chore(deps): bump the minor-and-patch group across 1 directory with 15 updates

[dependabot]

Bumps the minor-and-patch group with 14 updates in the / directory:

Package	From	To
@fastify/static	9.0.0	9.1.3
@visactor/react-vchart	2.0.21	2.0.22
better-sqlite3	12.8.0	12.9.0
dotenv	17.4.1	17.4.2
fastify	5.8.4	5.8.5
mysql2	3.20.0	3.22.3
nodemailer	8.0.4	8.0.7
rate-limiter-flexible	11.0.0	11.0.2
socks	2.8.7	2.8.8
zod	4.3.6	4.4.2
@tailwindcss/vite	4.2.2	4.2.4
electron	41.1.1	41.5.0
jsdom	29.0.2	29.1.1
wait-on	9.0.4	9.0.5

Updates @fastify/static from 9.0.0 to 9.1.3

Release notes

Sourced from @​fastify/static's releases.

v9.1.3

What's Changed

• fix: support wildcard prefixes with route params by @​mcollina in fastify/fastify-static#576

Full Changelog: fastify/fastify-static@v9.1.2...v9.1.3

v9.1.2

What's Changed

• fix: resolve wildcard paths in encapsulated contexts by @​mcollina in fastify/fastify-static#574

Full Changelog: fastify/fastify-static@v9.1.1...v9.1.2

v9.1.1

⚠️ Security Release

This fixes CVE CVE-2026-6410 GHSA-pr96-94w5-mx2h. This fixes CVE CVE-2026-6414 GHSA-x428-ghpx-8j92.

What's Changed

• ci: add lock-threads workflow by @​Fdawgs in fastify/fastify-static#570

Full Changelog: fastify/fastify-static@v9.1.0...v9.1.1

v9.1.0

What's Changed

• build(deps-dev): bump @​types/node from 24.10.4 to 25.0.3 by @​dependabot[bot] in fastify/fastify-static#552
• test: move ignoreTrailingSlash under routerOptions by @​lraveri in fastify/fastify-static#553
• build(deps-dev): bump borp from 0.20.2 to 0.21.0 by @​dependabot[bot] in fastify/fastify-static#543
• chore: bump pino and borp dependencies, delete stale.yml by @​Tony133 in fastify/fastify-static#557
• chore: update syntax typescript by @​Tony133 in fastify/fastify-static#558
• chore(license): standardise license notice by @​Fdawgs in fastify/fastify-static#560
• fix: sendFile ignoring option overrides in some cases by @​bakugo in fastify/fastify-static#559
• chore: upgrade c8 to v11.0.0 and improvements test by @​Tony133 in fastify/fastify-static#564
• build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by @​dependabot[bot] in fastify/fastify-static#566

New Contributors

• @​lraveri made their first contribution in fastify/fastify-static#553
• @​Tony133 made their first contribution in fastify/fastify-static#557
• @​bakugo made their first contribution in fastify/fastify-static#559

Full Changelog: fastify/fastify-static@v9.0.0...v9.1.0

Commits

• 880c1a6 Bumped v9.1.3
• 7f92da5 fix: support wildcard prefixes with route params (#576)
• b0a66d5 Bumped v9.1.2
• 32af863 fix: resolve wildcard paths in encapsulated contexts (#574)
• 48b136f Bumped v9.1.1
• cc7b7f7 Merge commit from fork
• 9921faa Merge commit from fork
• 4183d2d ci: add lock-threads workflow (#570)
• a3a8cd6 Bumped v9.1.0
• 8423c80 build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (#566)
• Additional commits viewable in compare view

Updates @visactor/react-vchart from 2.0.21 to 2.0.22

Commits

• See full diff in compare view

Updates better-sqlite3 from 12.8.0 to 12.9.0

Release notes

Sourced from better-sqlite3's releases.

v12.9.0

What's Changed

• Update SQLite to version 3.53.0 in WiseLibs/better-sqlite3#1464

Full Changelog: WiseLibs/better-sqlite3@v12.8.0...v12.9.0

Commits

• 4058d24 12.9.0
• f653513 Update SQLite to version 3.53.0 (#1464)
• See full diff in compare view

Updates dotenv from 17.4.1 to 17.4.2

Changelog

Sourced from dotenv's changelog.

17.4.2 (2026-04-12)

Changed

• Improved skill files - tightened up details (#1009)

Commits

• f116f70 17.4.2
• 3a81612 fix visual order of faq
• 13f55a8 Merge branch 'skill'
• 4bbbf73 reorganize faq
• c3da64b Merge pull request #1009 from motdotla/skill
• 6f743b1 update source
• fc2c624 update skill
• 972315b Tighten up skill
• 2795fce reorganize faq
• d5495d4 adjust skill
• Additional commits viewable in compare view

Updates fastify from 5.8.4 to 5.8.5

Release notes

Sourced from fastify's releases.

v5.8.5

⚠️ Security Release

This fixes CVE CVE-2026-33806 GHSA-247c-9743-5963.

What's Changed

• chore: Fix port parsing by @​jsumners in fastify/fastify#6603
• chore: upgrade to typescript v6.0.2 by @​Tony133 in fastify/fastify#6605
• fix: restore trustProxy function for number and string types, add null check for socketAddr by @​mcollina in fastify/fastify#6613
• ci: reduce cron scheduled workflows from daily/weekly to monthly by @​Fdawgs in fastify/fastify#6623
• chore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 by @​dependabot[bot] in fastify/fastify#6629
• chore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 by @​dependabot[bot] in fastify/fastify#6632
• chore: Bump borp from 0.21.0 to 1.0.0 by @​dependabot[bot] in fastify/fastify#6633
• chore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 by @​dependabot[bot] in fastify/fastify#6630
• docs(ecosystem): add @​pompelmi/fastify-plugin by @​SonoTommy in fastify/fastify#6610

New Contributors

• @​SonoTommy made their first contribution in fastify/fastify#6610

Full Changelog: fastify/fastify@v5.8.4...v5.8.5

Commits

• 3983cce Bumped v5.8.5
• 3ce3ae6 Merge commit from fork
• b06a196 docs(ecosystem): add @​pompelmi/fastify-plugin (#6610)
• 909c5d5 chore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 (#6630)
• 4db21a3 chore: Bump borp from 0.21.0 to 1.0.0 (#6633)
• 0f4e544 chore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 (#6632)
• 33a2fcd chore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 (#6629)
• fd35d82 ci: reduce cron schedules from daily/weekly to monthly (#6623)
• 8dee9be fix: restore trustProxy function for number and string types, add null check ...
• d457aed chore: upgrade to typescript v6.0.2 (#6605)
• Additional commits viewable in compare view

Updates mysql2 from 3.20.0 to 3.22.3

Release notes

Sourced from mysql2's releases.

v3.22.3

3.22.3 (2026-04-24)

Bug Fixes

• allow resetOnRelease in connection config validation (#4278) (e72f923)

v3.22.2

3.22.2 (2026-04-21)

Bug Fixes

• promise: point rejection stacks at caller for promise API (#4267) (c79a3f3)

v3.22.1

3.22.1 (2026-04-17)

Bug Fixes

• async stack traces not pointing to correct source, regression introduced by #4257 (#4265) (5b6206c)
• packet: return INVALID_DATE for zero dates with numeric timezone offset (#1019) (#4258) (cb5adcc)

v3.22.0

3.22.0 (2026-04-10)

Features

• disable mysql_clear_password plugin by default (#4236) (884bec5), closes #1617
• implement COM_RESET_CONNECTION with pool integration (#4148) (49a64cc)

Performance Improvements

• defer Error object creation to error handlers in promise wrappers (#4257) (ab131de)

v3.21.1

3.21.1 (2026-04-09)

Bug Fixes

• limit client flags to server capabilities (#4227) (e1930b8)
• use Number.isSafeInteger for supportBigNumbers boundary check (#4225) (295264b)

v3.21.0

3.21.0 (2026-04-09)

... (truncated)

Changelog

Sourced from mysql2's changelog.

3.22.3 (2026-04-24)

Bug Fixes

• allow resetOnRelease in connection config validation (#4278) (e72f923)

3.22.2 (2026-04-21)

Bug Fixes

• promise: point rejection stacks at caller for promise API (#4267) (c79a3f3)

3.22.1 (2026-04-17)

Bug Fixes

• async stack traces not pointing to correct source, regression introduced by #4257 (#4265) (5b6206c)
• packet: return INVALID_DATE for zero dates with numeric timezone offset (#1019) (#4258) (cb5adcc)

3.22.0 (2026-04-10)

Features

• disable mysql_clear_password plugin by default (#4236) (884bec5), closes #1617
• implement COM_RESET_CONNECTION with pool integration (#4148) (49a64cc)

Performance Improvements

• defer Error object creation to error handlers in promise wrappers (#4257) (ab131de)

3.21.1 (2026-04-09)

Bug Fixes

• limit client flags to server capabilities (#4227) (e1930b8)
• use Number.isSafeInteger for supportBigNumbers boundary check (#4225) (295264b)

3.21.0 (2026-04-09)

Features

• add support for query attributes (#4223) (d732f78)
• types: export ExecuteValues and QueryValues from entry point (9fafd6f)

Commits

• 908402e chore(master): release 3.22.3 (#4279)
• 8078ad0 build(deps): bump lucide-react from 1.8.0 to 1.9.0 in /website (#4280)
• e72f923 fix: allow resetOnRelease in connection config validation (#4278)
• 77afd80 build(deps-dev): bump the dev-dependencies group with 2 updates (#4274)
• 77626a7 chore(master): release 3.22.2 (#4271)
• d615967 build(deps-dev): bump the dev-dependencies group with 2 updates (#4272)
• 9245c08 build(deps-dev): bump poku (#4273)
• c79a3f3 fix(promise): point rejection stacks at caller for promise API (#4267)
• fe5df8e cd: ensure settings are processed by release-please (#4270)
• a65c706 ci(github-actions): upgrade workflows to Node 24 action runtimes (#4268)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for mysql2 since your current version.

Updates nodemailer from 8.0.4 to 8.0.7

Release notes

Sourced from nodemailer's releases.

v8.0.7

8.0.7 (2026-04-27)

Bug Fixes

• keep domain as UTF-8 when local part is non-ASCII (#1814) (66d4ecb)

v8.0.6

8.0.6 (2026-04-24)

Bug Fixes

• restore base64 wrap() trim behavior to prevent trailing CRLF (#1810) (#1811) (b1ae6c1)

v8.0.5

8.0.5 (2026-04-07)

Bug Fixes

• decode SMTP server responses as UTF-8 at line boundary (95876b1)
• sanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (0a43876)

Changelog

Sourced from nodemailer's changelog.

8.0.7 (2026-04-27)

Bug Fixes

• keep domain as UTF-8 when local part is non-ASCII (#1814) (66d4ecb)

8.0.6 (2026-04-24)

Bug Fixes

• restore base64 wrap() trim behavior to prevent trailing CRLF (#1810) (#1811) (b1ae6c1)

8.0.5 (2026-04-07)

Bug Fixes

• decode SMTP server responses as UTF-8 at line boundary (95876b1)
• sanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (0a43876)

Commits

• 1997040 chore(master): release 8.0.7 (#1815)
• 9b9c545 chore: drop nodemailer-ntlm-auth devDependency (#1816)
• 22bf90c Bumped dev deps
• 66d4ecb fix: keep domain as UTF-8 when local part is non-ASCII (#1814)
• 6a4a01e Fix/base64 wrap trailing crlf (#1813)
• a22efbc chore(master): release 8.0.6 (#1812)
• b1ae6c1 fix: restore base64 wrap() trim behavior to prevent trailing CRLF (#1810) (#1...
• 202cfb3 chore(master): release 8.0.5 (#1809)
• b634abf docs: add CLAUDE.md with project conventions and release process
• 95876b1 fix: decode SMTP server responses as UTF-8 at line boundary
• Additional commits viewable in compare view

Updates rate-limiter-flexible from 11.0.0 to 11.0.2

Release notes

Sourced from rate-limiter-flexible's releases.

Drizzle-orm v1 support

What's Changed

• #362 support drizzle-orm v1 by @​animir in animir/node-rate-limiter-flexible#363

Full Changelog: animir/node-rate-limiter-flexible@v11.0.1...v11.0.2

😉

Fix msBeforeNext delayed response

What's Changed

• #113 fix RateLimiterQueue delay for limiters with execEvenly flag set to true by @​animir in animir/node-rate-limiter-flexible#359
• Update dev deps to latest minor versions by @​animir in animir/node-rate-limiter-flexible#358

Full Changelog: animir/node-rate-limiter-flexible@v11.0.0...v11.0.1

👀

Commits

• e7ae147 11.0.2
• 0483c3c #362 support drizzle-orm v1 (#363)
• a98a3ff 11.0.1
• 3b6b656 #113 fix queue delay with exec evenly flag (#359)
• 0df6f6c Merge pull request #358 from animir/update-to-minor
• 21a763c update dev deps to latest minor versions
• fa74290 add link to Wiki
• See full diff in compare view

Updates socks from 2.8.7 to 2.8.8

Commits

• See full diff in compare view

Updates zod from 4.3.6 to 4.4.2

Release notes

Sourced from zod's releases.

v4.4.2

Commits:

• 0c62df0ea19fd05abdf90473e9eef7eea530fab2 Clean up docs navigation and stale labels (#5901)
• 20cc794895cc8604fe0c87d83a5d1c3f89fad0ac chore: add security policy and refresh tooling deps
• 6fbe07b0177efdd1bf1c0b05160e70d7a0702337 fix(docs): heading anchor links now include the hash so it doesnt scoll all the way up, follows navbar logic (#5791)
• 4bbed1b1c73eca4ce9e59b1189ed236aa6c8b5bd Tighten discriminated union option typing
• bbac3e567e7fccfaaf7cdc97f1ce30c295e2c908 Update PR guidance for agents
• cf0dc942a32805c292fff59ade20a7ace980735a Merge remote-tracking branch 'origin/main' into fix-discriminated-union-key-constraint
• 292c894a5fd2aa42e527900b83d8d7a3009a709c docs: add Zernio gold sponsor
• 1fc9f311c28dcf80d0bb5a36b177086cbc3d8eca docs: document codec inversion
• 1373c85da9aeff704a9762d27bc58699618aefb7 docs: remove AI disclosure guidance
• e20d02b473c08e3a4e557bc610b1b5fac079b649 chore: ignore triage notes
• e58ea4d91b1dfe8194b73508203213cbc7e9c936 docs: test Zod Mini tab code heights
• 905761a5d127e8d5dd2ebb3bc88c75cb0b8149ff docs: document preprocess input type narrowing
• bf64bac850d4dee2b7dde7e64909d5d796d32043 chore: tighten test guidance in AGENTS.md
• 8ec4e73f4c4693b6361ad591be40fb41eb8a9f95 chore: update play.ts scratch
• 02c2baf7d0d615872fa4528a8020603b71211702 Make z.preprocess defer optionality to inner schema (#5929)
• 88015df8e25c44fb5385eb3ef28935119cd5edea fix(docs): drop deprecated baseUrl from tsconfig
• c59d4474e3b4cad1b323462186cf607178ce8267 4.4.2

v4.4.1

Commits:

• 481f7be4238c83ed58183f921b2646f340a91c6a ci: gate release publishing on full test workflow
• 95ccab423aec720b2523c3a64cdc7e3204537cc7 test(v3): restore optional undefined expectations
• cede2c63739a5823d6aa5093d291e9a111da943d fix(v4): reject tuple holes before required defaults (#5900)
• edd0bf0f5ada4a8dc581c259407d7bbad0a71ea7 release: 4.4.1
• 180d83d1dbe6a59260710cc8637a3dea2281ee56 docs: remove Jazz featured sponsor

v4.4.0

4.4.0

This is a minor release with a wide set of correctness and soundness fixes. Some fixes intentionally make Zod stricter, so code that depended on previously accepted invalid or ambiguous inputs may need small updates.

Potentially breaking bug fixes

Tuple defaults now materialize output values correctly

Fixed in #5661. Tuple parsing now more accurately reflects defaults, optional tails, explicit undefined, and under-filled inputs. The headline behavior is that defaults in tuple positions now properly appear in parsed output.

const schema = z.tuple([
  z.string(),
  z.string().default("fallback"),
]);
schema.parse(["a"]);
// ["a", "fallback"]

... (truncated)

Commits

• c59d447 4.4.2
• 88015df fix(docs): drop deprecated baseUrl from tsconfig
• 02c2baf Make z.preprocess defer optionality to inner schema (#5929)
• 8ec4e73 chore: update play.ts scratch
• bf64bac chore: tighten test guidance in AGENTS.md
• 905761a docs: document preprocess input type narrowing
• e58ea4d docs: test Zod Mini tab code heights
• e20d02b chore: ignore triage notes
• 1373c85 docs: remove AI disclosure guidance
• 1fc9f31 docs: document codec inversion
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for zod since your current version.

Updates @tailwindcss/vite from 4.2.2 to 4.2.4

Release notes

Sourced from @​tailwindcss/vite's releases.

v4.2.4

Fixed

• Ensure imports in @import and @plugin still resolve correctly when using Vite aliases in @tailwindcss/vite (#19947)

v4.2.3

Fixed

• Canonicalization: improve canonicalizations for tracking-* utilities by preferring non-negative utilities (e.g. -tracking-tighter → tracking-wider) (#19827)
• Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (#19829)
• Ensure query params in imports are considered unique resources when using @tailwindcss/webpack (#19723)
• Canonicalization: collapse arbitrary values into shorthand utilities (e.g. px-[1.2rem] py-[1.2rem] → p-[1.2rem]) (#19837)
• Canonicalization: collapse border-{t,b}-* into border-y-*, border-{l,r}-* into border-x-*, and border-{t,r,b,l}-* into border-* (#19842)
• Canonicalization: collapse scroll-m{t,b}-* into scroll-my-*, scroll-m{l,r}-* into scroll-mx-*, and scroll-m{t,r,b,l}-* into scroll-m-* (#19842)
• Canonicalization: collapse scroll-p{t,b}-* into scroll-py-*, scroll-p{l,r}-* into scroll-px-*, and scroll-p{t,r,b,l}-* into scroll-p-* (#19842)
• Canonicalization: collapse overflow-{x,y}-* into overflow-* (#19842)
• Canonicalization: collapse overscroll-{x,y}-* into overscroll-* (#19842)
• Read from --placeholder-color instead of --background-color for placeholder-* utilities (#19843)
• Upgrade: ensure files are not emptied out when killing the upgrade process while it's running (#19846)
• Upgrade: use config.content when migrating from Tailwind CSS v3 to Tailwind CSS v4 (#19846)
• Upgrade: never migrate files that are ignored by git (#19846)
• Add .env and .env.* to default ignored content files (#19846)
• Canonicalization: migrate overflow-ellipsis into text-ellipsis (#19849)
• Canonicalization: migrate start-full → inset-s-full, start-auto → inset-s-auto, start-px → inset-s-px, and start-<number> → inset-s-<number> as well as negative versions (#19849)
• Canonicalization: migrate end-full → inset-e-full, end-auto → inset-e-auto, end-px → inset-e-px, and end-<number> → inset-e-<number> as well as negative versions (#19849)
• Canonicalization: move the - sign inside the arbitrary value -left-[9rem] → left-[-9rem] (#19858)
• Canonicalization: move the - sign outside the arbitrary value ml-[calc(-1*var(--width))] → -ml-(--width) (#19858)
• Improve performance when scanning JSONL / NDJSON files (#19862)
• Support NODE_PATH environment variable in standalone CLI (#19617)

Changelog

Sourced from @​tailwindcss/vite's changelog.

[4.2.4] - 2026-04-21

Fixed

• Ensure imports in @import and @plugin still resolve correctly when using Vite aliases in @tailwindcss/vite (#19947)

[4.2.3] - 2026-04-20

Fixed

• Canonicalization: improve canonicalization for tracking-* utilities by preferring non-negative utilities (e.g. -tracking-tighter → tracking-wider) (#19827)
• Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (#19829)
• Ensure query params in imports are considered unique resources when using @tailwindcss/webpack (#19723)
• Canonicalization: collapse arbitrary values into shorthand utilities (e.g. px-[1.2rem] py-[1.2rem] → p-[1.2rem]) (#19837)
• Canonicalization: collapse border-{t,b}-* into border-y-*, border-{l,r}-* into border-x-*, and border-{t,r,b,l}-* into border-* (#19842)
• Canonicalization: collapse scroll-m{t,b}-* into scroll-my-*, scroll-m{l,r}-* into scroll-mx-*, and scroll-m{t,r,b,l}-* into scroll-m-* (#19842)
• Canonicalization: collapse scroll-p{t,b}-* into scroll-py-*, scroll-p{l,r}-* into scroll-px-*, and scroll-p{t,r,b,l}-* into scroll-p-* (#19842)
• Canonicalization: collapse overflow-{x,y}-* into overflow-* (#19842)
• Canonicalization: collapse overscroll-{x,y}-* into overscroll-* (#19842)
• Read from --placeholder-color instead of --background-color for placeholder-* utilities (#19843)
• Upgrade: ensure files are not emptied out when killing the upgrade process while it's running (#19846)
• Upgrade: use config.content when migrating from Tailwind CSS v3 to Tailwind CSS v4 (#19846)
• Upgrade: never migrate files that are ignored by git (#19846)
• Add .env and .env.* to default ignored content files (#19846)
• Canonicalization: migrate overflow-ellipsis into text-ellipsis (#19849)
• Canonicalization: migrate start-full → inset-s-full, start-auto → inset-s-auto, start-px → inset-s-px, and start-<number> → inset-s-<number> as well as negative versions (#19849)
• Canonicalization: migrate end-full → inset-e-full, end-auto → inset-e-auto, end-px → inset-e-px, and end-<number> → inset-e-<number> as well as negative versions (#19849)
• Canonicalization: move the - sign inside the arbitrary value -left-[9rem] → left-[-9rem] (#19858)
• Canonicalization: move the - sign outside the arbitrary value ml-[calc(-1*var(--width))] → -ml-(--width) (#19858)
• Improve performance when scanning JSONL / NDJSON files (#19862)
• Support NODE_PATH environment variable in standalone CLI (#19617)

Commits

• 69ad7cc 4.2.4 (#19948)
• 685c19e Fix issue around resolving paths in @tailwindcss/vite (#19947)
• 2e3fa49 4.2.3 (#19944)
• 5cb1efd fix(vite): resolve tsconfig paths in CSS and JS resolvers (#19803)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​tailwindcss/vite since your current version.

Updates electron from 41.1.1 to 41.5.0

Release notes

Sourced from electron's releases.

electron v41.5.0

Release Notes for v41.5.0

Features

• Added app.configureWebAuthn() to enable the Touch ID platform authenticator for WebAuthn on macOS, and a select-webauthn-account session event for choosing between multiple discoverable credentials. #51412 (Also in 42)

Fixes

• Fixed a regression on Windows where frameless windows changed their size after calling setResizable. #51427 (Also in 42)
• Fixed an issue on Windows where a transient UnhookWindowsHookEx failure in setIgnoreMouseEvents(true, { forward: true }) teardown could cause duplicate low-level mouse hooks to be installed on the next activation. #51419 (Also in 42)
• Fixed remote debugging via --remote-debugging-port not working when inspecting from Chrome's chrome://inspect page. The DevTools page would appear empty due to the frontend URL pointing to a CDN that returned 404 for Electron's Chromium builds. #51413

electron v41.4.0

Release Notes for v41.4.0

Features

• Added support for heap profiling via contentTracing.enableHeapProfiling(). #51178 (Also in 42)

Fixes

• Ensured cross-origin fetch() and XHR are blocked for custom protocols registered with supportFetchAPI: true unless corsEnabled: true is also set; cross-origin mode: 'no-cors' requests now receive an opaque response. #51270 (Also in 39, 40, 42)
• Fixed a crash when providing invalid HTTP header names or values in the webRequest.onBeforeSendHeaders() callback. #51365 (Also in 40, 42)
• Fixed a bug that cause offscreen rendering doesn't have valid screen info and unable to get valid result of related media queries.
  • Added webPreference.offscreen.deviceScaleFactor to allow user specify a value, instead of using user's primary display's value. #50375 (Also in 40)
• Fixed a bug where errors would occur when using the Chrome DevTools Fetch API. #51371 (Also in 42)
• Fixed a crash that could occur when an autofill suggestion popup was shown while a window was closing. #51321 (Also in 42)
• Fixed a regression where frameless fullscreen windows had white borders on Windows. #51332 (Also in 42)
• Fixed a renderer crash when a page uses the <geolocation> HTML element. #51373 (Also in 42)
• Fixed an issue where calling contentTracing APIs before app.whenReady() would crash the application. #51352 (Also in 42)
• Fixed an issue where some toast notification properties didn't work as expected in WinRT. #51397 (Also in 42)
• Fixed buggy behavior where Backspace would accept macOS text replacements inside contenteditable elements. #51343 (Also in 40, 42)
• This PR fixes a regression in silent printing where custom DPI values from webContents.print were not honored, causing incorrect output scaling in real-world print flows. #51355 (Also in 42)

Other Changes

• Backported a fix for route_id validation in the GPU command buffer. #51319
• Backported fix in Skia for 495534710. #51264
• Backported security fixes for 492736100, 492668885, 493413432, 493319454, 494158331, 496281816. #51259
• Updated Chromium to 146.0.7680.216. #51382

electron v41.3.0

Release Notes for v41.3.0

Fixes

• Fixed webContents.printToPDF rejecting on all subsequent calls after a prior call was rejected with an invalid pageRanges value. #51221 (Also in 40, 42)
• Fixed an issue where app-region: drag inside a hidden WebContentsView would still drag the parent window on Windows. #51246 (Also in 40, 42)
• Fixed an issue where an Electron macOS update would not be applied if another app was previously blocking the macOS system update loop. #51210 (Also in 40,