chore(deps): update dependency electron to v38 [security]

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
electron	6.0.0 → 38.8.6

GitHub Vulnerability Alerts

CVE-2020-4075

Impact

The vulnerability allows arbitrary local file read by defining unsafe window options on a child window opened via window.open.

Workarounds

Ensure you are calling event.preventDefault() on all new-window events where the url or options is not something you expect.

Fixed Versions

• 9.0.0-beta.21
• 8.2.4
• 7.2.4

For more information

If you have any questions or comments about this advisory:

• Email us at security@electronjs.org

CVE-2020-4077

Impact

Apps using both contextIsolation and contextBridge are affected.

This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.

Workarounds

There are no app-side workarounds, you must update your Electron version to be protected.

Fixed Versions

• 9.0.0-beta.21
• 8.2.4
• 7.2.4

For more information

If you have any questions or comments about this advisory:

• Email us at security@electronjs.org

CVE-2020-4076

Impact

Apps using contextIsolation are affected.

This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.

Workarounds

There are no app-side workarounds, you must update your Electron version to be protected.

Fixed Versions

• 9.0.0-beta.21
• 8.2.4
• 7.2.4

Non-Impacted Versions

• 9.0.0-beta.*

For more information

If you have any questions or comments about this advisory:

• Email us at security@electronjs.org

CVE-2020-15096

Impact

Apps using contextIsolation are affected.

This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.

Workarounds

There are no app-side workarounds, you must update your Electron version to be protected.

Fixed Versions

• 9.0.0-beta.21
• 8.2.4
• 7.2.4
• 6.1.11

For more information

If you have any questions or comments about this advisory:

• Email us at security@electronjs.org

CVE-2020-26272

Impact

IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame.

If your app does ANY of the following, then it is impacted by this issue:

• Uses remote
• Calls webContents.sendToFrame
• Calls event.reply in an IPC message handler

Patches

This has been fixed in the following versions:

• 9.4.0
• 10.2.0
• 11.1.0
• 12.0.0-beta.9

Workarounds

There are no workarounds for this issue.

For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org.

CVE-2021-39184

Impact

This vulnerability allows a sandboxed renderer to request a "thumbnail" image of an arbitrary file on the user's system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases.

All current stable versions of Electron are affected.

Patches

This was fixed with #​30728, and the following Electron versions contain the fix:

• 15.0.0-alpha.10
• 14.0.0
• 13.3.0
• 12.1.0
• 11.5.0

Workarounds

If your app enables contextIsolation, this vulnerability is significantly more difficult for an attacker to exploit.

Further, if your app does not depend on the createThumbnailFromPath API, then you can simply disable the functionality. In the main process, before the 'ready' event:

delete require('electron').nativeImage.createThumbnailFromPath

For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org.

CVE-2022-21718

Impact

This vulnerability allows renderers to obtain access to a random bluetooth device via the web bluetooth API if the app has not configured a custom select-bluetooth-device event handler. The device that is accessed is random and the attacker would have no way of selecting a specific device.

All current stable versions of Electron are affected.

Patches

This has been patched and the following Electron versions contain the fix:

• 17.0.0-alpha.6
• 16.0.6
• 15.3.5
• 14.2.4
• 13.6.6

Workarounds

Adding this code to your app can workaround the issue.

app.on('web-contents-created', (event, webContents) => {
  webContents.on('select-bluetooth-device', (event, devices, callback) => {
    // Prevent default behavior
    event.preventDefault();
    // Cancel the request
    callback('');
  });
});

For more information
If you have any questions or comments about this advisory, email us at security@electronjs.org.

CVE-2022-29247

Impact

This vulnerability allows a renderer with JS execution to obtain access to a new renderer process with nodeIntegrationInSubFrames enabled which in turn allows effective access to ipcRenderer.

Please note the misleadingly named nodeIntegrationInSubFrames option does not implicitly grant Node.js access rather it depends on the existing sandbox setting. If your application is sandboxed then nodeIntegrationInSubFrames just gives access to the sandboxed renderer APIs (which includes ipcRenderer).

