* feat: capture JS stack trace on renderer OOM
When a renderer process approaches its V8 heap limit, capture the
JavaScript stack trace and write it to both a Crashpad crash key
("js-oom-stack") and stderr.
The stack trace is captured via RequestInterrupt rather than directly
inside the NearHeapLimitCallback because CurrentStackTrace is unsafe
to call during OOM — V8 FATALs on optimized (TurboFan) frames that
have had their deoptimization data garbage-collected. RequestInterrupt
defers the capture to the next V8 safe point, where all frames are
guaranteed to have deopt data available. This matches Node.js's
approach of never capturing JS stacks inside the heap limit callback.
The callback is registered once per isolate via an atomic guard in
RendererClientBase::DidCreateScriptContext, preventing the CHECK
failure V8 raises on duplicate AddNearHeapLimitCallback registrations
(which would otherwise occur on page navigations or multiple contexts).
Refs: #46078
Made-with: Cursor
* Update shell/renderer/oom_stack_trace.cc
Co-authored-by: Niklas Wenzel <dev@nikwen.de>
* Update shell/renderer/oom_stack_trace.cc
Co-authored-by: Niklas Wenzel <dev@nikwen.de>
* test: add crash reporter test for OOM JS stack trace
Add a test that verifies the `electron.v8-oom.stack` crash key contains
the JS stack trace (including function names) when a renderer process
runs out of memory. Also deduplicate the heap info formatting in
oom_stack_trace.cc.
Refs: #46078
Made-with: Cursor
* fix: lint formatting in oom_stack_trace.cc
Made-with: Cursor
* fix: use proper logger API instead of cstdio
* fix: check heap headroom before capturing OOM stack trace
deepak1556: "Should there be check for available heap size [for]
CurrentStackTrace and formatting"
CurrentStackTrace allocates StackTraceInfo + StackFrameInfo on the V8
heap. If the 20 MB bump is partially consumed by the time the interrupt
fires, these allocations trigger a secondary OOM. Guard with a 2 MB
headroom check.
Made-with: Cursor
* fix: handle V8 cage limit when bumping heap for OOM stack capture
deepak1556: "Does this bumping work when we are at the cage limit of
4GB"
V8's pointer compression cage caps the heap at ~4 GB. When
current_heap_limit is already near the ceiling, our 20 MB bump gets
clamped to zero and the interrupt never fires. Detect this and record
heap info as the final crash key instead of waiting for a stack trace
that won't arrive.
Made-with: Cursor
* feat: add V8 heap statistics as OOM crash keys
deepak1556: "V8 seems to capture heap stats as crash keys but it gets
missed today due to the OOM callback override... wonder if we can
include that to get some more heuristics in the dump."
Record heap used/total/limit/available, per-space stats for old_space
and large_object_space, native/detached context counts, and utilization
percentage as crash keys. Also add heap stats in the V8OOMErrorCallback
in node_bindings.cc for the final OOM crash report.
Made-with: Cursor
* feat: support worker thread isolates for OOM stack trace
deepak1556: "You need a separate registration for worker threads via
WorkerScriptReadyForEvaluationOnWorkerThread but that also means the
process global g_registered_isolate would break."
Chromium has one V8 isolate per thread (main + one per web worker), so
thread_local is equivalent to per-isolate storage. Replace the global
atomic + mutex/set with a constinit thread_local OomState* that holds
the isolate pointer and per-isolate is_in_oom flag. The void* data
parameter on AddNearHeapLimitCallback delivers OomState* directly into
callbacks, so the hot path needs no TLS lookup.
Add WorkerScriptReadyForEvaluationOnWorkerThread and
WillDestroyWorkerContextOnWorkerThread overrides to RendererClientBase
so both ElectronRendererClient and ElectronSandboxedRendererClient get
worker OOM registration. Update ElectronRendererClient to call the base
class in both worker lifecycle methods.
Add a web worker OOM test that spawns a dedicated Worker with a memory
leak and verifies the stack trace captures the worker function name.
Made-with: Cursor
* fix: register OOM callback for all script contexts
When context isolation is enabled, ShouldNotifyClient skips
DidCreateScriptContext for the main world, but user JS still runs there
and can OOM. Register in DidInstallConditionalFeatures which fires for
every script context. The TLS dedup guard prevents double-registration
on the same isolate.
Made-with: Cursor
* fix: guard against division by zero and cage size changes in OOM handler
Add a zero-guard on heap_size_limit before computing utilization
percentage — maximizes robustness in an OOM code path.
Add static_assert on kPtrComprCageReservationSize to catch any
upstream V8 change to the cage size at compile time.
Made-with: Cursor
* fix: address review feedback on OOM stack trace PR
- Remove redundant RegisterOomStackTraceCallback from
electron_render_frame_observer.cc; DidCreateScriptContext is sufficient
since main world and isolated world share the same isolate
- Replace thread_local OomState* with base::ThreadLocalOwnedPointer
wrapped in base::NoDestructor per Chromium style for non-trivially
destructible types
- Change heap-headroom and cage-limit logs from ERROR to INFO since
users cannot act on these diagnostics
- Add comment explaining why base class is called last in
WillDestroyWorkerContextOnWorkerThread (OOM deregistration ordering)
Made-with: Cursor
* fix: skip OOM stack trace registration for worklet contexts
Worklets can share a thread and isolate via WorkletThreadHolder's
per-process singleton pattern. With per-thread OOM state, the first
worklet to be destroyed would prematurely remove the callback for
any remaining worklets on the same thread. Skip worklets entirely
to avoid this; can be revisited with ref-counting if needed.
