_TEAM_ID variables;
or the Keychain method with APPLE_KEYCHAIN and APPLE_KEYCHAIN_PROFILE variables.
Verify that these environment variables are wired up in your CI configuration
before attempting any signed builds to prevent notarization failures at release
time.
| "runtime": { | ||
| "name": "node", | ||
| "version": ">=20", | ||
| "onFail": "warn" | ||
| }, | ||
| "packageManager": { | ||
| "name": "npm", | ||
| "version": ">=9", | ||
| "onFail": "warn" | ||
| } |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🔴 Critical
🧩 Analysis chain
🌐 Web query:
electron-builder 26 @electron/rebuild 4 minimum node version 22 requirement
💡 Result:
For electron-builder v26 and @electron/rebuild v4, the minimum Node.js version requirement is Node.js 22.12.0 or later (i.e., >=22.12.0). electron-builder: - The electron-builder migration guide states that v27 “raises the minimum Node.js version to 22.12.0” (requires Node.js 22.12.0 or later) [1]. The CLI docs also state: “electron-builder v27 requires Node.js >=22.12.0” [2]. - An electron-builder issue explicitly notes the plan to “bump the electron-builder node version req to v22” in the context of v26-alpha [3], and the broader Electron ecosystem blog explains that Electron’s npm ecosystem moves to Node.js 22 as the minimum supported version [4]. @electron/rebuild (v4): - The official @electron/rebuild documentation states “Node v22.12.0 or higher is required” [5]. - The v4.0.0 release notes call out the breaking change: “bump engines requirement to Node 22” and “bumps required Node.js version to >=22.12.0” [6]. The associated commit also shows the engines change to >=22.12.0 [7]. So, if you’re using electron-builder 26 together with @electron/rebuild 4, you should use Node.js >=22.12.0.
Citations:
- 1: https://www.electron.build/docs/migration/v26-to-v27/
- 2: https://www.electron.build/cli
- 3: Electron is bumping the minimum version for their
@electron/packages to Node.js 22 electron-userland/electron-builder#8773 - 4: https://electronjs.org/blog/ecosystem-node-22
- 5: https://github.com/electron/rebuild/
- 6: https://github.com/electron/rebuild/releases/tag/v4.0.0
- 7: electron/rebuild@8a2a599
🏁 Script executed:
# Check the package.json file at the specified lines
cat -n package.json | sed -n '335,355p'Repository: requestly/http-interceptor-desktop-app
Length of output: 692
🏁 Script executed:
# Verify the exact versions of key dependencies mentioned
rg -A2 -B2 '"electron":|"electron-builder"|"`@electron/rebuild`"' package.jsonRepository: requestly/http-interceptor-desktop-app
Length of output: 544
🏁 Script executed:
# Check if there are any advisories or known issues with npm version requirements
web_search npm 10.9 electron-builder 26 compatibility requirementRepository: requestly/http-interceptor-desktop-app
Length of output: 224
🏁 Script executed:
# Search for npm version compatibility information with electron-builder 26
web_search npm 10.9 minimum electron-builder 26 electron ecosystemRepository: requestly/http-interceptor-desktop-app
Length of output: 224
🌐 Web query:
npm 10.9 electron-builder 26 minimum version requirement
💡 Result:
Electron-builder version 26 does not have a strict, universal minimum version requirement for npm itself [1][2]. However, as of June 2026, it maintains a compatibility requirement of Node.js >=14.0.0 for the v26 release line [1][2]. Regarding npm 10.9 specifically, users have encountered compatibility issues when using newer versions of npm (such as 10.9.0) with projects configured using older devEngines specifications in their package.json files [3]. These issues are typically resolved by updating the devEngines configuration to comply with newer npm specifications or by adjusting the project's dependency engines [3]. It is important to note that electron-builder v27 (which is distinct from the v26 line) requires a minimum of Node.js 22.12.0 [4][5][6]. If you are experiencing build errors with npm 10.9, ensure your project's devEngines or engines fields in package.json are correctly defined and that your environment meets the necessary Node.js version requirements for your specific version of electron-builder [3].
