fix: crash on netlog connection error (#44421 )

* fix: crash on netlog connection error Co-authored-by: Samuel Maddock <smaddock@slack-corp.com> * refactor: remove default PromiseBase constructor Co-authored-by: Samuel Maddock <smaddock@slack-corp.com> * Revert "refactor: remove default PromiseBase constructor" This reverts commit 9292324a0d. Co-authored-by: Samuel Maddock <smaddock@slack-corp.com> * remove dcheck Co-authored-by: Samuel Maddock <smaddock@slack-corp.com> --------- Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com> Co-authored-by: Samuel Maddock <smaddock@slack-corp.com>
test: deflake flaky tests on linux (#44404 )
2026-02-19 03:14:51 -05:00 · 2024-10-28 14:37:47 +01:00 · 2024-10-25 15:54:57 -05:00 · 2024-10-23 17:18:11 -04:00 · 2024-10-22 16:20:35 +02:00 · 2024-10-22 11:53:48 +02:00
994 changed files with 30368 additions and 16670 deletions
--- a/.circleci/.gitignore
+++ b/.circleci/.gitignore
@@ -1 +0,0 @@
-config-staging
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -1,79 +0,0 @@
-version: 2.1
-
-# Required for dynamic configuration
-setup: true
-
-# Orbs
-orbs:
-  path-filtering: circleci/path-filtering@0.1.0
-  continuation: circleci/continuation@0.2.0
-
-# All input parameters to pass to build config
-parameters:
-  run-docs-only:
-    type: boolean
-    default: false
-
-  upload-to-storage:
-    type: string
-    default: '1'
-
-  run-build-linux:
-    type: boolean
-    default: false
-
-  run-build-mac:
-    type: boolean
-    default: false
-
-  run-linux-publish:
-    type: boolean
-    default: false
-
-  linux-publish-arch-limit:
-    type: enum
-    default: all
-    enum: ["all", "arm", "arm64", "x64", "ia32"]
-
-  run-macos-publish:
-    type: boolean
-    default: false
-
-  macos-publish-arch-limit:
-    type: enum
-    default: all
-    enum: ["all", "osx-x64", "osx-arm64", "mas-x64", "mas-arm64"]
-
-jobs:
-  generate-config:
-    docker:
-      - image: cimg/node:16.14
-    steps:
-      - checkout
-      - path-filtering/set-parameters:
-          base-revision: main
-          mapping: |
-            ^((?!docs/).)*$ run-build-mac true
-            ^((?!docs/).)*$ run-build-linux true
-            docs/.* run-docs-only true
-            ^((?!docs/).)*$ run-docs-only false
-      - run:
-          command: |
-            cd .circleci/config
-            yarn
-            export CIRCLECI_BINARY="$HOME/circleci"
-            curl -fLSs https://raw.githubusercontent.com/CircleCI-Public/circleci-cli/main/install.sh | DESTDIR=$CIRCLECI_BINARY bash
-            node build.js
-          name: Pack config.yml
-      - run:
-          name: Set params
-          command: node .circleci/config/params.js
-      - continuation/continue:
-          configuration_path: .circleci/config-staging/built.yml
-          parameters: /tmp/pipeline-parameters.json
-
-# Initial setup workflow
-workflows:
-  setup:
-    jobs:
-      - generate-config
--- a/.circleci/config/base.yml
+++ b/.circleci/config/base.yml
--- a/.circleci/config/build.js
+++ b/.circleci/config/build.js
@@ -1,34 +0,0 @@
-const cp = require('child_process');
-const fs = require('fs-extra');
-const path = require('path');
-const yaml = require('js-yaml');
-
-const STAGING_DIR = path.resolve(__dirname, '..', 'config-staging');
-
-function copyAndExpand(dir = './') {
-    const absDir = path.resolve(__dirname, dir);
-    const targetDir = path.resolve(STAGING_DIR, dir);
-
-    if (!fs.existsSync(targetDir)) {
-        fs.mkdirSync(targetDir);
-    }
-
-    for (const file of fs.readdirSync(absDir)) {
-        if (!file.endsWith('.yml')) {
-            if (fs.statSync(path.resolve(absDir, file)).isDirectory()) {
-                copyAndExpand(path.join(dir, file));
-            }
-            continue;
-        }
-
-        fs.writeFileSync(path.resolve(targetDir, file), yaml.dump(yaml.load(fs.readFileSync(path.resolve(absDir, file), 'utf8')), {
-            noRefs: true,
-        }));
-    }
-}
-
-if (fs.pathExists(STAGING_DIR)) fs.removeSync(STAGING_DIR);
-copyAndExpand();
-
-const output = cp.spawnSync(process.env.CIRCLECI_BINARY || 'circleci', ['config', 'pack', STAGING_DIR]);
-fs.writeFileSync(path.resolve(STAGING_DIR, 'built.yml'), output.stdout.toString());
--- a/.circleci/config/jobs/lint.yml
+++ b/.circleci/config/jobs/lint.yml
@@ -1,51 +0,0 @@
-executor:
-  name: linux-docker
-  size: medium
-steps:
-  - checkout:
-      path: src/electron
-  - run:
-      name: Setup third_party Depot Tools
-      command: |
-        # "depot_tools" has to be checkout into "//third_party/depot_tools" so pylint.py can a "pylintrc" file.
-        git clone https://chromium.googlesource.com/chromium/tools/depot_tools.git src/third_party/depot_tools
-        echo 'export PATH="$PATH:'"$PWD"'/src/third_party/depot_tools"' >> $BASH_ENV
-  - run:
-      name: Download GN Binary
-      command: |
-        chromium_revision="$(grep -A1 chromium_version src/electron/DEPS | tr -d '\n' | cut -d\' -f4)"
-        gn_version="$(curl -sL "https://chromium.googlesource.com/chromium/src/+/${chromium_revision}/DEPS?format=TEXT" | base64 -d | grep gn_version | head -n1 | cut -d\' -f4)"
-
-        cipd ensure -ensure-file - -root . \<<-CIPD
-        \$ServiceURL https://chrome-infra-packages.appspot.com/
-        @Subdir src/buildtools/linux64
-        gn/gn/linux-amd64 $gn_version
-        CIPD
-
-        echo 'export CHROMIUM_BUILDTOOLS_PATH="'"$PWD"'/src/buildtools"' >> $BASH_ENV
-  - run:
-      name: Download clang-format Binary
-      command: |
-        chromium_revision="$(grep -A1 chromium_version src/electron/DEPS | tr -d '\n' | cut -d\' -f4)"
-
-        sha1_path='buildtools/linux64/clang-format.sha1'
-        curl -sL "https://chromium.googlesource.com/chromium/src/+/${chromium_revision}/${sha1_path}?format=TEXT" | base64 -d > "src/${sha1_path}"
-
-        download_from_google_storage.py --no_resume --no_auth --bucket chromium-clang-format -s "src/${sha1_path}"
-  - run:
-      name: Run Lint
-      command: |
-        # gn.py tries to find a gclient root folder starting from the current dir.
-        # When it fails and returns "None" path, the whole script fails. Let's "fix" it.
-        touch .gclient
-        # Another option would be to checkout "buildtools" inside the Electron checkout,
-        # but then we would lint its contents (at least gn format), and it doesn't pass it.
-
-        cd src/electron
-        node script/yarn install --frozen-lockfile
-        node script/yarn lint
-  - run:
-      name: Run Script Typechecker
-      command: |
-        cd src/electron
-        node script/yarn tsc -p tsconfig.script.json
--- a/.circleci/config/package.json
+++ b/.circleci/config/package.json
@@ -1,10 +0,0 @@
-{
-  "name": "@electron/circleci-config",
-  "version": "0.0.0",
-  "private": true,
-  "license": "MIT",
-  "dependencies": {
-    "fs-extra": "^10.1.0",
-    "js-yaml": "^4.1.0"
-  }
-}
--- a/.circleci/config/params.js
+++ b/.circleci/config/params.js
@@ -1,12 +0,0 @@
-const fs = require('fs');
-
-const PARAMS_PATH = '/tmp/pipeline-parameters.json';
-
-const content = JSON.parse(fs.readFileSync(PARAMS_PATH, 'utf-8'));
-
-// Choose resource class for linux hosts
-const currentBranch = process.env.CIRCLE_BRANCH || '';
-content['large-linux-executor'] = /^pull\/[0-9-]+$/.test(currentBranch) ? '2xlarge' : 'electronjs/aks-linux-large';
-content['medium-linux-executor'] = /^pull\/[0-9-]+$/.test(currentBranch) ? 'medium' : 'electronjs/aks-linux-medium';
-
-fs.writeFileSync(PARAMS_PATH, JSON.stringify(content));
--- a/.circleci/config/yarn.lock
+++ b/.circleci/config/yarn.lock
@@ -1,43 +0,0 @@
-# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
-# yarn lockfile v1
-
-
-argparse@^2.0.1:
-  version "2.0.1"
-  resolved "https://registry.yarnpkg.com/argparse/-/argparse-2.0.1.tgz#246f50f3ca78a3240f6c997e8a9bd1eac49e4b38"
-  integrity sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==
-
-fs-extra@^10.1.0:
-  version "10.1.0"
-  resolved "https://registry.yarnpkg.com/fs-extra/-/fs-extra-10.1.0.tgz#02873cfbc4084dde127eaa5f9905eef2325d1abf"
-  integrity sha512-oRXApq54ETRj4eMiFzGnHWGy+zo5raudjuxN0b8H7s/RU2oW0Wvsx9O0ACRN/kRq9E8Vu/ReskGB5o3ji+FzHQ==
-  dependencies:
-    graceful-fs "^4.2.0"
-    jsonfile "^6.0.1"
-    universalify "^2.0.0"
-
-graceful-fs@^4.1.6, graceful-fs@^4.2.0:
-  version "4.2.10"
-  resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.10.tgz#147d3a006da4ca3ce14728c7aefc287c367d7a6c"
-  integrity sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA==
-
-js-yaml@^4.1.0:
-  version "4.1.0"
-  resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.1.0.tgz#c1fb65f8f5017901cdd2c951864ba18458a10602"
-  integrity sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==
-  dependencies:
-    argparse "^2.0.1"
-
-jsonfile@^6.0.1:
-  version "6.1.0"
-  resolved "https://registry.yarnpkg.com/jsonfile/-/jsonfile-6.1.0.tgz#bc55b2634793c679ec6403094eb13698a6ec0aae"
-  integrity sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==
-  dependencies:
-    universalify "^2.0.0"
-  optionalDependencies:
-    graceful-fs "^4.1.6"
-
-universalify@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/universalify/-/universalify-2.0.0.tgz#75a4984efedc4b08975c5aeb73f530d02df25717"
-  integrity sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ==
--- a/.circleci/fix-known-hosts.sh
+++ b/.circleci/fix-known-hosts.sh
@@ -1,8 +0,0 @@
-#!/bin/bash
-
-set -e
-
-mkdir -p ~/.ssh
-echo "github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
-github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
-github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=" >> ~/.ssh/known_hosts
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -4,12 +4,8 @@
 	"onCreateCommand": ".devcontainer/on-create-command.sh",
 	"updateContentCommand": ".devcontainer/update-content-command.sh",
 	"workspaceFolder": "/workspaces/gclient/src/electron",
-	"forwardPorts": [8088, 6080, 5901],
+	"forwardPorts": [6080, 5901],
 	"portsAttributes": {
-		"8088": {
-			"label": "Goma Control Panel",
-			"onAutoForward": "silent"
-		},
 		"6080": {
 			"label": "VNC web client (noVNC)",
 			"onAutoForward": "silent"
@@ -31,7 +27,8 @@
 			]
 		},
 		"vscode": {
-			"extensions": ["joeleinbinder.mojom-language",
+			"extensions": [
+				"joeleinbinder.mojom-language",
 				"rafaelmaiolla.diff",
 				"surajbarkale.ninja",
 				"ms-vscode.cpptools",
@@ -39,7 +36,6 @@
 				"dbaeumer.vscode-eslint",
 				"shakram02.bash-beautify",
 				"marshallofsound.gnls-electron",
-				"CircleCI.circleci"
 			],
 			"settings": {
 				"editor.tabSize": 2,
--- a/.devcontainer/docker-compose.yml
+++ b/.devcontainer/docker-compose.yml
@@ -2,7 +2,7 @@ version: '3'

 services:
  buildtools:
-    image: ghcr.io/electron/devcontainer:3d8d44d0f15b05bef6149e448f9cc522111847e9
+    image: ghcr.io/electron/devcontainer:9a43c14f5c19be0359843299f79e736521373adc

    volumes:
      - ..:/workspaces/gclient/src/electron:cached
--- a/.devcontainer/on-create-command.sh
+++ b/.devcontainer/on-create-command.sh
@@ -39,7 +39,6 @@ if [ ! -f $buildtools/configs/evm.testing.json ]; then
  write_config() {
    echo "
        {
-            \"goma\": \"$1\",
            \"root\": \"/workspaces/gclient\",
            \"remotes\": {
                \"electron\": {
@@ -49,7 +48,7 @@ if [ ! -f $buildtools/configs/evm.testing.json ]; then
            \"gen\": {
                \"args\": [
                    \"import(\\\"//electron/build/args/testing.gn\\\")\",
-                    \"import(\\\"/home/builduser/.electron_build_tools/third_party/goma.gn\\\")\"
+                    \"use_remoteexec = true\"
                ],
                \"out\": \"Testing\"
            },
@@ -57,26 +56,18 @@ if [ ! -f $buildtools/configs/evm.testing.json ]; then
                \"CHROMIUM_BUILDTOOLS_PATH\": \"/workspaces/gclient/src/buildtools\",
                \"GIT_CACHE_PATH\": \"/workspaces/gclient/.git-cache\"
            },
-            \"\$schema\": \"file:///home/builduser/.electron_build_tools/evm-config.schema.json\"
+            \"\$schema\": \"file:///home/builduser/.electron_build_tools/evm-config.schema.json\",
+            \"configValidationLevel\": \"strict\",
+            \"reclient\": \"$1\",
+            \"goma\": \"none\",
+            \"preserveXcode\": 5
        }
    " >$buildtools/configs/evm.testing.json
  }

-  # Start out as cache only
-  write_config cache-only
+  write_config remote_exec

-  e use testing
-
-  # Attempt to auth to the goma service via codespaces tokens
-  # if it works we can use the goma cluster
-  export NOTGOMA_CODESPACES_TOKEN=$GITHUB_TOKEN
-  if e d goma_auth login; then
-    echo "$GITHUB_USER has GOMA access - switching to cluster mode"
-    write_config cluster
-  fi
+  e use testing 
 else
  echo "build-tools testing config already exists"
-
-  # Re-auth with the goma cluster regardless.
-  NOTGOMA_CODESPACES_TOKEN=$GITHUB_TOKEN e d goma_auth login || true
 fi
--- a/.env.example
+++ b/.env.example
@@ -2,5 +2,4 @@
 # See docs/development/releasing.md

 APPVEYOR_CLOUD_TOKEN=
-CIRCLE_TOKEN=
 ELECTRON_GITHUB_TOKEN=
--- a/.eslintrc.json
+++ b/.eslintrc.json
@@ -19,7 +19,40 @@
    "prefer-const": ["error", {
      "destructuring": "all"
    }],
-    "standard/no-callback-literal": "off"
+    "n/no-callback-literal": "off",
+    "import/newline-after-import": "error",
+    "import/order": ["error", {
+      "alphabetize": {
+        "order": "asc"
+      },
+      "newlines-between": "always",
+      "pathGroups": [
+        {
+          "pattern": "@electron/internal/**",
+          "group": "external",
+          "position": "before"
+        },
+        {
+          "pattern": "@electron/**",
+          "group": "external",
+          "position": "before"
+        },
+        {
+          "pattern": "{electron,electron/**}",
+          "group": "external",
+          "position": "before"
+        }
+      ],
+      "pathGroupsExcludedImportTypes": [],
+      "distinctGroup": true,
+      "groups": [
+        "external",
+        "builtin",
+        ["sibling", "parent"],
+        "index",
+        "type"
+      ]
+    }]
  },
  "parserOptions": {
    "ecmaVersion": 6,
--- a/.gitattributes
+++ b/.gitattributes
@@ -22,6 +22,7 @@ patches/**/.patches merge=union
 *.md text eol=lf
 *.mm text eol=lf
 *.mojom text eol=lf
+*.patches text eol=lf
 *.proto text eol=lf
 *.py text eol=lf
 *.ps1 text eol=lf
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -11,6 +11,9 @@ DEPS                                    @electron/wg-upgrades
 /docs/breaking-changes.md               @electron/wg-releases
 /npm/                                   @electron/wg-releases
 /script/release                         @electron/wg-releases
+appveyor.yml                            @electron/wg-releases
+appveyor-bake.yml                       @electron/wg-releases
+appveyor-woa.yml                        @electron/wg-releases

