* fix: validate header name and value in webRequest.onBeforeSendHeaders
Chromium's net::HttpRequestHeaders::SetHeader() uses CHECK() to enforce
valid header names and values, which causes a fatal crash if the caller
passes invalid strings. When users modify requestHeaders in the
onBeforeSendHeaders callback with invalid header names (e.g. containing
spaces) or invalid header values (e.g. containing CRLF), the
gin::Converter<net::HttpRequestHeaders>::FromV8() calls SetHeader()
directly, triggering the CHECK and crashing the process.
This change adds pre-validation using net::HttpUtil::IsValidHeaderName()
and net::HttpUtil::IsValidHeaderValue() before calling SetHeader(),
silently skipping invalid headers instead of crashing.
Co-authored-by: loufulton <loufulton.cz@gmail.com>
* Update shell/common/gin_converters/net_converter.cc
Co-authored-by: Charles Kerr <charles@charleskerr.com>
Co-authored-by: loufultoncz-coder <loufulton.cz@gmail.com>
* Update spec/api-web-request-spec.ts
Co-authored-by: Charles Kerr <charles@charleskerr.com>
Co-authored-by: loufultoncz-coder <loufulton.cz@gmail.com>
* fix: lint
Co-authored-by: loufulton <loufulton.cz@gmail.com>
---------
Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: loufulton <loufulton.cz@gmail.com>
* chore: bump node in DEPS to v24.15.0
* fix(patch): adapt V8 sandboxed pointers for buffer kMaxLength
Upstream replaced the hardcoded buffer length limit with a runtime
kMaxLength variable, making the patch's regex workaround for sandbox
vs non-sandbox limits unnecessary. Dropped the test-buffer-concat.js
hunk.
Ref: https://github.com/nodejs/node/pull/61721
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(patch): adapt deprecated GetIsolate for upstream refactors
Upstream removed Uint32ToName from node_contextify.cc and
node_webstorage.cc, and renamed LookupAndCompile to
LookupAndCompileFunction in node_builtins.cc. Updated the
GetIsolate deprecation patch to match.
Ref: https://github.com/nodejs/node/pull/60846
Ref: https://github.com/nodejs/node/pull/60518
* chore: remove upstreamed patch
The fix_generate_config_gypi_needs_to_generate_valid_json patch
applied with "No changes -- Patch already applied", confirming
the fix has been incorporated upstream.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* node#60518: src: build v8 tick processor as built-in source text modules
Upstream restructured BuiltinLoader to auto-detect parameters by
source type, removing the custom parameters overload. Added a new
LookupAndCompileFunction overload for embedder scripts and updated
node_util.cc to use it. Also suppressed exit-time-destructors
warning from builtin_info.h in node_includes.h.
Ref: https://github.com/nodejs/node/pull/60518
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(patch): add LookupAndCompileFunction overload for embedder scripts
Ref: https://github.com/nodejs/node/pull/60518
* fix(patch): stop using v8::PropertyCallbackInfo<T>::This() in sqlite
Ref: https://github.com/nodejs/node/issues/60616
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(patch): correct thenable snapshot for Chromium V8
The snapshot used `*` wildcards which don't match the actual output.
Regenerated with NODE_REGENERATE_SNAPSHOTS=1 to capture the correct
concrete frame + <node-internal-frames> output.
Ref: https://chromium-review.googlesource.com/c/v8/v8/+/6826001
* fix(patch): GN build files for new merve dep
Ref: https://github.com/nodejs/node/pull/61984
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* fix(patch): adapt fileExists patch to resolve.js module reorg
Ref: https://github.com/nodejs/node/pull/61769
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* fix(patch): adapt new crypto tests for BoringSSL
Guard aes-128-ccm test in test-crypto-authenticated.js behind cipher
availability check. Skip Ed448/X448/DSA tests in
test-crypto-key-objects-raw.js. Skip AES-KW tests in
test-webcrypto-promise-prototype-pollution.mjs.
Ref: https://github.com/nodejs/node/pull/62240
Ref: https://github.com/nodejs/node/pull/62455
* fix(patch): guard DH key test for BoringSSL
BoringSSL does not support loading DH private keys from PEM, causing
createPrivateKey to throw UNSUPPORTED_ALGORITHM.
Ref: https://github.com/nodejs/node/pull/62240
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(patch): adapt cppgc_heap patch to upstream CppHeap handling
Upstream Node moved CppHeap creation to run unconditionally before
Isolate::Initialize via settings.cpp_heap. The patch's embedder-set
params->cpp_heap was being overwritten by the new upstream default.
Fold the patch into the upstream block so settings.cpp_heap still
wins, an embedder-set params->cpp_heap is preserved, and a default
is only created when neither is provided.