If your application then additionally exposes IPC messages without IPC senderFrame validation that perform privileged actions or return confidential data this access to ipcRenderer can in turn compromise your application / user even with the sandbox enabled.

Patches

This has been patched and the following Electron versions contain the fix:

• 18.0.0-beta.6
• 17.2.0
• 16.2.6
• 15.5.5

Workarounds

Ensure that all IPC message handlers appropriately validate senderFrame as per our security tutorial here.

For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org.

CVE-2022-29257

Impact

This vulnerability allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components.

Please note that this kind of attack would require significant privileges in your own auto updating infrastructure and the ease of that attack entirely depends on your infrastructure security.

Patches

This has been patched and the following Electron versions contain the fix:

• 18.0.0-beta.6
• 17.2.0
• 16.2.0
• 15.5.0

Workarounds

There are no workarounds for this issue, please update to a patched version of Electron.

For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org

CVE-2022-36077

Impact

When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as file://some.website.com/, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.

Patches

This issue has been fixed in all current stable versions of Electron. Specifically, these versions contain the fixes:

• 21.0.0-beta.1
• 20.0.1
• 19.0.11
• 18.3.7

We recommend all apps upgrade to the latest stable version of Electron.

Workarounds

If upgrading isn't possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the WebContents.on('will-redirect') event, for all WebContents:

app.on('web-contents-created', (e, webContents) => {
  webContents.on('will-redirect', (e, url) => {
    if (/^file:/.test(url)) e.preventDefault()
  })
})

For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org.

Credit

Thanks to user @​coolcoolnoworries for reporting this issue.

CVE-2023-29198

Impact

Apps using contextIsolation and contextBridge are affected.

This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.

Workarounds

This issue is exploitable under either of two conditions:

• If an API exposed to the main world via contextBridge can return an object or array that contains a JS object which cannot be serialized, for instance, a canvas rendering context. This would normally result in an exception being thrown Error: object could not be cloned.
• If an API exposed to the main world via contextBridge has a return value that throws a user-generated exception while being sent over the bridge, for instance a dynamic getter property on an object that throws an error when being computed.

The app side workaround is to ensure that such a case is not possible. Ensure all values returned from a function exposed over the context bridge are supported and that any objects returned from functions do not have dynamic getters that can throw exceptions.

Auditing your exposed API is likely to be quite difficult so we strongly recommend you update to a patched version of Electron.

Fixed Versions

• 25.0.0-alpha.2
• 24.0.1
• 23.2.3
• 22.3.6

For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org

CVE-2023-39956

Impact

Apps that are launched as command line executables are impacted. E.g. if your app exposes itself in the path as myapp --help

Specifically this issue can only be exploited if the following conditions are met:

• Your app is launched with an attacker-controlled working directory
• The attacker has the ability to write files to that working directory

This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance. Please bear this in mind when reporting similar issues in the future.

Workarounds

There are no app side workarounds, you must update to a patched version of Electron.

Fixed Versions

• 26.0.0-beta.13
• 25.5.0
• 24.7.1
• 23.3.13
• 22.3.19

For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org

CVE-2023-5217

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2023-44402

Impact

This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS.

Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the resources folder in your app installation on Windows which these fuses are supposed to protect against.

Workarounds

There are no app side workarounds, you must update to a patched version of Electron.

Fixed Versions

• 27.0.0-alpha.7
• 26.2.1
• 25.8.1
• 24.8.3
• 22.3.24

For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org

CVE-2024-46993

Impact

The nativeImage.createFromPath() and nativeImage.createFromBuffer() functions call a function downstream that is vulnerable to a heap buffer overflow. An Electron program that uses either of the affected functions is vulnerable to a buffer overflow if an attacker is in control of the image's height, width, and contents.

Workaround

There are no app-side workarounds for this issue. You must update your Electron version to be protected.

Patches

• v28.3.2
• v29.3.3
• v30.0.3

For More Information

If you have any questions or comments about this advisory, email us at security@electronjs.org.

CVE-2025-55305

Impact

This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted.

Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the resources folder in your app installation on Windows which these fuses are supposed to protect against.

Workarounds

There are no app side workarounds, you must update to a patched version of Electron.