Made-with: Cursor
* fix: prevent dangling raw_ptr<v8::Isolate> in OOM state
The OomState held a raw_ptr<v8::Isolate> that outlived the isolate on
the main thread: gin::IsolateHolder destroyed the isolate during
shutdown, but the OomState (stored in thread-local storage) was only
released later in JavascriptEnvironment::~JavascriptEnvironment. This
triggers a dangling pointer check when building with
enable_dangling_raw_ptr_checks.
Register OomState as a gin::PerIsolateData::DisposeObserver so it
clears the raw_ptr and removes the NearHeapLimitCallback before the
isolate is destroyed, regardless of destructor ordering.
Suggested-by: Deepak Mohan
Made-with: Cursor
* test: verify OOM crash keys end-to-end via crash reporter
Replace stderr-based OOM tests with end-to-end crash dump validation.
Instead of parsing log output, start a crash reporter server, trigger
renderer OOM, and verify the uploaded crash dump contains the expected
`electron.v8-oom.*` annotations — the same code path production crash
reports take.
Consolidate all OOM test scenarios (basic heap leak, JSON.stringify,
web worker) into a single `describe('OOM crash keys')` block inside
api-crash-reporter-spec using the existing crash fixture app with new
renderer-oom-json and renderer-oom-worker crash types.
The web worker test verifies that OOM crash keys are present but does
not assert on the JS function name: the 20 MB heap bump may be
exhausted before V8 reaches a safe point to fire the stack-capture
interrupt, leaving the crash key at "(stack pending)". Increasing the
bump or switching to a synchronous capture strategy would fix this but
is left for a follow-up.
Remove the standalone oom-stack-trace-spec.ts and its fixture app.
Made-with: Cursor
---------
Co-authored-by: Niklas Wenzel <dev@nikwen.de>
chore: address blink gc plugin errors
Key fixes:
- Replace `base::WeakPtrFactory` with `gin::WeakCellFactory` in
MenuMac, MenuViews, and NetLog, since weak pointers to cppgc-managed
objects must go through weak cells
- Replace `v8::Global<v8::Value>` with `cppgc::Persistent<Menu>` for
the menu reference in BaseWindow
- Stop using `gin_helper::Handle<T>` with cppgc types; use raw `T*`
and add a `static_assert` to prevent future misuse
- Add proper `Trace()` overrides for Menu, MenuMac, MenuViews, and
NetLog to ensure cppgc members are visited during garbage collection
- Replace `SelfKeepAlive` prevent-GC mechanism in Menu with a
`cppgc::Persistent` prevent-GC captured in `BindSelfToClosure`
- Introduce `GC_PLUGIN_IGNORE` macro to suppress
known-safe violations: mojo::Remote fields, ObjC bridging pointers,
and intentional persistent self-references
- Mark `ArgumentHolder` as `CPPGC_STACK_ALLOCATED()` in both Electron's
and gin's function_template.h to silence raw-pointer-to-GC-type
warnings
* chore: iwyu in shell/browser/api/electron_api_web_contents.h
* chore: iwyu in shell/browser/browser.h
* chore: iwyu in shell/browser/javascript_environment.h
* chore: iwyu in shell/common/gin_hhelper/function_template.h
* chore: do not include node_includes.h if we are not using it
* chore: fix transitive include
* chore: bump chromium in DEPS to 148.0.7765.0
* chore: bump chromium in DEPS to 148.0.7766.0
* fix(patch-conflict): update packed_resources dep name after upstream rename
Upstream renamed //chrome:packed_resources_integrity_header to
//chrome:packed_resources. Updated the patch to guard the new dependency
name with !is_electron_build while preserving the same intent.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7714543
Co-Authored-By: Claude <noreply@anthropic.com>
* fix(patch-conflict): update code_cache_host_impl.cc for upstream includes and TODO
Upstream added #include <stdint.h> and a TODO comment in
code_cache_host_impl.cc which conflicted with the Electron code cache
custom schemes patch. Resolved by keeping both upstream additions and
the Electron ProcessLockURLIsCodeCacheScheme function.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7615151
Co-Authored-By: Claude <noreply@anthropic.com>
* chore: update patch hunk headers
Co-Authored-By: Claude <noreply@anthropic.com>
* 7700837: update RecordContentToVisibleTimeRequest from mojom to native struct
Upstream typemapped RecordContentToVisibleTimeRequest from a Mojo
struct to a native C++ struct. Updated OSR virtual method signatures
from blink::mojom::RecordContentToVisibleTimeRequestPtr to
std::optional<blink::RecordContentToVisibleTimeRequest> and
blink::RecordContentToVisibleTimeRequest to match.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7700837
Co-Authored-By: Claude <noreply@anthropic.com>
* 7714579: update WebString::FromASCII to FromUTF8
Upstream renamed blink::WebString::FromASCII to FromAscii. Updated
Electron's usage to FromUTF8 which is equivalent for ASCII scheme
strings and avoids a dependency on the renamed method. Also fixed
blink::String::FromUTF8 to use the String constructor directly.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7714579
Co-Authored-By: Claude <noreply@anthropic.com>
* 7696480: add stream_info dep after StreamInfo extraction
Upstream extracted extensions::StreamInfo from PdfViewerStreamManager
to a standalone class in extensions/browser/mime_handler/stream_info.h.