Ref: https://github.com/nodejs/node/pull/58070
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* chore: update patches (trivial only)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* fix(patch): normalize brotli decoder error codes for Chromium's brotli
Electron uses Chromium's brotli (via the unbundling patch), which
returns just the NAME from BrotliDecoderErrorString() instead of the
full "_ERROR_..." prefix Node's bundled brotli emits. Upstream's
web-compression spec-compliance fix (nodejs/node#62107) classifies
brotli failures as TypeError via the "ERR__ERROR_" prefix, which
doesn't match Chromium's output — so DecompressionStream surfaced a
plain Error and the WPT decompression-bad-chunks suite failed for
brotli. Normalize the emitted error code on the C++ side so the JS
layer works against either brotli build.
Ref: https://github.com/nodejs/node/pull/62107
---------
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: nodeIntegrationInWorker not working in AudioWorklet
Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
* fix: deadlock on Windows when destroying non-AudioWorklet worker contexts
The previous change kept the WebWorkerObserver alive across
ContextWillDestroy so the worker thread could be reused for the next
context (AudioWorklet thread pooling, Chromium CL:5270028). This is
correct for AudioWorklet but wrong for PaintWorklet and other worker
types, which Blink does not pool — each teardown destroys the thread.
For those worker types, ~NodeBindings was deferred to the thread-exit
TLS callback. By that point set_uv_env(nullptr) had already run, so on
Windows the embed thread was parked in GetQueuedCompletionStatus with a
stale async_sent latch that swallowed the eventual WakeupEmbedThread()
from ~NodeBindings. uv_thread_join then blocked forever, deadlocking
renderer navigation. The worker-multiple-destroy crash case timed out
on win-x64/x86/arm64 as a result. macOS/Linux (epoll/kqueue) don't have
the latch and were unaffected.
Plumb is_audio_worklet from WillDestroyWorkerContextOnWorkerThread into
ContextWillDestroy. For non-AudioWorklet contexts, restore the
pre-existing behavior of calling lazy_tls->Set(nullptr) at the end of
the last-context cleanup so ~NodeBindings runs while the worker thread
is still healthy. AudioWorklet continues to keep the observer alive so
the next pooled context can share NodeBindings.
Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
* chore: address review feedback
Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
* fix: stop embed thread before destroying environments in worker teardown
FreeEnvironment (called via environments_.clear()) runs uv_run to drain
handle close callbacks. On Windows, both that uv_run and the embed
thread's PollEvents call GetQueuedCompletionStatus on the same IOCP
handle. IOCP completions are consumed by exactly one waiter, so the
embed thread can steal completions that FreeEnvironment needs, causing
uv_run to block indefinitely. On Linux/Mac epoll_wait/kevent can wake
multiple waiters for the same event so the race doesn't manifest.
Add NodeBindings::StopPolling() which cleanly joins the embed thread
without destroying handles or the loop, and allows PrepareEmbedThread +
StartPolling to restart it later. Call StopPolling() in
WebWorkerObserver::ContextWillDestroy before environments_.clear() so
FreeEnvironment's uv_run is the only thread touching the IOCP.
Split PrepareEmbedThread's handle initialization (uv_async_init,
uv_sem_init) from thread creation via a new embed_thread_prepared_ flag
so the handles survive across stop/restart cycles for pooled worklets
while the embed thread itself can be recreated.
Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
* chore: address outstanding feedback
Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
* chore: update patches
---------
Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com>
* chore: backport cppgc cleanups
Key fixes:
- Replace `base::WeakPtrFactory` with `gin::WeakCellFactory` in
MenuMac, MenuViews, and NetLog, since weak pointers to cppgc-managed
objects must go through weak cells
- Replace `v8::Global<v8::Value>` with `cppgc::Persistent<Menu>` for
the menu reference in BaseWindow
- Stop using `gin_helper::Handle<T>` with cppgc types; use raw `T*`
and add a `static_assert` to prevent future misuse
- Add proper `Trace()` overrides for Menu, MenuMac, MenuViews, and
NetLog to ensure cppgc members are visited during garbage collection
- Replace `SelfKeepAlive` prevent-GC mechanism in Menu with a
`cppgc::Persistent` prevent-GC captured in `BindSelfToClosure`
- Introduce `GC_PLUGIN_IGNORE` macro to suppress
known-safe violations: mojo::Remote fields, ObjC bridging pointers,
and intentional persistent self-references
- Mark `ArgumentHolder` as `CPPGC_STACK_ALLOCATED()` in both Electron's
and gin's function_template.h to silence raw-pointer-to-GC-type
warnings
* chore: fix build
chore: clean up clang-tidy warnings (#50862)
* chore: use emplace and use it correctly
* chore: redundant cast to the same type [google-readability-casting]
* chore: do not create objects with +new [google-objc-avoid-nsobject-new]
* chore: default arguments on virtual or override methods are prohibited [google-default-arguments]
* chore: warning: C-style casts are discouraged; use static_cast [google-readability-casting]
CFLocaleGetValue already returns CFTypeRef so that redundant static_cast was removed
* chore: refactor block to avoid use after move warning from clang-tidy
Looks like clang-tidy couldn't tell these were two mutually exclusive
branches so there was no actual issue, but refactoring is cleaner
anyway since it makes it more DRY.