Fixed Versions

• 38.0.0-beta.6
• 37.3.1
• 36.8.1
• 35.7.5

For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org

CVE-2026-34767

Impact

Apps that register custom protocol handlers via protocol.handle() / protocol.registerSchemesAsPrivileged() or modify response headers via webRequest.onHeadersReceived may be vulnerable to HTTP response header injection if attacker-controlled input is reflected into a response header name or value.

An attacker who can influence a header value may be able to inject additional response headers, affecting cookies, content security policy, or cross-origin access controls.

Apps that do not reflect external input into response headers are not affected.

Workarounds

Validate or sanitize any untrusted input before including it in a response header name or value.

Fixed Versions

• 41.0.3
• 40.8.3
• 39.8.3
• 38.8.6

For more information

If there are any questions or comments about this advisory, send an email to security@electronjs.org

---

Release Notes

electron/electron (electron)

v38.8.6: electron v38.8.6

Compare Source

Release Notes for v38.8.6

[!WARNING]
Electron 38.x.y has reached end-of-support as per the project's support policy. Developers and applications are encouraged to upgrade to a newer version of Electron.

Fixes

• Added validation to protocol client methods to reject protocol names that do not conform to the RFC 3986 URI scheme grammar. #​50157 ^{(Also in 39, 40, 41)}
• Fixed an issue where additionalData passed to app.requestSingleInstanceLock on Windows could be truncated or fail to deserialize in the primary instance's second-instance event. #​50177 ^{(Also in 39, 40, 41)}
• Fixed an issue where invalid characters in custom protocol or webRequest response header values were not rejected. #​50130 ^{(Also in 39, 40, 41)}
• Fixed an issue where permission and device-chooser handlers received the top-level page origin instead of the requesting subframe's origin. #​50151 ^{(Also in 39, 40, 41)}

v38.8.4: electron v38.8.4

Compare Source

Release Notes for v38.8.4

Fixes

• Fixed memory leak when setting icons on Linux/GTK. #​49897 ^{(Also in 39, 40, 41)}

v38.8.2: electron v38.8.2

Compare Source

Release Notes for v38.8.2

Other Changes

• Backported fix for 4835695. #​49792

v38.8.1: electron v38.8.1

Compare Source

Release Notes for v38.8.1

Fixes

• Fixed an issue whereby a duplicate "Toggle Full Screen" menu item appeared in the View menu on macOS. #​49596 ^{(Also in 39, 40, 41)}
• Fixed dock menu items not respecting enabled and checked properties on macOS. #​49627 ^{(Also in 39, 40, 41)}

v38.8.0: electron v38.8.0

Compare Source

Release Notes for v38.8.0

Fixes

• Fixed an issue where menu-did-close was not emitted properly for some application menus. #​49094 ^{(Also in 39, 40)}
• Fixed an issue where systemPreferences.getAccentColor inverted the color. #​49066 ^{(Also in 37, 39)}

Other Changes

• Updated Node.js to v22.22.0. #​49388

Unknown

• Fixed an issue where some packages weren't correctly filtered on macOS in dialogs. #​49471 ^{(Also in 39, 40, 41)}

v38.7.2: electron v38.7.2

Compare Source

Release Notes for v38.7.2

Fixes

• Fixed an issue where the close callback param for menu.popup would fire when any arbitrary submenu of the given menu closed, and not the menu itself. #​49047 ^{(Also in 39, 40)}
• Fixed the issue where the parent window leave disabled after the modal window call show() multiple time. #​49020 ^{(Also in 39, 40)}

v38.7.1: electron v38.7.1

Compare Source

Release Notes for v38.7.1

Other Changes

• Backported fix for 4503289. #​49009
• Backported fix for 4573510. #​48984

v38.7.0: electron v38.7.0

Compare Source

Release Notes for v38.7.0

Features

• Added app.isHardwareAccelerationEnabled(). #​48681 ^{(Also in 37, 39)}
• Added bypassCustomProtocolHandlers option to net.request. #​48881 ^{(Also in 39, 40)}
• Automatically focus DevTools when element is inspected or breakpoint is triggered. #​48701 ^{(Also in 37, 39)}
• Enables resetting accent color to follow system accent settings if a previous color has been set via window.setAccentColor(null). #​48853 ^{(Also in 39)}