Citations:
- 1: https://npmx.dev/package/electron-builder
- 2: https://npmx.dev/package/electron-builder/v/26.9.0
- 3: Can't get it working with npm 10.9.0 electron-react-boilerplate/electron-react-boilerplate#3648
- 4: https://www.electron.build/docs/migration/v26-to-v27/
- 5: https://github.com/electron-userland/electron-builder/
- 6: https://libraries.io/npm/electron-builder
devEngines.runtime allows Node 20/21, but Electron 42 tooling requires Node ≥ 22.12.
The Electron ecosystem packages that electron-builder 26 and @electron/rebuild 4 depend on require Node.js ≥ 22.12.0 as their minimum supported version. Pinning runtime.version to ">=20" allows developers on Node 20/21 to proceed, and because onFail: "warn" only emits a warning rather than an error, broken rebuilds and packaging operations can fail silently. Update the configuration to match the actual toolchain requirement.
🔧 Proposed fix
"runtime": {
"name": "node",
- "version": ">=20",
+ "version": ">=22.12",
"onFail": "warn"
},
"packageManager": {
"name": "npm",
- "version": ">=9",
+ "version": ">=10.9",
"onFail": "warn"
}Also consider whether onFail: "error" is more appropriate than "warn" given the hard runtime dependency.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| "runtime": { | |
| "name": "node", | |
| "version": ">=20", | |
| "onFail": "warn" | |
| }, | |
| "packageManager": { | |
| "name": "npm", | |
| "version": ">=9", | |
| "onFail": "warn" | |
| } | |
| "runtime": { | |
| "name": "node", | |
| "version": ">=22.12", | |
| "onFail": "warn" | |
| }, | |
| "packageManager": { | |
| "name": "npm", | |
| "version": ">=10.9", | |
| "onFail": "warn" | |
| } |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@package.json` around lines 340 - 349, The runtime version constraint in
devEngines.runtime is set to ">=20" but the Electron 42 tooling chain requires
Node.js >= 22.12. Update the runtime.version field from ">=20" to ">=22.12" to
match the actual toolchain requirement. Additionally, change the onFail property
from "warn" to "error" to ensure that incompatible Node versions cause the build
to fail explicitly rather than silently proceeding with potentially broken
rebuilds and packaging operations.
1 participant
What
Upgrades the shipped Electron runtime from EOL 23 → current 42.4.1 (Node 24 / V8 13.8 / Chromium 148) and bumps the build tooling required to package it. Supersedes the never-merged RQ-3115 (ship-Electron-27) by going straight to a currently-supported Electron major.
Why these specific tooling bumps
The app code needed no changes — every blocker was stale build tooling:
electron→ 42.4.1 (4 refs)@electron/rebuild3.6 → 4.0.4node-abihad no ABI entry for Electron 42 →Could not detect abi for version 42.4.1electron-builder24.13.3 → 26.15.3devEngines→ valid npm schema{ node: ">=20.x" }shape crashes npm 10.9 (needed for the Node 22+ toolchain)mac.notarize: {teamId}→truenotarizeis boolean; teamId moves toAPPLE_TEAM_IDenvwin.sign/signingHashAlgorithms/publisherName→win.signtoolOptionsBuild toolchain must now run on Node ≥ 22.12 (Electron 42 requirement).
Verified locally (macOS arm64)
npm installnative rebuild — all native modules compiled for Electron 42 (@setapp/framework-wrapper,registry-js,win-version-info); no ABI errorsnpm run build— webpack main + rendererelectron-builder build --dir—Requestly.appassembled, embedded Electron Framework = 42.4.1Proxy Started), UI renders, 0 native-module/ABI load errors at runtime127.0.0.1:8281left set), not the upgrade — needs a clean-run confirmation.APPLE_TEAM_ID=YQ5FZQ855D(+ Apple creds) env, since teamId is no longer in config.--dirtested here).File.pathwas verified safe (paths come from the Electron dialog over IPC, not browserFile), so no change needed there.@electron/remote(2.1.2) /electron-updater(6.3.2) runtime validation on 42.🤖 Generated with Claude Code
Summary by CodeRabbit