 # Security WG
 /lib/browser/devtools.ts                @electron/wg-security
--- a/.github/actions/build-electron/action.yml
+++ b/.github/actions/build-electron/action.yml
@@ -0,0 +1,218 @@
+name: 'Build Electron'
+description: 'Builds Electron & Friends'
+inputs:
+  target-arch:
+    description: 'Target arch'
+    required: true
+  target-platform:
+    description: 'Target platform'
+    required: true
+  artifact-platform:
+    description: 'Artifact platform, should be linux, darwin or mas'
+    required: true
+  step-suffix:
+    description: 'Suffix for build steps'
+    required: false
+    default: ''
+  is-release:
+    description: 'Is release build'
+    required: true
+  strip-binaries:
+    description: 'Strip binaries (Linux only)'
+    required: false
+  generate-symbols:
+    description: 'Generate symbols'
+    required: true
+  upload-to-storage:
+    description: 'Upload to storage'
+    required: true
+  is-asan:
+    description: 'The ASan Linux build'
+    required: false
+runs:
+  using: "composite"
+  steps:
+    - name: Set GN_EXTRA_ARGS for MacOS x64 Builds
+      shell: bash
+      if: ${{ inputs.target-arch == 'x64' && inputs.target-platform == 'macos' }}
+      run: |
+        GN_APPENDED_ARGS="$GN_EXTRA_ARGS target_cpu=\"x64\" v8_snapshot_toolchain=\"//build/toolchain/mac:clang_x64\""
+        echo "GN_EXTRA_ARGS=$GN_APPENDED_ARGS" >> $GITHUB_ENV
+    - name: Build Electron ${{ inputs.step-suffix }}
+      shell: bash
+      run: |
+        rm -rf "src/out/Default/Electron Framework.framework"
+        rm -rf src/out/Default/Electron*.app
+
+        cd src/electron
+        # TODO(codebytere): remove this once we figure out why .git/packed-refs is initially missing
+        git pack-refs
+        cd ..
+
+        if [ "`uname`" = "Darwin" ]; then
+          ulimit -n 10000
+          sudo launchctl limit maxfiles 65536 200000
+        fi
+
+        NINJA_SUMMARIZE_BUILD=1 e build -j $NUMBER_OF_NINJA_PROCESSES
+        cp out/Default/.ninja_log out/electron_ninja_log
+        node electron/script/check-symlinks.js
+    - name: Strip Electron Binaries ${{ inputs.step-suffix }}
+      shell: bash
+      if: ${{ inputs.strip-binaries == 'true' }}
+      run: |
+        cd src
+        electron/script/copy-debug-symbols.py --target-cpu="${{ inputs.target-arch }}" --out-dir=out/Default/debug --compress
+        electron/script/strip-binaries.py --target-cpu="${{ inputs.target-arch }}"
+        electron/script/add-debug-link.py --target-cpu="${{ inputs.target-arch }}" --debug-dir=out/Default/debug
+    - name: Build Electron dist.zip ${{ inputs.step-suffix }}
+      shell: bash
+      run: |
+        cd src
+        e build --target electron:electron_dist_zip -j $NUMBER_OF_NINJA_PROCESSES
+        if [ "${{ inputs.is-asan }}" != "true" ]; then
+          target_os=${{ inputs.target-platform == 'linux' && 'linux' || 'mac'}}
+          if [ "${{ inputs.artifact-platform }}" = "mas" ]; then
+            target_os="${target_os}_mas"
+          fi
+          electron/script/zip_manifests/check-zip-manifest.py out/Default/dist.zip electron/script/zip_manifests/dist_zip.$target_os.${{ inputs.target-arch }}.manifest
+        fi
+    - name: Build Mksnapshot ${{ inputs.step-suffix }}
+      shell: bash
+      run: |
+        cd src
+        e build --target electron:electron_mksnapshot -j $NUMBER_OF_NINJA_PROCESSES
+        gn desc out/Default v8:run_mksnapshot_default args > out/Default/mksnapshot_args
+        # Remove unused args from mksnapshot_args
+        SEDOPTION="-i"
+        if [ "`uname`" = "Darwin" ]; then
+          SEDOPTION="-i ''"
+        fi
+        sed $SEDOPTION '/.*builtins-pgo/d' out/Default/mksnapshot_args
+        sed $SEDOPTION '/--turbo-profiling-input/d' out/Default/mksnapshot_args
+        sed $SEDOPTION '/The gn arg use_goma=true .*/d' out/Default/mksnapshot_args
+
+        if [ "`uname`" = "Linux" ]; then
+          if [ "${{ inputs.target-arch }}" = "arm" ]; then
+            electron/script/strip-binaries.py --file $PWD/out/Default/clang_x86_v8_arm/mksnapshot
+            electron/script/strip-binaries.py --file $PWD/out/Default/clang_x86_v8_arm/v8_context_snapshot_generator
+          elif [ "${{ inputs.target-arch }}" = "arm64" ]; then
+            electron/script/strip-binaries.py --file $PWD/out/Default/clang_x64_v8_arm64/mksnapshot
+            electron/script/strip-binaries.py --file $PWD/out/Default/clang_x64_v8_arm64/v8_context_snapshot_generator
+          else
+            electron/script/strip-binaries.py --file $PWD/out/Default/mksnapshot
+            electron/script/strip-binaries.py --file $PWD/out/Default/v8_context_snapshot_generator
+          fi
+        fi
+
+        e build --target electron:electron_mksnapshot_zip -j $NUMBER_OF_NINJA_PROCESSES
+        (cd out/Default; zip mksnapshot.zip mksnapshot_args gen/v8/embedded.S)
+    - name: Generate Cross-Arch Snapshot (arm/arm64)  ${{ inputs.step-suffix }}
+      shell: bash
+      if: ${{ (inputs.target-arch == 'arm' || inputs.target-arch == 'arm64') && inputs.target-platform == 'linux' }}
+      run: |
+        cd src
+        if [ "${{ inputs.target-arch }}" = "arm" ]; then
+          MKSNAPSHOT_PATH="clang_x86_v8_arm"
+        elif [ "${{ inputs.target-arch }}" = "arm64" ]; then
+          MKSNAPSHOT_PATH="clang_x64_v8_arm64"
+        fi
+
+        cp "out/Default/$MKSNAPSHOT_PATH/mksnapshot" out/Default
+        cp "out/Default/$MKSNAPSHOT_PATH/v8_context_snapshot_generator" out/Default
+        cp "out/Default/$MKSNAPSHOT_PATH/libffmpeg.so" out/Default
+
+        python3 electron/script/verify-mksnapshot.py --source-root "$PWD" --build-dir out/Default --create-snapshot-only
+        mkdir cross-arch-snapshots
+        cp out/Default-mksnapshot-test/*.bin cross-arch-snapshots
+        # Clean up so that ninja does not get confused
+        rm -f out/Default/libffmpeg.so
+    - name: Build Chromedriver ${{ inputs.step-suffix }}
+      shell: bash
+      run: |
+        cd src
+        e build --target electron:electron_chromedriver -j $NUMBER_OF_NINJA_PROCESSES
+        e build --target electron:electron_chromedriver_zip
+    - name: Build Node.js headers ${{ inputs.step-suffix }}
+      shell: bash
+      run: |
+        cd src
+        e build --target electron:node_headers
+    - name: Generate & Zip Symbols ${{ inputs.step-suffix }}
+      shell: bash
+      run: |
+        # Generate breakpad symbols on release builds
+        if [ "${{ inputs.generate-symbols }}" = "true" ]; then
+          e build --target electron:electron_symbols
+        fi
+        cd src
+        export BUILD_PATH="$(pwd)/out/Default"
+        e build --target electron:licenses
+        e build --target electron:electron_version_file
+        if [ "${{ inputs.is-release }}" = "true" ]; then
+          DELETE_DSYMS_AFTER_ZIP=1 electron/script/zip-symbols.py -b $BUILD_PATH
+        else
+          electron/script/zip-symbols.py -b $BUILD_PATH
+        fi
+    - name: Generate FFMpeg ${{ inputs.step-suffix }}
+      shell: bash
+      if: ${{ inputs.is-release == 'true' }}
+      run: |
+        cd src
+        gn gen out/ffmpeg --args="import(\"//electron/build/args/ffmpeg.gn\") use_remoteexec=true $GN_EXTRA_ARGS"
+        e build --target electron:electron_ffmpeg_zip -C ../../out/ffmpeg -j $NUMBER_OF_NINJA_PROCESSES
+    - name: Generate Hunspell Dictionaries ${{ inputs.step-suffix }}
+      shell: bash
+      if: ${{ inputs.is-release == 'true' && inputs.target-platform == 'linux' }}
+      run: |
+        e build --target electron:hunspell_dictionaries_zip -j $NUMBER_OF_NINJA_PROCESSES
+    - name: Generate Libcxx ${{ inputs.step-suffix }}
+      shell: bash
+      if: ${{ inputs.is-release == 'true' && inputs.target-platform == 'linux' }}
+      run: |
+        e build --target electron:libcxx_headers_zip -j $NUMBER_OF_NINJA_PROCESSES
+        e build --target electron:libcxxabi_headers_zip -j $NUMBER_OF_NINJA_PROCESSES
+        e build --target electron:libcxx_objects_zip -j $NUMBER_OF_NINJA_PROCESSES
+    - name: Generate TypeScript Definitions ${{ inputs.step-suffix }}
+      if: ${{ inputs.is-release == 'true' }}
+      shell: bash
+      run: |
+        cd src/electron
+        node script/yarn create-typescript-definitions
+    - name: Publish Electron Dist ${{ inputs.step-suffix }}
+      if: ${{ inputs.is-release == 'true' }}
+      shell: bash
+      run: |
+        rm -rf src/out/Default/obj
+        cd src/electron
+        if [ "${{ inputs.upload-to-storage }}" = "1" ]; then
+          echo 'Uploading Electron release distribution to Azure'
+          script/release/uploaders/upload.py --verbose --upload_to_storage
+        else
+          echo 'Uploading Electron release distribution to GitHub releases'
+          script/release/uploaders/upload.py --verbose
+        fi
+    - name: Generate Artifact Key
+      shell: bash
+      run: |
+        if [ "${{ inputs.is-asan }}" = "true" ]; then 
+          ARTIFACT_KEY=${{ inputs.artifact-platform }}_${{ inputs.target-arch }}_asan
+        else
+          ARTIFACT_KEY=${{ inputs.artifact-platform }}_${{ inputs.target-arch }}
+        fi
+        echo "ARTIFACT_KEY=$ARTIFACT_KEY" >> $GITHUB_ENV
+    # The current generated_artifacts_<< artifact.key >> name was taken from CircleCI
+    # to ensure we don't break anything, but we may be able to improve that.
+    - name: Move all Generated Artifacts to Upload Folder ${{ inputs.step-suffix }}
+      shell: bash
+      run: ./src/electron/script/actions/move-artifacts.sh
+    - name: Upload Generated Artifacts ${{ inputs.step-suffix }}
+      uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
+      with:
+        name: generated_artifacts_${{ env.ARTIFACT_KEY }}
+        path: ./generated_artifacts_${{ inputs.artifact-platform }}_${{ inputs.target-arch }}
+    - name: Upload Src Artifacts ${{ inputs.step-suffix }}
+      uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
+      with:
+        name: src_artifacts_${{ env.ARTIFACT_KEY }}
+        path: ./src_artifacts_${{ inputs.artifact-platform }}_${{ inputs.target-arch }}
--- a/.github/actions/checkout/action.yml
+++ b/.github/actions/checkout/action.yml
@@ -0,0 +1,154 @@
+name: 'Checkout'
+description: 'Checks out Electron and stores it in the AKS Cache'
+inputs:
+  generate-sas-token:
+    description: 'Whether to generate and persist a SAS token for the item in the cache'
+    required: false
+    default: 'false'
+runs:
+  using: "composite"
+  steps:
+  - name: Set GIT_CACHE_PATH to make gclient to use the cache
+    shell: bash
+    run: |
+      echo "GIT_CACHE_PATH=$(pwd)/git-cache" >> $GITHUB_ENV
+  - name: Install Dependencies
+    shell: bash
+    run: |
+      cd src/electron
+      node script/yarn install --frozen-lockfile
+  - name: Get Depot Tools
+    shell: bash
+    run: |
+      git clone --depth=1 https://chromium.googlesource.com/chromium/tools/depot_tools.git
+
+      sed -i '/ninjalog_uploader_wrapper.py/d' ./depot_tools/autoninja
+      # Remove swift-format dep from cipd on macOS until we send a patch upstream.
+      cd depot_tools
+      git apply --3way ../src/electron/.github/workflows/config/gclient.diff
+
+      # Ensure depot_tools does not update.
+      test -d depot_tools && cd depot_tools
+      touch .disable_auto_update
+  - name: Add Depot Tools to PATH
+    shell: bash
+    run: echo "$(pwd)/depot_tools" >> $GITHUB_PATH
+  - name: Generate DEPS Hash
+    shell: bash
+    run: |
+      node src/electron/script/generate-deps-hash.js && cat src/electron/.depshash-target
+      echo "DEPSHASH=v1-src-cache-$(shasum src/electron/.depshash | cut -f1 -d' ')" >> $GITHUB_ENV
+  - name: Generate SAS Key
+    if: ${{ inputs.generate-sas-token == 'true' }}
+    shell: bash
+    run: |
+      curl --unix-socket /var/run/sas/sas.sock --fail "http://foo/$DEPSHASH.tar" > sas-token
+  - name: Save SAS Key
+    if: ${{ inputs.generate-sas-token == 'true' }}
+    uses: actions/cache/save@v4
+    with:
+      path: |
+        sas-token
+      key: sas-key-${{ github.run_number }}-${{ github.run_attempt }}
+  - name: Check If Cache Exists
+    id: check-cache
+    shell: bash
+    run: |
+      cache_path=/mnt/cross-instance-cache/$DEPSHASH.tar
+      echo "Using cache key: $DEPSHASH"
+      echo "Checking for cache in: $cache_path"
+      if [ ! -f "$cache_path" ]; then
+        echo "cache_exists=false" >> $GITHUB_OUTPUT
+        echo "Cache Does Not Exist for $DEPSHASH"
+      else
+        echo "cache_exists=false" >> $GITHUB_OUTPUT
+        echo "Cache Already Exists for $DEPSHASH, Busting cache.."
+      fi
+  - name: Gclient Sync
+    if: steps.check-cache.outputs.cache_exists == 'false'
+    shell: bash
+    run: |
+      gclient config \
+        --name "src/electron" \
+        --unmanaged \
+        ${GCLIENT_EXTRA_ARGS} \
+        "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY"
+
+      ELECTRON_USE_THREE_WAY_MERGE_FOR_PATCHES=1 gclient sync --with_branch_heads --with_tags -vvvvv
+      if [ "${{ inputs.is-release }}" != "true" && -n "${{ env.PATCH_UP_APP_CREDS }}" ]; then
+        # Re-export all the patches to check if there were changes.
+        python3 src/electron/script/export_all_patches.py src/electron/patches/config.json
+        cd src/electron
+        git update-index --refresh || true
+        if ! git diff-index --quiet HEAD --; then
+          # There are changes to the patches. Make a git commit with the updated patches
+          git add patches
+          GIT_COMMITTER_NAME="PatchUp" GIT_COMMITTER_EMAIL="73610968+patchup[bot]@users.noreply.github.com" git commit -m "chore: update patches" --author="PatchUp <73610968+patchup[bot]@users.noreply.github.com>"
+          # Export it
+          mkdir -p ../../patches
+          git format-patch -1 --stdout --keep-subject --no-stat --full-index > ../../patches/update-patches.patch
+          if (node ./script/push-patch.js 2> /dev/null > /dev/null); then
+            echo
+            echo "======================================================================"
+            echo "Changes to the patches when applying, we have auto-pushed the diff to the current branch"
+            echo "A new CI job will kick off shortly"
+            echo "======================================================================"
+            exit 1
+          else
+            echo
+            echo "======================================================================"
+            echo "There were changes to the patches when applying."
+            echo "Check the CI artifacts for a patch you can apply to fix it."
+            echo "======================================================================"
+            exit 1
+          fi
+        fi
+      fi
+
+  # delete all .git directories under src/ except for
+  # third_party/angle/ and third_party/dawn/ because of build time generation of files
+  # gen/angle/commit.h depends on third_party/angle/.git/HEAD
+  # https://chromium-review.googlesource.com/c/angle/angle/+/2074924
+  # and dawn/common/Version_autogen.h depends on  third_party/dawn/.git/HEAD
+  # https://dawn-review.googlesource.com/c/dawn/+/83901
+  # TODO: maybe better to always leave out */.git/HEAD file for all targets ?
+  - name: Delete .git directories under src to free space
+    if: steps.check-cache.outputs.cache_exists == 'false'
+    shell: bash
+    run: |
+      cd src
+      ( find . -type d -name ".git" -not -path "./third_party/angle/*" -not -path "./third_party/dawn/*" -not -path "./electron/*" ) | xargs rm -rf
+  - name: Minimize Cache Size for Upload
+    if: steps.check-cache.outputs.cache_exists == 'false'
+    shell: bash
+    run: |
+      rm -rf src/android_webview
+      rm -rf src/ios/chrome
+      rm -rf src/third_party/blink/web_tests
+      rm -rf src/third_party/blink/perf_tests
+      rm -rf src/chrome/test/data/xr/webvr_info
+      rm -rf src/third_party/angle/third_party/VK-GL-CTS/src
+      rm -rf src/third_party/swift-toolchain
+      rm -rf src/third_party/swiftshader/tests/regres/testlists
+      rm -rf src/electron
+  - name: Compress Src Directory
+    if: steps.check-cache.outputs.cache_exists == 'false'
+    shell: bash
+    run: |
+      echo "Uncompressed src size: $(du -sh src | cut -f1 -d' ')"
+      tar -cf $DEPSHASH.tar src
+      echo "Compressed src to $(du -sh $DEPSHASH.tar | cut -f1 -d' ')"
+      cp ./$DEPSHASH.tar /mnt/cross-instance-cache/
+  - name: Persist Src Cache
+    if: steps.check-cache.outputs.cache_exists == 'false'
+    shell: bash
+    run: |
+      final_cache_path=/mnt/cross-instance-cache/$DEPSHASH.tar
+      echo "Using cache key: $DEPSHASH"
+      echo "Checking path: $final_cache_path"
+      if [ ! -f "$final_cache_path" ]; then
+        echo "Cache key not found"
+        exit 1
+      else
+        echo "Cache key persisted in $final_cache_path"
+      fi
--- a/.github/actions/fix-sync-macos/action.yml
+++ b/.github/actions/fix-sync-macos/action.yml
@@ -0,0 +1,61 @@
+name: 'Fix Sync macOS'
+description: 'Checks out Electron and stores it in the AKS Cache'
+runs:
+  using: "composite"
+  steps:
+    - name: Fix Sync
+      shell: bash
+      # This step is required to correct for differences between "gclient sync"
+      # on Linux and the expected state on macOS. This requires:
+      # 1. Fixing Clang Install (wrong binary)
+      # 2. Fixing esbuild (wrong binary)
+      # 3. Fixing rustc (wrong binary)
+      # 4. Fixing gn (wrong binary)
+      # 5. Fix reclient (wrong binary)
+      # 6. Fixing dsymutil (wrong binary)
+      # 7. Ensuring we are using the correct ninja and adding it to PATH
+      # 8. Fixing angle (wrong remote)
+      run : |
+        SEDOPTION="-i ''"
+        rm -rf src/third_party/llvm-build
+        python3 src/tools/clang/scripts/update.py
+
+        echo 'infra/3pp/tools/esbuild/${platform}' `gclient getdep --deps-file=src/third_party/devtools-frontend/src/DEPS -r 'third_party/esbuild:infra/3pp/tools/esbuild/${platform}'` > esbuild_ensure_file
+        # Remove extra output from calling gclient getdep which always calls update_depot_tools
+        sed -i '' "s/Updating depot_tools... //g" esbuild_ensure_file
+        cipd ensure --root src/third_party/devtools-frontend/src/third_party/esbuild -ensure-file esbuild_ensure_file
+
+        rm -rf src/third_party/rust-toolchain
+        python3 src/tools/rust/update_rust.py
+        
+        # Prevent calling gclient getdep which always calls update_depot_tools
+        echo 'gn/gn/mac-${arch}' `gclient getdep --deps-file=src/DEPS -r 'src/buildtools/mac:gn/gn/mac-${arch}'` > gn_ensure_file
+        sed -i '' "s/Updating depot_tools... //g" gn_ensure_file
+        cipd ensure --root src/buildtools/mac -ensure-file gn_ensure_file
+
+        # Prevent calling gclient getdep which always calls update_depot_tools
+        echo 'infra/rbe/client/${platform}' `gclient getdep --deps-file=src/DEPS -r 'src/buildtools/reclient:infra/rbe/client/${platform}'` > gn_ensure_file
+        sed -i '' "s/Updating depot_tools... //g" gn_ensure_file
+        cipd ensure --root src/buildtools/reclient -ensure-file gn_ensure_file
+        python3 src/buildtools/reclient_cfgs/configure_reclient_cfgs.py --rbe_instance "projects/rbe-chrome-untrusted/instances/default_instance" --reproxy_cfg_template reproxy.cfg.template --rewrapper_cfg_project "" --skip_remoteexec_cfg_fetch
+
+        if  [ "${{ env.TARGET_ARCH }}" == "arm64" ]; then
+          DSYM_SHA_FILE=src/tools/clang/dsymutil/bin/dsymutil.arm64.sha1
+        else
+          DSYM_SHA_FILE=src/tools/clang/dsymutil/bin/dsymutil.x64.sha1
+        fi
+        python3 src/third_party/depot_tools/download_from_google_storage.py --no_resume --no_auth --bucket chromium-browser-clang -s $DSYM_SHA_FILE -o src/tools/clang/dsymutil/bin/dsymutil
+
+        echo 'infra/3pp/tools/ninja/${platform}' `gclient getdep --deps-file=src/DEPS -r 'src/third_party/ninja:infra/3pp/tools/ninja/${platform}'` > ninja_ensure_file
+        sed $SEDOPTION "s/Updating depot_tools... //g" ninja_ensure_file
+        cipd ensure --root src/third_party/ninja -ensure-file ninja_ensure_file
+
+        echo "$(pwd)/src/third_party/ninja" >> $GITHUB_PATH
+
+        cd src/third_party/angle
+        rm -f .git/objects/info/alternates
+        git remote set-url origin https://chromium.googlesource.com/angle/angle.git
+        cp .git/config .git/config.backup
+        git remote remove origin
+        mv .git/config.backup .git/config
+        git fetch
--- a/.github/actions/free-space-macos/action.yml
+++ b/.github/actions/free-space-macos/action.yml
@@ -0,0 +1,65 @@
+name: 'Free Space macOS'
+description: 'Checks out Electron and stores it in the AKS Cache'
+runs:
+  using: "composite"
+  steps:
+    - name: Free Space on MacOS
+      shell: bash
+      run: |
+        sudo mkdir -p $TMPDIR/del-target
+
+        tmpify() {
+          if [ -d "$1" ]; then
+            sudo mv "$1" $TMPDIR/del-target/$(echo $1|shasum -a 256|head -n1|cut -d " " -f1)
+          fi
+        }
+
+        strip_universal_deep() {
+          opwd=$(pwd)
+          cd $1
+          f=$(find . -perm +111 -type f)
+          for fp in $f
+          do
+            if [[ $(file "$fp") == *"universal binary"* ]]; then
+              if [ "`arch`" == "arm64" ]; then
+                if [[ $(file "$fp") == *"x86_64"* ]]; then
+                  sudo lipo -remove x86_64 "$fp" -o "$fp" || true
+                fi
+              else
+                if [[ $(file "$fp") == *"arm64e)"* ]]; then
+                  sudo lipo -remove arm64e "$fp" -o "$fp" || true
+                fi
+                if [[ $(file "$fp") == *"arm64)"* ]]; then
+                  sudo lipo -remove arm64 "$fp" -o "$fp" || true
+                fi
+              fi
+            fi
+          done
+
+          cd $opwd
+        }
+
+        tmpify /Library/Developer/CoreSimulator
+        tmpify ~/Library/Developer/CoreSimulator
+        tmpify $(xcode-select -p)/Platforms/AppleTVOS.platform
+        tmpify $(xcode-select -p)/Platforms/iPhoneOS.platform
+        tmpify $(xcode-select -p)/Platforms/WatchOS.platform
+        tmpify $(xcode-select -p)/Platforms/WatchSimulator.platform
+        tmpify $(xcode-select -p)/Platforms/AppleTVSimulator.platform
+        tmpify $(xcode-select -p)/Platforms/iPhoneSimulator.platform
+        tmpify $(xcode-select -p)/Toolchains/XcodeDefault.xctoolchain/usr/metal/ios
+        tmpify $(xcode-select -p)/Toolchains/XcodeDefault.xctoolchain/usr/lib/swift
+        tmpify $(xcode-select -p)/Toolchains/XcodeDefault.xctoolchain/usr/lib/swift-5.0
+        tmpify ~/.rubies
+        tmpify ~/Library/Caches/Homebrew
+        tmpify /usr/local/Homebrew
+
+        sudo rm -rf $TMPDIR/del-target
+
+        sudo rm -rf /Applications/Safari.app
+        sudo rm -rf ~/project/src/third_party/catapult/tracing/test_data
+        sudo rm -rf ~/project/src/third_party/angle/third_party/VK-GL-CTS
+
+        # lipo off some huge binaries arm64 versions to save space
+        strip_universal_deep $(xcode-select -p)/../SharedFrameworks
+        # strip_arm_deep /System/Volumes/Data/Library/Developer/CommandLineTools/usr
--- a/.github/actions/generate-types/action.yml
+++ b/.github/actions/generate-types/action.yml
@@ -0,0 +1,24 @@
+name: 'Generate Types for Archaeologist Dig'
+description: 'Generate Types for Archaeologist Dig'
+inputs:
+  sha-file:
+    description: 'File containing sha'
+    required: true
+  filename:
+    description: 'Filename to write types to'
+    required: true
+runs:
+  using: "composite"
+  steps:
+  - name: Generating Types for SHA in ${{ inputs.sha-file }}
+    shell: bash
+    run: |
+      git checkout $(cat ${{ inputs.sha-file }})
+      rm -rf node_modules
+      yarn install --frozen-lockfile --ignore-scripts
+      echo "#!/usr/bin/env node\nglobal.x=1" > node_modules/typescript/bin/tsc
+      node node_modules/.bin/electron-docs-parser --dir=./ --outDir=./ --moduleVersion=0.0.0-development
+      node node_modules/.bin/electron-typescript-definitions --api=electron-api.json --outDir=artifacts
+      mv artifacts/electron.d.ts artifacts/${{ inputs.filename }}
+      git checkout .
+    working-directory: ./electron
--- a/.github/actions/install-build-tools/action.yml
+++ b/.github/actions/install-build-tools/action.yml
@@ -0,0 +1,11 @@
+name: 'Install Build Tools'
+description: 'Installs an exact SHA of build tools'
+runs:
+  using: "composite"
+  steps:
+  - name: Install Build Tools
+    shell: bash
+    run: |
+      export BUILD_TOOLS_SHA=eeb1a11392e4cec08fd926c93b31ab556dc0c23b
+      npm i -g @electron/build-tools
+      e auto-update disable
--- a/.github/actions/restore-cache-aks/action.yml
+++ b/.github/actions/restore-cache-aks/action.yml
@@ -0,0 +1,36 @@
+name: 'Restore Cache AKS'
+description: 'Restores Electron src cache via AKS'
+runs:
+  using: "composite"
+  steps:
+  - name: Restore and Ensure Src Cache
+    shell: bash
+    run: |
+      cache_path=/mnt/cross-instance-cache/$DEPSHASH.tar
+      echo "Using cache key: $DEPSHASH"
+      echo "Checking for cache in: $cache_path"
+      if [ ! -f "$cache_path" ]; then
+        echo "Cache Does Not Exist for $DEPSHASH - exiting"
+        exit 1
+      else
+        echo "Found Cache for $DEPSHASH at $cache_path"
+      fi
+
+      echo "Persisted cache is $(du -sh $cache_path | cut -f1)"
+      mkdir temp-cache
+      tar -xf $cache_path -C temp-cache
+      echo "Unzipped cache is $(du -sh temp-cache/src | cut -f1)"
+
+      if [ -d "temp-cache/src" ]; then
+        echo "Relocating Cache"
+        rm -rf src
+        mv temp-cache/src src
+      fi
+
+      if [ ! -d "src/third_party/blink" ]; then
+        echo "Cache was not correctly restored - exiting"
+        exit 1
+      fi
+
+      echo "Wiping Electron Directory"
+      rm -rf src/electron
--- a/.github/actions/restore-cache-azcopy/action.yml
+++ b/.github/actions/restore-cache-azcopy/action.yml
@@ -0,0 +1,66 @@
+name: 'Restore Cache AZCopy'
+description: 'Restores Electron src cache via AZCopy'
+runs:
+  using: "composite"
+  steps:
+  - name: Obtain SAS Key
+    continue-on-error: true
+    uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9
+    with:
+      path: |
+        sas-token
+      key: sas-key-${{ github.run_number }}-1
+  - name: Obtain SAS Key
+    continue-on-error: true
+    uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9
+    with:
+      path: |
+        sas-token
+      key: sas-key-${{ github.run_number }}-${{ github.run_attempt }}
+  - name: Download Src Cache from AKS
+    # The cache will always exist here as a result of the checkout job
+    # Either it was uploaded to Azure in the checkout job for this commit
+    # or it was uploaded in the checkout job for a previous commit.
+    uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
+    with:
+      timeout_minutes: 30
+      max_attempts: 3
+      retry_on: error
+      command: |
+        sas_token=$(cat sas-token)
+        if [ -z $sas-token ]; then
+          echo "SAS Token not found; exiting src cache download early..."
+          exit 1
+        fi
+        azcopy copy --log-level=ERROR \
+          "https://${{ env.AZURE_AKS_CACHE_STORAGE_ACCOUNT }}.file.core.windows.net/${{ env.AZURE_AKS_CACHE_SHARE_NAME }}/${{ env.CACHE_PATH }}?$sas_token" $DEPSHASH.tar
+    env:
+      AZURE_AKS_CACHE_STORAGE_ACCOUNT: f723719aa87a34622b5f7f3
+      AZURE_AKS_CACHE_SHARE_NAME: pvc-f6a4089f-b082-4bee-a3f9-c3e1c0c02d8f
+  - name: Clean SAS Key
+    shell: bash
+    run: rm -f sas-token
+  - name: Unzip and Ensure Src Cache
+    shell: bash
+    run: |
+      echo "Downloaded cache is $(du -sh $DEPSHASH.tar | cut -f1)"
+      mkdir temp-cache
+      tar -xf $DEPSHASH.tar -C temp-cache
+      echo "Unzipped cache is $(du -sh temp-cache/src | cut -f1)"
+
+      if [ -d "temp-cache/src" ]; then
+        echo "Relocating Cache"
+        rm -rf src
+        mv temp-cache/src src
+
+        echo "Deleting zip file"
+        rm -rf $DEPSHASH.tar
+      fi
+
+      if [ ! -d "src/third_party/blink" ]; then
+        echo "Cache was not correctly restored - exiting"
+        exit 1
+      fi
+
+      echo "Wiping Electron Directory"
+      rm -rf src/electron
--- a/.github/workflows/archaeologist-dig.yml
+++ b/.github/workflows/archaeologist-dig.yml
@@ -0,0 +1,61 @@
+name: Archaeologist
+
+on:
+  pull_request:
+
+jobs:
+   archaeologist-dig:
+    name: Archaeologist Dig
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Electron
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.0.2
+        with:
+          fetch-depth: 0
+      - name: Setting Up Dig Site
+        run: |
+          echo "remote: ${{ github.event.pull_request.head.repo.clone_url }}"
+          echo "sha ${{ github.event.pull_request.head.sha }}"
+          echo "base ref ${{ github.event.pull_request.base.ref }}"
+          git clone https://github.com/electron/electron.git electron          
+          cd electron
+          mkdir -p artifacts
+          git remote add fork ${{ github.event.pull_request.head.repo.clone_url }} && git fetch fork
+          git checkout  ${{ github.event.pull_request.head.sha }}
+          git merge-base origin/${{ github.event.pull_request.base.ref }} HEAD > .dig-old
+          echo  ${{ github.event.pull_request.head.sha }} > .dig-new
+          cp .dig-old artifacts
+
+      - name: Generating Types for SHA in .dig-new
+        uses: ./.github/actions/generate-types
+        with:
+          sha-file: .dig-new
+          filename: electron.new.d.ts
+      - name: Generating Types for SHA in .dig-old
+        uses: ./.github/actions/generate-types
+        with:
+          sha-file: .dig-old
+          filename: electron.old.d.ts
+      - name: Upload artifacts
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 #v4.4.0
+        with:
+          name: artifacts
+          path: electron/artifacts
+          include-hidden-files: true
+      - name: Set job output
+        run: |
+          git diff --no-index electron.old.d.ts electron.new.d.ts > patchfile || true
+          if [ -s patchfile ]; then
+            echo "Changes Detected"
+            echo "## Changes Detected" > $GITHUB_STEP_SUMMARY
+            echo "Looks like the \`electron.d.ts\` file changed." >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "\`\`\`\`\`\`diff" >> $GITHUB_STEP_SUMMARY
+            cat patchfile >> $GITHUB_STEP_SUMMARY
+            echo "\`\`\`\`\`\`" >> $GITHUB_STEP_SUMMARY    
+          else
+            echo "No Changes Detected"
+            echo "## No Changes" > $GITHUB_STEP_SUMMARY
+            echo "We couldn't see any changes in the \`electron.d.ts\` artifact" >> $GITHUB_STEP_SUMMARY
+          fi
+        working-directory: ./electron/artifacts
--- a/.github/workflows/branch-created.yml
+++ b/.github/workflows/branch-created.yml
@@ -73,7 +73,7 @@ jobs:
          org: electron
      - name: Generate Release Project Board Metadata
        if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        id: generate-project-metadata
        with:
          script: |
@@ -92,7 +92,7 @@ jobs:
            }))
      - name: Create Release Project Board
        if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: dsanders11/project-actions/copy-project@3a81985616963f32fae17d1d1b406c631f3201a1 # v1.1.0
+        uses: dsanders11/project-actions/copy-project@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
        id: create-release-board
        with:
          drafts: true
@@ -112,14 +112,14 @@ jobs:
          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
      - name: Find Previous Release Project Board
        if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: dsanders11/project-actions/find-project@3a81985616963f32fae17d1d1b406c631f3201a1 # v1.1.0
+        uses: dsanders11/project-actions/find-project@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
        id: find-prev-release-board
        with:
          title: ${{ steps.generate-project-metadata.outputs.prev-prev-major }}-x-y
          token: ${{ steps.generate-token.outputs.token }}
      - name: Close Previous Release Project Board
        if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: dsanders11/project-actions/close-project@3a81985616963f32fae17d1d1b406c631f3201a1 # v1.1.0
+        uses: dsanders11/project-actions/close-project@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
        with:
          project-number: ${{ steps.find-prev-release-board.outputs.number }}
          token: ${{ steps.generate-token.outputs.token }}
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -0,0 +1,252 @@
+name: Build
+
+on:
+  workflow_dispatch:
+    inputs:
+      build-image-sha:
+        type: string
+        description: 'SHA for electron/build image'
+        default: 'cf814a4d2501e8e843caea071a6b70a48e78b855'
+        required: true
+      skip-macos:
+        type: boolean
+        description: 'Skip macOS builds'
+        default: false
+        required: false
+      skip-linux:
+        type: boolean
+        description: 'Skip Linux builds'
+        default: false
+        required: false
+      skip-lint:
+        type: boolean
+        description: 'Skip lint check'
+        default: false
+        required: false
+  push:
+    branches:
+      - main
+      - '[1-9][0-9]-x-y'
+  pull_request:
+      
+jobs:
+  setup:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: read
+    outputs:
+        docs: ${{ steps.filter.outputs.docs }}
+        src: ${{ steps.filter.outputs.src }}
+        build-image-sha: ${{ steps.set-output.outputs.build-image-sha }}
+        docs-only: ${{ steps.set-output.outputs.docs-only }}
+    steps:
+    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.0.2
+    - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+      id: filter
+      with:
+        filters: |
+          docs:
+            - 'docs/**'
+          src:
+            - '!docs/**'
+    - name: Set Outputs for Build Image SHA & Docs Only
+      id: set-output
+      run: |
+        if [ -z "${{ inputs.build-image-sha }}" ]; then
+          echo "build-image-sha=cf814a4d2501e8e843caea071a6b70a48e78b855" >> "$GITHUB_OUTPUT"
+        else
+          echo "build-image-sha=${{ inputs.build-image-sha }}" >> "$GITHUB_OUTPUT"
+        fi
+        echo "docs-only=${{ steps.filter.outputs.docs == 'true' && steps.filter.outputs.src == 'false' }}" >> "$GITHUB_OUTPUT"
+
+  # Lint Jobs
+  lint:
+    needs: setup
+    if: ${{ !inputs.skip-lint }}
+    uses: ./.github/workflows/pipeline-electron-lint.yml
+    with:
+      container: '{"image":"ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}","options":"--user root"}'
+    secrets: inherit
+
+  # Docs Only Jobs
+  docs-only:
+    needs: setup
+    if: ${{ needs.setup.outputs.docs-only == 'true' }}
+    uses: ./.github/workflows/pipeline-electron-docs-only.yml
+    with:
+      container: '{"image":"ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}","options":"--user root"}'
+    secrets: inherit
+
+  # Checkout Jobs
+  checkout-macos:
+    needs: setup
+    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-macos}}
+    runs-on: electron-arc-linux-amd64-32core
+    container:
+      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
+      options: --user root
+      volumes:
+        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
+        - /var/run/sas:/var/run/sas
+    env:
+      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_mac=True --custom-var=host_os=mac'
+    outputs:
+      build-image-sha: ${{ needs.setup.outputs.build-image-sha }}
+    steps:
+    - name: Checkout Electron
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      with:
+        path: src/electron
+        fetch-depth: 0
+    - name: Checkout & Sync & Save
+      uses: ./src/electron/.github/actions/checkout
+      with:
+        generate-sas-token: 'true'
+
+  checkout-linux:
+    needs: setup
+    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-linux}}
+    runs-on: electron-arc-linux-amd64-32core
+    container:
+      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
+      options: --user root
+      volumes:
+        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
+        - /var/run/sas:/var/run/sas
+    env:
+      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True'
+      PATCH_UP_APP_CREDS: ${{ secrets.PATCH_UP_APP_CREDS }}
+    outputs:
+      build-image-sha: ${{ needs.setup.outputs.build-image-sha}}
+    steps:
+    - name: Checkout Electron
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      with:
+        path: src/electron
+        fetch-depth: 0
+    - name: Checkout & Sync & Save
+      uses: ./src/electron/.github/actions/checkout
+
+  # Build Jobs - These cascade into testing jobs
+  macos-x64:
+    permissions:
+      contents: read
+      issues: read
+      pull-requests: read
+    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
+    needs: checkout-macos
+    with:
+      build-runs-on: macos-14-xlarge
+      check-runs-on: macos-14
+      test-runs-on: macos-13
+      target-platform: macos
+      target-arch: x64
+      is-release: false
+      gn-build-type: testing
+      generate-symbols: false
+      upload-to-storage: '0'
+    secrets: inherit
+  
+  macos-arm64:
+    permissions:
+      contents: read
+      issues: read
+      pull-requests: read
+    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
+    needs: checkout-macos
+    with:
+      build-runs-on: macos-14-xlarge
+      check-runs-on: macos-14
+      test-runs-on: macos-14
+      target-platform: macos
+      target-arch: arm64
+      is-release: false
+      gn-build-type: testing
+      generate-symbols: false
+      upload-to-storage: '0'
+    secrets: inherit
+
+  linux-x64:
+    permissions:
+      contents: read
+      issues: read
+      pull-requests: read
+    uses: ./.github/workflows/pipeline-electron-build-and-test-and-nan.yml
+    needs: checkout-linux
+    with:
+      build-runs-on: electron-arc-linux-amd64-32core
+      check-runs-on: electron-arc-linux-amd64-8core
+      test-runs-on: electron-arc-linux-amd64-4core
+      build-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
+      test-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init"}'
+      target-platform: linux
+      target-arch: x64
+      is-release: false
+      gn-build-type: testing
+      generate-symbols: false
+      upload-to-storage: '0'
+    secrets: inherit
+
+  linux-x64-asan:
+    permissions:
+      contents: read
+      issues: read
+      pull-requests: read
+    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
+    needs: checkout-linux
+    with:
+      build-runs-on: electron-arc-linux-amd64-32core
+      check-runs-on: electron-arc-linux-amd64-8core
+      test-runs-on: electron-arc-linux-amd64-4core
+      build-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
+      test-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init"}'
+      target-platform: linux
+      target-arch: x64
+      is-release: false
+      gn-build-type: testing
+      generate-symbols: false
+      upload-to-storage: '0'
+      is-asan: true
+    secrets: inherit
+  
+  linux-arm:
+    permissions:
+      contents: read
+      issues: read
+      pull-requests: read
+    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
+    needs: checkout-linux
+    with:
+      build-runs-on: electron-arc-linux-amd64-32core
+      check-runs-on: electron-arc-linux-amd64-8core
+      test-runs-on: electron-arc-linux-arm64-4core
+      build-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
+      test-container: '{"image":"ghcr.io/electron/test:arm32v7-${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init","volumes":["/home/runner/externals:/mnt/runner-externals"]}'
+      target-platform: linux
+      target-arch: arm
+      is-release: false
+      gn-build-type: testing
+      generate-symbols: false
+      upload-to-storage: '0'
+    secrets: inherit
+  
+  linux-arm64:
+    permissions:
+      contents: read
+      issues: read
+      pull-requests: read
+    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
+    needs: checkout-linux
+    with:
+      build-runs-on: electron-arc-linux-amd64-32core
+      check-runs-on: electron-arc-linux-amd64-8core
+      test-runs-on: electron-arc-linux-arm64-4core
+      build-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
+      test-container: '{"image":"ghcr.io/electron/test:arm64v8-${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init"}'
+      target-platform: linux
+      target-arch: arm64
+      is-release: false
+      gn-build-type: testing
+      generate-symbols: false
+      upload-to-storage: '0'
+    secrets: inherit
--- a/.github/workflows/config/gclient.diff
+++ b/.github/workflows/config/gclient.diff
@@ -0,0 +1,14 @@
+diff --git a/gclient.py b/gclient.py
+index 59e2b4c5197928bdba1ef69bdbe637d7dfe471c1..b4bae5e48c83c84bd867187afaf40eed16e69851 100755
+--- a/gclient.py
+++ b/gclient.py
+@@ -783,7 +783,8 @@ class Dependency(gclient_utils.WorkItem, DependencySettings):
+                         not condition or "non_git_source" not in condition):
+                     continue
+                 cipd_root = self.GetCipdRoot()
+-                for package in dep_value.get('packages', []):
+                packages = dep_value.get('packages', [])
+                for package in (x for x in packages if "infra/3pp/tools/swift-format" not in x.get('package')):
+                     deps_to_add.append(
+                         CipdDependency(parent=self,
+                                        name=name,
--- a/.github/workflows/issue-commented.yml
+++ b/.github/workflows/issue-commented.yml
@@ -14,7 +14,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@cc6751b3b5e4edc5b9a4ad0a021ac455653b6dc8 # v1.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
        id: generate-token
        with:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
--- a/.github/workflows/issue-labeled.yml
+++ b/.github/workflows/issue-labeled.yml
@@ -8,19 +8,37 @@ permissions:  # added using https://github.com/step-security/secure-workflows
  contents: read