Fixes

• Corrected the appearance of tiled windows on GNOME (when frame: true), and removed resize handles from tiled edges. #​48836 ^{(Also in 39, 40)}
• Fix: ESM-from-CJS import when CJK characters are in path. #​48876 ^{(Also in 39, 40)}
• Fixed an issue where calling webContents.openDevTools({ mode: 'detach' }) would cause a crash on Wayland. #​48926 ^{(Also in 39)}
• Fixed crash on windows when UTF-8 is in path. #​48947 ^{(Also in 39, 40)}
• Fixed oom crash when optimizing certain wasm functions involving large phi nodes. #​48817 ^{(Also in 39, 40)}
• Fixed the issue where the parent window remained interactive after the modal window was opened. #​48866 ^{(Also in 39, 40)}
• Restored window's canHide property. #​48900 ^{(Also in 37, 39)}

Other Changes

• Backported fix for 4600173. #​48950

Unknown

• Fixed an issue that menu items on macOS could not be disabled under all circumstances. #​48829 ^{(Also in 39, 40)}

v38.6.0: electron v38.6.0

Compare Source

Release Notes for v38.6.0

Fixes

• Fixed an application crash when clicking or hovering over the native MacOS "Window" menu. Reverts #​48598. #​48801 ^{(Also in 39, 40)}
• Fixed an issue on Wayland (Linux) where right-clicking in the titlebar could break mouse interactions. #​48757 ^{(Also in 39, 40)}
• Fixed an issue that menu items on macOS could not be disabled under all circumstances. #​48710 ^{(Also in 37, 39)}
• Fixed draw smoothing round corner issue. #​48780 ^{(Also in 40)}
• Fixed incorrect signal variable reference in nan-spec-runner that could cause install failures to go undetected. #​48708 ^{(Also in 39)}

Other Changes

• Updated Node.js to v22.21.1. #​48615

v38.5.0: electron v38.5.0

Compare Source

Release Notes for v38.5.0

Features

• Added methods to enable more granular accessibility support management. #​48626 ^{(Also in 37, 39)}

Fixes

• Fixed a potential crash in dialog.showOpenDialog on Windows with an empty extension filter array. #​48660 ^{(Also in 37, 39)}
• Fixed an error when checking environmental variables when using remote checksums when installing Electron via npm. #​48672 ^{(Also in 37, 39)}
• Fixed an issue where trafficLightPosition would not be correctly applied when using titleBarStyle: 'customButtonsOnHover' on macOS 26. #​48620 ^{(Also in 37, 39)}
• Fixed an issue where button background on mouse hover with titleBarOverlay wasn't always calculated to provide appropriate minimum contrast. #​48595 ^{(Also in 37, 39)}
• Fixed an issue where icons didn't show up as expected on Windows Toast notifications. #​48630 ^{(Also in 39)}
• Fixed crash when inspector agent attempts to evaluate on provisional frames. #​48513 ^{(Also in 39)}

Other Changes

• Updated Chromium to 140.0.7339.249. #​48569

Documentation

• Documentation changes: #​48684

v38.4.0: electron v38.4.0

Compare Source

Release Notes for v38.4.0

Features

• Support dynamic ESM imports in non-context isolated preloads. #​48489 (Also in 39)

Fixes

• Fixed shader-f16 to work on Windows. #​48555 (Also in 37, 39)
• Fixed white flash on call to BrowserWindow.show. #​48560 (Also in 37, 39)
• Titlebar buttons now appear on the correct side of windows on Wayland in Ubuntu. #​48602 (Also in 39)

v38.3.0: electron v38.3.0

Compare Source

Release Notes for v38.3.0

Fixes

• Fixed Windows dialog.showMessageBox default button handling. #​48519 (Also in 36, 37, 39)
• Fixed an issue where shell.openExternal caused an unexpected dialog to open when there was no app suitable to open the url. #​48517 (Also in 39)
• Fixed an issue where authentication via websockets can crash. #​48539 (Also in 37, 39)
• Fixed an issue where changing the resizable property on a window would break the styles of a transparent window. #​48499 (Also in 39)