* chore: C-style casts are discouraged; use static_cast [google-readability-casting]
No cast needed here, everything is already the correct type
* chore: C-style casts are discouraged; use static_cast/const_cast/reinterpret_cast [google-readability-casting]
* chore: use '= default' to define a trivial destructor [modernize-use-equals-default]
* chore: use range-based for loop instead [modernize-loop-convert]
* chore: redundant void argument list [modernize-redundant-void-arg]
* chore: address code review feedback
* chore: use auto
---------
Co-authored-by: Charles Kerr <charles@charleskerr.com>
#47171 migrated `std::deque` to `base::circular_deque` in
`shell/common/crash_keys.cc`. However, `CrashKeyString` wraps a
`crashpad::Annotation` that holds self-referential pointers and
registers itself in a process-global linked list. `circular_deque`
relocates elements on growth (via `VectorBuffer::MoveConstructRange`),
leaving those pointers dangling — causing missing crash keys or a hung
crashpad handler (especially on macOS). The `base/containers/README.md`
warns: "Since `base::deque` does not have stable iterators and it will
move the objects it contains, it may not be appropriate for all uses."
Reverts to `std::deque`, whose block-based layout never relocates
existing elements. Adds a regression test that registers 50 dynamic
crash keys and verifies they all survive a renderer crash.
Notes: Fixed crash keys being lost and the crash reporter hanging on
macOS when many dynamic crash keys were registered.
Made-with: Cursor
Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Alexey Kozy <alexey@anysphere.co>
V8's second-pass weak callbacks run inside a
DisallowJavascriptExecutionScope: they may touch the V8 API but must
not invoke JS, directly or indirectly. Several Electron Wrappables
(WebContents in particular) emit JS events from their destructors,
so deleting synchronously inside SecondWeakCallback can crash with
"Invoke in DisallowJavascriptExecutionScope" when GC happens to
collect the JS wrapper during a foreground GC task — typically during
shutdown's uv_run drain after a leaked WebContentsView.
This was previously latent and timing-dependent (electron/electron#47420,
electron/electron#45416, podman-desktop/podman-desktop#12409). The
esbuild migration's keepNames option (which wraps every function/class
with an Object.defineProperty call) shifted heap layout enough to make
the spec/fixtures/crash-cases/webcontentsview-create-leak-exit case
reliably reproduce it on every run, giving a clean signal for the fix.
Both WrappableBase and DeprecatedWrappableBase SecondWeakCallback now
post the deletion via base::SequencedTaskRunner::GetCurrentDefault()
so the destructor (and any Emit it does) runs once V8 has left the GC
scope. Falls back to synchronous deletion if no task runner is
available (early/late process lifetime).
Fixeselectron/electron#47420.
Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Sam Attard <sattard@anthropic.com>
The weak persistent tracking the OffscreenReleaseHolderMonitor was tied
to the texture object, but the release() closure holds a raw pointer to
the monitor via its v8::External data. If JS retained texture.release
while dropping the texture itself, the monitor would be freed on GC and
a later release() call would crash.
Track the release function instead of the texture object. Since the
texture holds release as a property, this keeps the monitor alive as
long as either is reachable.
Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Sam Attard <sattard@anthropic.com>
gfx::PNGCodec::Decode() returns a null SkBitmap when it fails to decode
the clipboard contents as a PNG. Passing that null bitmap to
gfx::Image::CreateFrom1xBitmap() triggers a crash.
Return an empty gfx::Image instead, matching the existing null-check
pattern in skia_util.cc.
Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Sam Attard <sattard@anthropic.com>
* fix: read nodeIntegrationInWorker from per-frame WebPreferences
Previously the renderer checked a process-wide command-line switch to
decide whether to create a Node.js environment for dedicated workers.
When a renderer process hosted multiple WebContents with different
nodeIntegrationInWorker values (e.g. via window.open with overridden
webPreferences in setWindowOpenHandler), all workers in the process
used whichever value the first WebContents set on the command line.
Instead, plumb the flag through blink's WorkerSettings at worker
creation time, copying it from the initiating frame's WebPreferences.
The check on the worker thread then reads the per-worker value. Nested
workers inherit the flag from their parent worker via
WorkerSettings::Copy.
The --node-integration-in-worker command-line switch is removed as it
is no longer consumed.
Co-authored-by: Samuel Attard <sattard@anthropic.com>
* chore: update patches
---------
Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Samuel Attard <sattard@anthropic.com>
Co-authored-by: John Kleinschmidt <kleinschmidtorama@gmail.com>
Matches the existing validation applied to request headers in
electron_api_url_loader.cc.
Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Samuel Attard <sattard@anthropic.com>
Previously, GetProtocolLaunchPath and FormatCommandLineString in
browser_win.cc used naive quoting which could break when paths or
arguments contained backslashes, spaces, or embedded quotes.