 jobs:
+  issue-labeled-with-status:
+    name: status/{confirmed,reviewed} label added
+    if: github.event.label.name == 'status/confirmed' || github.event.label.name == 'status/reviewed'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Generate GitHub App token
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
+        id: generate-token
+        with:
+          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
+          org: electron
+      - name: Set status
+        uses: dsanders11/project-actions/edit-item@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
+        with:
+          token: ${{ steps.generate-token.outputs.token }}
+          project-number: 90
+          field: Status
+          field-value: ✅ Triaged
  issue-labeled-blocked:
    name: blocked/* label added
    if: startsWith(github.event.label.name, 'blocked/')
    runs-on: ubuntu-latest
    steps:
      - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@cc6751b3b5e4edc5b9a4ad0a021ac455653b6dc8 # v1.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
        id: generate-token
        with:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
          org: electron
      - name: Set status
-        uses: dsanders11/project-actions/edit-item@a24415515fa60a22f71f9d9d00e36ca82660cde9 # v1.0.1
+        uses: dsanders11/project-actions/edit-item@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
        with:
          token: ${{ steps.generate-token.outputs.token }}
          project-number: 90
@@ -46,13 +64,13 @@ jobs:
          fi
      - name: Generate GitHub App token
        if: ${{ steps.check-for-comment.outputs.SHOULD_COMMENT }}
-        uses: electron/github-app-auth-action@cc6751b3b5e4edc5b9a4ad0a021ac455653b6dc8 # v1.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
        id: generate-token
        with:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
      - name: Create comment
        if: ${{ steps.check-for-comment.outputs.SHOULD_COMMENT }}
-        uses: actions-cool/issues-helper@275328970dbc3bfc3bc43f5fe741bf3638300c0a # v3.3.3
+        uses: actions-cool/issues-helper@a610082f8ac0cf03e357eb8dd0d5e2ba075e017e # v3.6.0
        with:
          actions: 'create-comment'
          token: ${{ steps.generate-token.outputs.token }}
--- a/.github/workflows/issue-opened.yml
+++ b/.github/workflows/issue-opened.yml
@@ -19,9 +19,50 @@ jobs:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
          org: electron
      - name: Add to Issue Triage
-        uses: dsanders11/project-actions/add-item@a24415515fa60a22f71f9d9d00e36ca82660cde9 # v1.0.1
+        uses: dsanders11/project-actions/add-item@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
        with:
          field: Reporter
          field-value: ${{ github.event.issue.user.login }}
          project-number: 90
          token: ${{ steps.generate-token.outputs.token }}
+  set-labels:
+    if: ${{ contains(github.event.issue.labels.*.name, 'bug :beetle:') }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Generate GitHub App token
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
+        id: generate-token
+        with:
+          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
+          org: electron
+      - run: npm install mdast-util-from-markdown@2.0.0 unist-util-select@5.1.0
+      - name: Add labels
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        env:
+          ISSUE_BODY: ${{ github.event.issue.body }}
+        with:
+          github-token: ${{ steps.generate-token.outputs.token }}
+          script: |
+            const { fromMarkdown } = await import('${{ github.workspace }}/node_modules/mdast-util-from-markdown/index.js');
+            const { select } = await import('${{ github.workspace }}/node_modules/unist-util-select/index.js');
+
+            const [ owner, repo ] = '${{ github.repository }}'.split('/');
+            const issue_number = ${{ github.event.issue.number }};
+
+            const tree = fromMarkdown(process.env.ISSUE_BODY);
+
+            const labels = [];
+
+            const gistUrl = select('heading:has(> text[value="Testcase Gist URL"]) + paragraph > text', tree)?.value.trim();
+            if (gistUrl !== undefined && gistUrl.startsWith('https://gist.github.com/')) {
+              labels.push('has-repro-gist');
+            }
+
+            if (labels.length) {
+              await github.rest.issues.addLabels({
+                owner,
+                repo,
+                issue_number,
+                labels,
+              });
+            }
--- a/.github/workflows/issue-unlabeled.yml
+++ b/.github/workflows/issue-unlabeled.yml
@@ -23,14 +23,14 @@ jobs:
          fi
      - name: Generate GitHub App token
        if: ${{ steps.check-for-blocked-labels.outputs.NOT_BLOCKED }}
-        uses: electron/github-app-auth-action@cc6751b3b5e4edc5b9a4ad0a021ac455653b6dc8 # v1.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
        id: generate-token
        with:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
          org: electron
      - name: Set status
        if: ${{ steps.check-for-blocked-labels.outputs.NOT_BLOCKED }}
-        uses: dsanders11/project-actions/edit-item@a24415515fa60a22f71f9d9d00e36ca82660cde9 # v1.0.1
+        uses: dsanders11/project-actions/edit-item@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
        with:
          token: ${{ steps.generate-token.outputs.token }}
          project-number: 90
--- a/.github/workflows/linux-publish.yml
+++ b/.github/workflows/linux-publish.yml
@@ -0,0 +1,86 @@
+name: Publish Linux
+
+on:
+  workflow_dispatch:
+    inputs:
+      build-image-sha:
+        type: string
+        description: 'SHA for electron/build image'
+        default: 'cf814a4d2501e8e843caea071a6b70a48e78b855'
+      upload-to-storage:
+        description: 'Uploads to Azure storage'
+        required: false
+        default: '1'
+        type: string
+      run-linux-publish:
+        description: 'Run the publish jobs vs just the build jobs'
+        type: boolean
+        default: false
+
+jobs:
+  checkout-linux:
+    runs-on: electron-arc-linux-amd64-32core
+    container:
+      image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
+      options: --user root
+      volumes:
+        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
+        - /var/run/sas:/var/run/sas
+    env:
+      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True'
+    steps:
+    - name: Checkout Electron
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      with:
+        path: src/electron
+        fetch-depth: 0
+    - name: Checkout & Sync & Save
+      uses: ./src/electron/.github/actions/checkout
+
+  publish-x64:
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
+    needs: checkout-linux
+    with:
+      environment: production-release
+      build-runs-on: electron-arc-linux-amd64-32core
+      build-container: '{"image":"ghcr.io/electron/build:${{ inputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
+      target-platform: linux
+      target-arch: x64
+      is-release: true
+      gn-build-type: release
+      generate-symbols: true
+      strip-binaries: true
+      upload-to-storage: ${{ inputs.upload-to-storage }}
+    secrets: inherit
+
+  publish-arm:
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
+    needs: checkout-linux
+    with:
+      environment: production-release
+      build-runs-on: electron-arc-linux-amd64-32core
+      build-container: '{"image":"ghcr.io/electron/build:${{ inputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
+      target-platform: linux
+      target-arch: arm
+      is-release: true
+      gn-build-type: release
+      generate-symbols: true
+      strip-binaries: true
+      upload-to-storage: ${{ inputs.upload-to-storage }}
+    secrets: inherit
+
+  publish-arm64:
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
+    needs: checkout-linux
+    with:
+      environment: production-release
+      build-runs-on: electron-arc-linux-amd64-32core
+      build-container: '{"image":"ghcr.io/electron/build:${{ inputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
+      target-platform: linux
+      target-arch: arm64
+      is-release: true
+      gn-build-type: release
+      generate-symbols: true
+      strip-binaries: true
+      upload-to-storage: ${{ inputs.upload-to-storage }}
+    secrets: inherit
--- a/.github/workflows/macos-publish.yml
+++ b/.github/workflows/macos-publish.yml
@@ -0,0 +1,101 @@
+name: Publish MacOS
+
+on:
+  workflow_dispatch:
+    inputs:
+      build-image-sha:
+        type: string
+        description: 'SHA for electron/build image'
+        default: 'cf814a4d2501e8e843caea071a6b70a48e78b855'
+        required: true
+      upload-to-storage:
+        description: 'Uploads to Azure storage'
+        required: false
+        default: '1'
+        type: string
+      run-macos-publish:
+        description: 'Run the publish jobs vs just the build jobs'
+        type: boolean
+        default: false
+
+jobs:
+  checkout-macos:
+    runs-on: electron-arc-linux-amd64-32core
+    container:
+      image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
+      options: --user root
+      volumes:
+        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
+        - /var/run/sas:/var/run/sas
+    env:
+      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_mac=True --custom-var=host_os=mac'
+    steps:
+    - name: Checkout Electron
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      with:
+        path: src/electron
+        fetch-depth: 0
+    - name: Checkout & Sync & Save
+      uses: ./src/electron/.github/actions/checkout
+      with:
+        generate-sas-token: 'true'
+
+  publish-x64-darwin:
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
+    needs: checkout-macos
+    with:
+      environment: production-release
+      build-runs-on: macos-14-xlarge
+      target-platform: macos
+      target-arch: x64
+      target-variant: darwin
+      is-release: true
+      gn-build-type: release
+      generate-symbols: true
+      upload-to-storage: ${{ inputs.upload-to-storage }}
+    secrets: inherit
+
+  publish-x64-mas:
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
+    needs: checkout-macos
+    with:
+      environment: production-release
+      build-runs-on: macos-14-xlarge
+      target-platform: macos
+      target-arch: x64
+      target-variant: mas
+      is-release: true
+      gn-build-type: release
+      generate-symbols: true
+      upload-to-storage: ${{ inputs.upload-to-storage }}
+    secrets: inherit
+
+  publish-arm64-darwin:
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
+    needs: checkout-macos
+    with:
+      environment: production-release
+      build-runs-on: macos-14-xlarge
+      target-platform: macos
+      target-arch: arm64
+      target-variant: darwin
+      is-release: true
+      gn-build-type: release
+      generate-symbols: true
+      upload-to-storage: ${{ inputs.upload-to-storage }}
+    secrets: inherit
+
+  publish-arm64-mas:
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
+    needs: checkout-macos
+    with:
+      environment: production-release
+      build-runs-on: macos-14-xlarge
+      target-platform: macos
+      target-arch: arm64
+      target-variant: mas
+      is-release: true
+      gn-build-type: release
+      generate-symbols: true
+      upload-to-storage: ${{ inputs.upload-to-storage }}
+    secrets: inherit
--- a/.github/workflows/pipeline-electron-build-and-test-and-nan.yml
+++ b/.github/workflows/pipeline-electron-build-and-test-and-nan.yml
@@ -0,0 +1,107 @@
+name: Electron Build & Test (+ Node + NaN) Pipeline
+
+on:
+  workflow_call:
+    inputs:
+      target-platform:
+        type: string
+        description: 'Platform to run on, can be macos or linux'
+        required: true
+      target-arch:
+        type: string
+        description: 'Arch to build for, can be x64, arm64 or arm'
+        required: true
+      build-runs-on:
+        type: string
+        description: 'What host to run the build'
+        required: true
+      check-runs-on:
+        type: string
+        description: 'What host to run the gn-check'
+        required: true
+      test-runs-on:
+        type: string
+        description: 'What host to run the tests on'
+        required: true
+      build-container:
+        type: string
+        description: 'JSON container information for aks runs-on'
+        required: false
+        default: '{"image":null}'
+      test-container:
+        type: string
+        description: 'JSON container information for testing'
+        required: false
+        default: '{"image":null}'
+      is-release:
+        description: 'Whether this build job is a release job'
+        required: true
+        type: boolean
+        default: false
+      gn-build-type:
+        description: 'The gn build type - testing or release'
+        required: true
+        type: string
+        default: testing
+      generate-symbols: 
+        description: 'Whether or not to generate symbols'
+        required: true
+        type: boolean
+        default: false
+      upload-to-storage: 
+        description: 'Whether or not to upload build artifacts to external storage'
+        required: true
+        type: string
+        default: '0'
+      is-asan: 
+        description: 'Building the Address Sanitizer (ASan) Linux build'
+        required: false
+        type: boolean
+        default: false
+
+concurrency:
+  group: electron-build-and-test-and-nan-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !endsWith(github.ref, '-x-y') }}
+
+jobs:
+  build:
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
+    with:
+      build-runs-on: ${{ inputs.build-runs-on }}
+      build-container: ${{ inputs.build-container }}
+      target-platform: ${{ inputs.target-platform }}
+      target-arch: ${{ inputs.target-arch }}
+      is-release: ${{ inputs.is-release }}
+      gn-build-type: ${{ inputs.gn-build-type }}
+      generate-symbols: ${{ inputs.generate-symbols }}
+      upload-to-storage: ${{ inputs.upload-to-storage }}
+    secrets: inherit
+  gn-check:
+    uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
+    with:
+      target-platform: ${{ inputs.target-platform }}
+      target-arch: ${{ inputs.target-arch }}
+      check-runs-on: ${{ inputs.check-runs-on }}
+      check-container: ${{ inputs.build-container }}
+      gn-build-type: ${{ inputs.gn-build-type }}
+      is-asan: ${{ inputs.is-asan }}
+    secrets: inherit
+  test:
+    uses: ./.github/workflows/pipeline-segment-electron-test.yml
+    needs: build
+    with:
+      target-arch: ${{ inputs.target-arch }}
+      target-platform: ${{ inputs.target-platform }}
+      test-runs-on: ${{ inputs.test-runs-on }}
+      test-container: ${{ inputs.test-container }}
+    secrets: inherit
+  nn-test:
+    uses: ./.github/workflows/pipeline-segment-node-nan-test.yml
+    needs: build
+    with:
+      target-arch: ${{ inputs.target-arch }}
+      target-platform: ${{ inputs.target-platform }}
+      test-runs-on: ${{ inputs.test-runs-on }}
+      test-container: ${{ inputs.test-container }}
+      gn-build-type: ${{ inputs.gn-build-type }}
+    secrets: inherit
--- a/.github/workflows/pipeline-electron-build-and-test.yml
+++ b/.github/workflows/pipeline-electron-build-and-test.yml
@@ -0,0 +1,104 @@
+name: Electron Build & Test Pipeline
+
+on:
+  workflow_call:
+    inputs:
+      target-platform:
+        type: string
+        description: 'Platform to run on, can be macos or linux'
+        required: true
+      target-arch:
+        type: string
+        description: 'Arch to build for, can be x64, arm64 or arm'
+        required: true
+      build-runs-on:
+        type: string
+        description: 'What host to run the build'
+        required: true
+      check-runs-on:
+        type: string
+        description: 'What host to run the gn-check'
+        required: true
+      test-runs-on:
+        type: string
+        description: 'What host to run the tests on'
+        required: true
+      build-container:
+        type: string
+        description: 'JSON container information for aks runs-on'
+        required: false
+        default: '{"image":null}'
+      test-container:
+        type: string
+        description: 'JSON container information for testing'
+        required: false
+        default: '{"image":null}'
+      is-release:
+        description: 'Whether this build job is a release job'
+        required: true
+        type: boolean
+        default: false
+      gn-build-type:
+        description: 'The gn build type - testing or release'
+        required: true
+        type: string
+        default: testing
+      generate-symbols: 
+        description: 'Whether or not to generate symbols'
+        required: true
+        type: boolean
+        default: false
+      upload-to-storage: 
+        description: 'Whether or not to upload build artifacts to external storage'
+        required: true
+        type: string
+        default: '0'
+      is-asan: 
+        description: 'Building the Address Sanitizer (ASan) Linux build'
+        required: false
+        type: boolean
+        default: false
+
+concurrency:
+  group: electron-build-and-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !endsWith(github.ref, '-x-y') }}
+
+permissions:
+  contents: read
+  issues: read
+  pull-requests: read  
+
+jobs:
+  build:
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
+    with:
+      build-runs-on: ${{ inputs.build-runs-on }}
+      build-container: ${{ inputs.build-container }}
+      target-platform: ${{ inputs.target-platform }}
+      target-arch: ${{ inputs.target-arch }}
+      is-release: ${{ inputs.is-release }}
+      gn-build-type: ${{ inputs.gn-build-type }}
+      generate-symbols: ${{ inputs.generate-symbols }}
+      upload-to-storage: ${{ inputs.upload-to-storage }}
+      is-asan: ${{ inputs.is-asan}}
+    secrets: inherit
+  gn-check:
+    uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
+    with:
+      target-platform: ${{ inputs.target-platform }}
+      target-arch: ${{ inputs.target-arch }}
+      check-runs-on: ${{ inputs.check-runs-on }}
+      check-container: ${{ inputs.build-container }}
+      gn-build-type: ${{ inputs.gn-build-type }}
+      is-asan: ${{ inputs.is-asan }}
+    secrets: inherit
+  test:
+    uses: ./.github/workflows/pipeline-segment-electron-test.yml
+    needs: build
+    with:
+      target-arch: ${{ inputs.target-arch }}
+      target-platform: ${{ inputs.target-platform }}
+      test-runs-on: ${{ inputs.test-runs-on }}
+      test-container: ${{ inputs.test-container }}
+      is-asan: ${{ inputs.is-asan}}
+    secrets: inherit
--- a/.github/workflows/pipeline-electron-docs-only.yml
+++ b/.github/workflows/pipeline-electron-docs-only.yml
@@ -0,0 +1,43 @@
+name: Electron Docs Compile
+
+on:
+  workflow_call:
+    inputs:
+      container:
+        required: true
+        description: 'Container to run the docs-only ts compile in'
+        type: string
+
+concurrency:
+  group: electron-docs-only-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  docs-only:
+    name: Docs Only Compile
+    runs-on: electron-arc-linux-amd64-4core
+    timeout-minutes: 20
+    container: ${{ fromJSON(inputs.container) }}
+    steps:
+    - name: Checkout Electron
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      with:
+        path: src/electron
+        fetch-depth: 0
+    - name: Install Dependencies
+      run: |
+        cd src/electron
+        node script/yarn install --frozen-lockfile
+    - name: Run TS/JS compile
+      shell: bash
+      run: |
+        cd src/electron
+        node script/yarn create-typescript-definitions
+        node script/yarn tsc -p tsconfig.default_app.json --noEmit
+        for f in build/webpack/*.js
+        do
+            out="${f:29}"
+            if [ "$out" != "base.js" ]; then
+            node script/yarn webpack --config $f --output-filename=$out --output-path=./.tmp --env mode=development
+            fi
+        done
--- a/.github/workflows/pipeline-electron-lint.yml
+++ b/.github/workflows/pipeline-electron-lint.yml
@@ -0,0 +1,77 @@
+name: Electron Lint
+
+on:
+  workflow_call:
+    inputs:
+      container:
+        required: true
+        description: 'Container to run lint in'
+        type: string
+
+concurrency:
+  group: electron-lint-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !endsWith(github.ref, '-x-y') }}
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: electron-arc-linux-amd64-4core
+    timeout-minutes: 20
+    container: ${{ fromJSON(inputs.container) }}
+    steps:
+    - name: Checkout Electron
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      with:
+        path: src/electron
+        fetch-depth: 0
+    - name: Install Dependencies
+      run: |
+        cd src/electron
+        node script/yarn install --frozen-lockfile
+    - name: Setup third_party Depot Tools
+      shell: bash
+      run: |
+        # "depot_tools" has to be checkout into "//third_party/depot_tools" so pylint.py can a "pylintrc" file.
+        git clone https://chromium.googlesource.com/chromium/tools/depot_tools.git src/third_party/depot_tools
+        echo "$(pwd)/src/third_party/depot_tools" >> $GITHUB_PATH
+    - name: Download GN Binary
+      shell: bash
+      run: |
+        chromium_revision="$(grep -A1 chromium_version src/electron/DEPS | tr -d '\n' | cut -d\' -f4)"
+        gn_version="$(curl -sL "https://chromium.googlesource.com/chromium/src/+/${chromium_revision}/DEPS?format=TEXT" | base64 -d | grep gn_version | head -n1 | cut -d\' -f4)"
+
+        cipd ensure -ensure-file - -root . <<-CIPD
+        \$ServiceURL https://chrome-infra-packages.appspot.com/
+        @Subdir src/buildtools/linux64
+        gn/gn/linux-amd64 $gn_version
+        CIPD
+
+        buildtools_path="$(pwd)/src/buildtools"
+        echo "CHROMIUM_BUILDTOOLS_PATH=$buildtools_path" >> $GITHUB_ENV
+    - name: Download clang-format Binary
+      shell: bash
+      run: |
+        chromium_revision="$(grep -A1 chromium_version src/electron/DEPS | tr -d '\n' | cut -d\' -f4)"
+
+        mkdir -p src/buildtools
+        curl -sL "https://chromium.googlesource.com/chromium/src/+/${chromium_revision}/buildtools/DEPS?format=TEXT" | base64 -d > src/buildtools/DEPS
+
+        gclient sync --spec="solutions=[{'name':'src/buildtools','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':True},'managed':False}]"
+    - name: Run Lint
+      shell: bash
+      run: |
+        # gn.py tries to find a gclient root folder starting from the current dir.
+        # When it fails and returns "None" path, the whole script fails. Let's "fix" it.
+        touch .gclient
+        # Another option would be to checkout "buildtools" inside the Electron checkout,
+        # but then we would lint its contents (at least gn format), and it doesn't pass it.
+
+        cd src/electron
+        node script/yarn install --frozen-lockfile
+        node script/yarn lint
+    - name: Run Script Typechecker
+      shell: bash
+      run: |
+        cd src/electron
+        node script/yarn tsc -p tsconfig.script.json
+    
--- a/.github/workflows/pipeline-segment-electron-build.yml
+++ b/.github/workflows/pipeline-segment-electron-build.yml
@@ -0,0 +1,214 @@
+name: Pipeline Segment - Electron Build
+
+on:
+  workflow_call:
+    inputs:
+      environment:
+        description: using the production or testing environment
+        required: false
+        type: string
+      target-platform:
+        type: string
+        description: 'Platform to run on, can be macos or linux'
+        required: true
+      target-arch:
+        type: string
+        description: 'Arch to build for, can be x64, arm64 or arm'
+        required: true
+      target-variant:
+        type: string
+        description: 'Variant to build for, no effect on non-macOS target platforms. Can be darwin, mas or all.'
+        default: all
+      build-runs-on:
+        type: string
+        description: 'What host to run the build'
+        required: true
+      build-container:
+        type: string
+        description: 'JSON container information for aks runs-on'
+        required: false
+        default: '{"image":null}'
+      is-release:
+        description: 'Whether this build job is a release job'
+        required: true
+        type: boolean
+        default: false
+      gn-build-type:
+        description: 'The gn build type - testing or release'
+        required: true
+        type: string
+        default: testing
+      generate-symbols: 
+        description: 'Whether or not to generate symbols'
+        required: true
+        type: boolean
+        default: false
+      upload-to-storage: 
+        description: 'Whether or not to upload build artifacts to external storage'
+        required: true
+        type: string
+        default: '0'
+      strip-binaries: 
+        description: 'Strip the binaries before release (Linux only)'
+        required: false
+        type: boolean
+        default: false
+      is-asan: 
+        description: 'Building the Address Sanitizer (ASan) Linux build'
+        required: false
+        type: boolean
+        default: false
+
+
+concurrency:
+  group: electron-build-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ inputs.target-variant }}-${{ inputs.is-asan }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !endsWith(github.ref, '-x-y') }}
+
+env:
+  ELECTRON_ARTIFACTS_BLOB_STORAGE: ${{ secrets.ELECTRON_ARTIFACTS_BLOB_STORAGE }}
+  ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
+  SUDOWOODO_EXCHANGE_URL: ${{ secrets.SUDOWOODO_EXCHANGE_URL }}
+  SUDOWOODO_EXCHANGE_TOKEN: ${{ secrets.SUDOWOODO_EXCHANGE_TOKEN }}
+  GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' && '--custom-var=checkout_mac=True --custom-var=host_os=mac' || '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' }}
+  ELECTRON_OUT_DIR: Default
+
+jobs:
+  build:
+    runs-on: ${{ inputs.build-runs-on }}
+    container: ${{ fromJSON(inputs.build-container) }}
+    environment: ${{ inputs.environment }}
+    env:
+      TARGET_ARCH: ${{ inputs.target-arch }}
+    steps:
+    - name: Create src dir
+      run: mkdir src
+    - name: Checkout Electron
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      with:
+        path: src/electron
+        fetch-depth: 0
+    - name: Free up space (macOS)
+      if: ${{ inputs.target-platform == 'macos' }}
+      uses: ./src/electron/.github/actions/free-space-macos
+    - name: Check disk space after freeing up space
+      if: ${{ inputs.target-platform == 'macos' }}
+      run: df -h
+    - name: Setup Node.js/npm
+      if: ${{ inputs.target-platform == 'macos' }}
+      uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6
+      with:
+        node-version: 20.11.x
+        cache: yarn
+        cache-dependency-path: src/electron/yarn.lock
+    - name: Install Dependencies
+      run: |
+        cd src/electron
+        node script/yarn install --frozen-lockfile
+    - name: Install AZCopy
+      if: ${{ inputs.target-platform == 'macos' }}
+      run: brew install azcopy
+    - name: Set GN_EXTRA_ARGS for Linux
+      if: ${{ inputs.target-platform == 'linux' }}
+      run: |
+        if [ "${{ inputs.target-arch  }}" = "arm" ]; then
+          if [ "${{ inputs.is-release  }}" = true ]; then
+            GN_EXTRA_ARGS='target_cpu="arm" build_tflite_with_xnnpack=false symbol_level=1'
+          else
+            GN_EXTRA_ARGS='target_cpu="arm" build_tflite_with_xnnpack=false'
+          fi
+        elif [ "${{ inputs.target-arch }}" = "arm64" ]; then
+          GN_EXTRA_ARGS='target_cpu="arm64" fatal_linker_warnings=false enable_linux_installer=false'
+        elif [ "${{ inputs.is-asan }}" = true ]; then
+          GN_EXTRA_ARGS='is_asan=true'
+        fi
+        echo "GN_EXTRA_ARGS=$GN_EXTRA_ARGS" >> $GITHUB_ENV
+    - name: Get Depot Tools
+      timeout-minutes: 5
+      run: |
+        git clone --depth=1 https://chromium.googlesource.com/chromium/tools/depot_tools.git
+
+        SEDOPTION="-i"
+        if [ "`uname`" = "Darwin" ]; then
+          SEDOPTION="-i ''"
+        fi
+
+        # remove ninjalog_uploader_wrapper.py from autoninja since we don't use it and it causes problems
+        sed $SEDOPTION '/ninjalog_uploader_wrapper.py/d' ./depot_tools/autoninja
+
+        # Ensure depot_tools does not update.
+        test -d depot_tools && cd depot_tools
+        if [ "`uname`" = "Linux" ]; then
+          git apply --3way ../src/electron/.github/workflows/config/gclient.diff
+        fi
+        touch .disable_auto_update
+    - name: Add Depot Tools to PATH
+      run: echo "$(pwd)/depot_tools" >> $GITHUB_PATH
+    - name: Generate DEPS Hash
+      run: |
+        node src/electron/script/generate-deps-hash.js && cat src/electron/.depshash-target
+        DEPSHASH=v1-src-cache-$(shasum src/electron/.depshash | cut -f1 -d' ')
+        echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
+        echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
+    - name: Restore src cache via AZCopy
+      if: ${{ inputs.target-platform == 'macos' }}
+      uses: ./src/electron/.github/actions/restore-cache-azcopy
+    - name: Restore src cache via AKS
+      if: ${{ inputs.target-platform == 'linux' }}
+      uses: ./src/electron/.github/actions/restore-cache-aks
+    - name: Checkout Electron
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      with:
+        path: src/electron
+        fetch-depth: 0
+    - name: Install Build Tools
+      uses: ./src/electron/.github/actions/install-build-tools
+    - name: Init Build Tools
+      run: |
+        e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }} --import ${{ inputs.gn-build-type }} --target-cpu ${{ inputs.target-arch }}
+    - name: Run Electron Only Hooks
+      run: |
+        gclient runhooks --spec="solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False},'managed':False}]"
+    - name: Regenerate DEPS Hash
+      run: |
+        (cd src/electron && git checkout .) && node src/electron/script/generate-deps-hash.js && cat src/electron/.depshash-target
+        echo "DEPSHASH=$(shasum src/electron/.depshash | cut -f1 -d' ')" >> $GITHUB_ENV
+    - name: Add CHROMIUM_BUILDTOOLS_PATH to env
+      run: echo "CHROMIUM_BUILDTOOLS_PATH=$(pwd)/src/buildtools" >> $GITHUB_ENV
+    - name: Fix Sync (macOS)
+      if: ${{ inputs.target-platform == 'macos' }}
+      uses: ./src/electron/.github/actions/fix-sync-macos
+    - name: Setup Number of Ninja Processes
+      run: |
+        echo "NUMBER_OF_NINJA_PROCESSES=${{ inputs.target-platform == 'linux' && '300' || '200' }}" >> $GITHUB_ENV
+    - name: Free up space (macOS)
+      if: ${{ inputs.target-platform == 'macos' }}
+      uses: ./src/electron/.github/actions/free-space-macos
+    - name: Build Electron
+      if: ${{ inputs.target-platform != 'macos' || (inputs.target-variant == 'all' || inputs.target-variant == 'darwin') }}
+      uses: ./src/electron/.github/actions/build-electron
+      with:
+        target-arch: ${{ inputs.target-arch }}
+        target-platform: ${{ inputs.target-platform }}
+        artifact-platform: ${{ inputs.target-platform == 'linux' && 'linux' || 'darwin' }}
+        is-release: '${{ inputs.is-release }}'
+        generate-symbols: '${{ inputs.generate-symbols }}'
+        strip-binaries: '${{ inputs.strip-binaries }}'
+        upload-to-storage: '${{ inputs.upload-to-storage }}'
+        is-asan: '${{ inputs.is-asan }}'
+    - name: Set GN_EXTRA_ARGS for MAS Build
+      if: ${{ inputs.target-platform == 'macos' && (inputs.target-variant == 'all' || inputs.target-variant == 'mas') }}
+      run: |
+        echo "MAS_BUILD=true" >> $GITHUB_ENV
+        GN_EXTRA_ARGS='is_mas_build=true'
+        echo "GN_EXTRA_ARGS=$GN_EXTRA_ARGS" >> $GITHUB_ENV
+    - name: Build Electron (MAS)
+      if: ${{ inputs.target-platform == 'macos' && (inputs.target-variant == 'all' || inputs.target-variant == 'mas') }}
+      uses: ./src/electron/.github/actions/build-electron
+      with:
+        target-arch: ${{ inputs.target-arch }}
+        target-platform: ${{ inputs.target-platform }}
+        artifact-platform: 'mas'
+        is-release: '${{ inputs.is-release }}'
+        generate-symbols: '${{ inputs.generate-symbols }}'
+        upload-to-storage: '${{ inputs.upload-to-storage }}'
+        step-suffix: '(mas)'
--- a/.github/workflows/pipeline-segment-electron-gn-check.yml
+++ b/.github/workflows/pipeline-segment-electron-gn-check.yml
@@ -0,0 +1,158 @@
+name: Pipeline Segment - Electron GN Check
+
+on:
+  workflow_call:
+    inputs:
+      target-platform:
+        type: string
+        description: 'Platform to run on, can be macos or linux'
+        required: true
+      target-arch:
+        type: string
+        description: 'Arch to build for, can be x64, arm64 or arm'
+        required: true
+      check-runs-on:
+        type: string
+        description: 'What host to run the tests on'
+        required: true
+      check-container:
+        type: string
+        description: 'JSON container information for aks runs-on'
+        required: false
+        default: '{"image":null}'
+      gn-build-type:
+        description: 'The gn build type - testing or release'
+        required: true
+        type: string
+        default: testing
+      is-asan: 
+        description: 'Building the Address Sanitizer (ASan) Linux build'
+        required: false
+        type: boolean
+        default: false
+
+concurrency:
+  group: electron-gn-check-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ inputs.is-asan }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
+  GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' && '--custom-var=checkout_mac=True --custom-var=host_os=mac' || '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' }}
+  ELECTRON_OUT_DIR: Default
+  TARGET_ARCH: ${{ inputs.target-arch }}
+
+jobs:
+  gn-check:
+    # TODO(codebytere): Change this to medium VM
+    runs-on: ${{ inputs.check-runs-on }}
+    container: ${{ fromJSON(inputs.check-container) }}
+    env:
+      TARGET_ARCH: ${{ inputs.target-arch }}
+    steps:
+    - name: Checkout Electron
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      with:
+        path: src/electron
+        fetch-depth: 0
+    - name: Cleanup disk space on macOS
+      if: ${{ inputs.target-platform == 'macos' }}
+      shell: bash
+      run: |   
+        sudo mkdir -p $TMPDIR/del-target
+
+        tmpify() {
+          if [ -d "$1" ]; then
+            sudo mv "$1" $TMPDIR/del-target/$(echo $1|shasum -a 256|head -n1|cut -d " " -f1)
+          fi
+        }   
+        tmpify /Library/Developer/CoreSimulator
+        tmpify ~/Library/Developer/CoreSimulator
+        sudo rm -rf $TMPDIR/del-target
+    - name: Check disk space after freeing up space
+      if: ${{ inputs.target-platform == 'macos' }}
+      run: df -h        
+    - name: Install Build Tools
+      uses: ./src/electron/.github/actions/install-build-tools
+    - name: Init Build Tools
+      run: |
+        e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }} --import ${{ inputs.gn-build-type }} --target-cpu ${{ inputs.target-arch }}
+    - name: Get Depot Tools
+      timeout-minutes: 5
+      run: |
+        git clone --depth=1 https://chromium.googlesource.com/chromium/tools/depot_tools.git
+
+        SEDOPTION="-i"
+        if [ "`uname`" = "Darwin" ]; then
+          SEDOPTION="-i ''"
+        fi
+
+        # remove ninjalog_uploader_wrapper.py from autoninja since we don't use it and it causes problems
+        sed $SEDOPTION '/ninjalog_uploader_wrapper.py/d' ./depot_tools/autoninja
+
+        # Ensure depot_tools does not update.
+        test -d depot_tools && cd depot_tools
+        if [ "`uname`" = "Linux" ]; then
+          git apply --3way ../src/electron/.github/workflows/config/gclient.diff
+        fi
+        touch .disable_auto_update
+    - name: Add Depot Tools to PATH
+      run: echo "$(pwd)/depot_tools" >> $GITHUB_PATH
+    - name: Set GN_EXTRA_ARGS for Linux
+      if: ${{ inputs.target-platform == 'linux' }}
+      run: |
+        if [ "${{ inputs.target-arch  }}" = "arm" ]; then
+          GN_EXTRA_ARGS='build_tflite_with_xnnpack=false'
+        elif [ "${{ inputs.target-arch }}" = "arm64" ]; then
+          GN_EXTRA_ARGS='fatal_linker_warnings=false enable_linux_installer=false'
+        fi
+        echo "GN_EXTRA_ARGS=$GN_EXTRA_ARGS" >> $GITHUB_ENV
+    - name: Generate DEPS Hash
+      run: |
+        node src/electron/script/generate-deps-hash.js && cat src/electron/.depshash-target
+        DEPSHASH=v1-src-cache-$(shasum src/electron/.depshash | cut -f1 -d' ')
+        echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
+        echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
+    - name: Restore src cache via AZCopy
+      if: ${{ inputs.target-platform == 'macos' }}
+      uses: ./src/electron/.github/actions/restore-cache-azcopy
+    - name: Restore src cache via AKS
+      if: ${{ inputs.target-platform == 'linux' }}
+      uses: ./src/electron/.github/actions/restore-cache-aks
+    - name: Run Electron Only Hooks
+      run: |
+        gclient runhooks --spec="solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False},'managed':False}]"
+    - name: Regenerate DEPS Hash
+      run: |
+        (cd src/electron && git checkout .) && node src/electron/script/generate-deps-hash.js && cat src/electron/.depshash-target
+        echo "DEPSHASH=$(shasum src/electron/.depshash | cut -f1 -d' ')" >> $GITHUB_ENV
+    - name: Add CHROMIUM_BUILDTOOLS_PATH to env
+      run: echo "CHROMIUM_BUILDTOOLS_PATH=$(pwd)/src/buildtools" >> $GITHUB_ENV
+    - name: Checkout Electron
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      with:
+        path: src/electron
+        fetch-depth: 0
+    - name: Default GN gen
+      run: |
+        cd src/electron
+        git pack-refs
+        cd ..
+
+        e build --only-gen
+    - name: Run GN Check
+      run: |
+        cd src
+        gn check out/Default //electron:electron_lib
+        gn check out/Default //electron:electron_app
+        gn check out/Default //electron/shell/common/api:mojo
+
+        # Check the hunspell filenames
+        node electron/script/gen-hunspell-filenames.js --check
+        node electron/script/gen-libc++-filenames.js --check
+    - name: Wait for active SSH sessions
+      if: always() && !cancelled()
+      run: |
+        while [ -f /var/.ssh-lock ]
+        do
+          sleep 60
+        done
--- a/.github/workflows/pipeline-segment-electron-test.yml
+++ b/.github/workflows/pipeline-segment-electron-test.yml
@@ -0,0 +1,211 @@
+name: Pipeline Segment - Electron Test
+
+on:
+  workflow_call:
+    inputs:
+      target-platform:
+        type: string
+        description: 'Platform to run on, can be macos or linux'
+        required: true
+      target-arch:
+        type: string
+        description: 'Arch to build for, can be x64, arm64 or arm'
+        required: true
+      test-runs-on:
+        type: string
+        description: 'What host to run the tests on'
+        required: true
+      test-container:
+        type: string
+        description: 'JSON container information for aks runs-on'
+        required: false
+        default: '{"image":null}'
+      is-asan: 
+        description: 'Building the Address Sanitizer (ASan) Linux build'
+        required: false
+        type: boolean
+        default: false
+
+concurrency:
+  group: electron-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ inputs.is-asan }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !endsWith(github.ref, '-x-y') }}
+
+permissions:
+  contents: read
+  issues: read
+  pull-requests: read
+
+env:
+  ELECTRON_OUT_DIR: Default
+  ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
+
+jobs:
+  test:
+    runs-on: ${{ inputs.test-runs-on }}
+    container: ${{ fromJSON(inputs.test-container) }}
+    strategy:
+      fail-fast: false
+      matrix:
+        build-type: ${{ inputs.target-platform == 'macos' && fromJSON('["darwin","mas"]') || fromJSON('["linux"]') }}
+        shard: ${{ inputs.target-platform == 'macos' && fromJSON('[1, 2]') || fromJSON('[1, 2, 3]') }}
+    env:
+      BUILD_TYPE: ${{ matrix.build-type }}
+      TARGET_ARCH: ${{ inputs.target-arch }}
+      ARTIFACT_KEY: ${{ matrix.build-type }}_${{ inputs.target-arch }}
+    steps:
+    - name: Fix node20 on arm32 runners
+      if: ${{ inputs.target-arch == 'arm' }}
+      run: |
+        cp $(which node) /mnt/runner-externals/node20/bin/
+    - name: Add TCC permissions on macOS
+      if: ${{ inputs.target-platform == 'macos' }}
+      run: |
+        configure_user_tccdb () {
+          local values=$1
+          local dbPath="$HOME/Library/Application Support/com.apple.TCC/TCC.db"
+          local sqlQuery="INSERT OR REPLACE INTO access VALUES($values);"
+          sqlite3 "$dbPath" "$sqlQuery"
+        }
+
+        configure_sys_tccdb () {
+          local values=$1
+          local dbPath="/Library/Application Support/com.apple.TCC/TCC.db"
+          local sqlQuery="INSERT OR REPLACE INTO access VALUES($values);"
+          sudo sqlite3 "$dbPath" "$sqlQuery"
+        }
+
+        userValuesArray=(
+            "'kTCCServiceMicrophone','/usr/local/opt/runner/provisioner/provisioner',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159"
+            "'kTCCServiceCamera','/usr/local/opt/runner/provisioner/provisioner',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159"
+            "'kTCCServiceBluetoothAlways','/usr/local/opt/runner/provisioner/provisioner',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159"
+        )
+        for values in "${userValuesArray[@]}"; do
+          # Sonoma and higher have a few extra values
+          # Ref: https://github.com/actions/runner-images/blob/main/images/macos/scripts/build/configure-tccdb-macos.sh
+          if [ "$OSTYPE" = "darwin23" ]; then
+            configure_user_tccdb "$values,NULL,NULL,'UNUSED',${values##*,}"
+            configure_sys_tccdb "$values,NULL,NULL,'UNUSED',${values##*,}"
+          else
+            configure_user_tccdb "$values"
+            configure_sys_tccdb "$values"
+          fi
+        done
+    - name: Checkout Electron
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      with:
+        path: src/electron
+        fetch-depth: 0
+    - name: Install Dependencies
+      run: |
+        cd src/electron
+        node script/yarn install --frozen-lockfile
+    - name: Get Depot Tools
+      timeout-minutes: 5
+      run: |
+        git clone --depth=1 https://chromium.googlesource.com/chromium/tools/depot_tools.git
+        if [ "`uname`" = "Darwin" ]; then
+          # remove ninjalog_uploader_wrapper.py from autoninja since we don't use it and it causes problems
+          sed -i '' '/ninjalog_uploader_wrapper.py/d' ./depot_tools/autoninja
+        else
+          sed -i '/ninjalog_uploader_wrapper.py/d' ./depot_tools/autoninja
+          # Remove swift-format dep from cipd on macOS until we send a patch upstream.
+          cd depot_tools
+          git apply --3way ../src/electron/.github/workflows/config/gclient.diff
+        fi
+        # Ensure depot_tools does not update.
+        test -d depot_tools && cd depot_tools
+        touch .disable_auto_update
+    - name: Add Depot Tools to PATH
+      run: echo "$(pwd)/depot_tools" >> $GITHUB_PATH
+    - name: Load ASan specific environment variables
+      if: ${{ inputs.is-asan == true }}
+      run: |
+        echo "ARTIFACT_KEY=${{ matrix.build-type }}_${{ inputs.target-arch }}_asan" >> $GITHUB_ENV
+        echo "DISABLE_CRASH_REPORTER_TESTS=true" >> $GITHUB_ENV
+        echo "IS_ASAN=true" >> $GITHUB_ENV
+    - name: Download Generated Artifacts
+      uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
+      with:
+        name: generated_artifacts_${{ env.ARTIFACT_KEY }}
+        path: ./generated_artifacts_${{ matrix.build-type }}_${{ inputs.target-arch }}
+    - name: Download Src Artifacts
+      uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
+      with:
+        name: src_artifacts_${{ env.ARTIFACT_KEY }}
+        path: ./src_artifacts_${{ matrix.build-type }}_${{ inputs.target-arch }}
+    - name: Restore Generated Artifacts
+      run: ./src/electron/script/actions/restore-artifacts.sh
+    - name: Unzip Dist, Mksnapshot & Chromedriver
+      run: |
+        cd src/out/Default
+        unzip -:o dist.zip
+        unzip -:o chromedriver.zip
+        unzip -:o mksnapshot.zip
+    - name: Import & Trust Self-Signed Codesigning Cert on MacOS
+      if: ${{ inputs.target-platform == 'macos' && inputs.target-arch == 'x64' }}
+      run: |
+        sudo security authorizationdb write com.apple.trust-settings.admin allow
+        cd src/electron
+        ./script/codesign/generate-identity.sh
+    - name: Install Datadog CLI
+      run: |
+        cd src/electron
+        node script/yarn global add @datadog/datadog-ci
+    - name: Run Electron Tests
+      shell: bash
+      env:
+        MOCHA_REPORTER: mocha-multi-reporters
+        MOCHA_MULTI_REPORTERS: mocha-junit-reporter, tap
+        ELECTRON_DISABLE_SECURITY_WARNINGS: 1
+        ELECTRON_SKIP_NATIVE_MODULE_TESTS: true
+        DISPLAY: ':99.0'
+      run: |
+        cd src/electron
+        export ELECTRON_TEST_RESULTS_DIR=`pwd`/junit
+        # Get which tests are on this shard
+        tests_files=$(node script/split-tests ${{ matrix.shard }} ${{ inputs.target-platform == 'macos' && 2 || 3 }})
+
+        # Run tests
+        if [ "`uname`" = "Darwin" ]; then
+          echo "About to start tests"
+          node script/yarn test --runners=main --trace-uncaught --enable-logging --files $tests_files
+        else
+          chown :builduser .. && chmod g+w ..
+          chown -R :builduser . && chmod -R g+w .
+          chmod 4755 ../out/Default/chrome-sandbox
+          runuser -u builduser -- git config --global --add safe.directory $(pwd)
+          if [ "${{ inputs.is-asan }}" == "true" ]; then
+            cd ..
+            ASAN_SYMBOLIZE="$PWD/tools/valgrind/asan/asan_symbolize.py --executable-path=$PWD/out/Default/electron"
+            export ASAN_OPTIONS="symbolize=0 handle_abort=1"
+            export G_SLICE=always-malloc
+            export NSS_DISABLE_ARENA_FREE_LIST=1
+            export NSS_DISABLE_UNLOAD=1
+            export LLVM_SYMBOLIZER_PATH=$PWD/third_party/llvm-build/Release+Asserts/bin/llvm-symbolizer
+            export MOCHA_TIMEOUT=180000
+            echo "Piping output to ASAN_SYMBOLIZE ($ASAN_SYMBOLIZE)"
+            cd electron
+            runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn test --runners=main --trace-uncaught --enable-logging --files $tests_files | $ASAN_SYMBOLIZE
+          else
+            runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn test --runners=main --trace-uncaught --enable-logging --files $tests_files
+          fi
+        fi
+    - name: Upload Test results to Datadog
+      env:
+        DD_ENV: ci
+        DD_SERVICE: electron
+        DD_API_KEY: ${{ secrets.DD_API_KEY }}
+        DD_CIVISIBILITY_LOGS_ENABLED: true
+        DD_TAGS: "os.architecture:${{ inputs.target-arch }},os.family:${{ inputs.target-platform }},os.platform:${{ inputs.target-platform }},asan:${{ inputs.is-asan }}"
+      run: |
+        if ! [ -z $DD_API_KEY ]; then
+          datadog-ci junit upload src/electron/junit/test-results-main.xml
+        fi          
+      if: always() && !cancelled()
+    - name: Wait for active SSH sessions
+      if: always() && !cancelled()
+      run: |
+        while [ -f /var/.ssh-lock ]
+        do
+          sleep 60
+        done
--- a/.github/workflows/pipeline-segment-node-nan-test.yml
+++ b/.github/workflows/pipeline-segment-node-nan-test.yml
@@ -0,0 +1,165 @@
+name: Pipeline Segment - Node/Nan Test
+
+on:
+  workflow_call:
+    inputs:
+      target-platform:
+        type: string
+        description: 'Platform to run on, can be macos or linux'
+        required: true
+      target-arch:
+        type: string
+        description: 'Arch to build for, can be x64, arm64 or arm'
+        required: true
+      test-runs-on:
+        type: string
+        description: 'What host to run the tests on'
+        required: true
+      test-container:
+        type: string
+        description: 'JSON container information for aks runs-on'
+        required: false
+        default: '{"image":null}'
+      gn-build-type:
+        description: 'The gn build type - testing or release'
+        required: true
+        type: string
+        default: testing
+
+concurrency:
+  group: electron-node-nan-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !endsWith(github.ref, '-x-y') }}
+
+env:
+  ELECTRON_OUT_DIR: Default
+  ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
+
+jobs:
+  node-tests:
+    name: Run Node.js Tests
+    runs-on: electron-arc-linux-amd64-8core
+    timeout-minutes: 20
+    env: 
+      TARGET_ARCH: ${{ inputs.target-arch }}
+      BUILD_TYPE: linux
+    container: ${{ fromJSON(inputs.test-container) }}
+    steps:
+    - name: Checkout Electron
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      with:
+        path: src/electron
+        fetch-depth: 0
+    - name: Install Build Tools
+      uses: ./src/electron/.github/actions/install-build-tools
+    - name: Init Build Tools
+      run: |
+        e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }} --import ${{ inputs.gn-build-type }} --target-cpu ${{ inputs.target-arch }}
+    - name: Install Dependencies
+      run: |
+        cd src/electron
+        node script/yarn install --frozen-lockfile
+    - name: Get Depot Tools
+      timeout-minutes: 5
+      run: |
+        git clone --depth=1 https://chromium.googlesource.com/chromium/tools/depot_tools.git
+        sed -i '/ninjalog_uploader_wrapper.py/d' ./depot_tools/autoninja
+        cd depot_tools
+        git apply --3way ../src/electron/.github/workflows/config/gclient.diff
+        # Ensure depot_tools does not update.
+        test -d depot_tools && cd depot_tools
+        touch .disable_auto_update
+    - name: Add Depot Tools to PATH
+      run: echo "$(pwd)/depot_tools" >> $GITHUB_PATH
+    - name: Download Generated Artifacts
+      uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
+      with:
+        name: generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
+        path: ./generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
+    - name: Download Src Artifacts
+      uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
+      with:
+        name: src_artifacts_linux_${{ env.TARGET_ARCH }}
+        path: ./src_artifacts_linux_${{ env.TARGET_ARCH }}
+    - name: Restore Generated Artifacts
+      run: ./src/electron/script/actions/restore-artifacts.sh
+    - name: Unzip Dist
+      run: |
+        cd src/out/Default
+        unzip -:o dist.zip
+    - name: Setup Linux for Headless Testing
+      run: sh -e /etc/init.d/xvfb start
+    - name: Run Node.js Tests
+      run: |
+        cd src
+        node electron/script/node-spec-runner.js --default --jUnitDir=junit
+    - name: Wait for active SSH sessions
+      if: always() && !cancelled()
+      run: |
+        while [ -f /var/.ssh-lock ]
+        do
+          sleep 60
+        done
+  nan-tests:
+    name: Run Nan Tests
+    runs-on: electron-arc-linux-amd64-4core
+    timeout-minutes: 20
+    env: 
+      TARGET_ARCH: ${{ inputs.target-arch }}
+      BUILD_TYPE: linux
+    container: ${{ fromJSON(inputs.test-container) }}
+    steps:
+    - name: Checkout Electron
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      with:
+        path: src/electron
+        fetch-depth: 0
+    - name: Install Build Tools
+      uses: ./src/electron/.github/actions/install-build-tools
+    - name: Init Build Tools
+      run: |
+        e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }}
+    - name: Install Dependencies
+      run: |
+        cd src/electron
+        node script/yarn install --frozen-lockfile
+    - name: Get Depot Tools
+      timeout-minutes: 5
+      run: |
+        git clone --depth=1 https://chromium.googlesource.com/chromium/tools/depot_tools.git
+        sed -i '/ninjalog_uploader_wrapper.py/d' ./depot_tools/autoninja
+        cd depot_tools
+        git apply --3way ../src/electron/.github/workflows/config/gclient.diff
+        # Ensure depot_tools does not update.
+        test -d depot_tools && cd depot_tools
+        touch .disable_auto_update
+    - name: Add Depot Tools to PATH
+      run: echo "$(pwd)/depot_tools" >> $GITHUB_PATH
+    - name: Download Generated Artifacts
+      uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
+      with:
+        name: generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
+        path: ./generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
+    - name: Download Src Artifacts
+      uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
+      with:
+        name: src_artifacts_linux_${{ env.TARGET_ARCH }}
+        path: ./src_artifacts_linux_${{ env.TARGET_ARCH }}
+    - name: Restore Generated Artifacts
+      run: ./src/electron/script/actions/restore-artifacts.sh
+    - name: Unzip Dist
+      run: |
+        cd src/out/Default
+        unzip -:o dist.zip
+    - name: Setup Linux for Headless Testing
+      run: sh -e /etc/init.d/xvfb start
+    - name: Run Node.js Tests
+      run: |
+        cd src
+        node electron/script/nan-spec-runner.js
+    - name: Wait for active SSH sessions
+      if: always() && !cancelled()
+      run: |
+        while [ -f /var/.ssh-lock ]
+        do
+          sleep 60
+        done
--- a/.github/workflows/pull-request-labeled.yml
+++ b/.github/workflows/pull-request-labeled.yml
@@ -13,7 +13,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Trigger Slack workflow
-        uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0
+        uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0
        with:
          payload: |
            {
@@ -27,13 +27,13 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@cc6751b3b5e4edc5b9a4ad0a021ac455653b6dc8 # v1.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
        id: generate-token
        with:
          creds: ${{ secrets.RELEASE_BOARD_GH_APP_CREDS }}
          org: electron
      - name: Set status
-        uses: dsanders11/project-actions/edit-item@a24415515fa60a22f71f9d9d00e36ca82660cde9 # v1.0.1
+        uses: dsanders11/project-actions/edit-item@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
        with:
          token: ${{ steps.generate-token.outputs.token }}
          project-number: 94
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -22,12 +22,13 @@ jobs:

    steps:
      - name: "Checkout code"
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3.1.0
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          persist-credentials: false

+      # This is a pre-submit / pre-release.
      - name: "Run analysis"
-        uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # tag=v2.1.2
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
        with:
          results_file: results.sarif
          results_format: sarif
@@ -41,7 +42,7 @@ jobs:
      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
      # format to the repository Actions tab.
      - name: "Upload artifact"
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # tag=v3.1.2
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
        with:
          name: SARIF file
          path: results.sarif
@@ -49,6 +50,6 @@ jobs:

      # Upload the results to GitHub's code scanning dashboard.
      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # tag=v2.1.27
+        uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
        with:
          sarif_file: results.sarif
--- a/.github/workflows/semantic.yml
+++ b/.github/workflows/semantic.yml
@@ -19,7 +19,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: semantic-pull-request
-        uses: amannn/action-semantic-pull-request@01d5fd8a8ebb9aafe902c40c53f0f4744f7381eb # tag: v5
+        uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
--- a/.github/workflows/stable-prep-items.yml
+++ b/.github/workflows/stable-prep-items.yml
@@ -27,7 +27,7 @@ jobs:
          PROJECT_NUMBER=$(gh project list --owner electron --format json | jq -r '.projects | map(select(.title | test("^[0-9]+-x-y$"))) | max_by(.number) | .number')
          echo "PROJECT_NUMBER=$PROJECT_NUMBER" >> "$GITHUB_OUTPUT"
      - name: Update Completed Stable Prep Items
-        uses: dsanders11/project-actions/completed-by@a24415515fa60a22f71f9d9d00e36ca82660cde9 # v1.0.1
+        uses: dsanders11/project-actions/completed-by@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
        with:
          field: Prep Status
          field-value: ✅ Complete
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -12,11 +12,11 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@cc6751b3b5e4edc5b9a4ad0a021ac455653b6dc8 # v1.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
        id: generate-token
        with:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
-      - uses: actions/stale@5ebf00ea0e4c1561e9b43a292ed34424fb1d4578 # tag: v6.0.1
+      - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # tag: v9.0.0
        with:
          repo-token: ${{ steps.generate-token.outputs.token }}
          days-before-stale: 90
@@ -35,11 +35,11 @@ jobs:
    needs: stale
    steps:
      - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@cc6751b3b5e4edc5b9a4ad0a021ac455653b6dc8 # v1.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
        id: generate-token
        with:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
-      - uses: actions/stale@5ebf00ea0e4c1561e9b43a292ed34424fb1d4578 # tag: v6.0.1
+      - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # tag: v9.0.0
        with:
          repo-token: ${{ steps.generate-token.outputs.token }}
          days-before-stale: -1
--- a/.github/workflows/update_appveyor_image.yml
+++ b/.github/workflows/update_appveyor_image.yml
@@ -6,22 +6,23 @@ on:
  schedule:
    - cron: '0 8 * * 1-5' # runs 8:00 every business day (see https://crontab.guru)

-permissions:
-  contents: write
-  pull-requests: write
+permissions: {}

 jobs:
  bake-appveyor-image:
    name: Bake AppVeyor Image
-    permissions:
-      contents: write
-      pull-requests: write  # to create a new PR with updated Appveyor images
    runs-on: ubuntu-latest
    steps:
+    - name: Generate GitHub App token
+      uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
+      id: generate-token
+      with:
+        creds: ${{ secrets.APPVEYOR_UPDATER_GH_APP_CREDS }}
    - name: Checkout
-      uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      with:
        fetch-depth: 0
+        token: ${{ steps.generate-token.outputs.token }}
    - name: Yarn install
      run: |
        node script/yarn.js install --frozen-lockfile
@@ -38,7 +39,7 @@ jobs:
        fi
    - name: (Optionally) Update Appveyor Image
      if: ${{ env.APPVEYOR_IMAGE_VERSION }}
-      uses: mikefarah/yq@1c7dc0e88aad311c89889bc5ce5d8f96931a1bd0 # v4.27.2
+      uses: mikefarah/yq@bbdd97482f2d439126582a59689eb1c855944955 # v4.44.3
      with:
        cmd: |
          yq '.image = "${{ env.APPVEYOR_IMAGE_VERSION }}"' "appveyor.yml" > "appveyor2.yml"
@@ -49,26 +50,24 @@ jobs:
        diff -w -B appveyor.yml appveyor2.yml > appveyor.diff || true
        patch -f appveyor.yml < appveyor.diff
        rm appveyor2.yml appveyor.diff
+        git add appveyor.yml
    - name: (Optionally) Generate Commit Diff for WOA
      if: ${{ env.APPVEYOR_IMAGE_VERSION }}
      run: |
        diff -w -B appveyor-woa.yml appveyor-woa2.yml > appveyor-woa.diff || true
        patch -f appveyor-woa.yml < appveyor-woa.diff
        rm appveyor-woa2.yml appveyor-woa.diff
-    - name: (Optionally) Commit and Pull Request
+        git add appveyor-woa.yml
+    - name: (Optionally) Commit to Branch
      if: ${{ env.APPVEYOR_IMAGE_VERSION }}
-      uses: peter-evans/create-pull-request@2b011faafdcbc9ceb11414d64d0573f37c774b04 # v4.2.3
+      uses: dsanders11/github-app-commit-action@43de6da2f4d927e997c0784c7a0b61bd19ad6aac # v1.5.0
      with:
-        token: ${{ secrets.GITHUB_TOKEN }}
-        commit-message: 'build: update appveyor image to latest version'
-        committer: GitHub <noreply@github.com>
-        author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
-        signoff: false
-        branch: bump-appveyor-image
-        delete-branch: true
-        reviewers: electron/wg-releases
-        title: 'build: update appveyor image to latest version'
-        labels: semver/none,no-backport
-        body: |
-          This PR updates appveyor.yml to the latest baked image, ${{ env.APPVEYOR_IMAGE_VERSION }}.
-          Notes: none
+        message: 'build: update appveyor image to latest version'
+        ref: bump-appveyor-image
+        token: ${{ steps.generate-token.outputs.token }}
+    - name: (Optionally) Create Pull Request
+      if: ${{ env.APPVEYOR_IMAGE_VERSION }}
+      run: |
+        printf "This PR updates appveyor.yml to the latest baked image, ${{ env.APPVEYOR_IMAGE_VERSION }}.\n\nNotes: none" | gh pr create --head bump-appveyor-image --label no-backport --label semver/none --title 'build: update appveyor image to latest version' --body-file=-
+      env:
+        GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
--- a/.markdownlint.json
+++ b/.markdownlint.json
@@ -1,3 +1,17 @@
 {
-  "extends": "@electron/lint-roller/configs/markdownlint.json"
+  "extends": "@electron/lint-roller/configs/markdownlint.json",
+  "no-angle-brackets": true,
+  "no-inline-html": {
+    "allowed_elements": [
+      "br",
+      "details",
+      "img",
+      "li",
+      "summary",
+      "ul",
+      "unknown",
+      "Tabs",
+      "TabItem",
+    ]
+  }
 }
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -75,24 +75,17 @@ if (is_linux) {
      "notify_notification_set_image_from_pixbuf",
      "notify_notification_set_timeout",
      "notify_notification_set_urgency",
-      "notify_notification_set_hint_string",
+      "notify_notification_set_hint",
      "notify_notification_show",
      "notify_notification_close",
    ]
  }

-  # Generates electron_gtk_stubs.h header which contains
-  # stubs for extracting function ptrs from the gtk library.
-  # Function signatures for which stubs are required should be
-  # declared in electron_gtk.sigs, currently this file contains
-  # signatures for the functions used with native file chooser
-  # implementation. In future, this file can be extended to contain
-  # gtk4 stubs to switch gtk version in runtime.
+  # Generates headers which contain stubs for extracting function ptrs
+  # from the gtk library. Function signatures for which stubs are
+  # required should be declared in the sig files.
  generate_stubs("electron_gtk_stubs") {
-    sigs = [
-      "shell/browser/ui/electron_gdk_pixbuf.sigs",
-      "shell/browser/ui/electron_gtk.sigs",
-    ]
+    sigs = [ "shell/browser/ui/electron_gdk_pixbuf.sigs" ]
    extra_header = "shell/browser/ui/electron_gtk.fragment"
    output_name = "electron_gtk_stubs"
    public_deps = [ "//ui/gtk:gtk_config" ]
@@ -475,6 +468,7 @@ source_set("electron_lib") {
    "//net:extras",
    "//net:net_resources",
    "//printing/buildflags",
+    "//services/device/public/cpp/bluetooth:bluetooth",
    "//services/device/public/cpp/geolocation",
    "//services/device/public/cpp/hid",
    "//services/device/public/mojom",
@@ -502,6 +496,7 @@ source_set("electron_lib") {
    "//ui/native_theme",
    "//ui/shell_dialogs",
    "//ui/views",
+    "//ui/views/controls/webview",
    "//v8",
    "//v8:v8_libplatform",
  ]
@@ -637,7 +632,6 @@ source_set("electron_lib") {
      "//ui/gtk:gtk_config",
      "//ui/linux:linux_ui",
      "//ui/linux:linux_ui_factory",
-      "//ui/views/controls/webview",
      "//ui/wm",
    ]
    if (ozone_platform_x11) {
@@ -664,9 +658,9 @@ source_set("electron_lib") {
    libs += [ "dwmapi.lib" ]
    sources += [ "shell/common/asar/archive_win.cc" ]
    deps += [
+      "//components/app_launch_prefetch",
      "//components/crash/core/app:crash_export_thunks",
      "//ui/native_theme:native_theme_browser",
-      "//ui/views/controls/webview",
      "//ui/wm",
      "//ui/wm/public",
    ]
@@ -700,6 +694,8 @@ source_set("electron_lib") {
    sources += [
      "shell/browser/printing/print_view_manager_electron.cc",
      "shell/browser/printing/print_view_manager_electron.h",
+      "shell/browser/printing/printing_utils.cc",
+      "shell/browser/printing/printing_utils.h",
      "shell/renderer/printing/print_render_frame_helper_delegate.cc",
      "shell/renderer/printing/print_render_frame_helper_delegate.h",
    ]
@@ -744,9 +740,11 @@ source_set("electron_lib") {
      "//chrome/browser/resources/pdf:resources",
      "//components/pdf/browser",
      "//components/pdf/browser:interceptors",
-      "//components/pdf/common",
+      "//components/pdf/common:constants",
+      "//components/pdf/common:util",
      "//components/pdf/renderer",
      "//pdf",
+      "//pdf:content_restriction",
    ]
    sources += [
      "shell/browser/electron_pdf_document_helper_client.cc",
@@ -856,7 +854,7 @@ if (is_mac) {
    if (is_asan) {
      # crashpad_handler requires the ASan runtime at its @executable_path.
      sources += [ "$root_out_dir/libclang_rt.asan_osx_dynamic.dylib" ]
-      public_deps += [ "//build/config/sanitizers:copy_asan_runtime" ]
+      public_deps += [ "//build/config/sanitizers:copy_sanitizer_runtime" ]
    }
  }

@@ -1464,8 +1462,10 @@ dist_zip("hunspell_dictionaries_zip") {
 }

 copy("libcxx_headers") {
-  sources = libcxx_headers + libcxx_licenses +
-            [ "//buildtools/third_party/libc++/__config_site" ]
+  sources = libcxx_headers + libcxx_licenses + [
+              "//buildtools/third_party/libc++/__assertion_handler",
+              "//buildtools/third_party/libc++/__config_site",
+            ]
  outputs = [ "$target_gen_dir/electron_libcxx_include/{{source_root_relative_dir}}/{{source_file_part}}" ]
 }

--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -125,8 +125,8 @@ This Code of Conduct is adapted from the [Contributor Covenant][homepage],
 version 2.0, available at
 https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.

-Community Impact Guidelines were inspired by [Mozilla's code of conduct
-enforcement ladder](https://github.com/mozilla/diversity).
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/inclusion).

 [homepage]: https://www.contributor-covenant.org

--- a/55
+++ b/55
@@ -2,9 +2,9 @@ gclient_gn_args_from = 'src'

 vars = {
  'chromium_version':
-    '123.0.6272.0',
+    '126.0.6478.234',
  'node_version':
-    'v20.11.0',
+    'v20.18.0',
  'nan_version':
    'e14bdcd1f72d62bca1d541b66da43130384ec213',
  'squirrel.mac_version':
@@ -48,6 +48,9 @@ vars = {
  # It's only needed to parse the native tests configurations.
  'checkout_pyyaml': False,

+  # Can be used to disable the sysroot hooks.
+  'install_sysroot': True,
+
  'use_rts': False,

  'mac_xcode_version': 'default',
@@ -161,6 +164,54 @@ hooks = [
      'import os, subprocess; os.chdir(os.path.join("src", "electron")); subprocess.check_call(["python3", "script/lib/npx.py", "yarn@' + (Var("yarn_version")) + '", "install", "--frozen-lockfile"]);',
    ],
  },
+  {
+    'name': 'sysroot_arm',
+    'pattern': '.',
+    'condition': 'install_sysroot and checkout_linux and checkout_arm',
+    'action': ['python3', 'src/build/linux/sysroot_scripts/install-sysroot.py',
+               '--sysroots-json-path=' + Var('sysroots_json_path'),
+               '--arch=arm'],
+  },
+  {
+    'name': 'sysroot_arm64',
+    'pattern': '.',
+    'condition': 'install_sysroot and checkout_linux and checkout_arm64',
+    'action': ['python3', 'src/build/linux/sysroot_scripts/install-sysroot.py',
+               '--sysroots-json-path=' + Var('sysroots_json_path'),
+               '--arch=arm64'],
+  },
+  {
+    'name': 'sysroot_x86',
+    'pattern': '.',
+    'condition': 'install_sysroot and checkout_linux and (checkout_x86 or checkout_x64)',
+    'action': ['python3', 'src/build/linux/sysroot_scripts/install-sysroot.py',
+               '--sysroots-json-path=' + Var('sysroots_json_path'),
+               '--arch=x86'],
+  },
+  {
+    'name': 'sysroot_mips',
+    'pattern': '.',
+    'condition': 'install_sysroot and checkout_linux and checkout_mips',
+    'action': ['python3', 'src/build/linux/sysroot_scripts/install-sysroot.py',
+               '--sysroots-json-path=' + Var('sysroots_json_path'),
+               '--arch=mips'],
+  },
+  {
+    'name': 'sysroot_mips64',
+    'pattern': '.',
+    'condition': 'install_sysroot and checkout_linux and checkout_mips64',
+    'action': ['python3', 'src/build/linux/sysroot_scripts/install-sysroot.py',
+               '--sysroots-json-path=' + Var('sysroots_json_path'),
+               '--arch=mips64el'],
+  },
+  {
+    'name': 'sysroot_x64',
+    'pattern': '.',
+    'condition': 'install_sysroot and checkout_linux and checkout_x64',
+    'action': ['python3', 'src/build/linux/sysroot_scripts/install-sysroot.py',
+               '--sysroots-json-path=' + Var('sysroots_json_path'),
+               '--arch=x64'],
+  },
 ]

 recursedeps = [
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 [![Electron Logo](https://electronjs.org/images/electron-logo.svg)](https://electronjs.org)

-[![CircleCI Build Status](https://circleci.com/gh/electron/electron/tree/main.svg?style=shield)](https://circleci.com/gh/electron/electron/tree/main)
+[![GitHub Actions Build Status](https://github.com/electron/electron/actions/workflows/build.yml/badge.svg)](https://github.com/electron/electron/actions/workflows/build.yml)
 [![AppVeyor Build Status](https://ci.appveyor.com/api/projects/status/4lggi9dpjc1qob7k/branch/main?svg=true)](https://ci.appveyor.com/project/electron-bot/electron-ljo26/branch/main)
 [![Electron Discord Invite](https://img.shields.io/discord/745037351163527189?color=%237289DA&label=chat&logo=discord&logoColor=white)](https://discord.gg/electronjs)

@@ -9,8 +9,8 @@ View these docs in other languages on our [Crowdin](https://crowdin.com/project/

 The Electron framework lets you write cross-platform desktop applications
 using JavaScript, HTML and CSS. It is based on [Node.js](https://nodejs.org/) and
-[Chromium](https://www.chromium.org) and is used by the [Visual Studio
-Code](https://github.com/Microsoft/vscode/) and many other [apps](https://electronjs.org/apps).
+[Chromium](https://www.chromium.org) and is used by the
+[Visual Studio Code](https://github.com/Microsoft/vscode/) and many other [apps](https://electronjs.org/apps).

 Follow [@electronjs](https://twitter.com/electronjs) on Twitter for important
 announcements.
@@ -112,4 +112,4 @@ and more can be found on the [Community page](https://www.electronjs.org/communi

 [MIT](https://github.com/electron/electron/blob/main/LICENSE)

-When using Electron logos, make sure to follow [OpenJS Foundation Trademark Policy](https://openjsf.org/wp-content/uploads/sites/84/2021/01/OpenJS-Foundation-Trademark-Policy-2021-01-12.docx.pdf).
+When using Electron logos, make sure to follow [OpenJS Foundation Trademark Policy](https://trademark-policy.openjsf.org/).
--- a/appveyor-woa.yml
+++ b/appveyor-woa.yml
@@ -29,17 +29,17 @@

 version: 1.0.{build}
 build_cloud: electronhq-16-core
-image: e-123.0.6264.0
+image: e-131.0.6734.0
 environment:
  GIT_CACHE_PATH: C:\Users\appveyor\libcc_cache
  ELECTRON_OUT_DIR: Default
  ELECTRON_ENABLE_STACK_DUMPING: 1
  ELECTRON_ALSO_LOG_TO_STDERR: 1
  MOCHA_REPORTER: mocha-multi-reporters
-  MOCHA_MULTI_REPORTERS: "@marshallofsound/mocha-appveyor-reporter, tap"
+  MOCHA_MULTI_REPORTERS: "@marshallofsound/mocha-appveyor-reporter, mocha-junit-reporter, tap"
  DEPOT_TOOLS_WIN_TOOLCHAIN: 1
  DEPOT_TOOLS_WIN_TOOLCHAIN_BASE_URL: "https://dev-cdn.electronjs.org/windows-toolchains/_"
-  GYP_MSVS_HASH_27370823e7: 28622d16b1
+  GYP_MSVS_HASH_7393122652: 3ba76c5c20
  PYTHONIOENCODING: UTF-8

  matrix:
@@ -70,8 +70,9 @@ for:
        - job_name: Build Arm on X64 Windows

    build_script:
+      # TODO: Remove --ignore-engines once WOA image is up to node 20
      - ps: |
-          node script/yarn.js install --frozen-lockfile
+          node script/yarn.js install --frozen-lockfile --ignore-engines
          node script/doc-only-change.js --prNumber=$env:APPVEYOR_PULL_REQUEST_NUMBER
          $env:SHOULD_SKIP_ARTIFACT_VALIDATION = "false"
          if ($LASTEXITCODE -eq 0) {
@@ -95,6 +96,8 @@ for:
      - git clone --depth=1 https://chromium.googlesource.com/chromium/tools/depot_tools.git
      - ps: New-Item -Name depot_tools\.disable_auto_update -ItemType File
      - depot_tools\bootstrap\win_tools.bat
+      - ps: |
+          Set-Content -Path $pwd\depot_tools\build_telemetry.cfg -Value '{"user": "info@electronjs.org", "status": "opt-out", "countdown": 10, "version": 1}'
      - ps: $env:PATH="$pwd\depot_tools;$env:PATH"
      - ps: >-
          if (Test-Path -Path "$pwd\src\electron") {
@@ -106,7 +109,7 @@ for:
      - mkdir third_party
      - ps: >-
          node -e "require('./src/utils/reclient.js').downloadAndPrepare({})"
-      - ps: $env:RECLIENT_HELPER = node -p "require('./src/utils/reclient.js').helperPath"
+      - ps: $env:RECLIENT_HELPER = node -p "require('./src/utils/reclient.js').helperPath({})"
      - ps: >-
          & $env:RECLIENT_HELPER login
      - ps: >-
@@ -115,6 +118,11 @@ for:
          $env:RBE_experimental_credentials_helper = $env:RECLIENT_HELPER
      - ps: >-
          $env:RBE_experimental_credentials_helper_args = "print"
+      - ps: >-
+          if ($env:ELECTRON_RBE_JWT -eq '') {
+            $env:RBE_fail_early_min_action_count = "0"
+            $env:RBE_fail_early_min_fallback_ratio = "0"
+          }
      - cd ..\..
      - ps: $env:CHROMIUM_BUILDTOOLS_PATH="$pwd\src\buildtools"
      - ps: >-
@@ -141,7 +149,7 @@ for:
      - gn check out/Default //electron:electron_lib
      - gn check out/Default //electron:electron_app
      - gn check out/Default //electron/shell/common/api:mojo
-      - if DEFINED ELECTRON_RBE_JWT (autoninja -j 300 -C out/Default electron:electron_app) else (autoninja -C out/Default electron:electron_app)
+      - autoninja -j 300 -C out/Default electron:electron_app
      - if "%GN_CONFIG%"=="testing" ( python C:\depot_tools\post_build_ninja_summary.py -C out\Default )
      - gn gen out/ffmpeg "--args=import(\"//electron/build/args/ffmpeg.gn\") use_remoteexec=true %GN_EXTRA_ARGS%"
      - autoninja -C out/ffmpeg electron:electron_ffmpeg_zip
@@ -166,8 +174,8 @@ for:
          if ($env:GN_CONFIG -eq 'release') {
            # Needed for msdia140.dll on 64-bit windows
            $env:Path += ";$pwd\third_party\llvm-build\Release+Asserts\bin"
-            autoninja -C out/Default electron:electron_symbols
          }
+      - if "%GN_CONFIG%"=="release" ( autoninja -C out/Default electron:electron_symbols )
      - ps: >-
          if ($env:GN_CONFIG -eq 'release') {
            python3 electron\script\zip-symbols.py
@@ -247,14 +255,18 @@ for:

    environment:
        IGNORE_YARN_INSTALL_ERROR: 1
-        ELECTRON_TEST_RESULTS_DIR: junit
-        MOCHA_MULTI_REPORTERS: 'mocha-junit-reporter, tap'
+        ELECTRON_TEST_RESULTS_DIR: C:\projects\src\electron\junit
+        MOCHA_MULTI_REPORTERS: "@marshallofsound/mocha-appveyor-reporter, mocha-junit-reporter, tap"
        MOCHA_REPORTER: mocha-multi-reporters
        ELECTRON_SKIP_NATIVE_MODULE_TESTS: true
+        DD_ENV: ci
+        DD_SERVICE: electron
+        DD_CIVISIBILITY_LOGS_ENABLED: true
+        DD_GIT_REPOSITORY_URL: "https://github.com/electron/electron.git"

    build_script:
      - ps: |
-          node script/yarn.js install --frozen-lockfile
+          node script/yarn.js install --frozen-lockfile --ignore-engines
          node script/doc-only-change.js --prNumber=$env:APPVEYOR_PULL_REQUEST_NUMBER
          if ($LASTEXITCODE -eq 0) {
            Write-warning "Skipping build for doc only change"
@@ -262,6 +274,7 @@ for:
          } else {
            $global:LASTEXITCODE = 0
          }
+      - ps: Invoke-WebRequest -Uri "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_win-x64" -OutFile "C:\projects\src\electron\datadog-ci.exe"
      - cd ..
      - mkdir out\Default
      - cd ..
@@ -317,4 +330,13 @@ for:
    on_finish:
      # Uncomment these lines to enable RDP
      # - ps: $blockRdp = $true; iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
-      - if exist electron\electron.log ( appveyor-retry appveyor PushArtifact electron\electron.log )
+      - if exist electron\junit\test-results-main.xml ( appveyor-retry appveyor PushArtifact electron\junit\test-results-main.xml )
+      - ps: |
+          if ($env:DD_API_KEY) {
+            $env:DD_GIT_COMMIT_SHA = $env:APPVEYOR_REPO_COMMIT
+            $env:DD_GIT_BRANCH = $env:APPVEYOR_PULL_REQUEST_HEAD_REPO_BRANCH
+            $env:DD_TAGS = "os.architecture:$env:TARGET_ARCH,os.family:windows,os.platform:win32"
+            if (Test-Path -Path "C:\projects\src\electron\junit\test-results-main.xml") {
+              C:\projects\src\electron\datadog-ci.exe junit upload --verbose C:\projects\src\electron\junit\test-results-main.xml
+            }
+          }
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -29,17 +29,17 @@

 version: 1.0.{build}
 build_cloud: electronhq-16-core
-image: e-123.0.6264.0
+image: e-131.0.6734.0
 environment:
  GIT_CACHE_PATH: C:\Users\appveyor\libcc_cache
  ELECTRON_OUT_DIR: Default
  ELECTRON_ENABLE_STACK_DUMPING: 1
  ELECTRON_ALSO_LOG_TO_STDERR: 1
  MOCHA_REPORTER: mocha-multi-reporters
-  MOCHA_MULTI_REPORTERS: "@marshallofsound/mocha-appveyor-reporter, tap"
+  MOCHA_MULTI_REPORTERS: "@marshallofsound/mocha-appveyor-reporter, mocha-junit-reporter, tap"
  DEPOT_TOOLS_WIN_TOOLCHAIN: 1
  DEPOT_TOOLS_WIN_TOOLCHAIN_BASE_URL: "https://dev-cdn.electronjs.org/windows-toolchains/_"
-  GYP_MSVS_HASH_27370823e7: 28622d16b1
+  GYP_MSVS_HASH_7393122652: 3ba76c5c20
  PYTHONIOENCODING: UTF-8

  matrix:
@@ -93,6 +93,8 @@ for:
      - git clone --depth=1 https://chromium.googlesource.com/chromium/tools/depot_tools.git
      - ps: New-Item -Name depot_tools\.disable_auto_update -ItemType File
      - depot_tools\bootstrap\win_tools.bat
+      - ps: |
+          Set-Content -Path $pwd\depot_tools\build_telemetry.cfg -Value '{"user": "info@electronjs.org", "status": "opt-out", "countdown": 10, "version": 1}'
      - ps: $env:PATH="$pwd\depot_tools;$env:PATH"
      - ps: >-
          if (Test-Path -Path "$pwd\src\electron") {
@@ -104,7 +106,7 @@ for:
      - mkdir third_party
      - ps: >-
          node -e "require('./src/utils/reclient.js').downloadAndPrepare({})"
-      - ps: $env:RECLIENT_HELPER = node -p "require('./src/utils/reclient.js').helperPath"
+      - ps: $env:RECLIENT_HELPER = node -p "require('./src/utils/reclient.js').helperPath({})"
      - ps: >-
          & $env:RECLIENT_HELPER login
      - ps: >-
@@ -113,6 +115,11 @@ for:
          $env:RBE_experimental_credentials_helper = $env:RECLIENT_HELPER
      - ps: >-
          $env:RBE_experimental_credentials_helper_args = "print"
+      - ps: >-
+          if ($env:ELECTRON_RBE_JWT -eq '') {
+            $env:RBE_fail_early_min_action_count = "0"
+            $env:RBE_fail_early_min_fallback_ratio = "0"
+          }
      - cd ..\..
      - ps: $env:CHROMIUM_BUILDTOOLS_PATH="$pwd\src\buildtools"
      - ps: >-
@@ -139,7 +146,7 @@ for:
      - gn check out/Default //electron:electron_lib
      - gn check out/Default //electron:electron_app
      - gn check out/Default //electron/shell/common/api:mojo
-      - if DEFINED ELECTRON_RBE_JWT (autoninja -j 300 -C out/Default electron:electron_app) else (autoninja -C out/Default electron:electron_app)
+      - autoninja -j 300 -C out/Default electron:electron_app
      - if "%GN_CONFIG%"=="testing" ( python C:\depot_tools\post_build_ninja_summary.py -C out\Default )
      - gn gen out/ffmpeg "--args=import(\"//electron/build/args/ffmpeg.gn\") use_remoteexec=true %GN_EXTRA_ARGS%"
      - autoninja -C out/ffmpeg electron:electron_ffmpeg_zip
@@ -163,8 +170,8 @@ for:
          if ($env:GN_CONFIG -eq 'release') {
            # Needed for msdia140.dll on 64-bit windows
            $env:Path += ";$pwd\third_party\llvm-build\Release+Asserts\bin"
-            autoninja -C out/Default electron:electron_symbols
          }
+      - if "%GN_CONFIG%"=="release" ( autoninja -C out/Default electron:electron_symbols )
      - ps: >-
          if ($env:GN_CONFIG -eq 'release') {
            python3 electron\script\zip-symbols.py
@@ -238,6 +245,13 @@ for:
      only:
        - job_name: Test

+    environment:
+        DD_ENV: ci
+        DD_SERVICE: electron
+        DD_CIVISIBILITY_LOGS_ENABLED: true
+        DD_GIT_REPOSITORY_URL: "https://github.com/electron/electron.git"
+        ELECTRON_TEST_RESULTS_DIR: C:\projects\src\electron\junit
+
    init:
      - ps: |
          if ($env:RUN_TESTS -ne 'true') {
@@ -253,6 +267,7 @@ for:
          } else {
            $global:LASTEXITCODE = 0
          }
+      - npm install -g @datadog/datadog-ci
      - cd ..
      - mkdir out\Default
      - cd ..
@@ -298,7 +313,7 @@ for:
          if ($env:TARGET_ARCH -eq 'ia32') {
            $env:npm_config_arch = "ia32"
          }
-      - echo Running main test suite & node script/yarn test -- --trace-uncaught --runners=main --enable-logging=file --log-file=%cd%\electron.log
+      - echo Running main test suite & node script/yarn test -- --trace-uncaught --runners=main --enable-logging
      - cd ..
      - echo Verifying non proprietary ffmpeg & python electron\script\verify-ffmpeg.py --build-dir out\Default --source-root %cd% --ffmpeg-path out\ffmpeg
      - echo "About to verify mksnapshot"
@@ -310,4 +325,13 @@ for:
    on_finish:
      # Uncomment these lines to enable RDP
      # - ps: $blockRdp = $true; iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
-      - if exist electron\electron.log ( appveyor-retry appveyor PushArtifact electron\electron.log )
+      - if exist electron\junit\test-results-main.xml ( appveyor-retry appveyor PushArtifact electron\junit\test-results-main.xml )
+      - ps: |
+          if ($env:RUN_TESTS -eq 'true' -And $env:DD_API_KEY) {
+            $env:DD_GIT_COMMIT_SHA = $env:APPVEYOR_REPO_COMMIT
+            $env:DD_GIT_BRANCH = $env:APPVEYOR_PULL_REQUEST_HEAD_REPO_BRANCH
+            $env:DD_TAGS = "os.architecture:$env:TARGET_ARCH,os.family:windows,os.platform:win32"
+            if (Test-Path -Path "C:\projects\src\electron\junit\test-results-main.xml") {
+              C:\Users\appveyor\AppData\Roaming\npm\datadog-ci.ps1 junit upload --verbose C:\projects\src\electron\junit\test-results-main.xml
+            }
+          }
--- a/build/args/all.gn
+++ b/build/args/all.gn
@@ -2,7 +2,7 @@ is_electron_build = true
 root_extra_deps = [ "//electron" ]

 # Registry of NMVs --> https://github.com/nodejs/node/blob/main/doc/abi_version_registry.json
-node_module_version = 121
+node_module_version = 125

 v8_promise_internal_field_count = 1
 v8_embedder_string = "-electron.0"
@@ -50,16 +50,13 @@ is_cfi = false
 # TODO: fix this once sysroots have been updated.
 use_qt = false

-# https://chromium-review.googlesource.com/c/chromium/src/+/4365718
-# TODO(codebytere): fix perfetto incompatibility with Node.js.
-use_perfetto_client_library = false
-
 # Disables the builtins PGO for V8
 v8_builtins_profiling_log_file = ""

 # https://chromium.googlesource.com/chromium/src/+/main/docs/dangling_ptr.md
 # TODO(vertedinde): hunt down dangling pointers on Linux
 enable_dangling_raw_ptr_checks = false
+enable_dangling_raw_ptr_feature_flag = false

 # This flag speeds up the performance of fork/execve on linux systems.
 # Ref: https://chromium-review.googlesource.com/c/v8/v8/+/4602858
@@ -67,3 +64,12 @@ v8_enable_private_mapping_fork_optimization = true

 # Expose public V8 symbols for native modules.
 v8_expose_public_symbols = true
+
+# Disables unsafe-buffers-usage plugin due to incompatibilities with our reclient implementation
+# Ref: https://chromium-review.googlesource.com/c/chromium/src/+/5426599
+# Ref: https://github.com/electron/electron/commit/8e20f16ea35eeaeb149ae63bad3703d782665f6a
+clang_unsafe_buffers_paths = ""
+
+# Disable snapshotting a page when printing for its content to be analyzed for
+# sensitive content by enterprise users.
+enterprise_cloud_content_analysis = false
--- a/build/webpack/webpack.config.base.js
+++ b/build/webpack/webpack.config.base.js
@@ -1,8 +1,9 @@
+const TerserPlugin = require('terser-webpack-plugin');
+const webpack = require('webpack');
+const WrapperPlugin = require('wrapper-webpack-plugin');
+
 const fs = require('node:fs');
 const path = require('node:path');
-const webpack = require('webpack');
-const TerserPlugin = require('terser-webpack-plugin');
-const WrapperPlugin = require('wrapper-webpack-plugin');

 const electronRoot = path.resolve(__dirname, '../..');

--- a/chromium_src/BUILD.gn
+++ b/chromium_src/BUILD.gn
@@ -33,6 +33,8 @@ static_library("chrome") {
    "//chrome/browser/devtools/visual_logging.h",
    "//chrome/browser/extensions/global_shortcut_listener.cc",
    "//chrome/browser/extensions/global_shortcut_listener.h",
+    "//chrome/browser/file_system_access/file_system_access_features.cc",
+    "//chrome/browser/file_system_access/file_system_access_features.h",
    "//chrome/browser/icon_loader.cc",
    "//chrome/browser/icon_loader.h",
    "//chrome/browser/icon_manager.cc",
@@ -92,6 +94,8 @@ static_library("chrome") {
    "//chrome/browser/ui/exclusive_access/exclusive_access_controller_base.h",
    "//chrome/browser/ui/exclusive_access/exclusive_access_manager.cc",
    "//chrome/browser/ui/exclusive_access/exclusive_access_manager.h",
+    "//chrome/browser/ui/exclusive_access/exclusive_access_permission_manager.cc",
+    "//chrome/browser/ui/exclusive_access/exclusive_access_permission_manager.h",
    "//chrome/browser/ui/exclusive_access/fullscreen_controller.cc",
    "//chrome/browser/ui/exclusive_access/fullscreen_controller.h",
    "//chrome/browser/ui/exclusive_access/fullscreen_within_tab_helper.cc",
@@ -104,6 +108,7 @@ static_library("chrome") {
    "//chrome/browser/ui/frame/window_frame_util.h",
    "//chrome/browser/ui/ui_features.cc",
    "//chrome/browser/ui/ui_features.h",
+    "//chrome/browser/ui/view_ids.h",
    "//chrome/browser/ui/views/eye_dropper/eye_dropper.cc",
    "//chrome/browser/ui/views/eye_dropper/eye_dropper.h",
    "//chrome/browser/ui/views/overlay/back_to_tab_label_button.cc",
@@ -147,12 +152,15 @@ static_library("chrome") {
      "//chrome/browser/media/webrtc/window_icon_util_win.cc",
      "//chrome/browser/process_singleton_win.cc",
      "//chrome/browser/ui/frame/window_frame_util.h",
-      "//chrome/browser/ui/view_ids.h",
      "//chrome/browser/win/chrome_process_finder.cc",
      "//chrome/browser/win/chrome_process_finder.h",
+      "//chrome/browser/win/chrome_select_file_dialog_factory.cc",
+      "//chrome/browser/win/chrome_select_file_dialog_factory.h",
      "//chrome/browser/win/titlebar_config.cc",
      "//chrome/browser/win/titlebar_config.h",
      "//chrome/browser/win/titlebar_config.h",
+      "//chrome/browser/win/util_win_service.cc",
+      "//chrome/browser/win/util_win_service.h",
      "//chrome/child/v8_crashpad_support_win.cc",
      "//chrome/child/v8_crashpad_support_win.h",
    ]
@@ -181,6 +189,9 @@ static_library("chrome") {
    "//chrome/browser:resource_prefetch_predictor_proto",
    "//chrome/browser/resource_coordinator:mojo_bindings",
    "//chrome/browser/web_applications/mojom:mojom_web_apps_enum",
+    "//components/enterprise/buildflags",
+    "//components/enterprise/common/proto:connectors_proto",
+    "//components/safe_browsing/core/browser/db:safebrowsing_proto",
    "//components/vector_icons:vector_icons",
    "//ui/snapshot",
    "//ui/views/controls/webview",
@@ -231,6 +242,10 @@ static_library("chrome") {
      "//chrome/services/util_win:lib",
      "//components/webapps/common:mojo_bindings",
    ]
+    deps += [
+      "//chrome/services/util_win/public/mojom",
+      "//components/segmentation_platform/public/proto",
+    ]
  }

  if (is_mac) {
@@ -242,6 +257,8 @@ static_library("chrome") {
      "//chrome/browser/media/webrtc/system_media_capture_permissions_mac.mm",
      "//chrome/browser/media/webrtc/system_media_capture_permissions_stats_mac.h",
      "//chrome/browser/media/webrtc/system_media_capture_permissions_stats_mac.mm",
+      "//chrome/browser/media/webrtc/thumbnail_capturer_mac.h",
+      "//chrome/browser/media/webrtc/thumbnail_capturer_mac.mm",
      "//chrome/browser/media/webrtc/window_icon_util_mac.mm",
      "//chrome/browser/platform_util_mac.mm",
      "//chrome/browser/process_singleton_mac.mm",
@@ -266,6 +283,8 @@ static_library("chrome") {
      "//chrome/browser/bad_message.h",
      "//chrome/browser/printing/prefs_util.cc",
      "//chrome/browser/printing/prefs_util.h",
+      "//chrome/browser/printing/print_compositor_util.cc",
+      "//chrome/browser/printing/print_compositor_util.h",
      "//chrome/browser/printing/print_job.cc",
      "//chrome/browser/printing/print_job.h",
      "//chrome/browser/printing/print_job_manager.cc",
@@ -292,6 +311,8 @@ static_library("chrome") {

    if (enable_oop_printing) {
      sources += [
+        "//chrome/browser/printing/oop_features.cc",
+        "//chrome/browser/printing/oop_features.h",
        "//chrome/browser/printing/print_backend_service_manager.cc",
        "//chrome/browser/printing/print_backend_service_manager.h",
      ]
@@ -318,6 +339,8 @@ static_library("chrome") {
        "//chrome/browser/printing/pdf_to_emf_converter.h",
        "//chrome/browser/printing/printer_xml_parser_impl.cc",
        "//chrome/browser/printing/printer_xml_parser_impl.h",
+        "//chrome/browser/printing/xps_features.cc",
+        "//chrome/browser/printing/xps_features.h",
      ]
      deps += [ "//printing:printing_base" ]
    }
@@ -341,8 +364,6 @@ static_library("chrome") {
        "//chrome/browser/pdf/chrome_pdf_stream_delegate.h",
        "//chrome/browser/pdf/pdf_extension_util.cc",
        "//chrome/browser/pdf/pdf_extension_util.h",
-        "//chrome/browser/pdf/pdf_frame_util.cc",
-        "//chrome/browser/pdf/pdf_frame_util.h",
        "//chrome/browser/pdf/pdf_viewer_stream_manager.cc",
        "//chrome/browser/pdf/pdf_viewer_stream_manager.h",
        "//chrome/browser/plugins/pdf_iframe_navigation_throttle.cc",
--- a/default_app/default_app.ts
+++ b/default_app/default_app.ts
@@ -1,5 +1,6 @@
 import { shell } from 'electron/common';
 import { app, dialog, BrowserWindow, ipcMain } from 'electron/main';
+
 import * as path from 'node:path';
 import * as url from 'node:url';

--- a/default_app/main.ts
+++ b/default_app/main.ts
@@ -4,6 +4,7 @@ import * as fs from 'node:fs';
 import { Module } from 'node:module';
 import * as path from 'node:path';
 import * as url from 'node:url';
+
 const { app, dialog } = electron;

 type DefaultAppOptions = {
@@ -255,6 +256,7 @@ async function startRepl () {
 // start the default app.
 if (option.file && !option.webdriver) {
  const file = option.file;
+  // eslint-disable-next-line n/no-deprecated-api
  const protocol = url.parse(file).protocol;
  const extension = path.extname(file);
  if (protocol === 'http:' || protocol === 'https:' || protocol === 'file:' || protocol === 'chrome:') {
--- a/docs/api/app.md
+++ b/docs/api/app.md
@@ -32,7 +32,7 @@ In most cases, you should do everything in the `ready` event handler.
 Returns:

 * `event` Event
-* `launchInfo` Record<string, any> | [NotificationResponse](structures/notification-response.md) _macOS_
+* `launchInfo` Record\<string, any\> | [NotificationResponse](structures/notification-response.md) _macOS_

 Emitted once, when Electron has finished initializing. On macOS, `launchInfo`
 holds the `userInfo` of the [`NSUserNotification`](https://developer.apple.com/documentation/foundation/nsusernotification)
@@ -41,6 +41,10 @@ that was used to open the application, if it was launched from Notification Cent
 You can also call `app.isReady()` to check if this event has already fired and `app.whenReady()`
 to get a Promise that is fulfilled when Electron is initialized.

+**Note**: The `ready` event is only fired after the main process has finished running the first
+tick of the event loop. If an Electron API needs to be called before the `ready` event, ensure
+that it is called synchronously in the top-level context of the main process.
+
 ### Event: 'window-all-closed'

 Emitted when all windows have been closed.
@@ -970,7 +974,7 @@ app.setJumpList([

 ### `app.requestSingleInstanceLock([additionalData])`

-* `additionalData` Record<any, any> (optional) - A JSON object containing additional data to send to the first instance.
+* `additionalData` Record\<any, any\> (optional) - A JSON object containing additional data to send to the first instance.

 Returns `boolean`

@@ -1261,7 +1265,7 @@ Returns `Object`:

 * `openAtLogin` boolean - `true` if the app is set to open at login.
 * `openAsHidden` boolean _macOS_ _Deprecated_ - `true` if the app is set to open as hidden at login. This does not work on macOS 13 and up.
-* `wasOpenedAtLogin` boolean _macOS_ _Deprecated_ - `true` if the app was opened at login automatically. This setting is not available on [MAS builds][mas-builds] or on macOS 13 and up.
+* `wasOpenedAtLogin` boolean _macOS_ - `true` if the app was opened at login automatically.
 * `wasOpenedAsHidden` boolean _macOS_ _Deprecated_ - `true` if the app was opened as a hidden login item. This indicates that the app should not open any windows at startup. This setting is not available on [MAS builds][mas-builds] or on macOS 13 and up.
 * `restoreState` boolean _macOS_ _Deprecated_ - `true` if the app was opened as a login item that should restore the state from the previous session. This indicates that the app should restore the windows that were open the last time the app was closed. This setting is not available on [MAS builds][mas-builds] or on macOS 13 and up.
 * `status` string _macOS_ - can be one of `not-registered`, `enabled`, `requires-approval`, or `not-found`.
@@ -1278,8 +1282,7 @@ Returns `Object`:
 * `settings` Object
  * `openAtLogin` boolean (optional) - `true` to open the app at login, `false` to remove
    the app as a login item. Defaults to `false`.
-  * `openAsHidden` boolean (optional) _macOS_ _Deprecated_ - `true` to open the app as hidden. Defaults to `false`. The user can edit this setting from the System Preferences so `app.getLoginItemSettings().wasOpenedAsHidden` should be checked when the app is opened to know the current value. This setting is not available on [MAS build
-s][mas-builds] or on macOS 13 and up.
+  * `openAsHidden` boolean (optional) _macOS_ _Deprecated_ - `true` to open the app as hidden. Defaults to `false`. The user can edit this setting from the System Preferences so `app.getLoginItemSettings().wasOpenedAsHidden` should be checked when the app is opened to know the current value. This setting is not available on [MAS builds][mas-builds] or on macOS 13 and up.
  * `type` string (optional) _macOS_ - The type of service to add as a login item. Defaults to `mainAppService`. Only available on macOS 13 and up.
    * `mainAppService` - The primary application.
    * `agentService` - The property list name for a launch agent. The property list name must correspond to a property list in the app’s `Contents/Library/LaunchAgents` directory.
@@ -1354,7 +1357,7 @@ Show the app's about panel options. These options can be overridden with `app.se
  * `credits` string (optional) _macOS_ _Windows_ - Credit information.
  * `authors` string[] (optional) _Linux_ - List of app authors.
  * `website` string (optional) _Linux_ - The app's website.
-  * `iconPath` string (optional) _Linux_ _Windows_ - Path to the app's icon in a JPEG or PNG file format. On Linux, will be shown as 64x64 pixels while retaining aspect ratio.
+  * `iconPath` string (optional) _Linux_ _Windows_ - Path to the app's icon in a JPEG or PNG file format. On Linux, will be shown as 64x64 pixels while retaining aspect ratio. On Windows, a 48x48 PNG will result in the best visual quality.

 Set the about panel options. This will override the values defined in the app's `.plist` file on macOS. See the [Apple docs][about-panel-options] for more details. On Linux, values must be set in order to be shown; there are no defaults.

@@ -1468,6 +1471,24 @@ details.

 **Note:** Enable `Secure Keyboard Entry` only when it is needed and disable it when it is no longer needed.

+### `app.setProxy(config)`
+
+* `config` [ProxyConfig](structures/proxy-config.md)
+
+Returns `Promise<void>` - Resolves when the proxy setting process is complete.
+
+Sets the proxy settings for networks requests made without an associated [Session](session.md).
+Currently this will affect requests made with [Net](net.md) in the [utility process](../glossary.md#utility-process)
+and internal requests made by the runtime (ex: geolocation queries).
+
+This method can only be called after app is ready.
+
+#### `app.resolveProxy(url)`
+
+* `url` URL
+
+Returns `Promise<string>` - Resolves with the proxy information for `url` that will be used when attempting to make requests using [Net](net.md) in the [utility process](../glossary.md#utility-process).
+
 ## Properties

 ### `app.accessibilitySupportEnabled` _macOS_ _Windows_
--- a/docs/api/auto-updater.md
+++ b/docs/api/auto-updater.md
@@ -20,8 +20,9 @@ In addition, there are some subtle differences on each platform:

 On macOS, the `autoUpdater` module is built upon [Squirrel.Mac][squirrel-mac],
 meaning you don't need any special setup to make it work. For server-side
-requirements, you can read [Server Support][server-support]. Note that [App
-Transport Security](https://developer.apple.com/library/content/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW35) (ATS) applies to all requests made as part of the
+requirements, you can read [Server Support][server-support]. Note that
+[App Transport Security](https://developer.apple.com/library/content/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW35)
+(ATS) applies to all requests made as part of the
 update process. Apps that need to disable ATS can add the
 `NSAllowsArbitraryLoads` key to their app's plist.

@@ -103,7 +104,7 @@ The `autoUpdater` object has the following methods:

 * `options` Object
  * `url` string
-  * `headers` Record<string, string> (optional) _macOS_ - HTTP request headers.
+  * `headers` Record\<string, string\> (optional) _macOS_ - HTTP request headers.
  * `serverType` string (optional) _macOS_ - Can be `json` or `default`, see the [Squirrel.Mac][squirrel-mac]
    README for more information.

--- a/docs/api/base-window.md
+++ b/docs/api/base-window.md
@@ -126,10 +126,18 @@ or session log off.

 #### Event: 'blur'

+Returns:
+
+* `event` Event
+
 Emitted when the window loses focus.

 #### Event: 'focus'

+Returns:
+
+* `event` Event
+
 Emitted when the window gains focus.

 #### Event: 'show'
@@ -345,6 +353,10 @@ A `Integer` property representing the unique ID of the window. Each ID is unique

 A `View` property for the content view of the window.

+#### `win.tabbingIdentifier` _macOS_ _Readonly_
+
+A `string` (optional) property that is equal to the `tabbingIdentifier` passed to the `BrowserWindow` constructor or `undefined` if none was set.
+
 #### `win.autoHideMenuBar`

 A `boolean` property that determines whether the window menu bar should hide itself automatically. Once set, the menu bar will only show when users press the single `Alt` key.
@@ -519,7 +531,7 @@ Hides the window.

 #### `win.isVisible()`

-Returns `boolean` - Whether the window is visible to the user.
+Returns `boolean` - Whether the window is visible to the user in the foreground of the app.

 #### `win.isModal()`

@@ -557,6 +569,8 @@ Returns `boolean` - Whether the window is minimized.

 Sets whether the window should be in fullscreen mode.

+**Note:** On macOS, fullscreen transitions take place asynchronously. If further actions depend on the fullscreen state, use the ['enter-full-screen'](base-window.md#event-enter-full-screen) or ['leave-full-screen'](base-window.md#event-leave-full-screen) events.
+
 #### `win.isFullScreen()`

 Returns `boolean` - Whether the window is in fullscreen mode.
@@ -594,7 +608,7 @@ Perhaps there are 15 pixels of controls on the left edge, 25 pixels of controls
 on the right edge and 50 pixels of controls below the player. In order to
 maintain a 16:9 aspect ratio (standard aspect ratio for HD @1920x1080) within
 the player itself we would call this function with arguments of 16/9 and
-{ width: 40, height: 50 }. The second argument doesn't care where the extra width and height
+\{ width: 40, height: 50 \}. The second argument doesn't care where the extra width and height
 are within the content view--only that they exist. Sum any extra width and
 height areas you have within the overall content view.

@@ -650,7 +664,7 @@ Closes the currently open [Quick Look][quick-look] panel.

 #### `win.setBounds(bounds[, animate])`

-* `bounds` Partial<[Rectangle](structures/rectangle.md)>
+* `bounds` Partial\<[Rectangle](structures/rectangle.md)\>
 * `animate` boolean (optional) _macOS_

 Resizes and moves the window to the supplied bounds. Any properties that are not supplied will default to their current values.
@@ -669,10 +683,14 @@ win.setBounds({ width: 100 })
 console.log(win.getBounds())
 ```

+**Note:** On macOS, the y-coordinate value cannot be smaller than the [Tray](tray.md) height. The tray height has changed over time and depends on the operating system, but is between 20-40px. Passing a value lower than the tray height will result in a window that is flush to the tray.
+
 #### `win.getBounds()`

 Returns [`Rectangle`](structures/rectangle.md) - The `bounds` of the window as `Object`.

+**Note:** On macOS, the y-coordinate value returned will be at minimum the [Tray](tray.md) height. For example, calling `win.setBounds({ x: 25, y: 20, width: 800, height: 600 })` with a tray height of 38 means that `win.getBounds()` will return `{ x: 25, y: 38, width: 800, height: 600 }`.
+
 #### `win.getBackgroundColor()`

 Returns `string` - Gets the background color of the window in Hex (`#RRGGBB`) format.
@@ -903,8 +921,8 @@ window.
 * `offsetX` Float (optional)

 Changes the attachment point for sheets on macOS. By default, sheets are
-attached just below the window frame, but you may want to offset them. For
-example:
+attached just below the window frame, but you may want to display them beneath
+a HTML-rendered toolbar. For example:

 ```js
 const { BaseWindow } = require('electron')
@@ -1289,6 +1307,10 @@ tabs in the window.
 Selects the next tab when native tabs are enabled and there are other
 tabs in the window.

+#### `win.showAllTabs()` _macOS_
+
+Shows or hides the tab overview when native tabs are enabled.
+
 #### `win.mergeAllWindows()` _macOS_

 Merges all windows into one window with multiple tabs when native tabs
@@ -1312,15 +1334,26 @@ Adds a window as a tab on this window, after the tab for the window instance.

 #### `win.setVibrancy(type)` _macOS_

-* `type` string | null - Can be `appearance-based`, `light`, `dark`, `titlebar`,
-  `selection`, `menu`, `popover`, `sidebar`, `medium-light`, `ultra-dark`, `header`, `sheet`, `window`, `hud`, `fullscreen-ui`, `tooltip`, `content`, `under-window`, or `under-page`. See
+* `type` string | null - Can be `titlebar`, `selection`, `menu`, `popover`, `sidebar`, `header`, `sheet`, `window`, `hud`, `fullscreen-ui`, `tooltip`, `content`, `under-window`, or `under-page`. See
  the [macOS documentation][vibrancy-docs] for more details.

 Adds a vibrancy effect to the window. Passing `null` or an empty string
 will remove the vibrancy effect on the window.

-Note that `appearance-based`, `light`, `dark`, `medium-light`, and `ultra-dark` have been
-deprecated and will be removed in an upcoming version of macOS.
+#### `win.setBackgroundMaterial(material)` _Windows_
+
+* `material` string
+  * `auto` - Let the Desktop Window Manager (DWM) automatically decide the system-drawn backdrop material for this window. This is the default.
+  * `none` - Don't draw any system backdrop.
+  * `mica` - Draw the backdrop material effect corresponding to a long-lived window.
+  * `acrylic` - Draw the backdrop material effect corresponding to a transient window.
+  * `tabbed` - Draw the backdrop material effect corresponding to a window with a tabbed title bar.
+
+This method sets the browser window's system-drawn background material, including behind the non-client area.
+
+See the [Windows documentation](https://learn.microsoft.com/en-us/windows/win32/api/dwmapi/ne-dwmapi-dwm_systembackdrop_type) for more details.
+
+**Note:** This method is only supported on Windows 11 22H2 and up.

 #### `win.setWindowButtonPosition(position)` _macOS_

@@ -1334,25 +1367,6 @@ Passing `null` will reset the position to default.
 Returns `Point | null` - The custom position for the traffic light buttons in
 frameless window, `null` will be returned when there is no custom position.

-#### `win.setTrafficLightPosition(position)` _macOS_ _Deprecated_
-
-* `position` [Point](structures/point.md)
-
-Set a custom position for the traffic light buttons in frameless window.
-Passing `{ x: 0, y: 0 }` will reset the position to default.
-
-> **Note**
-> This function is deprecated. Use [setWindowButtonPosition](#winsetwindowbuttonpositionposition-macos) instead.
-
-#### `win.getTrafficLightPosition()` _macOS_ _Deprecated_
-
-Returns `Point` - The custom position for the traffic light buttons in
-frameless window, `{ x: 0, y: 0 }` will be returned when there is no custom
-position.
-
-> **Note**
-> This function is deprecated. Use [getWindowButtonPosition](#wingetwindowbuttonposition-macos) instead.
-
 #### `win.setTouchBar(touchBar)` _macOS_

 * `touchBar` TouchBar | null
@@ -1364,15 +1378,16 @@ machine has a touch bar.
 **Note:** The TouchBar API is currently experimental and may change or be
 removed in future Electron releases.

-#### `win.setTitleBarOverlay(options)` _Windows_
+#### `win.setTitleBarOverlay(options)` _Windows_ _Linux_

 * `options` Object
-  * `color` String (optional) _Windows_ - The CSS color of the Window Controls Overlay when enabled.
-  * `symbolColor` String (optional) _Windows_ - The CSS color of the symbols on the Window Controls Overlay when enabled.
-  * `height` Integer (optional) _Windows_ - The height of the title bar and Window Controls Overlay in pixels.
+  * `color` String (optional) - The CSS color of the Window Controls Overlay when enabled.
+  * `symbolColor` String (optional) - The CSS color of the symbols on the Window Controls Overlay when enabled.
+  * `height` Integer (optional) - The height of the title bar and Window Controls Overlay in pixels.

-On a Window with Window Controls Overlay already enabled, this method updates
-the style of the title bar overlay.
+On a Window with Window Controls Overlay already enabled, this method updates the style of the title bar overlay.
+
+On Linux, the `symbolColor` is automatically calculated to have minimum accessible contrast to the `color` if not explicitly set.

 [quick-look]: https://en.wikipedia.org/wiki/Quick_Look
 [vibrancy-docs]: https://developer.apple.com/documentation/appkit/nsvisualeffectview?preferredLanguage=objc
--- a/docs/api/browser-window.md
+++ b/docs/api/browser-window.md
@@ -644,14 +644,6 @@ Shows the window but doesn't focus on it.

 Hides the window.

-#### `win.isOccluded()`
-
-Returns `boolean` - Whether the window is covered by other windows.
-
-On macOS, a `BrowserWindow` is occluded if the entire window is obscured by other windows. A completely transparent window may also be considered non-occluded. See [docs](https://developer.apple.com/documentation/appkit/nswindowocclusionstate?language=objc) for more details.
-
-On Windows and Linux, a window is occluded if it or one of its descendants is visible, and all visible windows have their bounds completely covered by fully opaque windows. A window is considered "fully opaque" if it is visible, it is not transparent, and its combined opacity is 1. See [Chromium Source](https://source.chromium.org/chromium/chromium/src/+/refs/heads/main:ui/aura/window.h;l=124-151;drc=7d2d8ccab2b68fbbfc5e1611d45bd4ecf87090b8) for more details.
-
 #### `win.isVisible()`

 Returns `boolean` - Whether the window is visible to the user in the foreground of the app.
@@ -698,6 +690,8 @@ Sets whether the window should be in fullscreen mode.

 Returns `boolean` - Whether the window is in fullscreen mode.

+**Note:** On macOS, fullscreen transitions take place asynchronously. When querying for a BrowserWindow's fullscreen status, you should ensure that either the ['enter-full-screen'](browser-window.md#event-enter-full-screen) or ['leave-full-screen'](browser-window.md#event-leave-full-screen) events have been emitted.
+
 #### `win.setSimpleFullScreen(flag)` _macOS_

 * `flag` boolean
@@ -731,7 +725,7 @@ Perhaps there are 15 pixels of controls on the left edge, 25 pixels of controls
 on the right edge and 50 pixels of controls below the player. In order to
 maintain a 16:9 aspect ratio (standard aspect ratio for HD @1920x1080) within
 the player itself we would call this function with arguments of 16/9 and
-{ width: 40, height: 50 }. The second argument doesn't care where the extra width and height
+\{ width: 40, height: 50 \}. The second argument doesn't care where the extra width and height
 are within the content view--only that they exist. Sum any extra width and
 height areas you have within the overall content view.

@@ -752,16 +746,16 @@ Examples of valid `backgroundColor` values:
  * #ffffff (RGB)
  * #ffffffff (ARGB)
 * RGB
-  * rgb\((\[\d]+),\s*(\[\d]+),\s*(\[\d]+)\)
+  * `rgb\(([\d]+),\s*([\d]+),\s*([\d]+)\)`
    * e.g. rgb(255, 255, 255)
 * RGBA
-  * rgba\((\[\d]+),\s*(\[\d]+),\s*(\[\d]+),\s*(\[\d.]+)\)
+  * `rgba\(([\d]+),\s*([\d]+),\s*([\d]+),\s*([\d.]+)\)`
    * e.g. rgba(255, 255, 255, 1.0)
 * HSL
-  * hsl\((-?\[\d.]+),\s*(\[\d.]+)%,\s*(\[\d.]+)%\)
+  * `hsl\((-?[\d.]+),\s*([\d.]+)%,\s*([\d.]+)%\)`
    * e.g. hsl(200, 20%, 50%)
 * HSLA
-  * hsla\((-?\[\d.]+),\s*(\[\d.]+)%,\s*(\[\d.]+)%,\s*(\[\d.]+)\)
+  * `hsla\((-?[\d.]+),\s*([\d.]+)%,\s*([\d.]+)%,\s*([\d.]+)\)`
    * e.g. hsla(200, 20%, 50%, 0.5)
 * Color name
  * Options are listed in [SkParseColor.cpp](https://source.chromium.org/chromium/chromium/src/+/main:third_party/skia/src/utils/SkParseColor.cpp;l=11-152;drc=eea4bf52cb0d55e2a39c828b017c80a5ee054148)
@@ -787,7 +781,7 @@ Closes the currently open [Quick Look][quick-look] panel.

 #### `win.setBounds(bounds[, animate])`

-* `bounds` Partial<[Rectangle](structures/rectangle.md)>
+* `bounds` Partial\<[Rectangle](structures/rectangle.md)\>
 * `animate` boolean (optional) _macOS_

 Resizes and moves the window to the supplied bounds. Any properties that are not supplied will default to their current values.
@@ -1223,7 +1217,7 @@ win.loadURL('http://localhost:8000/post', {

 * `filePath` string
 * `options` Object (optional)
-  * `query` Record<string, string> (optional) - Passed to `url.format()`.
+  * `query` Record\<string, string\> (optional) - Passed to `url.format()`.
  * `search` string (optional) - Passed to `url.format()`.
  * `hash` string (optional) - Passed to `url.format()`.

@@ -1649,15 +1643,16 @@ with `addBrowserView` or `setBrowserView`. The top-most BrowserView is the last
 > The `BrowserView` class is deprecated, and replaced by the new
 > [`WebContentsView`](web-contents-view.md) class.

-#### `win.setTitleBarOverlay(options)` _Windows_
+#### `win.setTitleBarOverlay(options)` _Windows_ _Linux_

 * `options` Object
-  * `color` String (optional) _Windows_ - The CSS color of the Window Controls Overlay when enabled.
-  * `symbolColor` String (optional) _Windows_ - The CSS color of the symbols on the Window Controls Overlay when enabled.
-  * `height` Integer (optional) _macOS_ _Windows_ - The height of the title bar and Window Controls Overlay in pixels.
+  * `color` String (optional) - The CSS color of the Window Controls Overlay when enabled.
+  * `symbolColor` String (optional) - The CSS color of the symbols on the Window Controls Overlay when enabled.
+  * `height` Integer (optional) - The height of the title bar and Window Controls Overlay in pixels.

-On a Window with Window Controls Overlay already enabled, this method updates
-the style of the title bar overlay.
+On a window with Window Controls Overlay already enabled, this method updates the style of the title bar overlay.
+
+On Linux, the `symbolColor` is automatically calculated to have minimum accessible contrast to the `color` if not explicitly set.

 [page-visibility-api]: https://developer.mozilla.org/en-US/docs/Web/API/Page_Visibility_API
 [quick-look]: https://en.wikipedia.org/wiki/Quick_Look
--- a/docs/api/client-request.md
+++ b/docs/api/client-request.md
@@ -17,6 +17,8 @@ following properties:
    method.
  * `url` string (optional) - The request URL. Must be provided in the absolute
    form with the protocol scheme specified as http or https.
+  * `headers` Record\<string, string | string[]\> (optional) - Headers to be sent
+    with the request.
  * `session` Session (optional) - The [`Session`](session.md) instance with
    which the request is associated.
  * `partition` string (optional) - The name of the [`partition`](session.md)
@@ -51,7 +53,7 @@ following properties:
    [`request.followRedirect`](#requestfollowredirect) is invoked synchronously
    during the [`redirect`](#event-redirect) event.  Defaults to `follow`.
  * `origin` string (optional) - The origin URL of the request.
-  * `referrerPolicy` string (optional) - can be `""`, `no-referrer`,
+  * `referrerPolicy` string (optional) - can be "", `no-referrer`,
    `no-referrer-when-downgrade`, `origin`, `origin-when-cross-origin`,
    `unsafe-url`, `same-origin`, `strict-origin`, or
    `strict-origin-when-cross-origin`. Defaults to
@@ -158,7 +160,7 @@ Returns:
 * `statusCode` Integer
 * `method` string
 * `redirectUrl` string
-* `responseHeaders` Record<string, string[]>
+* `responseHeaders` Record\<string, string[]\>

 Emitted when the server returns a redirect response (e.g. 301 Moved
 Permanently). Calling [`request.followRedirect`](#requestfollowredirect) will
--- a/docs/api/command-line-switches.md
+++ b/docs/api/command-line-switches.md
@@ -279,7 +279,7 @@ Aliased to `--debug[=[host:]port`.

 Specify ways of the inspector web socket url exposure.

-By default inspector websocket url is available in stderr and under /json/list endpoint on http://host:port/json/list.
+By default inspector websocket url is available in stderr and under /json/list endpoint on `http://host:port/json/list`.

 ### `--no-deprecation`

--- a/docs/api/content-tracing.md
+++ b/docs/api/content-tracing.md
@@ -35,8 +35,8 @@ The `contentTracing` module has the following methods:
 Returns `Promise<string[]>` - resolves with an array of category groups once all child processes have acknowledged the `getCategories` request

 Get a set of category groups. The category groups can change as new code paths
-are reached. See also the [list of built-in tracing
-categories](https://chromium.googlesource.com/chromium/src/+/main/base/trace_event/builtin_categories.h).
+are reached. See also the
+[list of built-in tracing categories](https://chromium.googlesource.com/chromium/src/+/main/base/trace_event/builtin_categories.h).

 > **NOTE:** Electron adds a non-default tracing category called `"electron"`.
 > This category can be used to capture Electron-specific tracing events.
--- a/docs/api/context-bridge.md
+++ b/docs/api/context-bridge.md
@@ -138,6 +138,25 @@ has been included below for completeness:

 If the type you care about is not in the above table, it is probably not supported.

+### Exposing ipcRenderer
+
+Attempting to send the entire `ipcRenderer` module as an object over the `contextBridge` will result in
+an empty object on the receiving side of the bridge. Sending over `ipcRenderer` in full can let any
+code send any message, which is a security footgun. To interact through `ipcRenderer`, provide a safe wrapper
+like below:
+
+```js
+// Preload (Isolated World)
+contextBridge.exposeInMainWorld('electron', {
+  onMyEventName: (callback) => ipcRenderer.on('MyEventName', (e, ...args) => callback(args))
+})
+```
+
+```js @ts-nocheck
+// Renderer (Main World)
+window.electron.onMyEventName(data => { /* ... */ })
+```
+
 ### Exposing Node Global Symbols

 The `contextBridge` can be used by the preload script to give your renderer access to Node APIs.
--- a/docs/api/crash-reporter.md
+++ b/docs/api/crash-reporter.md
@@ -59,14 +59,14 @@ The `crashReporter` module has the following methods:
    number of crashes uploaded to 1/hour. Default is `false`.
  * `compress` boolean (optional) - If true, crash reports will be compressed
    and uploaded with `Content-Encoding: gzip`. Default is `true`.
-  * `extra` Record<string, string> (optional) - Extra string key/value
+  * `extra` Record\<string, string\> (optional) - Extra string key/value
    annotations that will be sent along with crash reports that are generated
    in the main process. Only string values are supported. Crashes generated in
    child processes will not contain these extra
    parameters to crash reports generated from child processes, call
    [`addExtraParameter`](#crashreporteraddextraparameterkey-value) from the
    child process.
-  * `globalExtra` Record<string, string> (optional) - Extra string key/value
+  * `globalExtra` Record\<string, string\> (optional) - Extra string key/value
    annotations that will be sent along with any crash reports generated in any
    process. These annotations cannot be changed once the crash reporter has
    been started. If a key is present in both the global extra parameters and
--- a/docs/api/desktop-capturer.md
+++ b/docs/api/desktop-capturer.md
@@ -9,80 +9,66 @@ The following example shows how to capture video from a desktop window whose
 title is `Electron`:

 ```js
-// In the main process.
-const { BrowserWindow, desktopCapturer } = require('electron')
+// main.js
+const { app, BrowserWindow, desktopCapturer, session } = require('electron')

-const mainWindow = new BrowserWindow()
+app.whenReady().then(() => {
+  const mainWindow = new BrowserWindow()

-desktopCapturer.getSources({ types: ['window', 'screen'] }).then(async sources => {
-  for (const source of sources) {
-    if (source.name === 'Electron') {
-      mainWindow.webContents.send('SET_SOURCE', source.id)
-      return
-    }
-  }
-})
-```
-
-```js @ts-nocheck
-// In the preload script.
-const { ipcRenderer } = require('electron')
-
-ipcRenderer.on('SET_SOURCE', async (event, sourceId) => {
-  try {
-    const stream = await navigator.mediaDevices.getUserMedia({
-      audio: false,
-      video: {
-        mandatory: {
-          chromeMediaSource: 'desktop',
-          chromeMediaSourceId: sourceId,
-          minWidth: 1280,
-          maxWidth: 1280,
-          minHeight: 720,
-          maxHeight: 720
-        }
-      }
+  session.defaultSession.setDisplayMediaRequestHandler((request, callback) => {
+    desktopCapturer.getSources({ types: ['screen'] }).then((sources) => {
+      // Grant access to the first screen found.
+      callback({ video: sources[0], audio: 'loopback' })
    })
-    handleStream(stream)
-  } catch (e) {
-    handleError(e)
-  }
+  })
+
+  mainWindow.loadFile('index.html')
 })
-
-function handleStream (stream) {
-  const video = document.querySelector('video')
-  video.srcObject = stream
-  video.onloadedmetadata = (e) => video.play()
-}
-
-function handleError (e) {
-  console.log(e)
-}
 ```

-To capture video from a source provided by `desktopCapturer` the constraints
-passed to [`navigator.mediaDevices.getUserMedia`][] must include
-`chromeMediaSource: 'desktop'`, and `audio: false`.
-
-To capture both audio and video from the entire desktop the constraints passed
-to [`navigator.mediaDevices.getUserMedia`][] must include `chromeMediaSource: 'desktop'`,
-for both `audio` and `video`, but should not include a `chromeMediaSourceId` constraint.
-
 ```js
-const constraints = {
-  audio: {
-    mandatory: {
-      chromeMediaSource: 'desktop'
+// renderer.js
+const startButton = document.getElementById('startButton')
+const stopButton = document.getElementById('stopButton')
+const video = document.querySelector('video')
+
+startButton.addEventListener('click', () => {
+  navigator.mediaDevices.getDisplayMedia({
+    audio: true,
+    video: {
+      width: 320,
+      height: 240,
+      frameRate: 30
    }
-  },
-  video: {
-    mandatory: {
-      chromeMediaSource: 'desktop'
-    }
-  }
-}
+  }).then(stream => {
+    video.srcObject = stream
+    video.onloadedmetadata = (e) => video.play()
+  }).catch(e => console.log(e))
+})
+
+stopButton.addEventListener('click', () => {
+  video.pause()
+})
 ```

+```html
+<!-- index.html -->
+<html>
+<meta http-equiv="content-security-policy" content="script-src 'self' 'unsafe-inline'" />
+  <body>
+    <button id="startButton" class="button">Start</button>
+    <button id="stopButton" class="button">Stop</button>
+    <video width="320" height="240" autoplay></video>
+    <script src="renderer.js"></script>
+  </body>
+</html>
+```
+
+See [`navigator.mediaDevices.getDisplayMedia`](https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/getDisplayMedia) for more information.
+
+**Note:** `navigator.mediaDevices.getDisplayMedia` does not permit the use of `deviceId` for
+selection of a source - see [specification](https://w3c.github.io/mediacapture-screen-share/#constraints).
+
 ## Methods

 The `desktopCapturer` module has the following methods:
--- a/docs/api/dialog.md
+++ b/docs/api/dialog.md
@@ -174,7 +174,7 @@ dialog.showOpenDialog(mainWindow, {
    * `dontAddToRecent` _Windows_ - Do not add the item being saved to the recent documents list.
  * `securityScopedBookmarks` boolean (optional) _macOS_ _mas_ - Create a [security scoped bookmark](https://developer.apple.com/library/content/documentation/Security/Conceptual/AppSandboxDesignGuide/AppSandboxInDepth/AppSandboxInDepth.html#//apple_ref/doc/uid/TP40011183-CH3-SW16) when packaged for the Mac App Store. If this option is enabled and the file doesn't already exist a blank file will be created at the chosen path.

-Returns `string | undefined`, the path of the file chosen by the user; if the dialog is cancelled it returns `undefined`.
+Returns `string`, the path of the file chosen by the user; if the dialog is cancelled it returns an empty string.

 The `browserWindow` argument allows the dialog to attach itself to a parent window, making it modal.

@@ -207,7 +207,7 @@ The `filters` specifies an array of file types that can be displayed, see
 Returns `Promise<Object>` - Resolve with an object containing the following:

 * `canceled` boolean - whether or not the dialog was canceled.
-* `filePath` string (optional) - If the dialog is canceled, this will be `undefined`.
+* `filePath` string - If the dialog is canceled, this will be an empty string.
 * `bookmark` string (optional) _macOS_ _mas_ - Base64 encoded string which contains the security scoped bookmark data for the saved file. `securityScopedBookmarks` must be enabled for this to be present. (For return values, see [table here](#bookmarks-array).)

 The `browserWindow` argument allows the dialog to attach itself to a parent window, making it modal.
--- a/docs/api/download-item.md
+++ b/docs/api/download-item.md
@@ -145,6 +145,10 @@ Returns `string` - The file name of the download item.
 disk. If user changes the file name in a prompted download saving dialog, the
 actual name of saved file will be different.

+#### `downloadItem.getCurrentBytesPerSecond()`
+
+Returns `Integer` - The current download speed in bytes per second.
+
 #### `downloadItem.getTotalBytes()`

 Returns `Integer` - The total size in bytes of the download item.
@@ -155,6 +159,10 @@ If the size is unknown, it returns 0.

 Returns `Integer` - The received bytes of the download item.

+#### `downloadItem.getPercentComplete()`
+
+Returns `Integer` - The download completion in percent.
+
 #### `downloadItem.getContentDisposition()`

 Returns `string` - The Content-Disposition field from the response
@@ -184,6 +192,10 @@ Returns `string` - ETag header value.
 Returns `Double` - Number of seconds since the UNIX epoch when the download was
 started.

+#### `downloadItem.getEndTime()`
+
+Returns `Double` - Number of seconds since the UNIX epoch when the download ended.
+
 ### Instance Properties

 #### `downloadItem.savePath`
--- a/docs/api/environment-variables.md
+++ b/docs/api/environment-variables.md
@@ -51,6 +51,18 @@ Unsupported options are:
 --http-parser
 ```

+If the [`nodeOptions` fuse](../tutorial/fuses.md#nodeoptions) is disabled, `NODE_OPTIONS` will be ignored.
+
+### `NODE_EXTRA_CA_CERTS`
+
+See [Node.js cli documentation](https://github.com/nodejs/node/blob/main/doc/api/cli.md#node_extra_ca_certsfile) for details.
+
+```sh
+export NODE_EXTRA_CA_CERTS=/path/to/cert.pem 
+```
+
+If the [`nodeOptions` fuse](../tutorial/fuses.md#nodeoptions) is disabled, `NODE_EXTRA_CA_CERTS` will be ignored.
+
 ### `GOOGLE_API_KEY`

 Geolocation support in Electron requires the use of Google Cloud Platform's
@@ -92,6 +104,8 @@ you would when running the normal Node.js executable, with the exception of the
 These flags are disabled owing to the fact that Electron uses BoringSSL instead of OpenSSL when building Node.js'
 `crypto` module, and so will not work as designed.

+If the [`runAsNode` fuse](../tutorial/fuses.md#L13) is disabled, `ELECTRON_RUN_AS_NODE` will be ignored.
+
 ### `ELECTRON_NO_ATTACH_CONSOLE` _Windows_

 Don't attach to the current console session.
@@ -131,16 +145,16 @@ debugging purposes.
 Prints Chromium's internal logging to the console.

 Setting this variable is the same as passing `--enable-logging`
-on the command line. For more info, see `--enable-logging` in [command-line
-switches](./command-line-switches.md#--enable-loggingfile).
+on the command line. For more info, see `--enable-logging` in
+[command-line switches](./command-line-switches.md#--enable-loggingfile).

 ### `ELECTRON_LOG_FILE`

 Sets the file destination for Chromium's internal logging.

 Setting this variable is the same as passing `--log-file`
-on the command line. For more info, see `--log-file` in [command-line
-switches](./command-line-switches.md#--log-filepath).
+on the command line. For more info, see `--log-file` in
+[command-line switches](./command-line-switches.md#--log-filepath).

 ### `ELECTRON_DEBUG_NOTIFICATIONS`

--- a/docs/api/extensions.md
+++ b/docs/api/extensions.md
@@ -1,9 +1,8 @@
 # Chrome Extension Support

-Electron supports a subset of the [Chrome Extensions
-API][chrome-extensions-api-index], primarily to support DevTools extensions and
-Chromium-internal extensions, but it also happens to support some other
-extension capabilities.
+Electron supports a subset of the [Chrome Extensions API][chrome-extensions-api-index],
+primarily to support DevTools extensions and Chromium-internal extensions,
+but it also happens to support some other extension capabilities.

 [chrome-extensions-api-index]: https://developer.chrome.com/extensions/api_index

--- a/docs/api/incoming-message.md
+++ b/docs/api/incoming-message.md
@@ -31,7 +31,7 @@ Emitted when a request has been canceled during an ongoing HTTP transaction.

 Returns:

-`error` Error - Typically holds an error string identifying failure root cause.
+* `error` Error - Typically holds an error string identifying failure root cause.

 Emitted when an error was encountered while streaming response data events. For
 instance, if the server closes the underlying while the response is still
--- a/docs/api/ipc-main.md
+++ b/docs/api/ipc-main.md
@@ -72,7 +72,7 @@ Removes listeners of the specified `channel`.
 ### `ipcMain.handle(channel, listener)`

 * `channel` string
-* `listener` Function<Promise\<any&#62; | any&#62;
+* `listener` Function\<Promise\<any\> | any\>
  * `event` [IpcMainInvokeEvent][ipc-main-invoke-event]
  * `...args` any[]

@@ -109,7 +109,7 @@ provided to the renderer process. Please refer to
 ### `ipcMain.handleOnce(channel, listener)`

 * `channel` string
-* `listener` Function<Promise\<any&#62; | any&#62;
+* `listener` Function\<Promise\<any\> | any\>
  * `event` [IpcMainInvokeEvent][ipc-main-invoke-event]
  * `...args` any[]

--- a/docs/api/ipc-renderer.md
+++ b/docs/api/ipc-renderer.md
@@ -82,8 +82,8 @@ Removes all listeners, or those of the specified `channel`.
 * `...args` any[]

 Send an asynchronous message to the main process via `channel`, along with
-arguments. Arguments will be serialized with the [Structured Clone
-Algorithm][SCA], just like [`window.postMessage`][], so prototype chains will not be
+arguments. Arguments will be serialized with the [Structured Clone Algorithm][SCA],
+just like [`window.postMessage`][], so prototype chains will not be
 included. Sending Functions, Promises, Symbols, WeakMaps, or WeakSets will
 throw an exception.

@@ -110,8 +110,8 @@ If you want to receive a single response from the main process, like the result
 Returns `Promise<any>` - Resolves with the response from the main process.

 Send a message to the main process via `channel` and expect a result
-asynchronously. Arguments will be serialized with the [Structured Clone
-Algorithm][SCA], just like [`window.postMessage`][], so prototype chains will not be
+asynchronously. Arguments will be serialized with the [Structured Clone Algorithm][SCA],
+just like [`window.postMessage`][], so prototype chains will not be
 included. Sending Functions, Promises, Symbols, WeakMaps, or WeakSets will
 throw an exception.

@@ -160,8 +160,8 @@ If you do not need a response to the message, consider using [`ipcRenderer.send`
 Returns `any` - The value sent back by the [`ipcMain`](./ipc-main.md) handler.

 Send a message to the main process via `channel` and expect a result
-synchronously. Arguments will be serialized with the [Structured Clone
-Algorithm][SCA], just like [`window.postMessage`][], so prototype chains will not be
+synchronously. Arguments will be serialized with the [Structured Clone Algorithm][SCA],
+just like [`window.postMessage`][], so prototype chains will not be
 included. Sending Functions, Promises, Symbols, WeakMaps, or WeakSets will
 throw an exception.

@@ -208,8 +208,8 @@ ipcMain.on('port', (e, msg) => {
 })
 ```

-For more information on using `MessagePort` and `MessageChannel`, see the [MDN
-documentation](https://developer.mozilla.org/en-US/docs/Web/API/MessageChannel).
+For more information on using `MessagePort` and `MessageChannel`, see the
+[MDN documentation](https://developer.mozilla.org/en-US/docs/Web/API/MessageChannel).

 ### `ipcRenderer.sendToHost(channel, ...args)`

--- a/docs/api/menu-item.md
+++ b/docs/api/menu-item.md
@@ -10,9 +10,9 @@ See [`Menu`](menu.md) for examples.

 * `options` Object
  * `click` Function (optional) - Will be called with
-    `click(menuItem, browserWindow, event)` when the menu item is clicked.
+    `click(menuItem, window, event)` when the menu item is clicked.
    * `menuItem` MenuItem
-    * `browserWindow` [BrowserWindow](browser-window.md) | undefined - This will not be defined if no window is open.
+    * `window` [BaseWindow](base-window.md) | undefined - This will not be defined if no window is open.
    * `event` [KeyboardEvent](structures/keyboard-event.md)
  * `role` string (optional) - Can be `undo`, `redo`, `cut`, `copy`, `paste`, `pasteAndMatchStyle`, `delete`, `selectAll`, `reload`, `forceReload`, `toggleDevTools`, `resetZoom`, `zoomIn`, `zoomOut`, `toggleSpellChecker`, `togglefullscreen`, `window`, `minimize`, `close`, `help`, `about`, `services`, `hide`, `hideOthers`, `unhide`, `quit`, `showSubstitutions`, `toggleSmartQuotes`, `toggleSmartDashes`, `toggleTextReplacement`, `startSpeaking`, `stopSpeaking`, `zoom`, `front`, `appMenu`, `fileMenu`, `editMenu`, `viewMenu`, `shareMenu`, `recentDocuments`, `toggleTabBar`, `selectNextTab`, `selectPreviousTab`, `showAllTabs`, `mergeAllWindows`, `clearRecentDocuments`, `moveTabToNewWindow` or `windowMenu` - Define the action of the menu item, when specified the
    `click` property will be ignored. See [roles](#roles).
@@ -38,18 +38,18 @@ See [`Menu`](menu.md) for examples.
    `Menu.buildFromTemplate`.
  * `id` string (optional) - Unique within a single menu. If defined then it can be used
    as a reference to this item by the position attribute.
-  * `before` string[] (optional) - Inserts this item before the item with the specified label. If
+  * `before` string[] (optional) - Inserts this item before the item with the specified id. If
    the referenced item doesn't exist the item will be inserted at the end of  the menu. Also implies
    that the menu item in question should be placed in the same “group” as the item.
-  * `after` string[] (optional) - Inserts this item after the item with the specified label. If the
+  * `after` string[] (optional) - Inserts this item after the item with the specified id. If the
    referenced item doesn't exist the item will be inserted at the end of
    the menu.
  * `beforeGroupContaining` string[] (optional) - Provides a means for a single context menu to declare
    the placement of their containing group before the containing group of the item
-    with the specified label.
+    with the specified id.
  * `afterGroupContaining` string[] (optional) - Provides a means for a single context menu to declare
    the placement of their containing group after the containing group of the item
-    with the specified label.
+    with the specified id.

 **Note:** `acceleratorWorksWhenHidden` is specified as being macOS-only because accelerators always work when items are hidden on Windows and Linux. The option is exposed to users to give them the option to turn it off, as this is possible in native macOS development.

@@ -146,7 +146,7 @@ A `Function` that is fired when the MenuItem receives a click event.
 It can be called with `menuItem.click(event, focusedWindow, focusedWebContents)`.

 * `event` [KeyboardEvent](structures/keyboard-event.md)
-* `focusedWindow` [BrowserWindow](browser-window.md)
+* `focusedWindow` [BaseWindow](browser-window.md)
 * `focusedWebContents` [WebContents](web-contents.md)

 #### `menuItem.submenu`
--- a/docs/api/menu.md
+++ b/docs/api/menu.md
@@ -336,16 +336,16 @@ browser windows.

 You can make use of `before`, `after`, `beforeGroupContaining`, `afterGroupContaining` and `id` to control how the item will be placed when building a menu with `Menu.buildFromTemplate`.

-* `before` - Inserts this item before the item with the specified label. If the
+* `before` - Inserts this item before the item with the specified id. If the
  referenced item doesn't exist the item will be inserted at the end of
  the menu. Also implies that the menu item in question should be placed in the same “group” as the item.
-* `after` - Inserts this item after the item with the specified label. If the
+* `after` - Inserts this item after the item with the specified id. If the
  referenced item doesn't exist the item will be inserted at the end of
  the menu. Also implies that the menu item in question should be placed in the same “group” as the item.
 * `beforeGroupContaining` - Provides a means for a single context menu to declare
-  the placement of their containing group before the containing group of the item with the specified label.
+  the placement of their containing group before the containing group of the item with the specified id.
 * `afterGroupContaining` - Provides a means for a single context menu to declare
-  the placement of their containing group after the containing group of the item with the specified label.
+  the placement of their containing group after the containing group of the item with the specified id.

 By default, items will be inserted in the order they exist in the template unless one of the specified positioning keywords is used.

--- a/docs/api/native-image.md
+++ b/docs/api/native-image.md
@@ -4,36 +4,41 @@

 Process: [Main](../glossary.md#main-process), [Renderer](../glossary.md#renderer-process)

-In Electron, for the APIs that take images, you can pass either file paths or
-`NativeImage` instances. An empty image will be used when `null` is passed.
+The `nativeImage` module provides a unified interface for manipulating
+system images. These can be handy if you want to provide multiple scaled
+versions of the same icon or take advantage of macOS [template images][template-image].

-For example, when creating a tray or setting a window's icon, you can pass an
-image file path as a `string`:
+Electron APIs that take image files accept either file paths or
+`NativeImage` instances. An empty and transparent image will be used when `null` is passed.

-```js
+For example, when creating a [Tray](../api/tray.md) or setting a [BrowserWindow](../api/browser-window.md)'s
+icon, you can either pass an image file path as a string:
+
+```js title='Main Process'
 const { BrowserWindow, Tray } = require('electron')

-const appIcon = new Tray('/Users/somebody/images/icon.png')
+const tray = new Tray('/Users/somebody/images/icon.png')
 const win = new BrowserWindow({ icon: '/Users/somebody/images/window.png' })
-console.log(appIcon, win)
 ```

-Or read the image from the clipboard, which returns a `NativeImage`:
+or generate a `NativeImage` instance from the same file:

-```js
-const { clipboard, Tray } = require('electron')
-const image = clipboard.readImage()
-const appIcon = new Tray(image)
-console.log(appIcon)
+```js title='Main Process'
+const { BrowserWindow, nativeImage, Tray } = require('electron')
+
+const trayIcon = nativeImage.createFromPath('/Users/somebody/images/icon.png')
+const appIcon = nativeImage.createFromPath('/Users/somebody/images/window.png')
+const tray = new Tray(trayIcon)
+const win = new BrowserWindow({ icon: appIcon })
 ```

 ## Supported Formats

-Currently `PNG` and `JPEG` image formats are supported. `PNG` is recommended
-because of its support for transparency and lossless compression.
+Currently, `PNG` and `JPEG` image formats are supported across all platforms.
+`PNG` is recommended because of its support for transparency and lossless compression.

 On Windows, you can also load `ICO` icons from file paths. For best visual
-quality, it is recommended to include at least the following sizes in the:
+quality, we recommend including at least the following sizes:

 * Small icon
  * 16x16 (100% DPI scale)
@@ -47,22 +52,30 @@ quality, it is recommended to include at least the following sizes in the:
  * 64x64 (200% DPI scale)
  * 256x256

-Check the _Size requirements_ section in [this article][icons].
+Check the _Icon Scaling_ section in the Windows [App Icon Construction][icons] reference.

-[icons]: https://learn.microsoft.com/en-us/windows/win32/uxguide/vis-icons
+[icons]: https://learn.microsoft.com/en-us/windows/apps/design/style/iconography/app-icon-construction#icon-scaling
+
+:::note
+
+EXIF metadata is currently not supported and will not be taken into account during
+image encoding and decoding.
+
+:::

 ## High Resolution Image

-On platforms that have high-DPI support such as Apple Retina displays, you can
-append `@2x` after image's base filename to mark it as a high resolution image.
+On platforms that support high pixel density displays (such as Apple Retina),
+you can append `@2x` after image's base filename to mark it as a 2x scale
+high resolution image.

 For example, if `icon.png` is a normal image that has standard resolution, then
-`icon@2x.png` will be treated as a high resolution image that has double DPI
-density.
+`icon@2x.png` will be treated as a high resolution image that has double
+Dots per Inch (DPI) density.

 If you want to support displays with different DPI densities at the same time,
 you can put images with different sizes in the same folder and use the filename
-without DPI suffixes. For example:
+without DPI suffixes within Electron. For example:

 ```plaintext
 images/
@@ -71,10 +84,9 @@ images/
 └── icon@3x.png
 ```

-```js
+```js title='Main Process'
 const { Tray } = require('electron')
-const appIcon = new Tray('/Users/somebody/images/icon.png')
-console.log(appIcon)
+const appTray = new Tray('/Users/somebody/images/icon.png')
 ```

 The following suffixes for DPI are also supported:
@@ -91,27 +103,23 @@ The following suffixes for DPI are also supported:
 * `@4x`
 * `@5x`

-## Template Image
+## Template Image _macOS_

-Template images consist of black and an alpha channel.
+On macOS, [template images][template-image] consist of black and an alpha channel.
 Template images are not intended to be used as standalone images and are usually
 mixed with other content to create the desired final appearance.

-The most common case is to use template images for a menu bar icon, so it can
+The most common case is to use template images for a menu bar (Tray) icon, so it can
 adapt to both light and dark menu bars.

-**Note:** Template image is only supported on macOS.
-
-To mark an image as a template image, its filename should end with the word
-`Template`. For example:
-
-* `xxxTemplate.png`
-* `xxxTemplate@2x.png`
+To mark an image as a template image, its base filename should end with the word
+`Template` (e.g. `xxxTemplate.png`). You can also specify template images at
+different DPI densities (e.g. `xxxTemplate@2x.png`).

 ## Methods

 The `nativeImage` module has the following methods, all of which return
-an instance of the `NativeImage` class:
+an instance of the [`NativeImage`](#class-nativeimage) class:

 ### `nativeImage.createEmpty()`

@@ -130,7 +138,7 @@ Note: The Windows implementation will ignore `size.height` and scale the height

 ### `nativeImage.createFromPath(path)`

-* `path` string
+* `path` string - path to a file that we intend to construct an image out of.

 Returns `NativeImage`

@@ -139,7 +147,7 @@ returns an empty image if the `path` does not exist, cannot be read, or is not
 a valid image.

 ```js
-const nativeImage = require('electron').nativeImage
+const { nativeImage } = require('electron')

 const image = nativeImage.createFromPath('/Users/somebody/images/icon.png')
 console.log(image)
@@ -176,7 +184,7 @@ Creates a new `NativeImage` instance from `buffer`. Tries to decode as PNG or JP

 Returns `NativeImage`

-Creates a new `NativeImage` instance from `dataURL`.
+Creates a new `NativeImage` instance from `dataUrl`, a base 64 encoded [Data URL][data-url] string.

 ### `nativeImage.createFromNamedImage(imageName[, hslShift])` _macOS_

@@ -185,14 +193,14 @@ Creates a new `NativeImage` instance from `dataURL`.

 Returns `NativeImage`

-Creates a new `NativeImage` instance from the NSImage that maps to the
-given image name. See [`System Icons`](https://developer.apple.com/design/human-interface-guidelines/macos/icons-and-images/system-icons/)
-for a list of possible values.
+Creates a new `NativeImage` instance from the `NSImage` that maps to the
+given image name. See Apple's [`NSImageName`](https://developer.apple.com/documentation/appkit/nsimagename#2901388)
+documentation for a list of possible values.

 The `hslShift` is applied to the image with the following rules:

 * `hsl_shift[0]` (hue): The absolute hue value for the image - 0 and 1 map
-     to 0 and 360 on the hue color wheel (red).
+    to 0 and 360 on the hue color wheel (red).
 * `hsl_shift[1]` (saturation): A saturation shift for the image, with the
    following key values:
    0 = remove all color.
@@ -209,7 +217,9 @@ This means that `[-1, 0, 1]` will make the image completely white and

 In some cases, the `NSImageName` doesn't match its string representation; one example of this is `NSFolderImageName`, whose string representation would actually be `NSFolder`. Therefore, you'll need to determine the correct string representation for your image before passing it in. This can be done with the following:

-`echo -e '#import <Cocoa/Cocoa.h>\nint main() { NSLog(@"%@", SYSTEM_IMAGE_NAME); }' | clang -otest -x objective-c -framework Cocoa - && ./test`
+```sh
+echo -e '#import <Cocoa/Cocoa.h>\nint main() { NSLog(@"%@", SYSTEM_IMAGE_NAME); }' | clang -otest -x objective-c -framework Cocoa - && ./test
+```

 where `SYSTEM_IMAGE_NAME` should be replaced with any value from [this list](https://developer.apple.com/documentation/appkit/nsimagename?language=objc).

@@ -250,7 +260,7 @@ data.
 * `options` Object (optional)
  * `scaleFactor` Number (optional) - Defaults to 1.0.

-Returns `string` - The data URL of the image.
+Returns `string` - The [Data URL][data-url] of the image.

 #### `image.getBitmap([options])`

@@ -266,7 +276,7 @@ current event loop tick; otherwise the data might be changed or destroyed.
 #### `image.getNativeHandle()` _macOS_

 Returns `Buffer` - A [Buffer][buffer] that stores C pointer to underlying native handle of
-the image. On macOS, a pointer to `NSImage` instance would be returned.
+the image. On macOS, a pointer to `NSImage` instance is returned.

 Notice that the returned pointer is a weak pointer to the underlying native
 image instead of a copy, so you _must_ ensure that the associated
@@ -288,11 +298,11 @@ If `scaleFactor` is passed, this will return the size corresponding to the image

 * `option` boolean

-Marks the image as a template image.
+Marks the image as a macOS [template image][template-image].

 #### `image.isTemplateImage()`

-Returns `boolean` - Whether the image is a template image.
+Returns `boolean` - Whether the image is a macOS [template image][template-image].

 #### `image.crop(rect)`

@@ -321,13 +331,13 @@ will be preserved in the resized image.

 * `scaleFactor` Number (optional) - Defaults to 1.0.

-Returns `Number` - The image's aspect ratio.
+Returns `Number` - The image's aspect ratio (width divided by height).

 If `scaleFactor` is passed, this will return the aspect ratio corresponding to the image representation most closely matching the passed value.

 #### `image.getScaleFactors()`

-Returns `Number[]` - An array of all scale factors corresponding to representations for a given nativeImage.
+Returns `Number[]` - An array of all scale factors corresponding to representations for a given `NativeImage`.

 #### `image.addRepresentation(options)`

@@ -342,15 +352,17 @@ Returns `Number[]` - An array of all scale factors corresponding to representati
    encoded PNG or JPEG image.

 Add an image representation for a specific scale factor. This can be used
-to explicitly add different scale factor representations to an image. This
+to programmatically add different scale factor representations to an image. This
 can be called on empty images.

-[buffer]: https://nodejs.org/api/buffer.html#buffer_class_buffer
-
 ### Instance Properties

 #### `nativeImage.isMacTemplateImage` _macOS_

-A `boolean` property that determines whether the image is considered a [template image](https://developer.apple.com/documentation/appkit/nsimage/1520017-template).
+A `boolean` property that determines whether the image is considered a [template image][template-image].

 Please note that this property only has an effect on macOS.
+
+[buffer]: https://nodejs.org/api/buffer.html#buffer_class_buffer
+[data-url]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URLs
+[template-image]: https://developer.apple.com/documentation/appkit/nsimage/1520017-template
--- a/docs/api/native-theme.md
+++ b/docs/api/native-theme.md
@@ -72,3 +72,7 @@ or is being instructed to use an inverted color scheme.

 A `boolean` indicating whether Chromium is in forced colors mode, controlled by system accessibility settings.
 Currently, Windows high contrast is the only system setting that triggers forced colors mode.
+
+### `nativeTheme.prefersReducedTransparency` _Readonly_
+
+A `boolean` that indicates the whether the user has chosen via system accessibility settings to reduce transparency at the OS level.
--- a/docs/api/navigation-history.md
+++ b/docs/api/navigation-history.md
@@ -0,0 +1,29 @@
+## Class: NavigationHistory
+
+> Manage a list of navigation entries, representing the user's browsing history within the application.
+
+Process: [Main](../glossary.md#main-process)<br />
+_This class is not exported from the `'electron'` module. It is only available as a return value of other methods in the Electron API._
+
+Each navigation entry corresponds to a specific page. The indexing system follows a sequential order, where the first available navigation entry is at index 0, representing the earliest visited page, and the latest navigation entry is at index N, representing the most recent page. Maintaining this ordered list of navigation entries enables seamless navigation both backward and forward through the user's browsing history.
+
+### Instance Methods
+
+#### `navigationHistory.getActiveIndex()`
+
+Returns `Integer` - The index of the current page, from which we would go back/forward or reload.
+
+#### `navigationHistory.getEntryAtIndex(index)`
+
+* `index` Integer
+
+Returns `Object`:
+
+* `url` string - The URL of the navigation entry at the given index.
+* `title` string - The page title of the navigation entry at the given index.
+
+If index is out of bounds (greater than history length or less than 0), null will be returned.
+
+#### `navigationHistory.length()`
+
+Returns `Integer` - History length.
--- a/docs/api/net.md
+++ b/docs/api/net.md
@@ -66,7 +66,7 @@ requests according to the specified protocol scheme in the `options` object.
 ### `net.fetch(input[, init])`

 * `input` string | [GlobalRequest](https://nodejs.org/api/globals.html#request)
-* `init` [RequestInit](https://developer.mozilla.org/en-US/docs/Web/API/fetch#options) & { bypassCustomProtocolHandlers?: boolean } (optional)
+* `init` [RequestInit](https://developer.mozilla.org/en-US/docs/Web/API/fetch#options) & \{ bypassCustomProtocolHandlers?: boolean \} (optional)

 Returns `Promise<GlobalResponse>` - see [Response](https://developer.mozilla.org/en-US/docs/Web/API/Response).

@@ -86,9 +86,8 @@ async function example () {
 }
 ```

-This method will issue requests from the [default
-session](session.md#sessiondefaultsession). To send a `fetch` request from
-another session, use [ses.fetch()](session.md#sesfetchinput-init).
+This method will issue requests from the [default session](session.md#sessiondefaultsession).
+To send a `fetch` request from another session, use [ses.fetch()](session.md#sesfetchinput-init).

 See the MDN documentation for
 [`fetch()`](https://developer.mozilla.org/en-US/docs/Web/API/fetch) for more
@@ -101,11 +100,10 @@ Limitations:
 * The `.type` and `.url` values of the returned `Response` object are
  incorrect.

-By default, requests made with `net.fetch` can be made to [custom
-protocols](protocol.md) as well as `file:`, and will trigger
-[webRequest](web-request.md) handlers if present. When the non-standard
-`bypassCustomProtocolHandlers` option is set in RequestInit, custom protocol
-handlers will not be called for this request. This allows forwarding an
+By default, requests made with `net.fetch` can be made to [custom protocols](protocol.md)
+as well as `file:`, and will trigger [webRequest](web-request.md) handlers if present.
+When the non-standard `bypassCustomProtocolHandlers` option is set in RequestInit,
+custom protocol handlers will not be called for this request. This allows forwarding an
 intercepted request to the built-in handler. [webRequest](web-request.md)
 handlers will still be triggered when bypassing custom protocols.

@@ -167,9 +165,8 @@ will be successful.

 Returns [`Promise<ResolvedHost>`](structures/resolved-host.md) - Resolves with the resolved IP addresses for the `host`.

-This method will resolve hosts from the [default
-session](session.md#sessiondefaultsession). To resolve a host from
-another session, use [ses.resolveHost()](session.md#sesresolvehosthost-options).
+This method will resolve hosts from the [default session](session.md#sessiondefaultsession).
+To resolve a host from another session, use [ses.resolveHost()](session.md#sesresolvehosthost-options).

 ## Properties

--- a/docs/api/process.md
+++ b/docs/api/process.md
@@ -21,7 +21,6 @@ In sandboxed renderers the `process` object contains only a subset of the APIs:
 * `getSystemMemoryInfo()`
 * `getSystemVersion()`
 * `getCPUUsage()`
-* `getIOCounters()`
 * `uptime()`
 * `argv`
 * `execPath`
@@ -162,10 +161,6 @@ The time is represented as number of milliseconds since epoch. It returns null i

 Returns [`CPUUsage`](structures/cpu-usage.md)

-### `process.getIOCounters()` _Windows_ _Linux_
-
-Returns [`IOCounters`](structures/io-counters.md)
-
 ### `process.getHeapStatistics()`

 Returns `Object`:
--- a/docs/api/protocol.md
+++ b/docs/api/protocol.md
@@ -9,10 +9,14 @@ An example of implementing a protocol that has the same effect as the

 ```js
 const { app, protocol, net } = require('electron')
+const path = require('node:path')
+const url = require('node:url')

 app.whenReady().then(() => {
-  protocol.handle('atom', (request) =>
-    net.fetch('file://' + request.url.slice('atom://'.length)))
+  protocol.handle('atom', (request) => {
+    const filePath = request.url.slice('atom://'.length)
+    return net.fetch(url.pathToFileURL(path.join(__dirname, filePath)).toString())
+  })
 })
 ```

@@ -42,7 +46,7 @@ app.whenReady().then(() => {

  ses.protocol.handle('atom', (request) => {
    const filePath = request.url.slice('atom://'.length)
-    return net.fetch(url.pathToFileURL(path.join(__dirname, filePath)).toString())
+    return net.fetch(url.pathToFileURL(path.resolve(__dirname, filePath)).toString())
  })

  const mainWindow = new BrowserWindow({ webPreferences: { partition } })
@@ -75,9 +79,8 @@ protocol.registerSchemesAsPrivileged([
 ])
 ```

-A standard scheme adheres to what RFC 3986 calls [generic URI
-syntax](https://tools.ietf.org/html/rfc3986#section-3). For example `http` and
-`https` are standard schemes, while `file` is not.
+A standard scheme adheres to what RFC 3986 calls [generic URI syntax](https://tools.ietf.org/html/rfc3986#section-3).
+For example `http` and `https` are standard schemes, while `file` is not.

 Registering a scheme as standard allows relative and absolute resources to
 be resolved correctly when served. Otherwise the scheme will behave like the
@@ -111,7 +114,7 @@ expect streaming responses.

 * `scheme` string - scheme to handle, for example `https` or `my-app`. This is
  the bit before the `:` in a URL.
-* `handler` Function<[GlobalResponse](https://nodejs.org/api/globals.html#response) | Promise<GlobalResponse>>
+* `handler` Function\<[GlobalResponse](https://nodejs.org/api/globals.html#response) | Promise\<GlobalResponse\>\>
  * `request` [GlobalRequest](https://nodejs.org/api/globals.html#request)

 Register a protocol handler for `scheme`. Requests made to URLs with this
--- a/docs/api/push-notifications.md
+++ b/docs/api/push-notifications.md
@@ -27,7 +27,7 @@ The `pushNotification` module emits the following events:
 Returns:

 * `event` Event
-* `userInfo` Record<String, any>
+* `userInfo` Record\<String, any\>

 Emitted when the app receives a remote notification while running.
 See: https://developer.apple.com/documentation/appkit/nsapplicationdelegate/1428430-application?language=objc
--- a/docs/api/safe-storage.md
+++ b/docs/api/safe-storage.md
@@ -4,7 +4,19 @@

 Process: [Main](../glossary.md#main-process)

-This module protects data stored on disk from being accessed by other applications or users with full disk access.
+This module adds extra protection to data being stored on disk by using OS-provided cryptography systems. Current
+security semantics for each platform are outlined below.
+
+* **macOS**: Encryption keys are stored for your app in [Keychain Access](https://support.apple.com/en-ca/guide/keychain-access/kyca1083/mac) in a way that prevents
+other applications from loading them without user override. Therefore, content is protected from other users and other apps running in the same userspace.
+* **Windows**: Encryption keys are generated via [DPAPI](https://learn.microsoft.com/en-us/windows/win32/api/dpapi/nf-dpapi-cryptprotectdata).
+As per the Windows documentation: "Typically, only a user with the same logon credential as the user who encrypted the data can typically
+decrypt the data". Therefore, content is protected from other users on the same machine, but not from other apps running in the
+same userspace.
+* **Linux**: Encryption keys are generated and stored in a secret store that varies depending on your window manager and system setup. Options currently supported are `kwallet`, `kwallet5`, `kwallet6` and `gnome-libsecret`, but more may be available in future versions of Electron. As such, the
+security semantics of content protected via the `safeStorage` API vary between window managers and secret stores.
+  * Note that not all Linux setups have an available secret store. If no secret store is available, items stored in using the `safeStorage` API will be unprotected
+as they are encrypted via hardcoded plaintext password. You can detect when this happens when `safeStorage.getSelectedStorageBackend()` returns `basic_text`.

 Note that on Mac, access to the system Keychain is required and
 these calls can block the current thread to collect user input.
--- a/docs/api/session.md
+++ b/docs/api/session.md
@@ -143,6 +143,71 @@ Returns:
 Emitted after an extension is loaded and all necessary browser state is
 initialized to support the start of the extension's background page.

+#### Event: 'file-system-access-restricted'
+
+Returns:
+
+* `event` Event
+* `details` Object
+  * `origin` string - The origin that initiated access to the blocked path.
+  * `isDirectory` boolean - Whether or not the path is a directory.
+  * `path` string - The blocked path attempting to be accessed.
+* `callback` Function
+  * `action` string - The action to take as a result of the restricted path access attempt.
+    * `allow` - This will allow `path` to be accessed despite restricted status.
+    * `deny` - This will block the access request and trigger an [`AbortError`](https://developer.mozilla.org/en-US/docs/Web/API/AbortController/abort).
+    * `tryAgain` - This will open a new file picker and allow the user to choose another path.
+
+```js
+const { app, dialog, BrowserWindow, session } = require('electron')
+
+async function createWindow () {
+  const mainWindow = new BrowserWindow()
+
+  await mainWindow.loadURL('https://buzzfeed.com')
+
+  session.defaultSession.on('file-system-access-restricted', async (e, details, callback) => {
+    const { origin, path } = details
+    const { response } = await dialog.showMessageBox({
+      message: `Are you sure you want ${origin} to open restricted path ${path}?`,
+      title: 'File System Access Restricted',
+      buttons: ['Choose a different folder', 'Allow', 'Cancel'],
+      cancelId: 2
+    })
+
+    if (response === 0) {
+      callback('tryAgain')
+    } else if (response === 1) {
+      callback('allow')
+    } else {
+      callback('deny')
+    }
+  })
+
+  mainWindow.webContents.executeJavaScript(`
+    window.showDirectoryPicker({
+      id: 'electron-demo',
+      mode: 'readwrite',
+      startIn: 'downloads',
+    }).catch(e => {
+      console.log(e)
+    })`, true
+  )
+}
+
+app.whenReady().then(() => {
+  createWindow()
+
+  app.on('activate', () => {
+    if (BrowserWindow.getAllWindows().length === 0) createWindow()
+  })
+})
+
+app.on('window-all-closed', function () {
+  if (process.platform !== 'darwin') app.quit()
+})
+```
+
 #### Event: 'preconnect'

 Returns:
@@ -430,7 +495,7 @@ app.whenReady().then(() => {
 })
 ```

-```js
+```js @ts-nocheck
 // Renderer Process

 const portConnect = async () => {
@@ -589,105 +654,15 @@ Writes any unwritten DOMStorage data to disk.

 #### `ses.setProxy(config)`

-* `config` Object
-  * `mode` string (optional) - The proxy mode. Should be one of `direct`,
-    `auto_detect`, `pac_script`, `fixed_servers` or `system`. If it's
-    unspecified, it will be automatically determined based on other specified
-    options.
-    * `direct`
-      In direct mode all connections are created directly, without any proxy involved.
-    * `auto_detect`
-      In auto_detect mode the proxy configuration is determined by a PAC script that can
-      be downloaded at http://wpad/wpad.dat.
-    * `pac_script`
-      In pac_script mode the proxy configuration is determined by a PAC script that is
-      retrieved from the URL specified in the `pacScript`. This is the default mode
-      if `pacScript` is specified.
-    * `fixed_servers`
-      In fixed_servers mode the proxy configuration is specified in `proxyRules`.
-      This is the default mode if `proxyRules` is specified.
-    * `system`
-      In system mode the proxy configuration is taken from the operating system.
-      Note that the system mode is different from setting no proxy configuration.
-      In the latter case, Electron falls back to the system settings
-      only if no command-line options influence the proxy configuration.
-  * `pacScript` string (optional) - The URL associated with the PAC file.
-  * `proxyRules` string (optional) - Rules indicating which proxies to use.
-  * `proxyBypassRules` string (optional) - Rules indicating which URLs should
-    bypass the proxy settings.
+* `config` [ProxyConfig](structures/proxy-config.md)

 Returns `Promise<void>` - Resolves when the proxy setting process is complete.

 Sets the proxy settings.

-When `mode` is unspecified, `pacScript` and `proxyRules` are provided together, the `proxyRules`
-option is ignored and `pacScript` configuration is applied.
-
 You may need `ses.closeAllConnections` to close currently in flight connections to prevent
 pooled sockets using previous proxy from being reused by future requests.

-The `proxyRules` has to follow the rules below:
-
-```sh
-proxyRules = schemeProxies[";"<schemeProxies>]
-schemeProxies = [<urlScheme>"="]<proxyURIList>
-urlScheme = "http" | "https" | "ftp" | "socks"
-proxyURIList = <proxyURL>[","<proxyURIList>]
-proxyURL = [<proxyScheme>"://"]<proxyHost>[":"<proxyPort>]
-```
-
-For example:
-
-* `http=foopy:80;ftp=foopy2` - Use HTTP proxy `foopy:80` for `http://` URLs, and
-  HTTP proxy `foopy2:80` for `ftp://` URLs.
-* `foopy:80` - Use HTTP proxy `foopy:80` for all URLs.
-* `foopy:80,bar,direct://` - Use HTTP proxy `foopy:80` for all URLs, failing
-  over to `bar` if `foopy:80` is unavailable, and after that using no proxy.
-* `socks4://foopy` - Use SOCKS v4 proxy `foopy:1080` for all URLs.
-* `http=foopy,socks5://bar.com` - Use HTTP proxy `foopy` for http URLs, and fail
-  over to the SOCKS5 proxy `bar.com` if `foopy` is unavailable.
-* `http=foopy,direct://` - Use HTTP proxy `foopy` for http URLs, and use no
-  proxy if `foopy` is unavailable.
-* `http=foopy;socks=foopy2` - Use HTTP proxy `foopy` for http URLs, and use
-  `socks4://foopy2` for all other URLs.
-
-The `proxyBypassRules` is a comma separated list of rules described below:
-
-* `[ URL_SCHEME "://" ] HOSTNAME_PATTERN [ ":" <port> ]`
-
-   Match all hostnames that match the pattern HOSTNAME_PATTERN.
-
-   Examples:
-     "foobar.com", "\*foobar.com", "\*.foobar.com", "\*foobar.com:99",
-     "https://x.\*.y.com:99"
-
-* `"." HOSTNAME_SUFFIX_PATTERN [ ":" PORT ]`
-
-   Match a particular domain suffix.
-
-   Examples:
-     ".google.com", ".com", "http://.google.com"
-
-* `[ SCHEME "://" ] IP_LITERAL [ ":" PORT ]`
-
-   Match URLs which are IP address literals.
-
-   Examples:
-     "127.0.1", "\[0:0::1]", "\[::1]", "http://\[::1]:99"
-
-* `IP_LITERAL "/" PREFIX_LENGTH_IN_BITS`
-
-   Match any URL that is to an IP literal that falls between the
-   given range. IP range is specified using CIDR notation.
-
-   Examples:
-     "192.168.1.1/16", "fefe:13::abc/33".
-
-* `<local>`
-
-   Match local addresses. The meaning of `<local>` is whether the
-   host matches one of: "127.0.0.1", "::1", "localhost".
-
 #### `ses.resolveHost(host, [options])`

 * `host` string - Hostname to resolve.
@@ -785,7 +760,7 @@ Returns `Promise<void>` - Resolves when all connections are closed.
 #### `ses.fetch(input[, init])`

 * `input` string | [GlobalRequest](https://nodejs.org/api/globals.html#request)
-* `init` [RequestInit](https://developer.mozilla.org/en-US/docs/Web/API/fetch#options) & { bypassCustomProtocolHandlers?: boolean } (optional)
+* `init` [RequestInit](https://developer.mozilla.org/en-US/docs/Web/API/fetch#options) & \{ bypassCustomProtocolHandlers?: boolean \} (optional)

 Returns `Promise<GlobalResponse>` - see [Response](https://developer.mozilla.org/en-US/docs/Web/API/Response).

@@ -819,11 +794,10 @@ Limitations:
 * The `.type` and `.url` values of the returned `Response` object are
  incorrect.

-By default, requests made with `net.fetch` can be made to [custom
-protocols](protocol.md) as well as `file:`, and will trigger
-[webRequest](web-request.md) handlers if present. When the non-standard
-`bypassCustomProtocolHandlers` option is set in RequestInit, custom protocol
-handlers will not be called for this request. This allows forwarding an
+By default, requests made with `net.fetch` can be made to [custom protocols](protocol.md)
+as well as `file:`, and will trigger [webRequest](web-request.md) handlers if present.
+When the non-standard `bypassCustomProtocolHandlers` option is set in RequestInit,
+custom protocol handlers will not be called for this request. This allows forwarding an
 intercepted request to the built-in handler. [webRequest](web-request.md)
 handlers will still be triggered when bypassing custom protocols.

@@ -903,17 +877,15 @@ win.webContents.session.setCertificateVerifyProc((request, callback) => {
    * `pointerLock` - Request to directly interpret mouse movements as an input method via the [Pointer Lock API](https://developer.mozilla.org/en-US/docs/Web/API/Pointer_Lock_API). These requests always appear to originate from the main frame.
    * `keyboardLock` - Request capture of keypresses for any or all of the keys on the physical keyboard via the [Keyboard Lock API](https://developer.mozilla.org/en-US/docs/Web/API/Keyboard/lock). These requests always appear to originate from the main frame.
    * `openExternal` - Request to open links in external applications.
+    * `speaker-selection` - Request to enumerate and select audio output devices via the [speaker-selection permissions policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/speaker-selection).
+    * `storage-access` - Allows content loaded in a third-party context to request access to third-party cookies using the [Storage Access API](https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API).
+    * `top-level-storage-access` -  Allow top-level sites to request third-party cookie access on behalf of embedded content originating from another site in the same related website set using the [Storage Access API](https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API).
    * `window-management` - Request access to enumerate screens using the [`getScreenDetails`](https://developer.chrome.com/en/articles/multi-screen-window-placement/) API.
    * `unknown` - An unrecognized permission request.
+    * `fileSystem` - Request access to read, write, and file management capabilities using the [File System API](https://developer.mozilla.org/en-US/docs/Web/API/File_System_API).
  * `callback` Function
    * `permissionGranted` boolean - Allow or deny the permission.
-  * `details` Object - Some properties are only available on certain permission types.
-    * `externalURL` string (optional) - The url of the `openExternal` request.
-    * `securityOrigin` string (optional) - The security origin of the `media` request.
-    * `mediaTypes` string[] (optional) - The types of media access being requested, elements can be `video`
-      or `audio`
-    * `requestingUrl` string - The last URL the requesting frame loaded
-    * `isMainFrame` boolean - Whether the frame making the request is the main frame
+  * `details` [PermissionRequest](structures/permission-request.md)  | [FilesystemPermissionRequest](structures/filesystem-permission-request.md) | [MediaAccessPermissionRequest](structures/media-access-permission-request.md) | [OpenExternalPermissionRequest](structures/open-external-permission-request.md) - Additional information about the permission being requested.

 Sets the handler which can be used to respond to permission requests for the `session`.
 Calling `callback(true)` will allow the permission and `callback(false)` will reject it.
@@ -951,6 +923,8 @@ session.fromPartition('some-partition').setPermissionRequestHandler((webContents
    * `openExternal` - Open links in external applications.
    * `pointerLock` - Directly interpret mouse movements as an input method via the [Pointer Lock API](https://developer.mozilla.org/en-US/docs/Web/API/Pointer_Lock_API). These requests always appear to originate from the main frame.
    * `serial` - Read from and write to serial devices with the [Web Serial API](https://developer.mozilla.org/en-US/docs/Web/API/Web_Serial_API).
+    * `storage-access` - Allows content loaded in a third-party context to request access to third-party cookies using the [Storage Access API](https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API).
+    * `top-level-storage-access` -  Allow top-level sites to request third-party cookie access on behalf of embedded content originating from another site in the same related website set using the [Storage Access API](https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API).
    * `usb` - Expose non-standard Universal Serial Bus (USB) compatible devices services to the web with the [WebUSB API](https://developer.mozilla.org/en-US/docs/Web/API/WebUSB_API).
  * `requestingOrigin` string - The origin URL of the permission check
  * `details` Object - Some properties are only available on certain permission types.
@@ -1305,7 +1279,7 @@ Returns `Promise<Buffer>` - resolves with blob data.

 * `url` string
 * `options` Object (optional)
-  * `headers` Record<string, string> (optional) - HTTP request headers.
+  * `headers` Record\<string, string\> (optional) - HTTP request headers.

 Initiates a download of the resource at `url`.
 The API will generate a [DownloadItem](download-item.md) that can be accessed
@@ -1513,6 +1487,37 @@ is emitted.
 Returns `string | null` - The absolute file system path where data for this
 session is persisted on disk.  For in memory sessions this returns `null`.

+#### `ses.clearData([options])`
+
+* `options` Object (optional)
+  * `dataTypes` String[] (optional) - The types of data to clear. By default, this will clear all types of data.
+    * `backgroundFetch` - Background Fetch
+    * `cache` - Cache
+    * `cookies` - Cookies
+    * `downloads` - Downloads
+    * `fileSystems` - File Systems
+    * `indexedDB` - IndexedDB
+    * `localStorage` - Local Storage
+    * `serviceWorkers` - Service Workers
+    * `webSQL` - WebSQL
+  * `origins` String[] (optional) - Clear data for only these origins. Cannot be used with `excludeOrigins`.
+  * `excludeOrigins` String[] (optional) - Clear data for all origins except these ones. Cannot be used with `origins`.
+  * `avoidClosingConnections` boolean (optional) - Skips deleting cookies that would close current network connections. (Default: `false`)
+  * `originMatchingMode` String (optional) - The behavior for matching data to origins.
+    * `third-parties-included` (default) - Storage is matched on origin in first-party contexts and top-level-site in third-party contexts.
+    * `origin-in-all-contexts` - Storage is matched on origin only in all contexts.
+
+Returns `Promise<void>` - resolves when all data has been cleared.
+
+Clears various different types of data.
+
+This method clears more types of data and is more thorough than the
+`clearStorageData` method.
+
+**Note:** Cookies are stored at a broader scope than origins. When removing cookies and filtering by `origins` (or `excludeOrigins`), the cookies will be removed at the [registrable domain](https://url.spec.whatwg.org/#host-registrable-domain) level. For example, clearing cookies for the origin `https://really.specific.origin.example.com/` will end up clearing all cookies for `example.com`. Clearing cookies for the origin `https://my.website.example.co.uk/` will end up clearing all cookies for `example.co.uk`.
+
+For more information, refer to Chromium's [`BrowsingDataRemover` interface](https://source.chromium.org/chromium/chromium/src/+/main:content/public/browser/browsing_data_remover.h).
+
 ### Instance Properties

 The following properties are available on instances of `Session`:
--- a/docs/api/structures/base-window-options.md
+++ b/docs/api/structures/base-window-options.md
@@ -80,17 +80,21 @@
  * `followWindow` - The backdrop should automatically appear active when the window is active, and inactive when it is not. This is the default.
  * `active` - The backdrop should always appear active.
  * `inactive` - The backdrop should always appear inactive.
-* `titleBarStyle` string (optional) _macOS_ _Windows_ - The style of window title bar.
+* `titleBarStyle` string (optional) - The style of window title bar.
  Default is `default`. Possible values are:
  * `default` - Results in the standard title bar for macOS or Windows respectively.
-  * `hidden` - Results in a hidden title bar and a full size content window. On macOS, the window still has the standard window controls (“traffic lights”) in the top left. On Windows, when combined with `titleBarOverlay: true` it will activate the Window Controls Overlay (see `titleBarOverlay` for more information), otherwise no window controls will be shown.
-  * `hiddenInset` _macOS_ - Only on macOS, results in a hidden title bar
+  * `hidden` - Results in a hidden title bar and a full size content window. On macOS, the window still has the standard window controls (“traffic lights”) in the top left. On Windows and Linux, when combined with `titleBarOverlay: true` it will activate the Window Controls Overlay (see `titleBarOverlay` for more information), otherwise no window controls will be shown.
+  * `hiddenInset` _macOS_ - Results in a hidden title bar
    with an alternative look where the traffic light buttons are slightly
    more inset from the window edge.
-  * `customButtonsOnHover` _macOS_ - Only on macOS, results in a hidden
+  * `customButtonsOnHover` _macOS_ - Results in a hidden
    title bar and a full size content window, the traffic light buttons will
    display when being hovered over in the top left of the window.
    **Note:** This option is currently experimental.
+* `titleBarOverlay` Object | Boolean (optional) -  When using a frameless window in conjunction with `win.setWindowButtonVisibility(true)` on macOS or using a `titleBarStyle` so that the standard window controls ("traffic lights" on macOS) are visible, this property enables the Window Controls Overlay [JavaScript APIs][overlay-javascript-apis] and [CSS Environment Variables][overlay-css-env-vars]. Specifying `true` will result in an overlay with default system colors. Default is `false`.
+  * `color` String (optional) _Windows_ _Linux_ - The CSS color of the Window Controls Overlay when enabled. Default is the system color.
+  * `symbolColor` String (optional) _Windows_ - The CSS color of the symbols on the Window Controls Overlay when enabled. Default is the system color.
+  * `height` Integer (optional) - The height of the title bar and Window Controls Overlay in pixels. Default is system height.
 * `trafficLightPosition` [Point](point.md) (optional) _macOS_ -
  Set a custom position for the traffic light buttons in frameless windows.
 * `roundedCorners` boolean (optional) _macOS_ - Whether frameless window
@@ -150,3 +154,6 @@ Possible values are:
    reserved for NSPanel, at runtime. Also, the window will appear on all
    spaces (desktops).
 * On Windows, possible type is `toolbar`.
+
+[overlay-css-env-vars]: https://github.com/WICG/window-controls-overlay/blob/main/explainer.md#css-environment-variables
+[overlay-javascript-apis]: https://github.com/WICG/window-controls-overlay/blob/main/explainer.md#javascript-apis
--- a/docs/api/structures/browser-window-options.md
+++ b/docs/api/structures/browser-window-options.md
@@ -2,10 +2,3 @@

 * `webPreferences` [WebPreferences](web-preferences.md?inline) (optional) - Settings of web page's features.
 * `paintWhenInitiallyHidden` boolean (optional) - Whether the renderer should be active when `show` is `false` and it has just been created.  In order for `document.visibilityState` to work correctly on first load with `show: false` you should set this to `false`.  Setting this to `false` will cause the `ready-to-show` event to not fire.  Default is `true`.
-* `titleBarOverlay` Object | Boolean (optional) -  When using a frameless window in conjunction with `win.setWindowButtonVisibility(true)` on macOS or using a `titleBarStyle` so that the standard window controls ("traffic lights" on macOS) are visible, this property enables the Window Controls Overlay [JavaScript APIs][overlay-javascript-apis] and [CSS Environment Variables][overlay-css-env-vars]. Specifying `true` will result in an overlay with default system colors. Default is `false`.
-  * `color` String (optional) _Windows_ - The CSS color of the Window Controls Overlay when enabled. Default is the system color.
-  * `symbolColor` String (optional) _Windows_ - The CSS color of the symbols on the Window Controls Overlay when enabled. Default is the system color.
-  * `height` Integer (optional) _macOS_ _Windows_ - The height of the title bar and Window Controls Overlay in pixels. Default is system height.
-
-[overlay-css-env-vars]: https://github.com/WICG/window-controls-overlay/blob/main/explainer.md#css-environment-variables
-[overlay-javascript-apis]: https://github.com/WICG/window-controls-overlay/blob/main/explainer.md#javascript-apis
--- a/docs/api/structures/file-path-with-headers.md
+++ b/docs/api/structures/file-path-with-headers.md
@@ -1,4 +1,4 @@
 # FilePathWithHeaders Object

 * `path` string - The path to the file to send.
-* `headers` Record<string, string> (optional) - Additional headers to be sent.
+* `headers` Record\<string, string\> (optional) - Additional headers to be sent.
--- a/docs/api/structures/filesystem-permission-request.md
+++ b/docs/api/structures/filesystem-permission-request.md
@@ -0,0 +1,5 @@
+# FilesystemPermissionRequest Object extends `PermissionRequest`
+
+* `filePath` string (optional) - The path of the `fileSystem` request.
+* `isDirectory` boolean (optional) - Whether the `fileSystem` request is a directory.
+* `fileAccessType` string (optional) - The access type of the `fileSystem` request. Can be `writable` or `readable`.
--- a/docs/api/structures/io-counters.md
+++ b/docs/api/structures/io-counters.md
@@ -1,8 +0,0 @@
-# IOCounters Object
-
-* `readOperationCount` number - The number of I/O read operations.
-* `writeOperationCount` number - The number of I/O write operations.
-* `otherOperationCount` number - Then number of I/O other operations.
-* `readTransferCount` number - The number of I/O read transfers.
-* `writeTransferCount` number - The number of I/O write transfers.
-* `otherTransferCount` number - Then number of I/O other transfers.
--- a/docs/api/structures/media-access-permission-request.md
+++ b/docs/api/structures/media-access-permission-request.md
@@ -0,0 +1,5 @@
+# MediaAccessPermissionRequest Object extends `PermissionRequest`
+
+* `securityOrigin` string (optional) - The security origin of the request.
+* `mediaTypes` string[] (optional) - The types of media access being requested - elements can be `video`
+  or `audio`.
--- a/docs/api/structures/notification-response.md
+++ b/docs/api/structures/notification-response.md
@@ -3,5 +3,5 @@
 * `actionIdentifier` string - The identifier string of the action that the user selected.
 * `date` number - The delivery date of the notification.
 * `identifier` string - The unique identifier for this notification request.
-* `userInfo` Record<string, any> - A dictionary of custom information associated with the notification.
+* `userInfo` Record\<string, any\> - A dictionary of custom information associated with the notification.
 * `userText` string (optional) - The text entered or chosen by the user.
--- a/docs/api/structures/open-external-permission-request.md
+++ b/docs/api/structures/open-external-permission-request.md
@@ -0,0 +1,3 @@
+# OpenExternalPermissionRequest Object extends `PermissionRequest`
+
+* `externalURL` string (optional) - The url of the `openExternal` request.
--- a/docs/api/structures/permission-request.md
+++ b/docs/api/structures/permission-request.md
@@ -0,0 +1,4 @@
+# PermissionRequest Object
+
+* `requestingUrl` string - The last URL the requesting frame loaded.
+* `isMainFrame` boolean - Whether the frame making the request is the main frame.
--- a/docs/api/structures/protocol-request.md
+++ b/docs/api/structures/protocol-request.md
@@ -4,4 +4,4 @@
 * `referrer` string
 * `method` string
 * `uploadData` [UploadData[]](upload-data.md) (optional)
-* `headers` Record<string, string>
+* `headers` Record\<string, string\>
--- a/docs/api/structures/protocol-response.md
+++ b/docs/api/structures/protocol-response.md
@@ -10,7 +10,7 @@
  `"text/html"`. Setting `mimeType` would implicitly set the `content-type`
  header in response, but if `content-type` is already set in `headers`, the
  `mimeType` would be ignored.
-* `headers` Record<string, string | string[]> (optional) - An object containing the response headers. The
+* `headers` Record\<string, string | string[]\> (optional) - An object containing the response headers. The
  keys must be string, and values must be either string or Array of string.
 * `data` (Buffer | string | ReadableStream) (optional) - The response body. When
  returning stream as response, this is a Node.js readable stream representing
--- a/docs/api/structures/proxy-config.md
+++ b/docs/api/structures/proxy-config.md
@@ -0,0 +1,86 @@
+# ProxyConfig Object
+
+* `mode` string (optional) - The proxy mode. Should be one of `direct`,
+`auto_detect`, `pac_script`, `fixed_servers` or `system`.
+Defaults to `pac_script` proxy mode if `pacScript` option is specified
+otherwise defaults to `fixed_servers`.
+  * `direct` - In direct mode all connections are created directly, without any proxy involved.
+  * `auto_detect` - In auto_detect mode the proxy configuration is determined by a PAC script that can
+    be downloaded at http://wpad/wpad.dat.
+  * `pac_script` - In pac_script mode the proxy configuration is determined by a PAC script that is
+    retrieved from the URL specified in the `pacScript`. This is the default mode if `pacScript` is specified.
+  * `fixed_servers` - In fixed_servers mode the proxy configuration is specified in `proxyRules`.
+    This is the default mode if `proxyRules` is specified.
+  * `system` - In system mode the proxy configuration is taken from the operating system.
+    Note that the system mode is different from setting no proxy configuration.
+    In the latter case, Electron falls back to the system settings only if no
+    command-line options influence the proxy configuration.
+* `pacScript` string (optional) - The URL associated with the PAC file.
+* `proxyRules` string (optional) - Rules indicating which proxies to use.
+* `proxyBypassRules` string (optional) - Rules indicating which URLs should
+bypass the proxy settings.
+
+When `mode` is unspecified, `pacScript` and `proxyRules` are provided together, the `proxyRules`
+option is ignored and `pacScript` configuration is applied.
+
+The `proxyRules` has to follow the rules below:
+
+```sh
+proxyRules = schemeProxies[";"<schemeProxies>]
+schemeProxies = [<urlScheme>"="]<proxyURIList>
+urlScheme = "http" | "https" | "ftp" | "socks"
+proxyURIList = <proxyURL>[","<proxyURIList>]
+proxyURL = [<proxyScheme>"://"]<proxyHost>[":"<proxyPort>]
+```
+
+For example:
+
+* `http=foopy:80;ftp=foopy2` - Use HTTP proxy `foopy:80` for `http://` URLs, and
+  HTTP proxy `foopy2:80` for `ftp://` URLs.
+* `foopy:80` - Use HTTP proxy `foopy:80` for all URLs.
+* `foopy:80,bar,direct://` - Use HTTP proxy `foopy:80` for all URLs, failing
+  over to `bar` if `foopy:80` is unavailable, and after that using no proxy.
+* `socks4://foopy` - Use SOCKS v4 proxy `foopy:1080` for all URLs.
+* `http=foopy,socks5://bar.com` - Use HTTP proxy `foopy` for http URLs, and fail
+  over to the SOCKS5 proxy `bar.com` if `foopy` is unavailable.
+* `http=foopy,direct://` - Use HTTP proxy `foopy` for http URLs, and use no
+  proxy if `foopy` is unavailable.
+* `http=foopy;socks=foopy2` - Use HTTP proxy `foopy` for http URLs, and use
+  `socks4://foopy2` for all other URLs.
+
+The `proxyBypassRules` is a comma separated list of rules described below:
+
+* `[ URL_SCHEME "://" ] HOSTNAME_PATTERN [ ":" <port> ]`
+
+   Match all hostnames that match the pattern HOSTNAME_PATTERN.
+
+   Examples:
+     "foobar.com", "\*foobar.com", "\*.foobar.com", "\*foobar.com:99",
+     "https://x.\*.y.com:99"
+
+* `"." HOSTNAME_SUFFIX_PATTERN [ ":" PORT ]`
+
+   Match a particular domain suffix.
+
+   Examples:
+     ".google.com", ".com", "http://.google.com"
+
+* `[ SCHEME "://" ] IP_LITERAL [ ":" PORT ]`
+
+   Match URLs which are IP address literals.
+
+   Examples:
+     "127.0.1", "\[0:0::1]", "\[::1]", "http://\[::1]:99"
+
+* `IP_LITERAL "/" PREFIX_LENGTH_IN_BITS`
+
+   Match any URL that is to an IP literal that falls between the
+   given range. IP range is specified using CIDR notation.
+
+   Examples:
+     "192.168.1.1/16", "fefe:13::abc/33".
+
+* `<local>`
+
+   Match local addresses. The meaning of `<local>` is whether the
+   host matches one of: "127.0.0.1", "::1", "localhost".
--- a/Show More
+++ b/Show More