Other Changes

• Fixed a development issue where the metal toolchain could not be found when building on macOS 26. #​48473 (Also in 37, 39)
• Updated Chromium to 140.0.7339.240. #​48486
• Updated Node.js to v22.20.0. #​48381

v38.2.2: electron v38.2.2

Compare Source

Release Notes for v38.2.2

Fixes

• AccentColor set distinguishes the frame. #​48451 (Also in 37, 39)
• Fix: runtime JS error that crashes GetPackageJSON. #​48424 (Also in 37, 39)
• Fixed download button does not work in PDF Viewer. #​48409 (Also in 39)

v38.2.1: electron v38.2.1

Compare Source

Release Notes for v38.2.1

Fixes

• Fixed an issue where snapped windows aren't correctly snapped when minimized and then unminimized. #​48437 (Also in 39)

v38.2.0: electron v38.2.0

Compare Source

Release Notes for v38.2.0

Features

• Allowed for persisting File System API grant status within a given session. #​48327 (Also in 37)

Fixes

• Fixed Wayland configuration through the XDG_SESSION_TYPE environment variable. #​48309
• Fixed excessive WindowServer GPU usage on macOS Tahoe 26. #​48398 (Also in 36, 37, 39)
• Fixed high CPU usage with <input> tag on macOS 26. #​48394 (Also in 37, 39)

v38.1.2: electron v38.1.2

Compare Source

Release Notes for v38.1.2

Other Changes

• Use Local Execution, Remote Caching (LERC) for fork PRs (#​48324)
• Updated v8 (#​48338)

v38.1.1: electron v38.1.1

Compare Source

Release Notes for v38.1.1

Other Changes

• Updated Chromium to 140.0.7339.133. #​48287

v38.1.0: electron v38.1.0

Compare Source

Release Notes for v38.1.0

Other Changes

• Updated Chromium to 140.0.7339.80. #​48249
• Updated Node.js to v22.19.0. #​48221

v38.0.0: electron v38.0.0

Compare Source

Release Notes for v38.0.0

Stack Upgrades

• Chromium 140.0.7339.41
  • New in 140
  • New in 139
• Node 22.18.0
  • Node 22.18.0 blog post
• V8 14.0

Breaking Changes

• For breaking changes inherited via Chromium, see blog post

Features

Additions

• Added before-mouse-event to allow intercepting and preventing mouse events in WebContents. #​47280 (Also in 36, 37)
• Added fileBacked and purgeable fields to process.getSystemMemoryInfo() for macOS. #​48146 (Also in 37)
• Added innerWidth and innerHeight options for window.open. #​46749 (Also in 35, 36, 37)
• Added support for guid Tray constructor option on macOS to allow tray icons to maintain position across launches. #​48077 (Also in 36, 37)
• Added webFrameMain.fromFrameToken(processId, frameToken) to get a WebFrameMain instance from its frame token. #​47942
• Added sublabel functionality for menus on macOS >= 14.4. #​46887 (Also in 35, 36, 37)
• Added support for app.getRecentDocuments() on Windows and macOS. #​47924 (Also in 36, 37)
• Added support for --no-experimental-global-navigator flag. #​47370 (Also in 35, 36, 37)
• Added support for HIDDevice.collections. #​47391 (Also in 36, 37)
• Added support for screen.dipToScreenPoint(point) and screen.screenToDipPoint(point) on Linux X11. #​46211 (Also in 35, 36, 37)
• Added support for customizing system accent color and highlighting of active window border. #​47285 (Also in 35, 36, 37)
• Added support for menu item role palette and header on macOS. #​45538 (Also in 37)
• Added support for node option --experimental-network-inspection. #​46690 (Also in 35, 36, 37)
• Added the priority and priorityIncremental options to net.request(). #​42628 (Also in 36, 37)
• Adds the ability to change window accent color on Windows after initial window initialization via {get|set}AccentColor. #​47939 (Also in 36, 37)

Improvements

• Exposed win.isContentProtected() to allow developers to check window protection status. #​47242 (Also in 36, 37)
• Internally switched to using DIR_ASSETS instead of DIR_MODULE/DIR_EXE to locate assets and resources, and added "assets" as a key that can be queried via app.getPath. #​47950 (Also in 37)

Fixes

• Fixed an issue where dialog.showMessageDialog showed a window incorrectly centered to monitor instead of parent window when passed. #​48215
• Fixed an issue where users on MacOS were unable to interact with a webpage loaded via loadURL. #​47575
• Fixed broken chrome://accessibility page. #​47497

Also in earlier versions...