Fix by extracting the CommandLineToArgvW-compatible quoting logic from
relauncher_win.cc into a shared utility and use it in both browser_win.cc
and relauncher_win.cc to properly quote the exe path and each argument
individually.
Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
fix: enable WASM trap handlers in all Node.js processes
```
Original reason for revert:
Some apps started throwing exception on startup
https://github.com/electron/electron/issues/48956
```
We now move the trap handler registeration before
any user script execution. Add a fuse to support
disabling the feature is application needs to run
in memory constrained environments.
Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: deepak1556 <hop2deep@gmail.com>
* chore: bump chromium in DEPS to 146.0.7653.0
* chore: bump chromium in DEPS to 146.0.7653.1
* chore: bump chromium in DEPS to 146.0.7655.0
* chore: bump chromium in DEPS to 146.0.7657.1
* chore: bump chromium in DEPS to 146.0.7659.0
* chore: bump chromium in DEPS to 146.0.7661.0
* chore: bump chromium in DEPS to 146.0.7663.1
* chore: bump chromium in DEPS to 146.0.7665.1
* chore: bump chromium in DEPS to 146.0.7667.1
* chore: bump chromium in DEPS to 146.0.7668.2
* chore: bump chromium in DEPS to 146.0.7670.0
* chore: bump chromium in DEPS to 146.0.7672.1
* chore: bump chromium in DEPS to 146.0.7674.1
* chore: bump chromium in DEPS to 146.0.7676.1
* chore: bump chromium in DEPS to 146.0.7678.1
* chore: bump chromium in DEPS to 146.0.7680.1
* chore: bump chromium in DEPS to 146.0.7680.4
* chore: bump chromium in DEPS to 146.0.7680.0
* chore: bump chromium to 146.0.7666.0 (main) (#49528)
* chore: bump chromium in DEPS to 146.0.7652.0
* fix(patch-conflict): update mas_avoid_private_macos_api_usage context for constrainFrameRect method
The upstream CL added a new constrainFrameRect:toScreen: method override to
NativeWidgetMacNSWindow as part of headless mode window zoom implementation.
The MAS patch's #endif for frameViewClassForStyleMask now correctly appears
after that method, since constrainFrameRect is a public API override that
doesn't need to be guarded.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7487666
* fix(patch-conflict): update printing.patch for base::DictValue rename
Updated printing.patch to use the new base::DictValue type name instead of
base::Value::Dict following Chromium's type renaming change. This affects
CompleteUpdatePrintSettings() signature and related code.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7509820
* fix(patch-conflict): update accessibility_ui patch for base::DictValue/ListValue rename
Updated adjust_accessibility_ui_for_electron.patch to use the new
base::DictValue and base::ListValue type names instead of base::Value::Dict
and base::Value::List following Chromium's type renaming change.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7509820
* chore: update patches
* 6625736: Rename DURABLE_STORAGE to PERSISTENT_STORAGE for consistency | https://chromium-review.googlesource.com/c/chromium/src/+/6625736
* chore: bump chromium in DEPS to 146.0.7653.0
* chore: update patches
* 7000847: add type tag to v8::External for gin_helper function templates
The upstream gin function templates now use v8::ExternalPointerTypeTag
for type safety when using v8::External. Updated Electron's forked
gin_helper function template to use the same kGinInternalCallbackHolderBaseTag
that Chromium's gin uses.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7000847
* fix(patch-update): extend V8 Object API deprecation patch for Node.js
Extended the existing patch to cover additional files that use
GetAlignedPointerFromInternalField and SetAlignedPointerInInternalField:
- src/stream_base-inl.h
- src/udp_wrap.cc
- src/js_udp_wrap.cc
- src/node_process_methods.cc
- src/node_snapshotable.cc
- src/base_object.cc
These APIs now require an EmbedderDataTypeTag parameter.
Ref: https://chromium-review.googlesource.com/c/v8/v8/+/7087956
* 7000847: add type tag to v8::External calls in shared_texture
Updated v8::External::New and v8::External::Value calls to use the
kExternalPointerTypeTagDefault tag as required by the V8 API change
that deprecates the tagless versions.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7000847
* 7508687: use ChildProcessId for file permission APIs
The ChildProcessSecurityPolicy::CanReadFile and GrantReadFile APIs
now require ChildProcessId instead of int. Updated to use GetID()
instead of GetDeprecatedID() for these specific calls.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7508687
* 7000847: add type tag to v8::External calls in callback and osr_converter
The v8::External API now requires an EmbedderPointerTypeTag parameter
for both New() and Value() methods to improve V8 sandbox type safety.
Updated calls in:
- callback.cc: TranslatorHolder constructor and CallTranslator
- osr_converter.cc: OffscreenSharedTextureValue converter
Ref: https://chromium-review.googlesource.com/c/v8/v8/+/7000847
* fixup! 7087956: [api] Promote deprecation of v8::Context and v8::Object API methods
Extended the Node.js patch to cover histogram.cc which also uses
SetAlignedPointerInInternalField and GetAlignedPointerFromInternalField
APIs that now require the EmbedderDataTypeTag parameter.
Ref: https://chromium-review.googlesource.com/c/v8/v8/+/7087956
* chore: bump chromium in DEPS to 146.0.7655.0
* chore: update patches
* 7509043: update WebSpellingMarker type for API change
The upstream Chromium API changed - WebSpellingMarker was moved from a
nested type within WebTextCheckClient to a standalone type in the blink
namespace.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7509043
* 7498491: update process_id to use OriginatingProcess type
The upstream Chromium API changed - URLLoaderFactoryParams::process_id
was changed from an integer to a union type network::OriginatingProcess
that distinguishes between browser and renderer processes.
- For browser process requests, use OriginatingProcess::browser()
- For renderer process lookups, check !is_browser() and use
renderer_process().value() to get the child_id
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7498491
* 5710330: Add crash keys to debug NativeWidgetMacNSWindowBorderlessFrame exception | https://chromium-review.googlesource.com/c/chromium/src/+/5710330
5710330 added a new NSNextStepFrame interface extension and
implementations for NativeWidgetMacNSWindowTitledFrame and
NativeWidgetMacNSWindowBorderlessFrame. These use private macOS APIs
that are not available in Mac App Store builds.
* chore: update patches
* chore: bump chromium in DEPS to 146.0.7661.0
* chore: bump chromium in DEPS to 146.0.7663.0
* fix(patch-conflict): update accessibility_ui for string_view API change
Upstream removed redundant std::string(default_api_type) conversion as part
of a string_view optimization cleanup. Updated patch context to match.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7514107
* fix(patch-conflict): update service process launch options for sandbox API refactor
Upstream removed content/common/sandbox_init_win.cc and
content/public/common/sandbox_init_win.h, moving the functionality directly
into ChildProcessLauncherHelper. Updated patch to call
sandbox::policy::SandboxWin::StartSandboxedProcess directly with the
LaunchOptions pointer instead of going through the removed helper.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7528253
* fix(patch-conflict): update MAS safestorage for keychain API refactor
Upstream refactored KeychainPassword::GetPassword() to use a new
GetPasswordImpl() helper function with improved error tracking via
base::expected<std::string, OSStatus>. Adapted patch to use the new
GetPasswordImpl with the suffixed account name and handle migration
from legacy accounts through the new API.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7516438
* chore: update patches
* chore: bump chromium in DEPS to 146.0.7663.0
* fix: base::Value::Dict -> base::DictValue
https://chromium-review.googlesource.com/c/chromium/src/+/7513889
* fix: include new cookie exclusion reason
https://chromium-review.googlesource.com/c/chromium/src/+/7486527
* fix: enable libc++ ABI flag for trivially copyable std::vector<bool>
Required for changes introduced in the following CL
https://chromium-review.googlesource.com/c/chromium/src/+/7513653
* fixup! fix: base::Value::Dict -> base::DictValue https://chromium-review.googlesource.com/c/chromium/src/+/7513889
* fix: spellcheck not working in tests
https://chromium-review.googlesource.com/c/chromium/src/+/7452579
* fix: cookie test failing due to multiple rejection reasons
https://chromium-review.googlesource.com/c/chromium/src/+/7506629
* fix: macos sizing unmaximized window incorrectly
https://chromium-review.googlesource.com/c/chromium/src/+/7487666
Changes to headless mode caused the unmaximized window to subtract
the height of the menubar.
* fix: skip tests for incompatible BoringSSL ML-DSA crypto
https://boringssl-review.googlesource.com/c/boringssl/+/84929
* test: fix pseudonymization registration in utility process on Linux
Ref: 7486913: Pass pseudonymization salt via shared memory at process launch | https://chromium-review.googlesource.com/c/chromium/src/+/7486913
* fix: restore MAS patch-outs
Restores some `#if !IS_MAS_BUILD()` gates dropped in 773054ad59
* fixup! 7508687: use ChildProcessId for file permission APIs
* fixup! fix(patch-conflict): update MAS safestorage for keychain API refactor
* chore: add note about parallel upstream change
* fixup! Merge remote-tracking branch 'origin/main' into roller/chromium/main
* Revert "fixup! 7508687: use ChildProcessId for file permission APIs"
This reverts commit 05c43e4e5d.
The _impl version has the signature, but not the public interface. :oof:
* fixup! fix(patch-conflict): update MAS safestorage for keychain API refactor
---------
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Keeley Hammond <khammond@slack-corp.com>
Co-authored-by: Samuel Maddock <samuelmaddock@electronjs.org>
Co-authored-by: clavin <clavin@electronjs.org>
(cherry picked from commit a65cfed500)
* chore: update patches after rebase
---------
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Keeley Hammond <khammond@slack-corp.com>
Co-authored-by: Samuel Maddock <samuelmaddock@electronjs.org>
Co-authored-by: clavin <clavin@electronjs.org>
Co-authored-by: John Kleinschmidt <kleinschmidtorama@gmail.com>
fix: second argument to shell.writeShortcutLink is optional
Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
fix: return early from beep on linux if there is no default gdk display
Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Noah Gregory <noahmgregory@gmail.com>
* chore: bump chromium in DEPS to 145.0.7599.0
* chore: bump chromium in DEPS to 145.0.7600.0
* chore: bump chromium in DEPS to 145.0.7602.0
* chore: bump chromium in DEPS to 145.0.7604.0
* chore: update patches (trivial only)
* [bytesize] Migrate network data in Task Manager to ByteSize.
Xref: https://chromium-review.googlesource.com/c/chromium/src/+/7266090
---------
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Charles Kerr <charles@charleskerr.com>
* chore: bump chromium in DEPS to 145.0.7588.0
* fix(patch-conflict): update scroll_bounce_flag for split overscroll methods
Chromium split IsElasticOverscrollEnabled() into two methods:
IsElasticOverscrollEnabledOnRoot() and IsElasticOverscrollSupported().
Updated patch to apply the scroll-bounce command-line switch to both
methods.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7233733
* fix(patch-conflict): update exclusive_access patch context
Upstream refactored the profile variable declaration. Updated patch to
match new surrounding context with brace-style if statement.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7239252
* fix(patch-conflict): update screen capture kit non-shareable filter
Upstream refactored PiP window exclusion to use GetWindowsToExclude()
helper function. Updated patch to combine non-shareable window filtering
with the new helper's output.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7274596
* fix(patch-conflict): update corner smoothing CSS property id position
Upstream added new internal overscroll CSS properties. Updated patch to
add kElectronCornerSmoothing after the new entries.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7234051
* fix(patch-conflict): update permission patches for new permission types
Upstream added new permission types: LOCAL_NETWORK, LOOPBACK_NETWORK,
and GEOLOCATION_APPROXIMATE. Updated Electron permission patches to
include these new types and renumber Electron-specific permissions.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7231952
* fix(patch-conflict): update memory query fallback for new function signature
Upstream added AmountOfTotalPhysicalMemory() with PCHECK. Updated patch
to maintain fallback logic with correct ByteSize return type.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7254886
* chore: update patch hunk headers
* fix(patch): update reclient-configs patch to use new file mode
The fix_add_python_remote_wrapper patch was using 'copy from' mode
which caused inconsistent behavior between local and CI git versions.
Changed to 'new file' mode for consistent patch application.
* fix(patch-conflict): remove duplicate GEOLOCATION_APPROXIMATE case
Upstream moved GEOLOCATION_APPROXIMATE earlier in the switch statement
in GetPermissionString(). The 3-way merge kept both the old and new
positions, causing a duplicate case error.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/6397637
* chore: update libcxx filenames for new headers
* chore: bump chromium in DEPS to 145.0.7590.0
* chore: update patch hunk headers
* fix(patch): update memory fallback return type to ByteSize
Upstream changed the return type from ByteCount to ByteSize.
* fix: suppress nodiscard warning in node_file.cc
libc++ added [[nodiscard]] to std::filesystem::copy_options operator|=
which causes build failures with -Werror.
* 7229082: update CopyFromSurface to use CopyFromSurfaceResult
Upstream changed CopyFromSurface callback to return
base::expected<viz::CopyOutputBitmapWithMetadata, std::string>
instead of SkBitmap, enabling better error handling.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7229082
* 7254070: add ip_address_space param to OnLocalNetworkAccessPermissionRequired
Upstream added IPAddressSpace parameter to check address space for
proper permission handling in Local Network Access.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7254070
* 7136679: add spelling_markers param to RequestCheckingOfText
Upstream added spelling_markers parameter to report misspelling
ranges from Blink to Spellcheck to IME.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7136679
* 7240487: remove second param from RegisterWebSafeIsolatedScheme
Upstream removed the schemes_okay_to_appear_as_origin_headers_ parameter.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7240487
* 7254577: use explicit WebElement constructor
WebElement default constructor now requires explicit construction
rather than brace initialization.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7254577
* 7256335: remove override from CreateGlobalFeaturesForTesting
Upstream removed BrowserProcess::CreateGlobalFeaturesForTesting virtual
method so the override specifier is no longer valid.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7256335
* chore: add missing SingleThreadTaskRunner include
A transitive include of SingleThreadTaskRunner was removed upstream,
requiring an explicit include.
Ref: Unable to locate specific CL (transitive include change)
* 7260483: add LOCAL_NETWORK, LOOPBACK_NETWORK permission type cases
Upstream added new permission types for Local Network Access split
permissions.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7260483
* chore: update patch hunk headers
* 7264893: update postMessage tests for file: origin serialization change
Chromium now serializes file: origins as 'null' in MessageEvent per spec.
This is a security improvement aligning with the HTML spec behavior.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7264893
* fix: add paths to custom scheme URLs in protocol tests
Custom scheme URLs without paths (e.g. test-scheme://foo) cause a
DCHECK crash in ASAN builds when CorsURLLoader tries to log the
request via GenerateRequestLine -> PathForRequest, which asserts
that the path is non-empty.
Adding trailing slashes ensures URLs have valid paths.
* chore: bump chromium in DEPS to 145.0.7592.0
* chore: update patches (trivial only)
* chore: bump chromium in DEPS to 145.0.7594.0
* chore: bump chromium in DEPS to 145.0.7596.0
* chore: update accelerator.patch
no manual changes; patch applied with fuzz 2 (offset 1 line)
* chore: update patches (trivial only)
* chore: node ./script/gen-libc++-filenames.js
---------
Co-authored-by: Alice Zhao <alicelovescake@anthropic.com>
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Charles Kerr <charles@charleskerr.com>
* chore: bump chromium in DEPS to 145.0.7572.0
* chore: update patches (trivial only)
* chore(patch-conflict): feat_filter_out_non-shareable_windows_in_the_current_application_in.patch
Polished the edits and formatted the result. No real changes.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7232079 "7232079: Use WindowsToExclude to exclude PiP window in macOS screencapture device"
* chore(patch-conflict): feat_add_support_for_missing_dialog_features_to_shell_dialogs.patch
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7214586 "7214586: Refactor SelectFileDialogLinuxPortal to request XDG portal on demand"
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7237910 "7237910: Remove g_gtk_ui global"
* 7228586: Migrate SystemMemoryInfo from ByteCount to ByteSize
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7228586
* 7207583: GlobalRenderFrameHostId to ChildProcessId
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7207583
* 7205548: Remove uses of BodyAsStringCallbackDeprecated (extensions/)
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7205548
* chore: bump chromium in DEPS to 145.0.7574.0
* chore: update libc++ filenames
* chore: update patches (trivial only)
* chore(patch-conflict): feat_filter_out_non-shareable_windows_in_the_current_application_in.patch
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7246150 "7246150: Fix crash in ScreenCaptureKitDeviceMac due to null PIPScreenCaptureCoordinator"
* fixup! chore(patch-conflict): feat_add_support_for_missing_dialog_features_to_shell_dialogs.patch
* fixup! chore(patch-conflict): feat_filter_out_non-shareable_windows_in_the_current_application_in.patch
* 7239572: [OOPIF PDF] Enable OOPIF PDF by default on Windows/macOS/Linux
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7239572
* chore: bump chromium in DEPS to 145.0.7576.0
* fixup! chore(patch-conflict): feat_add_support_for_missing_dialog_features_to_shell_dialogs.patch
* chore: update patches (trivial only)
* chore: add note to keep patch that was upstreamed but reverted
fix_restore_original_resize_performance_on_macos.patch was organically upstreamed but that change got reverted just after the current roll's cutoff.
I've added a note in the patch contents so the patch sticks around and so we can keep it after the revert is included.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7255334 "7255334: Revert 'Fix jank when resizing browser window'"
* chore: bump chromium in DEPS to 145.0.7577.0
* chore: update patches (trivial only)
* chore(patch-conflict): keep patch after revert
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7255334 "7255334: Revert 'Fix jank when resizing browser window'"
* 7237910: Remove g_gtk_ui global
I tried to find a way to avoid the patch, but other approaches seemed complex and involved.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7237910
* 7251900: Reland "Remove callback_helpers.h include from is_callback.h (try 5)"
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7251900
* 7170174: [LNA] Retry requests for cached local resources
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7170174
* fix: PDFs use OOPIF (behavior change)
* fixup! 7237910: Remove g_gtk_ui global
* fixup! 7251900: Reland "Remove callback_helpers.h include from is_callback.h (try 5)"
---------
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: clavin <clavin@electronjs.org>
* chore: bump chromium in DEPS to 145.0.7562.0
* fix(patch-conflict): update code cache patch for PersistentCache refactor
Upstream refactored code cache to use PersistentCache with new class-based
implementation (NoopCodeCacheHost, LocalCodeCacheHost, CodeCacheWithPersistentCacheHost).
Updated patch to integrate custom scheme support into the new structure while
preserving ProcessLockURLIsCodeCacheScheme checks for embedder-registered schemes.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7044986
Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com>
* fix(patch-conflict): update dialog patch for RequestXdgDesktopPortal API
Upstream changed from SetSystemdScopeUnitNameForXdgPortal to RequestXdgDesktopPortal
API pattern. Updated OnServiceStarted signature and kept OnSystemdUnitStarted callback
that calls Electron's file_dialog::StartPortalAvailabilityTestInBackground().
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7204285
Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com>
* fix(patch-conflict): remove reference to deleted AbortByPlaceholderLayout flag
Upstream removed the AbortByPlaceholderLayout runtime flag from
runtime_enabled_features.json5. Updated patch to only add ElectronCSSCornerSmoothing
without the removed flag reference.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7226494
Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com>
* chore: update patch hunk headers
Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com>
* fix(build): guard media_file_system_registry for ChromeOS only
Upstream CL https://chromium-review.googlesource.com/c/chromium/src/+/7100719
moved media_file_system_registry to be ChromeOS-only since Media
Galleries is a Chrome Apps API and Chrome Apps are only available
on Chrome OS now.
Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com>
* fix(build): update VideoPixelFormat API for SharedImageFormat
Upstream CL https://chromium-review.googlesource.com/c/chromium/src/+/7207153
removed VideoPixelFormatToGfxBufferFormat as part of migration to
SharedImageFormat. Update to use VideoPixelFormatToSharedImageFormat
which directly returns the SharedImageFormat.
Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com>
* fix(build): extend profile methods patch for ShouldEnableXfaForms
The ShouldEnableXfaForms function uses Profile::FromBrowserContext()
which is not available in Electron. Wrap the profile-dependent code
in #if 0 to fall through to the feature flag default.
Co-Authored-By: Claude <noreply@anthropic.com>
* chore: bump chromium in DEPS to 145.0.7563.0
* chore: bump chromium in DEPS to 145.0.7565.0
* chore: bump chromium in DEPS to 145.0.7567.0
* chore: bump chromium in DEPS to 145.0.7568.0
* fix(patch-conflict): update content_main_delegate.h context for IsInitFeatureListEarly
Upstream added a new IsInitFeatureListEarly() virtual method to ContentMainDelegate
just before where our GetBrowserV8SnapshotFilename() method is added. Updated patch
context to account for this new method.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7092856
Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com>
* chore: update patch hunk headers
Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com>
* fix(patch-update): include v8-cppgc.h for CppHeap complete type
The std::unique_ptr<v8::CppHeap> default argument in node.h requires
the complete CppHeap type definition for the destructor. Added the
v8-cppgc.h include to provide the full type definition.
Ref: Unable to locate CL - libc++ unique_ptr requires complete type for destructor
Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com>
* chore: update patch hunk headers
Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com>
* fix(build): move NativeAppWindowFrameViewMacClient before constructor
The std::unique_ptr<NativeAppWindowFrameViewMacClient> member requires
the complete type definition to be visible at the point of the constructor
because the unique_ptr destructor may be instantiated during exception
handling. Moved the class definition before the NativeWindowMac constructor.
Ref: Unable to locate CL - libc++ unique_ptr requires complete type for destructor
Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com>
* fix(patch-conflict): update create_browser_v8_snapshot_file_name_fuse context for IsInitFeatureListEarly
The upstream added IsInitFeatureListEarly() virtual method declaration to
ContentMainDelegate class. Updated the patch context to account for this
new function being present before the GetBrowserV8SnapshotFilename()
declaration we add.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7092856
Co-Authored-By: Claude <noreply@anthropic.com>
* chore: update patch hunk headers
Co-Authored-By: Claude <noreply@anthropic.com>
* fix(patch-update): remove reverted IsInitFeatureListEarly from v8 snapshot patch
The upstream added IsInitFeatureListEarly() was reverted, so the patch should
not include this declaration. Only GetBrowserV8SnapshotFilename() should be
added by the create_browser_v8_snapshot_file_name_fuse patch.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7230430
Co-Authored-By: Claude <noreply@anthropic.com>
* 6171655: include single_thread_task_runner.h for complete type
Added include for base/task/single_thread_task_runner.h in osr_converter.cc
to resolve incomplete type error when using
base::SingleThreadTaskRunner::GetCurrentDefault().
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/6171655
Co-Authored-By: Claude <noreply@anthropic.com>
* 7224136: use CHROMIUM_GIT_REVISION directly instead of removed function
Upstream removed GetChromiumGitRevision() function from embedder_support.
Updated to use CHROMIUM_GIT_REVISION macro directly via
build/util/chromium_git_revision.h as recommended in the Chromium CL.
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7224136
Co-Authored-By: Claude <noreply@anthropic.com>
* fixup! 7224136: use CHROMIUM_GIT_REVISION directly instead of removed function
* fix(build): add missing include
`components/dbus/xdg/systemd.h` for `void OnSystemdUnitStarted(dbus_xdg::SystemdUnitStatus)` in the same patch.
* fix(build): adapt to string-view-ification change in windows jump_list.cc
7186922: Fix unsafe buffer usage in base/win/win_util.cc
https://chromium-review.googlesource.com/c/chromium/src/+/7186922
* chore: update libc++ filenames
* fixup! fix(build): add missing include
* fixup! fix(build): extend profile methods patch for ShouldEnableXfaForms
* fixup! fix(build): guard media_file_system_registry for ChromeOS only
* fixup! fixup! fix(build): extend profile methods patch for ShouldEnableXfaForms
---------
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Keeley Hammond <khammond@slack-corp.com>
Co-authored-by: Claude <svc-devxp-claude@slack-corp.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: clavin <clavin@electronjs.org>