Added the new target as a dependency since Electron's streams_private
and pdf_viewer_private APIs use PdfViewerStreamManager which now
depends on the separate StreamInfo target.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7696480
Co-Authored-By: Claude <noreply@anthropic.com>
* chore: bump chromium in DEPS to 148.0.7768.0
* fix(patch-conflict): update PiP patch for new toggle_mute_button in overlay window
Upstream added a toggle_mute_button to the live caption dialog controls
in VideoOverlayWindowViews::SetLiveCaptionDialogVisibility. Extended the
existing #if 0 guard to include the new button handling since Electron
disables live caption dialog functionality.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7682308
Co-Authored-By: Claude <noreply@anthropic.com>
* fix(patch-conflict): update packed_resource_integrity patch after upstream dep removal
Upstream removed the deps += [ "//chrome:packed_resources" ] line from
the if (!is_win) block in chrome/browser/BUILD.gn. The Electron patch
no longer needs to guard this dep with !is_electron_build in this
location since the dep was already relocated by an earlier upstream CL.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7714543
Co-Authored-By: Claude <noreply@anthropic.com>
* fix(patch-conflict): update WebSocket throttling revert for DisconnectWebSocketOnBFCache guard
Upstream added a DisconnectWebSocketOnBFCacheEnabled() runtime feature
check that wraps the WebSocket BFCache feature registration. Updated the
Electron revert patch to place the kAllowAggressiveThrottlingWithWebSocket
ternary inside the new conditional guard.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7698838
Co-Authored-By: Claude <noreply@anthropic.com>
* fix(patch-conflict): update SCContentSharingPicker patch for upstream native picker refactor
Upstream added is_native_picker and filter_ based native picker session
validation to ScreenCaptureKitDeviceMac. Electron's patch uses its own
native picker approach (active_streams_ counter + direct SCContentSharingPicker
API), so marked the new upstream parameters as [[maybe_unused]] and kept
Electron's implementation.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7713560
Co-Authored-By: Claude <noreply@anthropic.com>
* chore: update patch hunk headers
Co-Authored-By: Claude <noreply@anthropic.com>
* 7708800: update StartDragging signature to use RenderFrameHost
Upstream refactored StartDragging to take a RenderFrameHost& instead of
separate source_origin and source_rwh parameters. Updated
OffScreenWebContentsView to match the new signature and derive the
RenderWidgetHostImpl from the RenderFrameHost internally.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7708800
Co-Authored-By: Claude <noreply@anthropic.com>
* 7682308: add toggle_mute_button to chromium_src build sources
Upstream added a ToggleMuteButton to the PiP overlay window controls.
Added the new toggle_mute_button.cc/h source files to Electron's
chromium_src/BUILD.gn to resolve linker errors.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7682308
Co-Authored-By: Claude <noreply@anthropic.com>
* chore: update patches after main rebase
* fixup! 7708800: update StartDragging signature to use RenderFrameHost
fix linting
* 7705541: [trap-handler] Track individual Wasm memories | https://chromium-review.googlesource.com/c/v8/v8/+/7705541
Moved the SetUpWebAssemblyTrapHandler() call to before the V8 isolate is created
* fixup! fix utility process tests
---------
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Keeley Hammond <khammond@slack-corp.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Keeley Hammond <vertedinde@electronjs.org>
Removes unreferenced code found via codebase sweep. Each category below may
indicate a missing feature rather than truly-unused code — see PR description.
Dead class (1):
ElectronNavigationUIData — never instantiated; ElectronBrowserClient uses
upstream ExtensionNavigationUIData directly
Unused methods (7):
CertificateManagerModel: ImportUserCert, ImportCACerts, ImportServerCert,
Delete, is_user_db_available (only PKCS12 path is used)
AutofillDriverFactory::AddDriverForFrame + CreationCallback type
ZoomLevelDelegate::SetDefaultZoomLevelPref
gtk_util: GetOpenLabel, GetSaveLabel
Unused members (2):
AutofillPopup::selected_index_
InspectableWebContents::synced_setting_names_
Declaration fixes (6):
menu_util.h: BuildMenuItemWithImage signature corrected (GtkWidget* → gfx::Image&)
win_frame_view.h: GetReadableFeatureColor (impl removed, decl left behind)
frameless_view.h: friend class NativeWindowsViews (typo, class does not exist)
Forward decls: WebDialogHelper, ChromeContentRendererClient,
ElectronNativeWindowObserver, ValueStoreFactory
Previously the renderer checked a process-wide command-line switch to
decide whether to create a Node.js environment for dedicated workers.
When a renderer process hosted multiple WebContents with different
nodeIntegrationInWorker values (e.g. via window.open with overridden
webPreferences in setWindowOpenHandler), all workers in the process
used whichever value the first WebContents set on the command line.
Instead, plumb the flag through blink's WorkerSettings at worker
creation time, copying it from the initiating frame's WebPreferences.
The check on the worker thread then reads the per-worker value. Nested
workers inherit the flag from their parent worker via
WorkerSettings::Copy.
The --node-integration-in-worker command-line switch is removed as it
is no longer consumed.
Enter the destination context scope before creating the VideoFrame V8
wrapper, matching the sibling Element and Blob branches. Without this,
ScriptState::ForCurrentRealm resolved to the calling context instead of
the target context, producing an incorrect wrapper.
Also switch to ScriptState::From with an explicit context argument to
make the intent clearer.
Adds spec coverage for VideoFrame crossing the bridge in both
directions and adds VideoFrame to the existing prototype checks.
The setter branch was deriving source_context from getter-> instead of
setter->. Currently latent since the only call site passes both from
the same preload context, but this would crash or mis-resolve if a
future call site passed a setter without a getter or from a different
context.
* chore: bump chromium in DEPS to 147.0.7702.0
* chore: update patches (trivial only)
Co-Authored-By: Claude (claude-3-5-sonnet, Anthropic)
* chore: bump chromium in DEPS to 147.0.7703.0
* 7582039: [Extensions] Use dependency injection for ManifestHandlerRegistry
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7582039
Co-Authored-By: Claude (claude-3-5-sonnet, Anthropic)
* 7582477: spanification: migrate base::ReadUnicodeCharacter usage to string_view
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7582477
Co-Authored-By: Claude (claude-3-5-sonnet, Anthropic)
* chore: update patches (trivial only)
Co-Authored-By: Claude (claude-3-5-sonnet, Anthropic)
* 7590029: Remove 5 unused deprecated sync methods in ui::Clipboard
Migrate clipboard API calls from synchronous methods to async callback-based
methods with RunLoop pattern.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7590029
* 7599553: [rust png] Chromium: Update `png` to version `0.18.1`.
https://chromium-review.googlesource.com/c/chromium/src/+/7599553
Chromium updated their to Rust PNG implementation which produces
different (but valid) PNG output. Update tests to compare raw bitmap
data instead of encoded PNG data URLs.
* test: fixup clipboard tests to properly handle urls
Needed after migrating clipboard API calls from synchronous methods to async callback-based methods with RunLoop pattern.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7590029
* fixup "7599553: [rust png] Chromium: Update `png` to version `0.18.1`."
https://chromium-review.googlesource.com/c/chromium/src/+/7599553
Chromium updated their Rust PNG implementation which produces
different (but valid) PNG data URLs.
---------
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: John Kleinschmidt <kleinschmidtorama@gmail.com>
fix: enable WASM trap handlers in all Node.js processes
```
Original reason for revert:
Some apps started throwing exception on startup
https://github.com/electron/electron/issues/48956
```
We now move the trap handler registeration before
any user script execution. Add a fuse to support
disabling the feature is application needs to run
in memory constrained environments.
* chore: bump chromium in DEPS to 146.0.7652.0
* fix(patch-conflict): update mas_avoid_private_macos_api_usage context for constrainFrameRect method
The upstream CL added a new constrainFrameRect:toScreen: method override to
NativeWidgetMacNSWindow as part of headless mode window zoom implementation.
The MAS patch's #endif for frameViewClassForStyleMask now correctly appears
after that method, since constrainFrameRect is a public API override that
doesn't need to be guarded.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7487666
* fix(patch-conflict): update printing.patch for base::DictValue rename
Updated printing.patch to use the new base::DictValue type name instead of
base::Value::Dict following Chromium's type renaming change. This affects
CompleteUpdatePrintSettings() signature and related code.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7509820
* fix(patch-conflict): update accessibility_ui patch for base::DictValue/ListValue rename
Updated adjust_accessibility_ui_for_electron.patch to use the new
base::DictValue and base::ListValue type names instead of base::Value::Dict
and base::Value::List following Chromium's type renaming change.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7509820
* chore: update patches
* 6625736: Rename DURABLE_STORAGE to PERSISTENT_STORAGE for consistency | https://chromium-review.googlesource.com/c/chromium/src/+/6625736
* chore: bump chromium in DEPS to 146.0.7653.0
* chore: update patches
* 7000847: add type tag to v8::External for gin_helper function templates
The upstream gin function templates now use v8::ExternalPointerTypeTag
for type safety when using v8::External. Updated Electron's forked
gin_helper function template to use the same kGinInternalCallbackHolderBaseTag
that Chromium's gin uses.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7000847
* fix(patch-update): extend V8 Object API deprecation patch for Node.js
Extended the existing patch to cover additional files that use
GetAlignedPointerFromInternalField and SetAlignedPointerInInternalField:
- src/stream_base-inl.h
- src/udp_wrap.cc
- src/js_udp_wrap.cc
- src/node_process_methods.cc
- src/node_snapshotable.cc
- src/base_object.cc
These APIs now require an EmbedderDataTypeTag parameter.
Ref: https://chromium-review.googlesource.com/c/v8/v8/+/7087956
* 7000847: add type tag to v8::External calls in shared_texture
Updated v8::External::New and v8::External::Value calls to use the
kExternalPointerTypeTagDefault tag as required by the V8 API change
that deprecates the tagless versions.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7000847
* 7508687: use ChildProcessId for file permission APIs
The ChildProcessSecurityPolicy::CanReadFile and GrantReadFile APIs
now require ChildProcessId instead of int. Updated to use GetID()
instead of GetDeprecatedID() for these specific calls.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7508687
* 7000847: add type tag to v8::External calls in callback and osr_converter
The v8::External API now requires an EmbedderPointerTypeTag parameter
for both New() and Value() methods to improve V8 sandbox type safety.
Updated calls in:
- callback.cc: TranslatorHolder constructor and CallTranslator
- osr_converter.cc: OffscreenSharedTextureValue converter
Ref: https://chromium-review.googlesource.com/c/v8/v8/+/7000847
* fixup! 7087956: [api] Promote deprecation of v8::Context and v8::Object API methods
Extended the Node.js patch to cover histogram.cc which also uses
SetAlignedPointerInInternalField and GetAlignedPointerFromInternalField
APIs that now require the EmbedderDataTypeTag parameter.
Ref: https://chromium-review.googlesource.com/c/v8/v8/+/7087956
* chore: bump chromium in DEPS to 146.0.7655.0
* chore: update patches
* 7509043: update WebSpellingMarker type for API change
The upstream Chromium API changed - WebSpellingMarker was moved from a
nested type within WebTextCheckClient to a standalone type in the blink
namespace.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7509043
* 7498491: update process_id to use OriginatingProcess type
The upstream Chromium API changed - URLLoaderFactoryParams::process_id
was changed from an integer to a union type network::OriginatingProcess
that distinguishes between browser and renderer processes.
- For browser process requests, use OriginatingProcess::browser()
- For renderer process lookups, check !is_browser() and use
renderer_process().value() to get the child_id
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7498491
* 5710330: Add crash keys to debug NativeWidgetMacNSWindowBorderlessFrame exception | https://chromium-review.googlesource.com/c/chromium/src/+/5710330
5710330 added a new NSNextStepFrame interface extension and
implementations for NativeWidgetMacNSWindowTitledFrame and
NativeWidgetMacNSWindowBorderlessFrame. These use private macOS APIs
that are not available in Mac App Store builds.
* chore: update patches
* chore: bump chromium in DEPS to 146.0.7661.0
* chore: bump chromium in DEPS to 146.0.7663.0
* fix(patch-conflict): update accessibility_ui for string_view API change
Upstream removed redundant std::string(default_api_type) conversion as part
of a string_view optimization cleanup. Updated patch context to match.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7514107
* fix(patch-conflict): update service process launch options for sandbox API refactor
Upstream removed content/common/sandbox_init_win.cc and
content/public/common/sandbox_init_win.h, moving the functionality directly
into ChildProcessLauncherHelper. Updated patch to call
sandbox::policy::SandboxWin::StartSandboxedProcess directly with the
LaunchOptions pointer instead of going through the removed helper.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7528253
* fix(patch-conflict): update MAS safestorage for keychain API refactor
Upstream refactored KeychainPassword::GetPassword() to use a new
GetPasswordImpl() helper function with improved error tracking via
base::expected<std::string, OSStatus>. Adapted patch to use the new
GetPasswordImpl with the suffixed account name and handle migration
from legacy accounts through the new API.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7516438
* chore: update patches
* chore: bump chromium in DEPS to 146.0.7663.0
* fix: base::Value::Dict -> base::DictValue
https://chromium-review.googlesource.com/c/chromium/src/+/7513889
* fix: include new cookie exclusion reason
https://chromium-review.googlesource.com/c/chromium/src/+/7486527
* fix: enable libc++ ABI flag for trivially copyable std::vector<bool>
Required for changes introduced in the following CL
https://chromium-review.googlesource.com/c/chromium/src/+/7513653
* fixup! fix: base::Value::Dict -> base::DictValue https://chromium-review.googlesource.com/c/chromium/src/+/7513889
* fix: spellcheck not working in tests
https://chromium-review.googlesource.com/c/chromium/src/+/7452579
* fix: cookie test failing due to multiple rejection reasons
https://chromium-review.googlesource.com/c/chromium/src/+/7506629
* fix: macos sizing unmaximized window incorrectly
https://chromium-review.googlesource.com/c/chromium/src/+/7487666
Changes to headless mode caused the unmaximized window to subtract
the height of the menubar.
* fix: skip tests for incompatible BoringSSL ML-DSA crypto
https://boringssl-review.googlesource.com/c/boringssl/+/84929
* test: fix pseudonymization registration in utility process on Linux
Ref: 7486913: Pass pseudonymization salt via shared memory at process launch | https://chromium-review.googlesource.com/c/chromium/src/+/7486913
* fix: restore MAS patch-outs
Restores some `#if !IS_MAS_BUILD()` gates dropped in 773054ad59
* fixup! 7508687: use ChildProcessId for file permission APIs
* fixup! fix(patch-conflict): update MAS safestorage for keychain API refactor
* chore: add note about parallel upstream change
* fixup! Merge remote-tracking branch 'origin/main' into roller/chromium/main
* Revert "fixup! 7508687: use ChildProcessId for file permission APIs"
This reverts commit 05c43e4e5d.
The _impl version has the signature, but not the public interface. :oof:
* fixup! fix(patch-conflict): update MAS safestorage for keychain API refactor
---------
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Keeley Hammond <khammond@slack-corp.com>
Co-authored-by: Samuel Maddock <samuelmaddock@electronjs.org>
Co-authored-by: clavin <clavin@electronjs.org>
* chore: bump chromium in DEPS to 146.0.7650.0
* 7496671: WaaP: Control hung delay for Initial WebUI
Refs https://chromium-review.googlesource.com/c/chromium/src/+/7496671
* 7494302: [//media] Rename renderable_gpu_memory_buffer_video_frame_pool*
Refs https://chromium-review.googlesource.com/c/chromium/src/+/7494302
* chore: update patches
* 7502996: [DevTools] Add ability to toggle Chromium feature flags from DevTools
Refs https://chromium-review.googlesource.com/c/chromium/src/+/7502996
* 7456200: Vectorize StringImpl::CopyChars and EqualIgnoringASCIICase using Highway.
Refs https://chromium-review.googlesource.com/c/chromium/src/+/7456200
* 7236627: spellcheck: supply full spelling marker info, incld. marker type
Refs https://chromium-review.googlesource.com/c/chromium/src/+/7236627
* chore: rm dependency on wtf::string from blink public headers
Refs https://chromium-review.googlesource.com/c/chromium/src/+/7456200
added a public dependency on //third_party/highway for
//third_party/blink/renderer/platform/wtf:wtf which will not be
inherited by //content/renderer since wtf is internal dependency of
blink leading to the following compilation error
```
In file included from ../../content/public/renderer/window_features_converter.cc:5:
In file included from ../../content/public/renderer/window_features_converter.h:10:
In file included from ../../third_party/blink/public/web/web_window_features.h:38:
In file included from ../../third_party/blink/renderer/platform/wtf/text/wtf_string.h:40:
../../third_party/blink/renderer/platform/wtf/text/string_impl.h:27:10: fatal error: 'hwy/highway.h' file not found
27 | #include <hwy/highway.h>
| ^~~~~~~~~~~~~~~
1 error generated.
```
Use `gn desc out/Testing content/renderer:renderer_sources --blame`
to verify the inherited config and dependency list.
* 7493995: Restore directive part of wasm-eval error message
Refs https://chromium-review.googlesource.com/c/chromium/src/+/7493995
---------
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: David Sanders <dsanders11@ucsbalum.com>
Co-authored-by: deepak1556 <hop2deep@gmail.com>
* chore: bump chromium in DEPS to 145.0.7588.0
* fix(patch-conflict): update scroll_bounce_flag for split overscroll methods
Chromium split IsElasticOverscrollEnabled() into two methods:
IsElasticOverscrollEnabledOnRoot() and IsElasticOverscrollSupported().
Updated patch to apply the scroll-bounce command-line switch to both
methods.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7233733
* fix(patch-conflict): update exclusive_access patch context
Upstream refactored the profile variable declaration. Updated patch to
match new surrounding context with brace-style if statement.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7239252
* fix(patch-conflict): update screen capture kit non-shareable filter
Upstream refactored PiP window exclusion to use GetWindowsToExclude()
helper function. Updated patch to combine non-shareable window filtering
with the new helper's output.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7274596
* fix(patch-conflict): update corner smoothing CSS property id position
Upstream added new internal overscroll CSS properties. Updated patch to
add kElectronCornerSmoothing after the new entries.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7234051
* fix(patch-conflict): update permission patches for new permission types
Upstream added new permission types: LOCAL_NETWORK, LOOPBACK_NETWORK,
and GEOLOCATION_APPROXIMATE. Updated Electron permission patches to
include these new types and renumber Electron-specific permissions.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7231952
* fix(patch-conflict): update memory query fallback for new function signature
Upstream added AmountOfTotalPhysicalMemory() with PCHECK. Updated patch
to maintain fallback logic with correct ByteSize return type.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7254886
* chore: update patch hunk headers
* fix(patch): update reclient-configs patch to use new file mode
The fix_add_python_remote_wrapper patch was using 'copy from' mode
which caused inconsistent behavior between local and CI git versions.
Changed to 'new file' mode for consistent patch application.
* fix(patch-conflict): remove duplicate GEOLOCATION_APPROXIMATE case
Upstream moved GEOLOCATION_APPROXIMATE earlier in the switch statement
in GetPermissionString(). The 3-way merge kept both the old and new
positions, causing a duplicate case error.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/6397637
* chore: update libcxx filenames for new headers
* chore: bump chromium in DEPS to 145.0.7590.0
* chore: update patch hunk headers
* fix(patch): update memory fallback return type to ByteSize
Upstream changed the return type from ByteCount to ByteSize.
* fix: suppress nodiscard warning in node_file.cc
libc++ added [[nodiscard]] to std::filesystem::copy_options operator|=
which causes build failures with -Werror.
* 7229082: update CopyFromSurface to use CopyFromSurfaceResult
Upstream changed CopyFromSurface callback to return
base::expected<viz::CopyOutputBitmapWithMetadata, std::string>
instead of SkBitmap, enabling better error handling.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7229082
* 7254070: add ip_address_space param to OnLocalNetworkAccessPermissionRequired
Upstream added IPAddressSpace parameter to check address space for
proper permission handling in Local Network Access.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7254070
* 7136679: add spelling_markers param to RequestCheckingOfText
Upstream added spelling_markers parameter to report misspelling
ranges from Blink to Spellcheck to IME.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7136679
* 7240487: remove second param from RegisterWebSafeIsolatedScheme
Upstream removed the schemes_okay_to_appear_as_origin_headers_ parameter.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7240487
* 7254577: use explicit WebElement constructor
WebElement default constructor now requires explicit construction
rather than brace initialization.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7254577
* 7256335: remove override from CreateGlobalFeaturesForTesting
Upstream removed BrowserProcess::CreateGlobalFeaturesForTesting virtual
method so the override specifier is no longer valid.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7256335
* chore: add missing SingleThreadTaskRunner include
A transitive include of SingleThreadTaskRunner was removed upstream,
requiring an explicit include.
Ref: Unable to locate specific CL (transitive include change)
* 7260483: add LOCAL_NETWORK, LOOPBACK_NETWORK permission type cases
Upstream added new permission types for Local Network Access split
permissions.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7260483
* chore: update patch hunk headers
* 7264893: update postMessage tests for file: origin serialization change
Chromium now serializes file: origins as 'null' in MessageEvent per spec.
This is a security improvement aligning with the HTML spec behavior.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7264893
* fix: add paths to custom scheme URLs in protocol tests
Custom scheme URLs without paths (e.g. test-scheme://foo) cause a
DCHECK crash in ASAN builds when CorsURLLoader tries to log the
request via GenerateRequestLine -> PathForRequest, which asserts
that the path is non-empty.
Adding trailing slashes ensures URLs have valid paths.
* chore: bump chromium in DEPS to 145.0.7592.0
* chore: update patches (trivial only)
* chore: bump chromium in DEPS to 145.0.7594.0
* chore: bump chromium in DEPS to 145.0.7596.0
* chore: update accelerator.patch
no manual changes; patch applied with fuzz 2 (offset 1 line)
* chore: update patches (trivial only)
* chore: node ./script/gen-libc++-filenames.js
---------
Co-authored-by: Alice Zhao <alicelovescake@anthropic.com>
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Charles Kerr <charles@charleskerr.com>
* chore: bump chromium in DEPS to 143.0.7485.0
* chore: update allow_disabling_blink_scheduler_throttling_per_renderview.patch
Move SetSupportsDraggableRegions mojom IPC from chrome/ and extensions/ to blink/ | https://chromium-review.googlesource.com/c/chromium/src/+/7043264
Patch applied manually due to context shear
* Move SetSupportsDraggableRegions mojom IPC from chrome/ and extensions/ to blink/ | https://chromium-review.googlesource.com/c/chromium/src/+/7043264
* chore: e patches all
* chore: check for file existence before setting utime
* chore: stop disabling kWinDelaySpellcheckServiceInit
[cleanup] Remove feature WinDelaySpellcheckServiceInit | https://chromium-review.googlesource.com/c/chromium/src/+/7012087
This flag has been removed upstream. We've used it since c2d7164 (#38248)
to fix a crash originally described in 97b353a (#34993):
> Delaying spell check initialization is causing specs for
> 'custom dictionary word list API' to fail in Electron.
Since we haven't touched this in a few years, and since there's a
clear success criteria (a passing/failing spec), and since the patch
to restore this flag would be pretty large (~750 lines), I'm going
to try just removing the flag from our source to see if the spec
passes or fails.
* Revert "chore: stop disabling kWinDelaySpellcheckServiceInit"
This reverts commit e688880396.
Unfortunately, the crash persists.
* Revert [cleanup] Remove feature WinDelaySpellcheckServiceInit | https://chromium-review.googlesource.com/c/chromium/src/+/7012087
We currently need this feature
* fixup! chore: check for file existence before setting utime
* fixup! Move SetSupportsDraggableRegions mojom IPC from chrome/ and extensions/ to blink/ | https://chromium-review.googlesource.com/c/chromium/src/+/7043264
Address Robo's code review @ 64c7fd21ed
* fixup! fixup! chore: check for file existence before setting utime
fix: oops typo
---------
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Charles Kerr <charles@charleskerr.com>
perf: two minor perf refactors in InvokeIpcCallback()
1. Allocate the CallbackScope on the stack instead of the heap
2. Skip a redundant call to node::Environment::GetCurrent()
* refactor: make api::Clipboard::GetClipboardBuffer() private
* refactor: move GetClipboadBuffer() into anonymous namespace
* refactor: use gin::Arguments in StopRecording()
* refactor: use gin::Arguments in ImageView::New()
* refactor: use gin::Arguments in AppendSwitch()
* refactor: use gin::Arguments WebContentsView::New()
* refactor: make gin::Arguments arg const in WrappableBase::InitWithArgs()
This makes explicit that we are using it for wrapper + isolate, not the args values
* refactor: remove gin_helper::Arguments arg from ExposeAPI()
refactor: remove gin_helper::Arguments arg from ExposeAPIInWorld()
* refactor: remove gin_helper::Arguments arg from ElectronBindings::GetSystemMemoryInfo()
* refactor: remove gin_helper::Arguments arg from preload_utils::GetBinding()
* refactor: use gin::Arguments in OpenExternal()
* refactor: use gin::Arguments in ExecuteInWorld()
* refactor: use gin::Arguments in ExecuteJavaScript()
* refactor: use gin::Arguments in InvokeNew()
* refactor: use gin::Arguments in ExecuteJavaScriptInIsolatedWorld()
* refactor: remove unused GetNextArgument() marshaller for gin_helper::Arguments
* refactor: remove unused #include gin_helper/arguments.h
* chore: remove unused gin_helper::Arguments
* fixup! refactor: use gin::Arguments in ExecuteJavaScriptInIsolatedWorld()
Xref: https://github.com/electron/electron/pull/48447
* refactor: narrow App:SetJumpList() arg from gin::Arguments* to v8::Isolate*
* refactor: narrow WebContents::AddWorkSpace() arg from gin::Arguments* to v8::Isolate*
* refactor: narrow ShowMessageBox() arg from gin::Arguments* to v8::Isolate*
* refactor: narrow ShowOpenDialog() arg from gin::Arguments* to v8::Isolate*
* refactor: remove unused gin::Arguments* arg from OverrideGlobalPropertyFromIsolatedWorld()
* refactor: narrow WebContents::StartDrag() arg from gin::Arguments* to v8::Isolate*
* refactor: narrow NetLog::StopLogging() arg from gin::Arguments* to v8::Isolate*
* refactor: narrow Protocol::IsProtocolHandled() arg from gin::Arguments* to v8::Isolate*
* chore: bump chromium in DEPS to 140.0.7330.0
* chore: bump chromium in DEPS to 140.0.7331.0
* chore: update patches
* fix: gn check failing on crashpad.h
Not yet sure what caused this
* fix: predictors::PreconnectManager -> content::PreconnectManager
CL: https://chromium-review.googlesource.com/c/chromium/src/+/6788473
* chore: bump chromium in DEPS to 140.0.7333.0
* chore: bump chromium in DEPS to 140.0.7335.0
* chore: bump chromium in DEPS to 140.0.7337.0
* chore: update patches
* chore: restore some gin utility
* 6804057: [Extensions] Validate nodoc is specified as a boolean in schemas
https://chromium-review.googlesource.com/c/chromium/src/+/6804057
* fixup! chore: restore some gin utility
* fixup! fix: predictors::PreconnectManager -> content::PreconnectManager CL: https://chromium-review.googlesource.com/c/chromium/src/+/6788473
* 6772346: Reset MouseWheelPhaseHandler state when trackpoint scroll is detected
https://chromium-review.googlesource.com/c/chromium/src/+/6772346
Not certain about what the "correct" argument to pass here is. A quick dive into the CL suggests that passing `false` is safe to keep things working. The blast radius if this assumption is wrong is that "fling" scroll gestures may not work as expected with the OSR.
* 6789383: Uninstall SODA language pack after 30 days of inactivity
https://chromium-review.googlesource.com/c/chromium/src/+/6789383
* chore: update libcxx filenames
* chore: bump chromium in DEPS to 140.0.7339.0
* chore: update patches
* fixup! 6772346: Reset MouseWheelPhaseHandler state when trackpoint scroll is detected https://chromium-review.googlesource.com/c/chromium/src/+/6772346
* chore: bump chromium in DEPS to 140.0.7339.2
---------
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Samuel Maddock <smaddock@slack-corp.com>
Co-authored-by: deepak1556 <hop2deep@gmail.com>
Co-authored-by: clavin <clavin@electronjs.org>
* refactor: remove GetIsolate() calls from SetPrivate()
* refactor: remove excess GetIsolate() calls in PassValueToOtherContextInner()
* refactor: remove GetIsolate() calls from GetPrivate()
* refactor: add a v8::Isolate* local to ProxyFunctionWrapper()
* refactor: remove error_context->GetIsolate() call from PassValueToOtherContextInner()
* refactor: remove GetIsolate() call from ProxyFunctionWrapper()
* refactor: pass source and destination isolate as arg to CreateProxyForAPI()
* chore: move gin::DeprecatedWrappable to gin_helper
This is in preparation for migrating to gin::Wrappable
based on cppgc #47922
The upstream class will be deleted soon via roller PR but
the cppgc migration should happen outside the roll, this
change retains the current functionality by copying the
implementation into //electron/shell/common/gin_helper.
The class can be deleted once the cppgc migration is complete.
* chore: fix lint:cpp
* refactor: add a v8::Isolate* arg to RendererClientBase::IsWebViewFrame()
Needed for creating gin dictionaries
refactor: add a v8::Isolate* arg to ShouldLoadPreload()
Needed for calling IsWebViewFrame()
* refactor: add a v8::Isolate* arg to electron::util::CompileAndCall()
* refactor: add a v8::Isolate* arg to OnCreatePreloadableV8Context()
* refactor: add a v8::Isolate* arg to InvokeEmitProcessEvent()
* refactor: add a v8::Isolate* arg to ServiceWorkerData's constructor
* refactor: add a v8::Isolate* arg to RendererClientBase::SetupMainWorldOverrides()
* refactor: add a v8::Isolate* arg to RendererClientBase::WilLReleaseScriptContext()
* docs: update docs to avoid v8::Context::GetIsolate()
* refactor: add a v8::Isolate* arg to ElectronSandboxedRendererClient::InitializeBindings()
* refactor: avoid v8::Context::GetIsolate() call in PromiseBase::SettleScope::~SettleScope()
* refactor: add a v8::Isolate* arg to Constructible::GetConstructor()
* refactor: add a v8::Isolate* arg to NodeBindings::Initialize()
This is needed for the GetConstructor() call
* refactor: avoid v8::Context::GetIsolate() call in GetIpcObject() by taking it as an arg
* refactor: avoid v8::Context::GetIsolate() call in ipc_native::EmitIPCEvent() by taking it as an arg
* refactor: pass an isolate when calling GetCreationContextChecked() in V8FunctionInvoker
* refactor: pass an isolate when calling GetCreationContextChecked() in RendererClientBase
* refactor: pass an isolate when calling GetCreationContextChecked() in ScriptExecutionCallback::Completed()
* refactor: pass an isolate when calling GetCreationContextChecked() in ScriptExecutionCallback::CopyResultToCallingContextAndFinalize()
* refactor: pass an isolate when calling GetCreationContextChecked() in electron::GetRenderFrame()
* refactor: pass an isolate when calling GetCreationContextChecked() in gin_helper::internal::CallMethodWithArgs()
* refactor: pass an isolate when calling GetCreationContextChecked() in OverrideGlobalPropertyFromIsolatedWorld()
* refactor: pass an isolate when calling GetCreationContextChecked() in OverrideGlobalValueFromIsolatedWorld()
* refactor: pass an isolate when calling GetCreationContextChecked() in ProxyFunctionWrapper()
* refactor: pass an isolate when calling GetCreationContextChecked() in PassValueToOtherContextInner()
* fixup! refactor: pass an isolate when calling GetCreationContextChecked() in electron::GetRenderFrame()