• Fixed addChildView() crashes when adding a closed WebContentsView. #​47099 (Also in 35, 36, 37)
• Fixed a bug where app extensions filters didn't allow for selecting app bundles in macOS file dialogs. #​47841 (Also in 36, 37)
• Fixed a bug where the Referer header was not being set correctly when using webContents.downloadURL(). #​47867 (Also in 36, 37)
• Fixed a child process crash on macOS when the running application is replaced with one that has a newer implementation triggering the sandbox. #​47783 (Also in 37)
• Fixed a crash possible when calling webContents.loadURL() from a failed webContents.loadURL() call's catch handler. #​48043 (Also in 36, 37)
• Fixed a crash that could occur when opening some dialogs as windows are closing on macOS. #​46927 (Also in 35, 36, 37)
• Fixed a crash when adding the -electron-corner-smoothing CSS rule to a stylesheet with no associated document. #​47785 (Also in 37)
• Fixed a crash when calling desktopCapturer.getSources with an empty thumbnail size. #​47652 (Also in 36, 37)
• Fixed a crash when calling some webContents functions after window.close(). #​47952 (Also in 36, 37)
• Fixed a possible crash using the WebView tag and calling focus. #​46979 (Also in 35, 36, 37)
• Fixed a potential crash using session.clearData in some circumstances. #​47361 (Also in 35, 36, 37)
• Fixed an error when importing electron for the first time from an ESM module loaded by a CJS module in a packaged app. #​46810 (Also in 35, 36, 37)
• Fixed an issue on some older Windows versions where setContentProtection didn't work as expected. #​47886 (Also in 36, 37)
• Fixed an issue where app.accessibilitySupportEnabled didn't work as expected. #​48060 (Also in 37)
• Fixed an issue where net.isOnline() always returned true in utilityProcesses. #​48151 (Also in 36, 37)
• Fixed an issue where require('node:sqlite') didn't work. #​47757 (Also in 36, 37)
• Fixed an issue where shell.openPath was not non-blocking as expected. #​48089 (Also in 36, 37)
• Fixed an issue where webContents.print did not work as expected when mediaSize was not passed. #​46937 (Also in 36, 37)
• Fixed an issue where an invalid color passed as a string to accentColor would result in a white accent color. #​47684 (Also in 37)
• Fixed an issue where calling Fetch.continueResponse via debugger with WebContentsView could cause a crash. #​47434 (Also in 35, 36, 37)
• Fixed an issue where certain operations performed in a window close callback could trigger a crash. #​47812 (Also in 36, 37)
• Fixed an issue where child windows could crash if they were opened from a fullscreen parent and have roundedCorners set to false. #​47681 (Also in 36, 37)
• Fixed an issue where filters wouldn't apply in the specific case only one was passed. #​46900 (Also in 36, 37)
• Fixed an issue where dragging sometimes didn't work after the contextmenu event was emitted. #​48224 (Also in 36, 37)
• Fixed an issue where importing from electron/utility in an ESM file threw an error at runtime. #​48019 (Also in 36, 37)
• Fixed an issue where importing from electron/utility threw a ERR_MODULE_NOT_FOUND error at runtime. #​47989 (Also in 36, 37)
• Fixed an issue where printing PDFs with webContents.print({ silent: true }) would fail. #​47378 (Also in 36, 37)
• Fixed an issue where protected transparent windows inappropriately showed a titlebar after visibility change. #​47241 (Also in 35, 36, 37)
• Fixed an issue where snapped corner state wasn't properly restored after minimizing and then restoring. #​48157 (Also in 36, [37](https://redi

[changeset-bot]

⚠️ No Changeset found

Latest commit: 1da1bec

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR