fix: intermittent CI failure is-not-alwaysOnTop (#51133)

* fix: intermittent CI failure is-not-alwaysOnTop

Ensure that the `always-on-top-changed` event always fires with the
right 'alwaysOnTop' boolean, regardless of interaction between
SetZOrderLevel() and MoveBehindTaskBarIfNeeded(). We know what the
value will be when all of the HWND events settle, so use that value.

Co-authored-by: Charles Kerr <charles@charleskerr.com>

* test: temporary commit to torture-test the new change with 1000 iterations

Co-authored-by: Charles Kerr <charles@charleskerr.com>

* test: keep eventually-becomes-consistent test but do not loop 1000 times

Co-authored-by: Charles Kerr <charles@charleskerr.com>

---------

Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Charles Kerr <charles@charleskerr.com>

.claude/settings.json

@@ -11,6 +11,7 @@
       "Bash(e patches:*)",
       "Bash(e sync:*)",
       "Skill(electron-chromium-upgrade)",
+      "Skill(electron-node-upgrade)",
       "Read(*)",
       "Bash(echo:*)",
       "Bash(e build:*)",

.claude/skills/electron-node-upgrade/SKILL.md

@@ -0,0 +1,205 @@
+---
+name: electron-node-upgrade
+description: Guide for performing Node.js version upgrades in the Electron project. Use when working on the roller/node/main branch to fix patch conflicts during `e sync --3`. Covers the patch application workflow, conflict resolution, analyzing upstream Node.js changes, and proper commit formatting for patch fixes.
+---
+
+# Electron Node.js Upgrade: Phase One
+
+## Summary
+
+Run `e sync --3` repeatedly, fixing patch conflicts as they arise, until it succeeds. Then export patches and commit changes atomically.
+
+## Success Criteria
+
+Phase One is complete when:
+- `e sync --3` exits with code 0 (no patch failures)
+- All changes are committed per the commit guidelines
+
+Do not stop until these criteria are met.
+
+**CRITICAL** Do not delete or skip patches unless 100% certain the patch is no longer needed. For major version upgrades, patches that shim deprecated V8 APIs or backport upstream changes are often deletable because the new Node.js version already incorporates them — but verify before removing. Complicated conflicts or hard to resolve issues should be presented to the user after you have exhausted all other options. Do not delete the patch just because you can't solve it.
+
+**CRITICAL** Never use `git am --skip` and then manually recreate a patch by making a new commit. This destroys the original patch's authorship, commit message, and position in the series. If `git am --continue` reports "No changes", investigate why — the changes were likely absorbed by a prior conflict resolution's 3-way merge. Present this situation to the user rather than skipping and recreating.
+
+## Context
+
+The `roller/node/main` branch is created by automation to update Electron's Node.js dependency version in `DEPS`. No work has been done to handle breaking changes between the old and new versions.
+
+There are two types of Node.js version updates:
+- **Bumps** (patch/minor): Automated by `electron-roller[bot]` with commit title `chore: bump node to v{version}`. Trivial patch index updates are handled automatically by `patchup[bot]`. These often land cleanly, but may require manual patch fixes.
+- **Major upgrades** (e.g., v22 → v24): Manual, large PRs with commit title `chore: upgrade Node.js to v{X}.{Y}.{Z}`. These typically involve deleting obsolete patches, adapting many others, and updating `@types/node` in `package.json`.
+
+**Key directories:**
+- Current directory: Electron repo (always run `e` commands here)
+- `../third_party/electron_node`: Node.js repo (where patches apply)
+- `patches/node/`: Patch files for Node.js
+- `docs/development/patches.md`: Patch system documentation
+
+## Pre-flight Checks
+
+Run these once at the start of each upgrade session:
+
+1. **Clear rerere cache** (if enabled): `git rerere clear` in both the electron and `../third_party/electron_node` repos. Stale recorded resolutions from a prior attempt can silently apply wrong merges.
+2. **Ensure pre-commit hooks are installed**: Check that `.git/hooks/pre-commit` exists. If not, run `yarn husky` to install it. The hook runs `lint-staged` which handles clang-format for C++ files.
+
+## Workflow
+
+1. Run `e sync --3` (the `--3` flag enables 3-way merge, always required)
+2. If succeeds → skip to step 5
+3. If patch fails:
+   - Identify target repo and patch from error output
+   - Analyze failure (see references/patch-analysis.md)
+   - Fix conflict in `../third_party/electron_node` working directory
+   - Run `git am --continue` in `../third_party/electron_node`
+   - Repeat until all patches for that repo apply
+   - IMPORTANT: Once `git am --continue` succeeds you MUST run `e patches node` to export fixes
+   - Return to step 1
+4. When `e sync --3` succeeds, run `e patches all`
+5. **Read `references/phase-one-commit-guidelines.md` NOW**, then commit changes following those instructions exactly.
+
+## Commands Reference
+
+| Command | Purpose |
+|---------|---------|
+| `e sync --3` | Clone deps and apply patches with 3-way merge |
+| `git am --continue` | Continue after resolving conflict (run in node repo) |
+| `e patches node` | Export commits from node repo to patch files |
+| `e patches all` | Export all patches from all targets |
+| `e patches node --commit-updates` | Export patches and auto-commit trivial changes |
+| `e patches --list-targets` | List targets and config paths |
+
+## Patch System Mental Model
+
+```
+patches/node/*.patch  →  [e sync --3]  →  ../third_party/electron_node commits
+                      ←  [e patches]   ←
+```
+
+## When to Edit Patches
+
+| Situation | Action |
+|-----------|--------|
+| During active `git am` conflict | Fix in node repo, then `git am --continue` |
+| Modifying patch outside conflict | Edit `.patch` file directly |
+| Creating new patch (rare, avoid) | Commit in node repo, then `e patches node` |
+
+Fix existing patches 99% of the time rather than creating new ones.
+
+## Patch Fixing Rules
+
+1. **Preserve authorship**: Keep original author in TODO comments (from patch `From:` field)
+2. **Never change TODO assignees**: `TODO(name)` must retain original name
+3. **Update descriptions**: If upstream changed APIs or macros, update patch commit message to reflect current state
+4. **Never skip-and-recreate a patch**: If `git am --continue` says "No changes — did you forget to use 'git add'?", do NOT run `git am --skip` and create a replacement commit. The patch's changes were already absorbed by a prior 3-way merge resolution. This means an earlier conflict resolution pulled in too many changes. Present the situation to the user for guidance — the correct fix may require re-doing an earlier resolution more carefully to keep each patch's changes separate.
+
+# Electron Node.js Upgrade: Phase Two
+
+## Summary
+
+Run `e build -k 999 -- --quiet` repeatedly, fixing build issues as they arise, until it succeeds. Then run `e start --version` to validate Electron launches and commit changes atomically.
+
+Run Phase Two immediately after Phase One is complete.
+
+## Success Criteria
+
+Phase Two is complete when:
+- `e build -k 999 -- --quiet` exits with code 0 (no build failures)
+- `e start --version` has been run to check Electron launches
+- All changes are committed per the commit guidelines
+
+Do not stop until these criteria are met. Do not delete code or features, never comment out code in order to take short cut. Make all existing code, logic and intention work.
+
+## Context
+
+The `roller/node/main` branch is created by automation to update Electron's Node.js dependency version in `DEPS`. No work has been done to handle breaking changes between the old and new versions. Node.js APIs (especially internal V8 integration, OpenSSL/BoringSSL compatibility, and build system files) frequently change between versions. In every case the code in Electron must be updated to account for the change in Node.js, strongly avoid making changes to the code in Node.js to fix Electron's build.
+
+**Key directories:**
+- Current directory: Electron repo (always run `e` commands here)
+- `../third_party/electron_node`: Node.js repo (do not touch this code to fix build issues, just read it to obtain context)
+
+## Workflow
+
+1. Run `e build -k 999 -- --quiet` (the `--quiet` flag suppresses per-target status lines, showing only errors and the final result)
+2. If succeeds → skip to step 6
+3. If build fails:
+    - Identify underlying file in "electron" from the compilation error message
+    - Analyze failure
+    - Fix build issue by adapting Electron's code for the change in Node.js
+    - Run `e build -t {target_that_failed}.o` to build just the failed target we were specifically fixing
+        - You can identify the target_that_failed from the failure line in the build log. E.g. `FAILED: 2e506007-8d5d-4f38-bdd1-b5cd77999a77 "./obj/electron/shell/browser/api/electron_api_utility_process.o" CXX obj/electron/shell/browser/api/electron_api_utility_process.o` the target name is `obj/electron/shell/browser/api/electron_api_utility_process.o`
+    - **Read `references/phase-two-commit-guidelines.md` NOW**, then commit changes following those instructions exactly.
+    - Return to step 1
+4. **CRITICAL**: After ANY commit (especially patch commits), immediately run `git status` in the electron repo
+    - Look for other modified `.patch` files that only have index/hunk header changes
+    - These are dependent patches affected by your fix
+    - Commit them immediately with: `git commit -am "chore: update patches (trivial only)"`
+5. Return to step 1
+6. When `e build` succeeds, run `e start --version`
+7. Check if you have any pending changes in the Node.js repo by running `git status` in `../third_party/electron_node`
+    - If you have changes follow the instructions below in "A. Patch Fixes" to correctly commit those modifications into the appropriate patch file
+
+## Commands Reference
+
+| Command | Purpose |
+|---------|---------|
+| `e build -k 999 -- --quiet` | Build Electron, continue on errors, suppress status lines |
+| `e build -t {target}.o` | Build just one specific target to verify a fix |
+| `e start --version` | Validate Electron launches after successful build |
+
+## Two Types of Build Fixes
+
+### A. Patch Fixes (for files in patched Node.js files)
+
+When the error is in a file that Electron patches (check with `grep -l "filename" patches/node/*.patch`):
+
+1. Edit the file in the Node.js source tree (`../third_party/electron_node/...`)
+2. Create a fixup commit targeting the original patch commit:
+    ```bash
+    cd ../third_party/electron_node
+    git add <modified-file>
+    git commit --fixup=<original-patch-commit-hash>
+    GIT_SEQUENCE_EDITOR=: git rebase --autosquash --autostash -i <commit>^
+    ```
+3. Export the updated patch: `e patches node`
+4. Commit the updated patch file following `references/phase-one-commit-guidelines.md`.
+
+To find the original patch commit to fixup: `git log --oneline | grep -i "keyword from patch name"`
+
+The base commit for rebase is the Node.js commit before patches were applied. Find it by checking the `refs/patches/upstream-head` ref.
+
+### B. Electron Code Fixes (for files in shell/, electron/, etc.)
+
+When the error is in Electron's own source code:
+
+1. Edit files directly in the electron repo
+2. Commit directly (no patch export needed)
+
+# Critical: Read Before Committing
+
+- Before ANY Phase One commits: Read `references/phase-one-commit-guidelines.md`
+- Before ANY Phase Two commits: Read `references/phase-two-commit-guidelines.md`
+
+# High-Churn Patches
+
+These patches consistently require the most work during Node.js upgrades:
+
+- **`fix_handle_boringssl_and_openssl_incompatibilities.patch`** — Electron uses BoringSSL (via Chromium) while Node.js expects OpenSSL. This patch is large and complex, and upstream OpenSSL API changes frequently break it.
+- **`fix_crypto_tests_to_run_with_bssl.patch`** — Companion to the above; adapts Node.js crypto tests for BoringSSL. Can grow significantly during major upgrades.
+- **`support_v8_sandboxed_pointers.patch`** — V8 sandbox pointer support requires careful adaptation when V8 APIs change.
+- **`build_add_gn_build_files.patch`** — The GN build file patch is large and touches many build targets. Upstream build system changes frequently conflict.
+
+# Major Version Upgrades
+
+Major Node.js version transitions (e.g., v22 → v24) are significantly more involved than patch bumps:
+
+1. **Expect patch deletions.** Electron uses Chromium's V8, which is often ahead of the V8 version bundled in Node.js. Many patches exist to bridge this gap — shimming newer V8 APIs that Chromium's V8 has but Node.js' older V8 doesn't. When Node.js bumps to a newer major version, its V8 catches up to Chromium's, and those bridge patches can be deleted. In the v22 → v24 upgrade, 17 patches were deleted for this reason.
+2. **Update `@types/node`** in `package.json` to match the new major version.
+3. **Post-upgrade regressions are expected.** Even after the upgrade lands, follow-up fix PRs for edge cases (ESM path handling, certificate loading, platform-specific issues) are normal.
+
+# Skill Directory Structure
+This skill has additional reference files in `references/`:
+- patch-analysis.md - How to analyze patch failures
+- phase-one-commit-guidelines.md - Commit format for Phase One
+- phase-two-commit-guidelines.md - Commit format for Phase Two
+
+Read these when referenced in the workflow steps.

.claude/skills/electron-node-upgrade/references/patch-analysis.md

@@ -0,0 +1,112 @@
+# Analyzing Patch Failures
+
+## Investigation Steps
+
+1. **Read the patch file** at `patches/node/{patch_name}.patch`
+
+2. **Examine current state** of the file in the Node.js repo at mentioned line numbers
+
+3. **Check recent upstream changes:**
+   ```bash
+   cd ../third_party/electron_node
+   git log --oneline -10 -- {file}
+   ```
+
+4. **Find Node.js PR** in commit messages:
+   ```
+   PR-URL: https://github.com/nodejs/node/pull/{PR_NUMBER}
+   ```
+
+## Critical: Resolve by Intent, Not by Mechanical Merge
+
+When resolving a patch conflict, do NOT blindly preserve the patch's old code. Instead:
+
+1. **Understand the upstream commit's full scope** — not just the conflicting hunk.
+   Run `git show <commit> --stat` and read diffs for all affected files.
+   Upstream may have removed structs, members, or methods that the patch
+   references in other hunks or files.
+
+2. **Re-read the patch commit message** to understand its *intent* — what
+   behavior does it need to preserve or add?
+
+3. **Implement the intent against the new upstream code.** If the patch's
+   purpose is "add BoringSSL compatibility", add only the compatibility
+   layer — don't also restore old code that upstream separately removed.
+
+### Lesson: Upstream Removals Break Patch References
+
+- **Trigger:** Patch conflict involves an upstream refactor (not just context drift)
+- **Strategy:** After identifying the upstream commit, check its full diff for
+  removed types, members, and methods. If the patch's old code references
+  something removed, the resolution must use the new upstream mechanism.
+
+### Lesson: Separate Patch Purpose from Patch Implementation
+
+- **Trigger:** Conflict between "upstream simplified code" vs "patch has older code"
+- **Strategy:** Identify the *minimal* change the patch needs. If the patch
+  wraps code in a conditional, only add the conditional — don't restore old
+  code that was inside the conditional but was separately cleaned up upstream.
+
+### Lesson: Finish the Adaptation at Conflict Time
+
+- **Trigger:** A patch conflict involves an upstream API removal or replacement
+- **Strategy:** When resolving the conflict, fully adapt the patch to use the
+  new API in the same commit. Don't remove the old code and leave behind stale
+  references that will "be fixed in Phase Two." Each patch fix commit should be
+  a complete resolution.
+
+## Common Failure Patterns
+
+| Pattern | Cause | Solution |
+|---------|-------|----------|
+| Context lines don't match | Surrounding code changed | Update context in patch |
+| File not found | File renamed/moved | Update patch target path |
+| Function not found | Refactored upstream | Find new function name |
+| OpenSSL → BoringSSL mismatch | Crypto API change | Update to BoringSSL-compatible API |
+| GYP/GN build change | Build system refactor | Adapt build patch to new structure |
+| Deleted code | Feature removed | Verify patch still needed |
+| V8 API bridge patch conflicts | Node.js caught up to Chromium's V8 | Patch may be deletable — verify the API is now in Node.js' V8 natively |
+
+## Using Git Blame
+
+To find the commit that changed specific lines:
+
+```bash
+cd ../third_party/electron_node
+git blame -L {start},{end} -- {file}
+git log -1 {commit_sha}  # Look for PR-URL: line
+```
+
+## Verifying Patch Necessity
+
+Before deleting a patch, verify:
+1. The patched functionality was intentionally removed upstream
+2. Electron doesn't need the patch for other reasons
+3. No other code depends on the patched behavior
+
+**V8 bridge patches:** Electron uses Chromium's V8, which is often ahead of the V8 bundled in Node.js. Many patches exist to bridge this version gap — adapting Node.js code to work with newer V8 APIs that Chromium's V8 exposes. During major Node.js upgrades, Node.js' V8 catches up to Chromium's, and these bridge patches often become unnecessary. Check whether the API the patch shims is now available natively in the new Node.js version's V8.
+
+When in doubt, keep the patch and adapt it.
+
+## Phase Two: Build-Time Patch Issues
+
+Sometimes patches that applied successfully in Phase One cause build errors in Phase Two. This can happen when:
+
+1. **Incomplete types**: A patch disables a header include, but new upstream code uses the type
+2. **Missing members**: A patch modifies a class, but upstream added new code referencing the original
+
+### Finding Which Patch Affects a File
+
+```bash
+grep -l "filename.cc" patches/node/*.patch
+```
+
+### Matching Existing Patch Patterns
+
+When fixing build errors in patched files, examine the existing patch to understand its style:
+- Does it use `#if 0` / `#endif` guards?
+- Does it use `#if BUILDFLAG(...)` conditionals?
+- Does it use `#ifndef` / `#ifdef` guards for BoringSSL vs OpenSSL?
+- What's the pattern for disabled functionality?
+
+Apply fixes consistent with the existing patch style.

.claude/skills/electron-node-upgrade/references/phase-one-commit-guidelines.md

@@ -0,0 +1,111 @@
+# Phase One Commit Guidelines
+
+Only follow these instructions if there are uncommitted changes to `patches/` after Phase One succeeds.
+
+Ignore other instructions about making commit messages, our guidelines are CRITICALLY IMPORTANT and must be followed.
+
+## Each Commit Must Be Complete
+
+When resolving a patch conflict, fully adapt the patch to the new upstream code in the same commit. If the upstream change removes an API the patch uses, update the patch to use the replacement API now — don't leave stale references knowing they'll need fixing later. The goal is that each commit represents a finished resolution, not a partial one that defers known work to a future phase.
+
+## Commit Message Style
+
+**Titles** follow the 60/80-character guideline: simple changes fit within 60 characters, otherwise the limit is 80 characters.
+
+Always include a `Co-Authored-By` trailer identifying the AI model that assisted (e.g., `Co-Authored-By: <AI model attribution>`).
+
+### Patch conflict fixes
+
+Use `fix(patch):` prefix. The title should name the upstream change, not your response to it:
+
+```
+fix(patch): {topic headline}
+
+Ref: {Node.js commit or issue link}
+
+Co-Authored-By: <AI model attribution>
+```
+
+Only add a description body if it provides clarity beyond the title. For straightforward context drift or simple API renames, the title + Ref is sufficient.
+
+Examples:
+- `fix(patch): stop using v8::PropertyCallbackInfo<T>::This()`
+- `fix(patch): BoringSSL and OpenSSL incompatibilities`
+- `fix(patch): refactor module_wrap.cc FixedArray::Get params`
+
+### Upstreamed patch removal
+
+When patches are no longer needed (applied cleanly with "already applied" or confirmed upstreamed), group ALL removals into a single commit:
+
+```
+chore: remove upstreamed patch
+```
+
+or (if multiple):
+
+```
+chore: remove upstreamed patches
+```
+
+Most Node.js patches in Electron are Electron-authored (no upstream `PR-URL:`). If the patch originated from an upstream Node.js PR, no extra `Ref:` is needed. Otherwise, add a `Ref:` pointing to the relevant Node.js issue or commit if one exists.
+
+### Trivial patch updates
+
+After all fix commits, stage remaining trivial changes (index, line numbers, context only):
+
+```bash
+git add patches
+git commit -m "chore: update patches (trivial only)"
+```
+
+**Conflict resolution can produce trivial results.** A `git am` conflict doesn't always mean the patch content changed — context drift alone can cause a conflict. After resolving and exporting, inspect the patch diff: if only index hashes, line numbers, and context lines changed (not the patch's own `+`/`-` lines), it's trivial and belongs here, not in a `fix(patch):` commit.
+
+## Atomic Commits
+
+Each patch conflict fix gets its own commit with its own Ref.
+
+IMPORTANT: Try really hard to find the PR or commit reference per the instructions below. Each change you made should in theory have been in response to a change made in Node.js that you identified or can identify. Try for a while to identify and include the ref in the commit message. Do not give up easily.
+
+## Finding Commit/Issue References
+
+Use `git log` or `git blame` on Node.js source files in `../third_party/electron_node`. Look for:
+
+```
+PR-URL: https://github.com/nodejs/node/pull/XXXXX
+```
+
+or issue references in the patch itself:
+
+```
+Refs: https://github.com/nodejs/node/issues/XXXXX
+```
+
+Note: Most Node.js patches in Electron are Electron-authored and won't have upstream references. In that case, check `git log` in the Node.js repo to find which upstream commit caused the conflict.
+
+If no reference found after searching: `Ref: Unable to locate reference`
+
+## Example Commits
+
+### Patch conflict fix (simple — title is sufficient)
+
+```
+fix(patch): stop using v8::PropertyCallbackInfo<T>::This()
+
+Ref: https://github.com/nodejs/node/issues/60616
+
+Co-Authored-By: <AI model attribution>
+```
+
+### Patch conflict fix (complex — description adds value)
+
+```
+fix(patch): BoringSSL and OpenSSL incompatibilities
+
+Upstream updated OpenSSL APIs that diverge from BoringSSL. Adapted
+the compatibility shims in crypto patches to use the BoringSSL
+equivalents.
+
+Ref: Unable to locate reference
+
+Co-Authored-By: <AI model attribution>
+```

.claude/skills/electron-node-upgrade/references/phase-two-commit-guidelines.md

@@ -0,0 +1,96 @@
+# Phase Two Commit Guidelines
+
+Only follow these instructions if there are uncommitted changes in the Electron repo after any fixes are made during Phase Two that result a target that was failing, successfully building.
+
+Ignore other instructions about making commit messages, our guidelines are CRITICALLY IMPORTANT and must be followed.
+
+## Commit Message Style
+
+**Titles** follow the 60/80-character guideline: simple changes fit within 60 characters, otherwise the limit is 80 characters. Exception: upstream Node.js PR titles are used verbatim even if longer.
+
+Always include a `Co-Authored-By` trailer identifying the AI model that assisted (e.g., `Co-Authored-By: <AI model attribution>`).
+
+## Two Commit Types
+
+### For Electron Source Changes (shell/, electron/, etc.)
+
+When the upstream Node.js commit has a `PR-URL:`:
+
+```
+node#{PR-Number}: {upstream PR's original title}
+
+Ref: {Node.js PR link}
+
+Co-Authored-By: <AI model attribution>
+```
+
+When there is no `PR-URL:` but there is an issue reference or commit:
+
+```
+fix: {description of the adaptation}
+
+Ref: {Node.js issue or commit link}
+
+Co-Authored-By: <AI model attribution>
+```
+
+Use the **upstream commit's original title** when available — do not paraphrase or rewrite it. To find it: check the commit message in `../third_party/electron_node` for `PR-URL:` or `Refs:` lines.
+
+Only add a description body if it provides clarity beyond what the title already says (e.g., when Electron's adaptation is non-obvious). For simple renames, method additions, or straightforward API updates, the title + Ref link is sufficient.
+
+Each change should have its own commit and its own Ref. Logically group into commits that make sense rather than one giant commit. You may include multiple "Ref" links if required.
+
+IMPORTANT: Try really hard to find a reference. Each change you made should in theory have been in response to a change in Node.js. Check `git log` and `git blame` in the Node.js repo. Do not give up easily.
+
+### For Patch Updates (patches/node/*.patch)
+
+Use the same fixup workflow as Phase One and follow `references/phase-one-commit-guidelines.md` for the commit message format (`fix(patch):` prefix, topic style).
+
+## Dependent Patch Header Updates
+
+After any patch modification, check for other affected patches:
+
+```bash
+git status
+# If other .patch files show as modified with only index, line number, and context changes:
+git add patches/
+git commit -m "chore: update patches (trivial only)"
+```
+
+## Finding References
+
+Use `git log` or `git blame` on Node.js source files in `../third_party/electron_node`. Look for:
+
+```
+PR-URL: https://github.com/nodejs/node/pull/XXXXX
+Refs: https://github.com/nodejs/node/issues/XXXXX
+```
+
+Note: Many Node.js patches in Electron are Electron-authored and won't have upstream `PR-URL:` lines. Check the patch's own commit message for `Refs:` lines, or use `git log` in the Node.js repo to find which upstream commit caused the build break.
+
+If no reference found after searching: `Ref: Unable to locate reference`
+
+## Example Commits
+
+### Electron Source Fix (with upstream PR)
+
+```
+node#61898: src: stop using v8::PropertyCallbackInfo<T>::This()
+
+Ref: https://github.com/nodejs/node/pull/61898
+
+Co-Authored-By: <AI model attribution>
+```
+
+### Electron Source Fix (with issue reference, no PR)
+
+```
+fix: adapt to v8::PropertyCallbackInfo<T>::This() removal
+
+Updated NodeBindings to use HolderV2() after upstream Node.js
+stopped using the deprecated This() API.
+
+Ref: https://github.com/nodejs/node/issues/60616
+
+Co-Authored-By: <AI model attribution>
+```

.github/actions/build-electron/action.yml

@@ -128,6 +128,9 @@ runs:
         fi
         sed $SEDOPTION '/.*builtins-pgo/d' out/Default/mksnapshot_args
         sed $SEDOPTION '/--turbo-profiling-input/d' out/Default/mksnapshot_args
+        sed $SEDOPTION '/--reorder-builtins/d' out/Default/mksnapshot_args
+        sed $SEDOPTION '/--warn-about-builtin-profile-data/d' out/Default/mksnapshot_args
+        sed $SEDOPTION '/--abort-on-bad-builtin-profile-data/d' out/Default/mksnapshot_args
 
         if [ "${{ inputs.target-platform }}" = "win" ]; then
           cd out/Default
@@ -205,7 +208,17 @@ runs:
       if: ${{ inputs.is-release == 'true' }}
       run: |
         cd src
-        gn gen out/ffmpeg --args="import(\"//electron/build/args/ffmpeg.gn\") use_remoteexec=true use_siso=true $GN_EXTRA_ARGS"
+        # Reuse the hermetic mac_sdk_path that `e build` wrote for out/Default so
+        # out/ffmpeg builds against the same SDK instead of the runner's system Xcode.
+        # The path has to live under root_build_dir, so copy the symlink tree and
+        # rewrite Default -> ffmpeg.
+        MAC_SDK_ARG=""
+        if [ "$(uname)" = "Darwin" ]; then
+          mkdir -p out/ffmpeg
+          cp -a out/Default/xcode_links out/ffmpeg/
+          MAC_SDK_ARG=$(sed -n 's|^\(mac_sdk_path = "//out/\)Default/|\1ffmpeg/|p' out/Default/args.gn)
+        fi
+        gn gen out/ffmpeg --args="import(\"//electron/build/args/ffmpeg.gn\") use_remoteexec=true use_siso=true $MAC_SDK_ARG $GN_EXTRA_ARGS"
         e build --target electron:electron_ffmpeg_zip -C ../../out/ffmpeg
     - name: Remove Clang problem matcher
       shell: bash
@@ -274,18 +287,18 @@ runs:
       run: ./src/electron/script/actions/move-artifacts.sh
     - name: Upload Generated Artifacts ${{ inputs.step-suffix }}
       if: always() && !cancelled()
-      uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
+      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f #v7.0.0
       with:
         name: generated_artifacts_${{ env.ARTIFACT_KEY }}
         path: ./generated_artifacts_${{ inputs.artifact-platform }}_${{ inputs.target-arch }}
     - name: Upload Src Artifacts ${{ inputs.step-suffix }}
-      uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
+      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f #v7.0.0
       with:
         name: src_artifacts_${{ env.ARTIFACT_KEY }}
         path: ./src_artifacts_${{ inputs.artifact-platform }}_${{ inputs.target-arch }}
     - name: Upload Out Gen Artifacts ${{ inputs.step-suffix }}
       if: ${{ inputs.upload-out-gen-artifacts == 'true' }}
-      uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
+      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f #v7.0.0
       with:
         name: out_gen_artifacts_${{ env.ARTIFACT_KEY }}
         path: ./src/out/Default/gen

.github/actions/checkout/action.yml

@@ -28,7 +28,7 @@ runs:
     shell: bash
     run: |
       node src/electron/script/generate-deps-hash.js
-      DEPSHASH="v1-src-cache-$(cat src/electron/.depshash)"
+      DEPSHASH="v2-src-cache-$(cat src/electron/.depshash)"
       echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
       echo "CACHE_FILE=$DEPSHASH.tar" >> $GITHUB_ENV
       if [ "${{ inputs.target-platform }}" = "win" ]; then
@@ -43,7 +43,7 @@ runs:
       curl --unix-socket /var/run/sas/sas.sock --fail "http://foo/$CACHE_FILE?platform=${{ inputs.target-platform }}&getAccountName=true" > sas-token
   - name: Save SAS Key
     if: ${{ inputs.generate-sas-token == 'true' }}
-    uses: actions/cache/save@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
+    uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
     with:
       path: sas-token
       key: sas-key-${{ inputs.target-platform }}-${{ github.run_number }}-${{ github.run_attempt }}
@@ -109,7 +109,7 @@ runs:
         echo "target_os=['$TARGET_OS']" >> ./.gclient
       fi
 
-      ELECTRON_USE_THREE_WAY_MERGE_FOR_PATCHES=1 e d gclient sync --with_branch_heads --with_tags -vv
+      ELECTRON_DEPOT_TOOLS_WIN_TOOLCHAIN=0 DEPOT_TOOLS_WIN_TOOLCHAIN=0 ELECTRON_USE_THREE_WAY_MERGE_FOR_PATCHES=1 e d gclient sync --with_branch_heads --with_tags
       if [[ "${{ inputs.is-release }}" != "true" ]]; then
         # Re-export all the patches to check if there were changes.
         python3 src/electron/script/export_all_patches.py src/electron/patches/config.json
@@ -187,21 +187,35 @@ runs:
     shell: bash
     run: |
       echo "Uncompressed src size: $(du -sh src | cut -f1 -d' ')"
-      tar -cf $CACHE_FILE src
+      # Named .tar but zstd-compressed; the sas-sidecar's filename allowlist
+      # only permits .tar/.tgz so we keep the extension and decode on restore.
+      tar -cf - src | zstd -T0 --long=30 -f -o $CACHE_FILE
       echo "Compressed src to $(du -sh $CACHE_FILE | cut -f1 -d' ')"
-      cp ./$CACHE_FILE $CACHE_DRIVE/
   - name: Persist Src Cache
     if: ${{ steps.check-cache.outputs.cache_exists == 'false' && inputs.use-cache == 'true' }}
     shell: bash
     run: |
       final_cache_path=$CACHE_DRIVE/$CACHE_FILE
+      # Upload to a run-unique temp name first so concurrent readers never
+      # observe a partially-written file, and an interrupted copy can't leave
+      # a truncated file at the final path. Orphaned temp files get swept by
+      # the clean-orphaned-cache-uploads workflow.
+      tmp_cache_path=$final_cache_path.upload-${GITHUB_RUN_ID}-${GITHUB_RUN_ATTEMPT}
+      echo "Uploading to temp path: $tmp_cache_path"
+      cp ./$CACHE_FILE $tmp_cache_path
+
       echo "Using cache key: $DEPSHASH"
-      echo "Checking path: $final_cache_path"
+      if [ -f "$final_cache_path" ]; then
+        echo "Cache already persisted at $final_cache_path by a concurrent run; discarding ours"
+        rm -f $tmp_cache_path
+      else
+        mv -f $tmp_cache_path $final_cache_path
+        echo "Cache key persisted in $final_cache_path"
+      fi
+
       if [ ! -f "$final_cache_path" ]; then
         echo "Cache key not found"
         exit 1
-      else
-        echo "Cache key persisted in $final_cache_path"
       fi
   - name: Wait for active SSH sessions
     shell: bash

.github/actions/cipd-install/action.yml

@@ -22,30 +22,50 @@ runs:
   steps:
     - name: Delete wrong ${{ inputs.dependency }}
       shell: bash
+      env:
+        CIPD_ROOT_PREFIX: ${{ inputs.cipd-root-prefix-path }}
+        INSTALLATION_DIR: ${{ inputs.installation-dir }}
       run : |
-        rm -rf ${{ inputs.cipd-root-prefix-path }}${{ inputs.installation-dir }}
+        rm -rf "${CIPD_ROOT_PREFIX}${INSTALLATION_DIR}"
     - name: Create ensure file for ${{ inputs.dependency }}
       if: ${{ inputs.dependency-version == '' }}
       shell: bash
+      env:
+        PACKAGE: ${{ inputs.package }}
+        DEPS_FILE: ${{ inputs.deps-file }}
+        INSTALLATION_DIR: ${{ inputs.installation-dir }}
+        DEPENDENCY: ${{ inputs.dependency }}
       run: |
-        echo '${{ inputs.package }}' `e d gclient getdep --deps-file=${{ inputs.deps-file }} -r '${{ inputs.installation-dir }}:${{ inputs.package }}'` > ${{ inputs.dependency }}_ensure_file
-        cat ${{ inputs.dependency }}_ensure_file
+        echo "$PACKAGE" $(e d gclient getdep --deps-file="$DEPS_FILE" -r "${INSTALLATION_DIR}:${PACKAGE}") > "${DEPENDENCY}_ensure_file"
+        cat "${DEPENDENCY}_ensure_file"
 
     - name: Create ensure file for ${{ inputs.dependency }} from dependency-version
       if: ${{ inputs.dependency-version != '' }}
       shell: bash
+      env:
+        PACKAGE: ${{ inputs.package }}
+        DEPENDENCY_VERSION: ${{ inputs.dependency-version }}
+        DEPENDENCY: ${{ inputs.dependency }}
       run: |
-        echo '${{ inputs.package }} ${{ inputs.dependency-version }}'  > ${{ inputs.dependency }}_ensure_file
-        cat ${{ inputs.dependency }}_ensure_file
+        echo "$PACKAGE $DEPENDENCY_VERSION" > "${DEPENDENCY}_ensure_file"
+        cat "${DEPENDENCY}_ensure_file"
     - name: CIPD installation of ${{ inputs.dependency }} (macOS)
       if: ${{ inputs.target-platform != 'win' }}
       shell: bash
+      env:
+        CIPD_ROOT_PREFIX: ${{ inputs.cipd-root-prefix-path }}
+        INSTALLATION_DIR: ${{ inputs.installation-dir }}
+        DEPENDENCY: ${{ inputs.dependency }}
       run: |
-        echo "ensuring ${{ inputs.dependency }}"
-        e d cipd ensure --root ${{ inputs.cipd-root-prefix-path }}${{ inputs.installation-dir }} -ensure-file ${{ inputs.dependency }}_ensure_file
+        echo "ensuring $DEPENDENCY"
+        e d cipd ensure --root "${CIPD_ROOT_PREFIX}${INSTALLATION_DIR}" -ensure-file "${DEPENDENCY}_ensure_file"
     - name: CIPD installation of ${{ inputs.dependency }} (Windows)
       if: ${{ inputs.target-platform == 'win' }}
       shell: powershell
+      env:
+        CIPD_ROOT_PREFIX: ${{ inputs.cipd-root-prefix-path }}
+        INSTALLATION_DIR: ${{ inputs.installation-dir }}
+        DEPENDENCY: ${{ inputs.dependency }}
       run: |
-        echo "ensuring ${{ inputs.dependency }} on Windows"
-        e d cipd ensure --root ${{ inputs.cipd-root-prefix-path }}${{ inputs.installation-dir }} -ensure-file ${{ inputs.dependency }}_ensure_file
+        echo "ensuring $env:DEPENDENCY on Windows"
+        e d cipd ensure --root "$env:CIPD_ROOT_PREFIX$env:INSTALLATION_DIR" -ensure-file "$($env:DEPENDENCY)_ensure_file"

.github/actions/fix-sync/action.yml

@@ -27,6 +27,7 @@ runs:
         python3 src/tools/clang/scripts/update.py
         # Refs https://chromium-review.googlesource.com/c/chromium/src/+/6667681
         python3 src/tools/clang/scripts/update.py --package objdump
+        python3 src/tools/clang/scripts/update.py --package clang-tidy
     - name: Fix esbuild
       if: ${{ inputs.target-platform != 'linux' }}
       uses: ./src/electron/.github/actions/cipd-install
@@ -132,7 +133,7 @@ runs:
       run : |
         cd src/third_party/angle
         rm -f .git/objects/info/alternates
-        git remote set-url origin https://chromium.googlesource.com/angle/angle.git
+        git remote set-url origin https://github.com/google/angle.git
         cp .git/config .git/config.backup
         git remote remove origin
         mv .git/config.backup .git/config

.github/actions/install-build-tools/action.yml

@@ -15,7 +15,7 @@ runs:
         git config --global core.preloadindex true
         git config --global core.longpaths true
       fi
-      export BUILD_TOOLS_SHA=a0cc95a1884a631559bcca0c948465b725d9295a
+      export BUILD_TOOLS_SHA=1b7bd25dae4a780bb3170fff56c9327b53aaf7eb
       npm i -g @electron/build-tools
       # Update depot_tools to ensure python
       e d update_depot_tools
@@ -29,4 +29,4 @@ runs:
       else
         echo "$HOME/.electron_build_tools/third_party/depot_tools" >> $GITHUB_PATH
         echo "$HOME/.electron_build_tools/third_party/depot_tools/python-bin" >> $GITHUB_PATH
-      fi
+      fi

.github/actions/install-dependencies/action.yml

@@ -7,7 +7,7 @@ runs:
     shell: bash
     id: yarn-cache-dir-path
     run: echo "dir=$(node src/electron/script/yarn.js config get cacheFolder)" >> $GITHUB_OUTPUT
-  - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
+  - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
     id: yarn-cache
     with:
       path: ${{ steps.yarn-cache-dir-path.outputs.dir }}

.github/actions/restore-cache-aks/action.yml

@@ -31,7 +31,7 @@ runs:
       fi
 
       mkdir temp-cache
-      tar -xf $cache_path -C temp-cache
+      zstd -d --long=30 -c $cache_path | tar -xf - -C temp-cache
       echo "Unzipped cache is $(du -sh temp-cache/src | cut -f1)"
 
       if [ -d "temp-cache/src" ]; then

.github/actions/restore-cache-azcopy/action.yml

@@ -8,14 +8,14 @@ runs:
   steps:
   - name: Obtain SAS Key
     continue-on-error: true
-    uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+    uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
     with:
       path: sas-token
       key: sas-key-${{ inputs.target-platform }}-${{ github.run_number }}-1
       enableCrossOsArchive: true
   - name: Obtain SAS Key
     continue-on-error: true
-    uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+    uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
     with:
       path: sas-token
       key: sas-key-${{ inputs.target-platform }}-${{ github.run_number }}-${{ github.run_attempt }}
@@ -24,7 +24,7 @@ runs:
     # The cache will always exist here as a result of the checkout job
     # Either it was uploaded to Azure in the checkout job for this commit
     # or it was uploaded in the checkout job for a previous commit.
-    uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
+    uses: nick-fields/retry@ad984534de44a9489a53aefd81eb77f87c70dc60 # v4.0.0
     with:
       timeout_minutes: 30
       max_attempts: 3
@@ -61,9 +61,9 @@ runs:
         echo "Cache is empty - exiting"
         exit 1
       fi
-      
+
       mkdir temp-cache
-      tar -xf $DEPSHASH.tar -C temp-cache
+      zstd -d --long=30 -c $DEPSHASH.tar | tar -xf - -C temp-cache
       echo "Unzipped cache is $(du -sh temp-cache/src | cut -f1)"
 
       if [ -d "temp-cache/src" ]; then
@@ -85,23 +85,21 @@ runs:
 
   - name: Unzip and Ensure Src Cache (Windows)
     if: ${{ inputs.target-platform == 'win' }}
-    shell: powershell
+    shell: bash
     run: |
-      $src_cache = "$env:DEPSHASH.tar"
-      $cache_size = $(Get-Item $src_cache).length
-      Write-Host "Downloaded cache is $cache_size"
-      if ($cache_size -eq 0) {
-        Write-Host "Cache is empty - exiting"
+      echo "Downloaded cache is $(du -sh $DEPSHASH.tar | cut -f1)"
+      if [ `du $DEPSHASH.tar | cut -f1` = "0" ]; then
+        echo "Cache is empty - exiting"
         exit 1
-      }
+      fi
 
-      $TEMP_DIR=New-Item -ItemType Directory -Path temp-cache
-      $TEMP_DIR_PATH = $TEMP_DIR.FullName
-      C:\ProgramData\Chocolatey\bin\7z.exe -y -snld20 x $src_cache -o"$TEMP_DIR_PATH"
+      mkdir temp-cache
+      zstd -d --long=30 -c $DEPSHASH.tar | tar -xf - -C temp-cache
+      rm -f $DEPSHASH.tar
 
   - name: Move Src Cache (Windows)
     if: ${{ inputs.target-platform == 'win' }}
-    uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
+    uses: nick-fields/retry@ad984534de44a9489a53aefd81eb77f87c70dc60 # v4.0.0
     with:
       timeout_minutes: 30
       max_attempts: 3
@@ -112,9 +110,6 @@ runs:
           Write-Host "Relocating Cache"
           Remove-Item -Recurse -Force src
           Move-Item temp-cache\src src
-
-          Write-Host "Deleting zip file"
-          Remove-Item -Force $src_cache
         }
         if (-Not (Test-Path "src\third_party\blink")) {
           Write-Host "Cache was not correctly restored - exiting"

.github/actions/set-chromium-cookie/action.yml

@@ -7,7 +7,7 @@ runs:
     if: ${{ runner.os != 'Windows' }}
     shell: bash
     run: |
-      if [[ -z "${{ env.CHROMIUM_GIT_COOKIE }}" ]]; then
+      if [[ -z "$CHROMIUM_GIT_COOKIE" ]]; then
         echo "CHROMIUM_GIT_COOKIE is not set - cannot authenticate."
         exit 0
       fi
@@ -18,9 +18,7 @@ runs:
 
       git config --global http.cookiefile ~/.gitcookies
 
-      tr , \\t <<\__END__ >>~/.gitcookies
-      ${{ env.CHROMIUM_GIT_COOKIE }}
-      __END__
+      echo "$CHROMIUM_GIT_COOKIE" | tr , \\t >>~/.gitcookies
       eval 'set -o history' 2>/dev/null || unsetopt HIST_IGNORE_SPACE 2>/dev/null
 
       RESPONSE=$(curl -s -b ~/.gitcookies https://chromium-review.googlesource.com/a/accounts/self)
@@ -42,7 +40,7 @@ runs:
       )
 
       git config --global http.cookiefile "%USERPROFILE%\.gitcookies"
-      powershell -noprofile -nologo -command Write-Output "${{ env.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }}" >>"%USERPROFILE%\.gitcookies"
+      powershell -noprofile -nologo -command Write-Output $env:CHROMIUM_GIT_COOKIE_WINDOWS_STRING >>"%USERPROFILE%\.gitcookies"
 
       curl -s -b "%USERPROFILE%\.gitcookies" https://chromium-review.googlesource.com/a/accounts/self > response.txt
 

.github/problem-matchers/clang.json

@@ -5,7 +5,7 @@
       "fromPath": "src/out/Default/args.gn",
       "pattern": [
         {
-          "regexp": "^(.+)[(:](\\d+)[:,](\\d+)\\)?:\\s+(warning|error):\\s+(.*)$",
+          "regexp": "^(.+)[(:](\\d+)[:,](\\d+)\\)?:\\s+(warning|fatal error|error):\\s+(.*)$",
           "file": 1,
           "line": 2,
           "column": 3,

.github/siso-patches/0001-siso-reuse-the-outer-os.File-for-chunked-ReadAt-in-f.patch

@@ -0,0 +1,47 @@
+From 85b561ea4dbc76ba98af020b970f3aa6b20fdb9e Mon Sep 17 00:00:00 2001
+From: Samuel Attard <sam@electronjs.org>
+Date: Wed, 8 Apr 2026 23:24:15 -0700
+Subject: [PATCH] siso: reuse the outer *os.File for chunked ReadAt in
+ fileParser.readFile
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The per-chunk goroutine currently re-opens fname to get its own handle
+for ReadAt. (*os.File).ReadAt is documented as safe for concurrent
+calls on the same File (on Windows it is ReadFile with an OVERLAPPED
+offset, so there is no shared seek state), so the extra open is
+redundant — the goroutines can share the outer f.
+
+Besides halving the CreateFileW calls per subninja, this avoids an
+intermittent 'The parameter is incorrect.' (ERROR_INVALID_PARAMETER)
+from bindflt.sys when out/ is a mapped directory inside a Windows
+container: bindflt's handle-relative NtCreateFile path races when a
+second relative open arrives while the first handle to the same target
+is still being set up. Absolute paths and single opens do not trigger
+it; see microsoft/Windows-Containers#<tbd>.
+---
+ siso/toolsupport/ninjautil/file_parser.go | 7 -------
+ 1 file changed, 7 deletions(-)
+
+diff --git a/siso/toolsupport/ninjautil/file_parser.go b/siso/toolsupport/ninjautil/file_parser.go
+index 8c18d084..63116662 100644
+--- a/siso/toolsupport/ninjautil/file_parser.go
++++ b/siso/toolsupport/ninjautil/file_parser.go
+@@ -111,13 +111,6 @@ func (p *fileParser) readFile(ctx context.Context, fname string) ([]byte, error)
+ 		eg.Go(func() error {
+ 			p.sema <- struct{}{}
+ 			defer func() { <-p.sema }()
+-			f, err := os.Open(fname)
+-			if err != nil {
+-				return err
+-			}
+-			defer func() {
+-				_ = f.Close()
+-			}()
+ 			for len(chunkBuf) > 0 {
+ 				n, err := f.ReadAt(chunkBuf, pos)
+ 				if err != nil {
+-- 
+2.53.0
+

.github/workflows/archaeologist-dig.yml

@@ -21,17 +21,21 @@ jobs:
         with:
           node-version: 24.12.x
       - name: Setting Up Dig Site
+        env:
+          CLONE_URL: ${{ github.event.pull_request.head.repo.clone_url }}
+          HEAD_SHA: ${{ github.event.pull_request.head.sha }}
+          BASE_REF: ${{ github.event.pull_request.base.ref }}
         run: |
-          echo "remote: ${{ github.event.pull_request.head.repo.clone_url }}"
-          echo "sha ${{ github.event.pull_request.head.sha }}"
-          echo "base ref ${{ github.event.pull_request.base.ref }}"
-          git clone https://github.com/electron/electron.git electron          
+          echo "remote: $CLONE_URL"
+          echo "sha $HEAD_SHA"
+          echo "base ref $BASE_REF"
+          git clone https://github.com/electron/electron.git electron
           cd electron
           mkdir -p artifacts
-          git remote add fork ${{ github.event.pull_request.head.repo.clone_url }} && git fetch fork
-          git checkout  ${{ github.event.pull_request.head.sha }}
-          git merge-base origin/${{ github.event.pull_request.base.ref }} HEAD > .dig-old
-          echo  ${{ github.event.pull_request.head.sha }} > .dig-new
+          git remote add fork "$CLONE_URL" && git fetch fork
+          git checkout "$HEAD_SHA"
+          git merge-base "origin/$BASE_REF" HEAD > .dig-old
+          echo "$HEAD_SHA" > .dig-new
           cp .dig-old artifacts
 
       - name: Generating Types for SHA in .dig-new

.github/workflows/build.yml

@@ -200,6 +200,15 @@ jobs:
         generate-sas-token: 'true'
         target-platform: win
 
+  # Build a patched siso binary for Windows CI in parallel with checkout-windows.
+  # The Windows build jobs download the resulting artifact and use it via SISO_PATH.
+  build-siso-windows:
+    needs: setup
+    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
+    uses: ./.github/workflows/pipeline-segment-build-siso-windows.yml
+    permissions:
+      contents: read
+
   # GN Check Jobs
   macos-gn-check:
     uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
@@ -365,6 +374,18 @@ jobs:
       generate-symbols: false
       upload-to-storage: '0'
     secrets: inherit
+    
+  test-linux-arm64-64k:
+    uses: ./.github/workflows/pipeline-segment-electron-test-64k.yml
+    permissions:
+      contents: read
+      issues: read
+      pull-requests: read
+    needs: [checkout-linux, linux-arm64]
+    with:
+      test-runs-on: ubuntu-22.04-arm
+      test-container: '{"image":"ghcr.io/electron/test:arm64v8-${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init"}'
+    secrets: inherit
 
   windows-x64:
     permissions:
@@ -372,7 +393,7 @@ jobs:
       issues: read
       pull-requests: read
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
-    needs: checkout-windows
+    needs: [checkout-windows, build-siso-windows]
     if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
     with:
       build-runs-on: electron-arc-centralus-windows-amd64-16core
@@ -391,7 +412,7 @@ jobs:
       issues: read
       pull-requests: read
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
-    needs: checkout-windows
+    needs: [checkout-windows, build-siso-windows]
     if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
     with:
       build-runs-on: electron-arc-centralus-windows-amd64-16core
@@ -410,7 +431,7 @@ jobs:
       issues: read
       pull-requests: read
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
-    needs: checkout-windows
+    needs: [checkout-windows, build-siso-windows]
     if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
     with:
       build-runs-on: electron-arc-centralus-windows-amd64-16core
@@ -428,9 +449,12 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: read
-    needs: [docs-only, macos-x64, macos-arm64, linux-x64, linux-x64-asan, linux-arm, linux-arm64, windows-x64, windows-x86, windows-arm64]
-    if: always() && github.repository == 'electron/electron' && !contains(needs.*.result, 'failure')
-    steps: 
+    needs: [docs-only, macos-x64, macos-arm64, linux-x64, linux-x64-asan, linux-arm, linux-arm64, build-siso-windows, windows-x64, windows-x86, windows-arm64]
+    if: always() && github.repository == 'electron/electron'
+    steps:
+    - name: Fail if any needed job failed or was cancelled
+      if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')
+      run: exit 1
     - name: GitHub Actions Jobs Done
       run: |
         echo "All GitHub Actions Jobs are done"

.github/workflows/clean-orphaned-cache-uploads.yml

@@ -0,0 +1,32 @@
+name: Clean Orphaned Cache Uploads
+
+# Description:
+# Sweeps orphaned in-flight upload temp files left on the src-cache volumes
+# by checkout/action.yml when its cp-to-share step dies before the rename.
+# A successful upload finishes in minutes, so anything older than 4h is dead.
+
+on:
+  schedule:
+    - cron: "0 */4 * * *"
+  workflow_dispatch:
+
+permissions: {}
+
+jobs:
+  clean-orphaned-uploads:
+    if: github.repository == 'electron/electron'
+    runs-on: electron-arc-centralus-linux-amd64-32core
+    permissions:
+      contents: read
+    container:
+      image: ghcr.io/electron/build:bc2f48b2415a670de18d13605b1cf0eb5fdbaae1
+      options: --user root
+      volumes:
+        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
+        - /mnt/win-cache:/mnt/win-cache
+    steps:
+    - name: Remove Orphaned Upload Temp Files
+      shell: bash
+      run: |
+        find /mnt/cross-instance-cache -maxdepth 1 -type f -name '*.tar.upload-*' -mmin +240 -print -delete
+        find /mnt/win-cache -maxdepth 1 -type f -name '*.tar.upload-*' -mmin +240 -print -delete

.github/workflows/issue-commented.yml

@@ -34,30 +34,6 @@ jobs:
         run: |
           gh issue edit $ISSUE_URL --remove-label 'blocked/need-repro','blocked/need-info ❌'
   
-  pr-needs-signed-commits-commented:
-    name: Remove needs-signed-commits on comment
-    if: ${{ github.event.issue.pull_request && (contains(github.event.issue.labels.*.name, 'needs-signed-commits')) && (github.event.comment.user.login == github.event.issue.user.login) }}
-    runs-on: ubuntu-slim
-    steps:
-      - name: Get author association
-        id: get-author-association
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: *get-author-association
-      - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
-        if: ${{ !contains(fromJSON('["MEMBER", "OWNER", "COLLABORATOR"]'), steps.get-author-association.outputs.author_association) }}
-        id: generate-token
-        with:
-          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
-      - name: Remove label
-        if: ${{ !contains(fromJSON('["MEMBER", "OWNER", "COLLABORATOR"]'), steps.get-author-association.outputs.author_association) }}
-        env:
-          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
-          ISSUE_URL: ${{ github.event.issue.html_url }}
-        run: |
-          gh issue edit $ISSUE_URL --remove-label 'needs-signed-commits'
-  
   pr-reviewer-requested:
     name: Maintainer requested reviewer on PR
     if: ${{ github.event.issue.pull_request && startsWith(github.event.comment.body, '/request-review') && github.event.comment.user.type != 'Bot' }}

.github/workflows/issue-labeled.yml

@@ -61,9 +61,10 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GH_REPO: electron/electron
+          ISSUE_NUMBER: ${{ github.event.issue.number }}
         run: |
           set -eo pipefail
-          COMMENT_COUNT=$(gh issue view ${{ github.event.issue.number }} --comments --json comments | jq '[ .comments[] | select(.author.login == "electron-issue-triage" or .authorAssociation == "OWNER" or .authorAssociation == "MEMBER") | select(.body | startswith("<!-- blocked/need-repro -->")) ] | length')
+          COMMENT_COUNT=$(gh issue view "$ISSUE_NUMBER" --comments --json comments | jq '[ .comments[] | select(.author.login == "electron-issue-triage" or .authorAssociation == "OWNER" or .authorAssociation == "MEMBER") | select(.body | startswith("<!-- blocked/need-repro -->")) ] | length')
           if [[ $COMMENT_COUNT -eq 0 ]]; then
             echo "SHOULD_COMMENT=1" >> "$GITHUB_OUTPUT"
           fi

.github/workflows/issue-unlabeled.yml

@@ -16,9 +16,11 @@ jobs:
     steps:
       - name: Check for any blocked labels
         id: check-for-blocked-labels
+        env:
+          LABELS_JSON: ${{ toJSON(github.event.issue.labels.*.name) }}
         run: |
           set -eo pipefail
-          BLOCKED_LABEL_COUNT=$(echo '${{ toJSON(github.event.issue.labels.*.name) }}' | jq '[ .[] | select(startswith("blocked/")) ] | length')
+          BLOCKED_LABEL_COUNT=$(echo "$LABELS_JSON" | jq '[ .[] | select(startswith("blocked/")) ] | length')
           if [[ $BLOCKED_LABEL_COUNT -eq 0 ]]; then
             echo "NOT_BLOCKED=1" >> "$GITHUB_OUTPUT"
           fi

.github/workflows/non-maintainer-dependency-change.yml

@@ -10,6 +10,10 @@ on:
       - '.yarn/**'
       - '.yarnrc.yml'
 
+# SECURITY: This workflow uses pull_request_target and has access to secrets.
+# Do NOT checkout or run code from the PR head. All code execution must use
+# the base branch only. Adding a ref to PR head would expose secrets to
+# untrusted code.
 permissions: {}
 
 jobs:
@@ -45,5 +49,6 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PR_URL: ${{ github.event.pull_request.html_url }}
+          PR_AUTHOR: ${{ github.event.pull_request.user.login }}
         run: |
-          printf "<!-- disallowed-non-maintainer-change -->\n\nHello @${{ github.event.pull_request.user.login }}! It looks like this pull request touches one of our dependency or CI files, and per [our contribution policy](https://github.com/electron/electron/blob/main/CONTRIBUTING.md#dependencies-upgrades-policy) we do not accept these types of changes in PRs." | gh pr review $PR_URL -r --body-file=-
+          printf "<!-- disallowed-non-maintainer-change -->\n\nHello @${PR_AUTHOR}! It looks like this pull request touches one of our dependency or CI files, and per [our contribution policy](https://github.com/electron/electron/blob/main/CONTRIBUTING.md#dependencies-upgrades-policy) we do not accept these types of changes in PRs." | gh pr review $PR_URL -r --body-file=-

.github/workflows/pipeline-electron-docs-only.yml

@@ -35,7 +35,7 @@ jobs:
     - name: Generate DEPS Hash
       run: |
         node src/electron/script/generate-deps-hash.js
-        DEPSHASH=v1-src-cache-$(cat src/electron/.depshash)
+        DEPSHASH=v2-src-cache-$(cat src/electron/.depshash)
         echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
         echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
     - name: Restore src cache via AKS

.github/workflows/pipeline-electron-lint.yml

@@ -46,7 +46,11 @@ jobs:
       shell: bash
       run: |
         chromium_revision="$(grep -A1 chromium_version src/electron/DEPS | tr -d '\n' | cut -d\' -f4)"
-        gn_version="$(curl -sL -b ~/.gitcookies "https://chromium.googlesource.com/chromium/src/+/${chromium_revision}/DEPS?format=TEXT" | base64 -d | grep gn_version | head -n1 | cut -d\' -f4)"
+        if [[ ! "$chromium_revision" =~ ^[a-zA-Z0-9._-]+$ ]]; then
+          echo "::error::Invalid chromium_revision: $chromium_revision"
+          exit 1
+        fi
+        gn_version="$(curl -sL "https://raw.githubusercontent.com/chromium/chromium/refs/tags/${chromium_revision}/DEPS" | grep gn_version | head -n1 | cut -d\' -f4)"
 
         cipd ensure -ensure-file - -root . <<-CIPD
         \$ServiceURL https://chrome-infra-packages.appspot.com/
@@ -60,9 +64,13 @@ jobs:
       shell: bash
       run: |
         chromium_revision="$(grep -A1 chromium_version src/electron/DEPS | tr -d '\n' | cut -d\' -f4)"
+        if [[ ! "$chromium_revision" =~ ^[a-zA-Z0-9._-]+$ ]]; then
+          echo "::error::Invalid chromium_revision: $chromium_revision"
+          exit 1
+        fi
 
         mkdir -p src/buildtools
-        curl -sL -b ~/.gitcookies "https://chromium.googlesource.com/chromium/src/+/${chromium_revision}/buildtools/DEPS?format=TEXT" | base64 -d > src/buildtools/DEPS
+        curl -sL "https://raw.githubusercontent.com/chromium/chromium/refs/tags/${chromium_revision}/buildtools/DEPS" > src/buildtools/DEPS
 
         gclient sync --spec="solutions=[{'name':'src/buildtools','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':True},'managed':False}]"
     - name: Add problem matchers

.github/workflows/pipeline-segment-build-siso-windows.yml

@@ -0,0 +1,98 @@
+name: Pipeline Segment - Build Siso (Windows)
+
+# Builds a patched siso binary for Windows CI. Reads the siso revision from
+# the Chromium DEPS file at the pinned chromium_version, shallow-clones
+# chromium.googlesource.com/build at that revision, applies the patches under
+# .github/siso-patches/, cross-compiles siso.exe for windows/amd64, and
+# publishes it as the `siso-windows-amd64` artifact. The Windows build jobs
+# download it and use it via SISO_PATH. The built binary is cached keyed on
+# the siso revision + sha256 of the patch contents, so subsequent runs just
+# restore it.
+
+on:
+  workflow_call: {}
+
+permissions: {}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+    - name: Checkout Electron
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      with:
+        fetch-depth: 1
+        ref: ${{ github.event.pull_request.head.sha }}
+        sparse-checkout: |
+          DEPS
+          .github/siso-patches
+    - name: Resolve siso revision from Chromium DEPS
+      id: resolve
+      run: |
+        set -euo pipefail
+        CHROMIUM_VERSION=$(python3 -c "import re; print(re.search(r\"'chromium_version':\s*\n\s*'([^']+)'\", open('DEPS').read()).group(1))")
+        if ! [[ "$CHROMIUM_VERSION" =~ ^[0-9]+(\.[0-9]+){1,3}$ ]]; then
+          echo "error: unexpected chromium_version format: $CHROMIUM_VERSION" >&2
+          exit 1
+        fi
+        curl -sfL "https://raw.githubusercontent.com/chromium/chromium/${CHROMIUM_VERSION}/DEPS" -o /tmp/chromium-DEPS
+        SISO_SHA=$(python3 -c "import re; print(re.search(r\"'siso_version':\s*'git_revision:([0-9a-f]+)'\", open('/tmp/chromium-DEPS').read()).group(1))")
+        if ! [[ "$SISO_SHA" =~ ^[0-9a-f]{40}$ ]]; then
+          echo "error: unexpected siso_version SHA: $SISO_SHA" >&2
+          exit 1
+        fi
+        PATCHES_HASH=$(find .github/siso-patches -type f -name '*.patch' | sort | xargs sha256sum | sha256sum | awk '{print $1}')
+        echo "siso-sha=${SISO_SHA}" >> "$GITHUB_OUTPUT"
+        echo "patches-hash=${PATCHES_HASH}" >> "$GITHUB_OUTPUT"
+        echo "Chromium ${CHROMIUM_VERSION} pins siso at ${SISO_SHA}"
+        echo "Patches hash: ${PATCHES_HASH}"
+    - name: Restore cached siso binary
+      id: cache-siso
+      uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+      with:
+        path: siso-out/siso.exe
+        key: siso-windows-amd64-${{ steps.resolve.outputs.siso-sha }}-${{ steps.resolve.outputs.patches-hash }}
+    - name: Shallow clone chromium build repo at pinned revision
+      if: steps.cache-siso.outputs.cache-hit != 'true'
+      env:
+        SISO_SHA: ${{ steps.resolve.outputs.siso-sha }}
+      run: |
+        set -euo pipefail
+        mkdir chromium-build
+        cd chromium-build
+        git init -q
+        git remote add origin https://chromium.googlesource.com/build
+        git -c protocol.version=2 fetch --depth=1 origin "$SISO_SHA"
+        git checkout --detach FETCH_HEAD
+    - name: Apply in-tree siso patches
+      if: steps.cache-siso.outputs.cache-hit != 'true'
+      run: |
+        set -euo pipefail
+        cd chromium-build
+        git -c user.name=electron-ci -c user.email=ci@electronjs.org \
+          am --3way "${GITHUB_WORKSPACE}/.github/siso-patches"/*.patch
+    - name: Set up Go
+      if: steps.cache-siso.outputs.cache-hit != 'true'
+      uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
+      with:
+        go-version-file: chromium-build/siso/go.mod
+        cache: false
+    - name: Build siso (windows/amd64)
+      if: steps.cache-siso.outputs.cache-hit != 'true'
+      working-directory: chromium-build/siso
+      env:
+        CGO_ENABLED: '0'
+        GOOS: windows
+        GOARCH: amd64
+      run: |
+        mkdir -p "${GITHUB_WORKSPACE}/siso-out"
+        go build -trimpath -o "${GITHUB_WORKSPACE}/siso-out/siso.exe" .
+    - name: Upload siso artifact
+      uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+      with:
+        name: siso-windows-amd64
+        path: siso-out/siso.exe
+        if-no-files-found: error
+        retention-days: 1

.github/workflows/pipeline-segment-electron-build.yml

@@ -77,7 +77,6 @@ env:
   ELECTRON_ARTIFACTS_BLOB_STORAGE: ${{ secrets.ELECTRON_ARTIFACTS_BLOB_STORAGE }}
   ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
   SUDOWOODO_EXCHANGE_URL: ${{ secrets.SUDOWOODO_EXCHANGE_URL }}
-  SUDOWOODO_EXCHANGE_TOKEN: ${{ secrets.SUDOWOODO_EXCHANGE_TOKEN }}
   GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' && '--custom-var=checkout_mac=True --custom-var=host_os=mac' || inputs.target-platform == 'win' && '--custom-var=checkout_win=True' || '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' }}
   ELECTRON_OUT_DIR: Default
   ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }}
@@ -156,7 +155,7 @@ jobs:
     - name: Generate DEPS Hash
       run: |
         node src/electron/script/generate-deps-hash.js
-        DEPSHASH=v1-src-cache-$(cat src/electron/.depshash)
+        DEPSHASH=v2-src-cache-$(cat src/electron/.depshash)
         echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
         echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
     - name: Restore src cache via AZCopy
@@ -195,6 +194,22 @@ jobs:
     - name: Free up space (macOS)
       if: ${{ inputs.target-platform == 'macos' }}
       uses: ./src/electron/.github/actions/free-space-macos
+    - name: Download custom siso binary (Windows)
+      if: ${{ inputs.target-platform == 'win' }}
+      uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
+      with:
+        name: siso-windows-amd64
+        path: ${{ runner.temp }}/siso
+    - name: Set SISO_PATH (Windows)
+      if: ${{ inputs.target-platform == 'win' }}
+      run: |
+        SISO_BIN="${RUNNER_TEMP}/siso/siso.exe"
+        if [ ! -f "$SISO_BIN" ]; then
+          echo "error: expected siso binary at $SISO_BIN" >&2
+          exit 1
+        fi
+        echo "SISO_PATH=$SISO_BIN" >> "$GITHUB_ENV"
+        echo "Using custom siso binary at $SISO_BIN"
     - name: Build Electron
       if: ${{ inputs.target-platform != 'macos' || (inputs.target-variant == 'all' || inputs.target-variant == 'darwin') }}
       uses: ./src/electron/.github/actions/build-electron

.github/workflows/pipeline-segment-electron-clang-tidy.yml

@@ -80,7 +80,7 @@ jobs:
     - name: Generate DEPS Hash
       run: |
         node src/electron/script/generate-deps-hash.js
-        DEPSHASH=v1-src-cache-$(cat src/electron/.depshash)
+        DEPSHASH=v2-src-cache-$(cat src/electron/.depshash)
         echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
         echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
     - name: Restore src cache via AZCopy
@@ -135,7 +135,7 @@ jobs:
       run: echo "::add-matcher::src/electron/.github/problem-matchers/clang.json"
     - name: Run Clang-Tidy
       run: |
-        e init -f --root=$(pwd) --out=${ELECTRON_OUT_DIR} testing --target-cpu ${TARGET_ARCH}
+        e init -f --root=$(pwd) --out=${ELECTRON_OUT_DIR} testing --target-cpu ${TARGET_ARCH} --remote-build none
 
         export GN_EXTRA_ARGS="target_cpu=\"${TARGET_ARCH}\""
         if [ "${{ inputs.target-platform }}" = "win" ]; then

.github/workflows/pipeline-segment-electron-gn-check.yml

@@ -81,7 +81,7 @@ jobs:
     - name: Generate DEPS Hash
       run: |
         node src/electron/script/generate-deps-hash.js
-        DEPSHASH=v1-src-cache-$(cat src/electron/.depshash)
+        DEPSHASH=v2-src-cache-$(cat src/electron/.depshash)
         echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
         echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
     - name: Restore src cache via AZCopy
@@ -130,7 +130,7 @@ jobs:
       run: |
         for target_cpu in ${{ inputs.target-archs }}
         do
-          e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }} --import ${{ inputs.gn-build-type }} --target-cpu $target_cpu
+          e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }} --import ${{ inputs.gn-build-type }} --target-cpu $target_cpu --remote-build none
           cd src
           export GN_EXTRA_ARGS="target_cpu=\"$target_cpu\""
           if [ "${{ inputs.target-platform }}" = "linux" ]; then

.github/workflows/pipeline-segment-electron-publish.yml

@@ -79,7 +79,6 @@ env:
   ELECTRON_ARTIFACTS_BLOB_STORAGE: ${{ secrets.ELECTRON_ARTIFACTS_BLOB_STORAGE }}
   ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
   SUDOWOODO_EXCHANGE_URL: ${{ secrets.SUDOWOODO_EXCHANGE_URL }}
-  SUDOWOODO_EXCHANGE_TOKEN: ${{ secrets.SUDOWOODO_EXCHANGE_TOKEN }}
   GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' &&
     '--custom-var=checkout_mac=True --custom-var=host_os=mac' ||
     inputs.target-platform == 'win' && '--custom-var=checkout_win=True' ||
@@ -165,7 +164,7 @@ jobs:
       - name: Generate DEPS Hash
         run: |
           node src/electron/script/generate-deps-hash.js
-          DEPSHASH=v1-src-cache-$(cat src/electron/.depshash)
+          DEPSHASH=v2-src-cache-$(cat src/electron/.depshash)
           echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
           echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
       - name: Restore src cache via AZCopy
@@ -208,6 +207,22 @@ jobs:
       - name: Free up space (macOS)
         if: ${{ inputs.target-platform == 'macos' }}
         uses: ./src/electron/.github/actions/free-space-macos
+      - name: Download custom siso binary (Windows)
+        if: ${{ inputs.target-platform == 'win' }}
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
+        with:
+          name: siso-windows-amd64
+          path: ${{ runner.temp }}/siso
+      - name: Set SISO_PATH (Windows)
+        if: ${{ inputs.target-platform == 'win' }}
+        run: |
+          SISO_BIN="${RUNNER_TEMP}/siso/siso.exe"
+          if [ ! -f "$SISO_BIN" ]; then
+            echo "error: expected siso binary at $SISO_BIN" >&2
+            exit 1
+          fi
+          echo "SISO_PATH=$SISO_BIN" >> "$GITHUB_ENV"
+          echo "Using custom siso binary at $SISO_BIN"
       - name: Build Electron
         if: ${{ inputs.target-platform != 'macos' || (inputs.target-variant == 'all' ||
           inputs.target-variant == 'darwin') }}

.github/workflows/pipeline-segment-electron-test-64k.yml

@@ -0,0 +1,67 @@
+name: Pipeline Segment - Electron Test on Linux ARM64 64k
+
+on:
+  workflow_call:
+    inputs:
+      test-runs-on:
+        type: string
+        description: 'What host to run the tests on'
+        required: true
+      test-container:
+        type: string
+        description: 'JSON container information for aks runs-on'
+        required: false
+        default: '{"image":null}'
+
+concurrency:
+  group: electron-test-linux-64k-${{ github.ref_protected == true && github.run_id || github.ref }}
+  cancel-in-progress: ${{ github.ref_protected != true }}
+
+permissions: {}
+
+env:
+  ELECTRON_OUT_DIR: Default
+
+jobs:
+  test-linux-arm64-64k:
+    env:
+      BUILD_TYPE: linux
+      TARGET_ARCH: arm64      
+    defaults:
+      run:
+        shell: bash
+    runs-on: ${{ inputs.test-runs-on }}
+    permissions:
+      contents: read
+      issues: read
+      pull-requests: read
+    steps:
+    - name: Checkout Electron
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      with:
+        path: src/electron
+        fetch-depth: 0
+        ref: ${{ github.event.pull_request.head.sha }}
+    - name: Download Generated Artifacts
+      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
+      with:
+        name: generated_artifacts_linux_arm64
+        path: ./generated_artifacts_linux_arm64
+    - name: Restore Generated Artifacts
+      run: ./src/electron/script/actions/restore-artifacts.sh
+    - name: Unzip Dist
+      run: |
+        cd src/out/Default
+        unzip -:o dist.zip
+
+    - name: Run Electron Tests in QEMU 64k Container
+      shell: bash
+      env:
+        MOCHA_REPORTER: mocha-multi-reporters
+        MOCHA_MULTI_REPORTERS: mocha-junit-reporter, tap
+        ELECTRON_DISABLE_SECURITY_WARNINGS: 1
+        DISPLAY: ':99.0'
+      run: |
+        container=$(echo '${{ inputs.test-container }}' | jq -r '.image')
+        src/electron/script/run-qemu-64k.sh --container $container --testfiles "`pwd`/src"
+        

.github/workflows/pipeline-segment-electron-test.yml

@@ -48,6 +48,8 @@ env:
   ELECTRON_OUT_DIR: Default
   ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
   ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }}
+  # @sentry/cli is only needed by release upload-symbols.py; skip the ~17MB CDN download on test jobs
+  SENTRYCLI_SKIP_DOWNLOAD: 1
 
 jobs:
   test:
@@ -64,7 +66,7 @@ jobs:
       fail-fast: false
       matrix:
         build-type: ${{ inputs.target-platform == 'macos' && fromJSON('["darwin","mas"]') || (inputs.target-platform == 'win' && fromJSON('["win"]') || fromJSON('["linux"]')) }}
-        shard: ${{ case(inputs.display-server == 'wayland', fromJSON('[1]'), inputs.target-platform == 'linux', fromJSON('[1, 2, 3]'), fromJSON('[1, 2]')) }}
+        shard: ${{ case(inputs.display-server == 'wayland', fromJSON('[1]'), inputs.target-platform == 'linux', fromJSON('[1, 2, 3]'), inputs.target-platform == 'macos' && inputs.target-arch == 'x64', fromJSON('[1, 2, 3]'), fromJSON('[1, 2]')) }}
     env:
       BUILD_TYPE: ${{ matrix.build-type }}
       TARGET_ARCH: ${{ inputs.target-arch }}
@@ -214,7 +216,7 @@ jobs:
 
     - name: Run Electron Tests
       shell: bash
-      timeout-minutes: 40
+      timeout-minutes: 60
       env:
         MOCHA_REPORTER: mocha-multi-reporters
         MOCHA_MULTI_REPORTERS: mocha-junit-reporter, tap
@@ -225,7 +227,7 @@ jobs:
         cd src/electron
         export ELECTRON_TEST_RESULTS_DIR=`pwd`/junit
         # Get which tests are on this shard
-        tests_files=$(node script/split-tests ${{ matrix.shard }} ${{ case(inputs.display-server == 'wayland', 1, inputs.target-platform == 'linux', 3, 2) }})
+        tests_files=$(node script/split-tests ${{ matrix.shard }} ${{ case(inputs.display-server == 'wayland', 1, inputs.target-platform == 'linux', 3, inputs.target-platform == 'macos' && inputs.target-arch == 'x64', 3, 2) }})
         if [ "${{ inputs.display-server }}" = "wayland" ]; then
           allowlist_file=script/wayland-test-allowlist.txt
           filtered_tests=""
@@ -313,7 +315,7 @@ jobs:
       if: always() && !cancelled()
     - name: Upload Test Artifacts
       if: always()
-      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
+      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f #v7.0.0
       with:
         name: ${{ inputs.target-platform == 'linux' && format('test_artifacts_{0}_{1}_{2}', env.ARTIFACT_KEY, inputs.display-server, matrix.shard) || format('test_artifacts_{0}_{1}', env.ARTIFACT_KEY, matrix.shard) }}
         path: src/electron/spec/artifacts

.github/workflows/pipeline-segment-node-nan-test.yml

@@ -36,6 +36,8 @@ env:
   CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
   ELECTRON_OUT_DIR: Default
   ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
+  # @sentry/cli is only needed by release upload-symbols.py; skip the ~17MB CDN download on test jobs
+  SENTRYCLI_SKIP_DOWNLOAD: 1
 
 jobs:
   node-tests:

.github/workflows/pull-request-labeled.yml

@@ -4,6 +4,10 @@ on:
   pull_request_target:
     types: [labeled]
 
+# SECURITY: This workflow uses pull_request_target and has access to secrets.
+# Do NOT checkout or run code from the PR head. All code execution must use
+# the base branch only. Adding a ref to PR head would expose secrets to
+# untrusted code.
 permissions: {}
 
 jobs:

.github/workflows/pull-request-opened-synchronized.yml

@@ -0,0 +1,46 @@
+name: Pull Request Opened/Synchronized
+
+on:
+  pull_request_target:
+    types: [opened, synchronize]
+
+# SECURITY: This workflow uses pull_request_target and has access to secrets.
+# Do NOT checkout or run code from the PR head. All code execution must use
+# the base branch only. Adding a ref to PR head would expose secrets to
+# untrusted code.
+permissions: {}
+
+jobs:
+  check-signed-commits:
+    name: Check signed commits in PR
+    runs-on: ubuntu-slim
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - name: Check signed commits in PR
+        uses: 1Password/check-signed-commits-action@ed2885f3ed2577a4f5d3c3fe895432a557d23d52 # v1
+        with:
+          comment: |
+            ⚠️ This PR contains unsigned commits. This repository enforces [commit signatures](https://docs.github.com/en/authentication/managing-commit-signature-verification)
+            for all incoming PRs. To get your PR merged, please sign those commits
+            (`git rebase --exec 'git commit -S --amend --no-edit -n' @{upstream}`) and force push them to this branch
+            (`git push --force-with-lease`)
+
+            For more information on signing commits, see GitHub's documentation on [Telling Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key).
+
+      - name: Add needs-signed-commits label
+        if: ${{ failure() }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_URL: ${{ github.event.pull_request.html_url }}
+        run: |
+          gh pr edit $PR_URL --add-label needs-signed-commits
+
+      - name: Remove needs-signed-commits label
+        if: ${{ success() && contains(github.event.pull_request.labels.*.name, 'needs-signed-commits') }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_URL: ${{ github.event.pull_request.html_url }}
+        run: |
+          gh pr edit $PR_URL --remove-label needs-signed-commits

.github/workflows/windows-publish.yml

@@ -51,6 +51,14 @@ jobs:
         generate-sas-token: 'true'
         target-platform: win
 
+  # Build the patched siso binary in parallel with checkout-windows; the
+  # publish-*-win jobs consume it via SISO_PATH.
+  build-siso-windows:
+    if: github.repository == 'electron/electron'
+    uses: ./.github/workflows/pipeline-segment-build-siso-windows.yml
+    permissions:
+      contents: read
+
   publish-x64-win:
     uses: ./.github/workflows/pipeline-segment-electron-publish.yml
     permissions:
@@ -58,7 +66,7 @@ jobs:
       attestations: write
       contents: read
       id-token: write
-    needs: checkout-windows
+    needs: [checkout-windows, build-siso-windows]
     with:
       environment: production-release
       build-runs-on: electron-arc-centralus-windows-amd64-16core
@@ -77,7 +85,7 @@ jobs:
       attestations: write
       contents: read
       id-token: write
-    needs: checkout-windows
+    needs: [checkout-windows, build-siso-windows]
     with:
       environment: production-release
       build-runs-on: electron-arc-centralus-windows-amd64-16core
@@ -96,7 +104,7 @@ jobs:
       attestations: write
       contents: read
       id-token: write
-    needs: checkout-windows
+    needs: [checkout-windows, build-siso-windows]
     with:
       environment: production-release
       build-runs-on: electron-arc-centralus-windows-amd64-16core

.gitignore

@@ -42,6 +42,7 @@ spec/.hash
 
 # Generated native addon files
 /spec/fixtures/native-addon/echo/build/
+/spec/fixtures/native-addon/dialog-helper/build/
 
 # If someone runs tsc this is where stuff will end up
 ts-gen

.yarnrc.yml

@@ -9,4 +9,8 @@ npmMinimalAgeGate: 10080
 npmPreapprovedPackages:
   - "@electron/*"
 
+httpProxy: "${HTTP_PROXY:-}"
+
+httpsProxy: "${HTTPS_PROXY:-}"
+
 yarnPath: .yarn/releases/yarn-4.12.0.cjs

BUILD.gn

@@ -105,21 +105,25 @@ electron_mac_bundle_id = branding.mac_bundle_id
 if (override_electron_version != "") {
   electron_version = override_electron_version
 } else {
-  # When building from source code tarball there is no git tag available and
+  # When building from a source code tarball there is no git tag available and
   # builders must explicitly pass override_electron_version in gn args.
+  #
+  # Resolve the real locations of packed-refs and HEAD via git so that this
+  # also works when electron/ is a `git worktree` (where .git is a file, not a
+  # directory, and GN's read_file cannot follow the gitdir indirection).
+  electron_git_ref_paths =
+      exec_script("script/get-git-ref-paths.py", [], "list lines")
+
   # This read_file call will assert if there is no git information, without it
   # gn will generate a malformed build configuration and ninja will get into
   # infinite loop.
-  read_file(".git/packed-refs", "string")
+  read_file(electron_git_ref_paths[0], "string")
 
   # Set electron version from git tag.
   electron_version = exec_script("script/get-git-version.py",
                                  [],
                                  "trim string",
-                                 [
-                                   ".git/packed-refs",
-                                   ".git/HEAD",
-                                 ])
+                                 electron_git_ref_paths)
 }
 
 if (is_mas_build) {
@@ -490,6 +494,7 @@ source_set("electron_lib") {
     "//components/pref_registry",
     "//components/prefs",
     "//components/security_state/content",
+    "//components/tracing:tracing_metrics",
     "//components/upload_list",
     "//components/user_prefs",
     "//components/viz/host",
@@ -775,6 +780,7 @@ source_set("electron_lib") {
       "//components/zoom",
       "//extensions/browser",
       "//extensions/browser/api:api_provider",
+      "//extensions/browser/mime_handler:stream_info",
       "//extensions/browser/updater",
       "//extensions/common",
       "//extensions/common:core_api_provider",
@@ -1017,7 +1023,17 @@ if (is_mac) {
     }
   }
 
-  foreach(helper_params, content_mac_helpers) {
+  # Electron defines its own plugin helper (using CHILD_EMBEDDER_FIRST + 1) to
+  # allow loading of unsigned or third-party-signed libraries.
+  _electron_plugin_helper_params = [
+    "plugin",
+    ".plugin",
+    " (Plugin)",
+  ]
+  electron_mac_helpers =
+      content_mac_helpers + [ _electron_plugin_helper_params ]
+
+  foreach(helper_params, electron_mac_helpers) {
     _helper_target = helper_params[0]
     _helper_bundle_id = helper_params[1]
     _helper_suffix = helper_params[2]
@@ -1070,7 +1086,7 @@ if (is_mac) {
       ":stripped_squirrel_framework",
     ]
 
-    foreach(helper_params, content_mac_helpers) {
+    foreach(helper_params, electron_mac_helpers) {
       sources +=
           [ "$root_out_dir/${electron_helper_name}${helper_params[2]}.app" ]
       public_deps += [ ":electron_helper_app_${helper_params[0]}" ]
@@ -1174,7 +1190,7 @@ if (is_mac) {
       deps = [ ":electron_framework" ]
     }
 
-    foreach(helper_params, content_mac_helpers) {
+    foreach(helper_params, electron_mac_helpers) {
       _helper_target = helper_params[0]
       _helper_bundle_id = helper_params[1]
       _helper_suffix = helper_params[2]
@@ -1226,7 +1242,7 @@ if (is_mac) {
         deps += [ ":crashpad_handler_syms" ]
       }
 
-      foreach(helper_params, content_mac_helpers) {
+      foreach(helper_params, electron_mac_helpers) {
         _helper_target = helper_params[0]
         deps += [ ":electron_helper_syms_${_helper_target}" ]
       }
@@ -1633,6 +1649,7 @@ action("node_version_header") {
 action("generate_node_headers") {
   deps = [ ":generate_config_gypi" ]
   script = "script/node/generate_node_headers.py"
+  args = [ rebase_path("$root_gen_dir") ]
   outputs = [ "$root_gen_dir/node_headers.json" ]
 }
 

CLAUDE.md

@@ -171,6 +171,10 @@ e test                    # Run full test suite
 
 When working on the `roller/chromium/main` branch to upgrade Chromium activate the "Electron Chromium Upgrade" skill.
 
+## Node.js Upgrade Workflow
+
+When working on the `roller/node/main` branch to upgrade Node.js activate the "Electron Node.js Upgrade" skill.
+
 ## Pull Requests
 
 PR bodies must always include a `Notes:` section as the **last line** of the body. This is a consumer-facing release note for Electron app developers — describe the user-visible fix or change, not internal implementation details. Use `Notes: none` if there is no user-facing change.

DEPS

@@ -2,9 +2,9 @@ gclient_gn_args_from = 'src'
 
 vars = {
   'chromium_version':
-    '147.0.7727.0',
+    '148.0.7778.5',
   'node_version':
-    'v24.14.0',
+    'v24.14.1',
   'nan_version':
     '675cefebca42410733da8a454c8d9391fcebfbc2',
   'squirrel.mac_version':

build/args/all.gn

@@ -51,9 +51,6 @@ is_cfi = false
 use_qt5 = false
 use_qt6 = false
 
-# Disables the builtins PGO for V8
-v8_builtins_profiling_log_file = ""
-
 # https://chromium.googlesource.com/chromium/src/+/main/docs/dangling_ptr.md
 # TODO(vertedinde): hunt down dangling pointers on Linux
 enable_dangling_raw_ptr_checks = false

chromium_src/BUILD.gn

@@ -144,6 +144,8 @@ static_library("chrome") {
     "//chrome/browser/ui/views/overlay/toggle_camera_button.h",
     "//chrome/browser/ui/views/overlay/toggle_microphone_button.cc",
     "//chrome/browser/ui/views/overlay/toggle_microphone_button.h",
+    "//chrome/browser/ui/views/overlay/toggle_mute_button.cc",
+    "//chrome/browser/ui/views/overlay/toggle_mute_button.h",
     "//chrome/browser/ui/views/overlay/video_overlay_window_views.cc",
     "//chrome/browser/ui/views/overlay/video_overlay_window_views.h",
     "//chrome/browser/ui/views/picture_in_picture/picture_in_picture_bounds_change_animation.cc",

default_app/default_app.ts

@@ -1,5 +1,5 @@
 import { shell } from 'electron/common';
-import { app, dialog, BrowserWindow, ipcMain } from 'electron/main';
+import { app, dialog, BrowserWindow, ipcMain, Menu } from 'electron/main';
 
 import * as path from 'node:path';
 import * as url from 'node:url';
@@ -11,12 +11,52 @@ app.on('window-all-closed', () => {
   app.quit();
 });
 
-function decorateURL (url: string) {
-  // safely add `?utm_source=default_app
-  const parsedUrl = new URL(url);
-  parsedUrl.searchParams.append('utm_source', 'default_app');
-  return parsedUrl.toString();
-}
+const isMac = process.platform === 'darwin';
+
+app.whenReady().then(() => {
+  const helpMenu: Electron.MenuItemConstructorOptions = {
+    role: 'help',
+    submenu: [
+      {
+        label: 'Learn More',
+        click: async () => {
+          await shell.openExternal('https://electronjs.org');
+        }
+      },
+      {
+        label: 'Documentation',
+        click: async () => {
+          const version = process.versions.electron;
+          await shell.openExternal(`https://github.com/electron/electron/tree/v${version}/docs#readme`);
+        }
+      },
+      {
+        label: 'Community Discussions',
+        click: async () => {
+          await shell.openExternal('https://discord.gg/electronjs');
+        }
+      },
+      {
+        label: 'Search Issues',
+        click: async () => {
+          await shell.openExternal('https://github.com/electron/electron/issues');
+        }
+      }
+    ]
+  };
+
+  const macAppMenu: Electron.MenuItemConstructorOptions = { role: 'appMenu' };
+  const template: Electron.MenuItemConstructorOptions[] = [
+    ...(isMac ? [macAppMenu] : []),
+    { role: 'fileMenu' },
+    { role: 'editMenu' },
+    { role: 'viewMenu' },
+    { role: 'windowMenu' },
+    helpMenu
+  ];
+
+  Menu.setApplicationMenu(Menu.buildFromTemplate(template));
+});
 
 // Find the shortest path to the electron binary
 const absoluteElectronPath = process.execPath;
@@ -69,7 +109,7 @@ async function createWindow (backgroundColor?: string) {
   mainWindow.on('ready-to-show', () => mainWindow!.show());
 
   mainWindow.webContents.setWindowOpenHandler(details => {
-    shell.openExternal(decorateURL(details.url));
+    shell.openExternal(details.url);
     return { action: 'deny' };
   });
 

docs/api/app.md

@@ -615,7 +615,11 @@ Returns `string` - The current application directory.
     by default is the `appData` directory appended with your app's name. By
     convention files storing user data should be written to this directory, and
     it is not recommended to write large files here because some environments
-    may backup this directory to cloud storage.
+    may backup this directory to cloud storage. It is recommended to store
+    app-specific files within a subdirectory of `userData` (e.g.,
+    `path.join(app.getPath('userData'), 'my-app-data')`) rather than directly
+    in `userData` itself, to avoid naming conflicts with Chromium's own
+    subdirectories (such as `Cache`, `GPUCache`, and `Local Storage`).
   * `sessionData` The directory for storing data generated by `Session`, such
     as localStorage, cookies, disk cache, downloaded dictionaries, network
     state, DevTools files. By default this points to `userData`. Chromium may

docs/api/global-shortcut.md

@@ -148,3 +148,34 @@ added:
 -->
 
 Unregisters all of the global shortcuts.
+
+### `globalShortcut.setSuspended(suspended)`
+
+<!--
+```YAML history
+added:
+  - pr-url: https://github.com/electron/electron/pull/50425
+```
+-->
+
+* `suspended` boolean - Whether global shortcut handling should be suspended.
+
+Suspends or resumes global shortcut handling. When suspended, all registered
+global shortcuts will stop listening for key presses. When resumed, all
+previously registered shortcuts will begin listening again. New shortcut
+registrations will fail while handling is suspended.
+
+This can be useful when you want to temporarily allow the user to press key
+combinations without your application intercepting them, for example while
+displaying a UI to rebind shortcuts.
+
+### `globalShortcut.isSuspended()`
+
+<!--
+```YAML history
+added:
+  - pr-url: https://github.com/electron/electron/pull/50425
+```
+-->
+
+Returns `boolean` - Whether global shortcut handling is currently suspended.

docs/api/menu-item.md

@@ -44,8 +44,8 @@ See [`Menu`](menu.md) for examples.
     menu items.
   * `registerAccelerator` boolean (optional) _Linux_ _Windows_ - If false, the accelerator won't be registered
     with the system, but it will still be displayed. Defaults to true.
-  * `sharingItem` SharingItem (optional) _macOS_ - The item to share when the `role` is `shareMenu`.
-  * `submenu` (MenuItemConstructorOptions[] | [Menu](menu.md)) (optional) - Should be specified
+  * `sharingItem` [SharingItem](structures/sharing-item.md) (optional) _macOS_ - The item to share when the `role` is `shareMenu`.
+  * `submenu` ([MenuItemConstructorOptions](#new-menuitemoptions)[] | [Menu](menu.md)) (optional) - Should be specified
     for `submenu` type menu items. If `submenu` is specified, the `type: 'submenu'` can be omitted.
     If the value is not a [`Menu`](menu.md) then it will be automatically converted to one using
     `Menu.buildFromTemplate`.
@@ -89,7 +89,7 @@ A `Function` that is fired when the MenuItem receives a click event.
 It can be called with `menuItem.click(event, focusedWindow, focusedWebContents)`.
 
 * `event` [KeyboardEvent](structures/keyboard-event.md)
-* `focusedWindow` [BaseWindow](browser-window.md)
+* `focusedWindow` [BaseWindow](base-window.md)
 * `focusedWebContents` [WebContents](web-contents.md)
 
 #### `menuItem.submenu`
@@ -110,11 +110,11 @@ A `string` (optional) indicating the item's role, if set. Can be `undo`, `redo`,
 
 #### `menuItem.accelerator`
 
-An `Accelerator | null` indicating the item's accelerator, if set.
+An [`Accelerator | null`](../tutorial/keyboard-shortcuts.md#accelerators) indicating the item's accelerator, if set.
 
 #### `menuItem.userAccelerator` _Readonly_ _macOS_
 
-An `Accelerator | null` indicating the item's [user-assigned accelerator](https://developer.apple.com/documentation/appkit/nsmenuitem/1514850-userkeyequivalent?language=objc) for the menu item.
+An [`Accelerator | null`](../tutorial/keyboard-shortcuts.md#accelerators) indicating the item's [user-assigned accelerator](https://developer.apple.com/documentation/appkit/nsmenuitem/1514850-userkeyequivalent?language=objc) for the menu item.
 
 > [!NOTE]
 > This property is only initialized after the `MenuItem` has been added to a `Menu`. Either via `Menu.buildFromTemplate` or via `Menu.append()/insert()`.  Accessing before initialization will just return `null`.
@@ -170,7 +170,7 @@ This property can be dynamically changed.
 
 #### `menuItem.sharingItem` _macOS_
 
-A `SharingItem` indicating the item to share when the `role` is `shareMenu`.
+A [`SharingItem`](structures/sharing-item.md) indicating the item to share when the `role` is `shareMenu`.
 
 This property can be dynamically changed.
 

docs/api/menu.md

@@ -46,7 +46,7 @@ this has the additional effect of removing the menu bar from the window.
 
 > [!NOTE]
 > The default menu will be created automatically if the app does not set one.
-> It contains standard items such as `File`, `Edit`, `View`, `Window` and `Help`.
+> It contains standard items such as `File`, `Edit`, `View`, and `Window`.
 
 #### `Menu.getApplicationMenu()`
 
@@ -70,7 +70,7 @@ for more information on macOS' native actions.
 
 #### `Menu.buildFromTemplate(template)`
 
-- `template` (MenuItemConstructorOptions | [MenuItem](menu-item.md))[]
+- `template` ([MenuItemConstructorOptions](menu-item.md#new-menuitemoptions) | [MenuItem](menu-item.md))[]
 
 Returns [`Menu`](menu.md)
 
@@ -162,7 +162,7 @@ Emitted when a popup is closed either manually or with `menu.closePopup()`.
 
 #### `menu.items`
 
-A `MenuItem[]` array containing the menu's items.
+A [`MenuItem[]`](menu-item.md) array containing the menu's items.
 
 Each `Menu` consists of multiple [`MenuItem`](menu-item.md) instances and each `MenuItem`
 can nest a `Menu` into its `submenu` property.

docs/api/native-theme.md

@@ -84,3 +84,7 @@ Currently, Windows high contrast is the only system setting that triggers forced
 ### `nativeTheme.prefersReducedTransparency` _Readonly_
 
 A `boolean` that indicates whether the user has chosen via system accessibility settings to reduce transparency at the OS level.
+
+### `nativeTheme.shouldDifferentiateWithoutColor` _macOS_ _Readonly_
+
+A `boolean` that indicates whether the user prefers UI that differentiates items using something other than color alone (e.g. shapes or labels). This maps to [NSWorkspace.accessibilityDisplayShouldDifferentiateWithoutColor](https://developer.apple.com/documentation/appkit/nsworkspace/accessibilitydisplayshoulddifferentiatewithoutcolor).

docs/api/notification.md

@@ -79,20 +79,27 @@ app.whenReady().then(() => {
 ### `new Notification([options])`
 
 * `options` Object (optional)
+  * `id` string (optional) _macOS_ _Windows_ - A unique identifier for the notification. On macOS, maps to `UNNotificationRequest`'s [`identifier`](https://developer.apple.com/documentation/usernotifications/unnotificationrequest/identifier) property. On Windows, maps to the toast notification's [`Tag`](https://learn.microsoft.com/en-us/uwp/api/windows.ui.notifications.toastnotification.tag) property. Defaults to a random UUID if not provided or if an empty string is passed. This can be used to remove or update previously delivered notifications.
+  * `groupId` string (optional) _macOS_ _Windows_ - A string identifier used to visually group notifications together in Notification Center / Action Center. On macOS, maps to `UNNotificationContent`'s [`threadIdentifier`](https://developer.apple.com/documentation/usernotifications/unnotificationcontent/threadidentifier) property. On Windows, maps to the toast notification's [`Group`](https://learn.microsoft.com/en-us/uwp/api/windows.ui.notifications.toastnotification.group) property.
+  * `groupTitle` string (optional) _Windows_ - A title for the notification group header. When both `groupId` and `groupTitle` are specified, Windows will display a header above the notification that groups related notifications together. Maps to the toast notification's [`header`](https://learn.microsoft.com/en-us/windows/apps/design/shell/tiles-and-notifications/toast-headers) element.
   * `title` string (optional) - A title for the notification, which will be displayed at the top of the notification window when it is shown.
   * `subtitle` string (optional) _macOS_ - A subtitle for the notification, which will be displayed below the title.
   * `body` string (optional) - The body text of the notification, which will be displayed below the title or subtitle.
   * `silent` boolean (optional) - Whether or not to suppress the OS notification noise when showing the notification.
   * `icon` (string | [NativeImage](native-image.md)) (optional) - An icon to use in the notification. If a string is passed, it must be a valid path to a local icon file.
-  * `hasReply` boolean (optional) _macOS_ - Whether or not to add an inline reply option to the notification.
+  * `hasReply` boolean (optional) _macOS_ _Windows_ - Whether or not to add an inline reply option to the notification.
   * `timeoutType` string (optional) _Linux_ _Windows_ - The timeout duration of the notification. Can be 'default' or 'never'.
-  * `replyPlaceholder` string (optional) _macOS_ - The placeholder to write in the inline reply input field.
+  * `replyPlaceholder` string (optional) _macOS_ _Windows_ - The placeholder to write in the inline reply input field.
   * `sound` string (optional) _macOS_ - The name of the sound file to play when the notification is shown.
-  * `urgency` string (optional) _Linux_ - The urgency level of the notification. Can be 'normal', 'critical', or 'low'.
-  * `actions` [NotificationAction[]](structures/notification-action.md) (optional) _macOS_ - Actions to add to the notification. Please read the available actions and limitations in the `NotificationAction` documentation.
+  * `urgency` string (optional) _Linux_ _Windows_ - The urgency level of the notification. Can be 'normal', 'critical', or 'low'.
+  * `actions` [NotificationAction[]](structures/notification-action.md) (optional) _macOS_ _Windows_ - Actions to add to the notification. Please read the available actions and limitations in the `NotificationAction` documentation.
   * `closeButtonText` string (optional) _macOS_ - A custom title for the close button of an alert. An empty string will cause the default localized text to be used.
   * `toastXml` string (optional) _Windows_ - A custom description of the Notification on Windows superseding all properties above. Provides full customization of design and behavior of the notification.
 
+> [!NOTE]
+> On Windows, `urgency` type 'critical' sorts the notification higher in Action Center (above default priority notifications), but does not prevent auto-dismissal. To prevent auto-dismissal, you should also set
+> `timeoutType` to 'never'.
+
 ### Instance Events
 
 Objects created with `new Notification` emit the following events:
@@ -323,6 +330,18 @@ app.whenReady().then(() => {
 
 ### Instance Properties
 
+#### `notification.id` _macOS_ _Windows_ _Readonly_
+
+A `string` property representing the unique identifier of the notification. This is set at construction time — either from the `id` option or as a generated UUID if none was provided.
+
+#### `notification.groupId` _macOS_ _Windows_ _Readonly_
+
+A `string` property representing the group identifier of the notification. Notifications with the same `groupId` will be visually grouped together in Notification Center (macOS) or Action Center (Windows).
+
+#### `notification.groupTitle` _Windows_ _Readonly_
+
+A `string` property representing the title of the notification group header.
+
 #### `notification.title`
 
 A `string` property representing the title of the notification.

docs/api/protocol.md

@@ -56,6 +56,15 @@ app.whenReady().then(() => {
 })
 ```
 
+## Protocol names
+
+[RFC 3986](https://www.rfc-editor.org/rfc/rfc3986#section-3.1) defines what a valid
+protocol name is:
+
+> Scheme names consist of a sequence of characters beginning with a letter and followed
+> by any combination of letters, digits, plus ("+"), period ("."), or hyphen ("-").
+> Although schemes are case-insensitive, the canonical form is lowercase […].
+
 ## Methods
 
 The `protocol` module has the following methods:

docs/api/structures/custom-scheme.md

@@ -11,3 +11,5 @@
   * `stream` boolean (optional) - Default false.
   * `codeCache` boolean (optional) - Enable V8 code cache for the scheme, only
     works when `standard` is also set to true. Default false.
+  * `allowExtensions` boolean (optional) - Allow Chrome extensions to be used
+    on pages served over this protocol. Default false.

docs/api/web-contents.md

@@ -1485,6 +1485,11 @@ mainWindow.webContents.setWindowOpenHandler((details) => {
       const browserView = new BrowserView(options)
       mainWindow.addBrowserView(browserView)
       browserView.setBounds({ x: 0, y: 0, width: 640, height: 480 })
+      // For `background-tab` disposition (e.g., when middle-clicking or ctrl/cmd-clicking a link),
+      // `options.webContents` is undefined because its creation can be deferred. So load the URL manually.
+      if (details.disposition === 'background-tab') {
+        browserView.webContents.loadURL(details.url)
+      }
       return browserView.webContents
     }
   }

docs/api/window-open.md

@@ -33,10 +33,14 @@ because it is invoked in the main process.
 Returns [`Window`](https://developer.mozilla.org/en-US/docs/Web/API/Window) | null
 
 `features` is a comma-separated key-value list, following the standard format of
-the browser. Electron will parse [`BrowserWindowConstructorOptions`](structures/browser-window-options.md) out of this
-list where possible, for convenience. For full control and better ergonomics,
-consider using `webContents.setWindowOpenHandler` to customize the
-BrowserWindow creation.
+the browser. For convenience, Electron will parse a subset of presentational
+[`BrowserWindowConstructorOptions`](structures/browser-window-options.md) out of
+this list (such as `width`, `height`, `x`, `y`, `show`, `frame`, `title`,
+`backgroundColor`). Because the renderer is untrusted, options that cause the
+main process to access the filesystem or that are otherwise privileged (such as
+`icon`) are ignored. For full control and better ergonomics, use
+`webContents.setWindowOpenHandler` to customize the BrowserWindow creation from
+the main process.
 
 A subset of [`WebPreferences`](structures/web-preferences.md) can be set directly,
 unnested, from the features string: `zoomFactor`, `nodeIntegration`, `javascript`,
@@ -56,9 +60,10 @@ window.open('https://github.com', '_blank', 'top=500,left=200,frame=false,nodeIn
   enabled on the parent window.
 * JavaScript will always be disabled in the opened `window` if it is disabled on
   the parent window.
-* Non-standard features (that are not handled by Chromium or Electron) given in
-  `features` will be passed to any registered `webContents`'s
-  `did-create-window` event handler in the `options` argument.
+* Features that are not handled by Chromium and not in Electron's allowlist of
+  presentational `BrowserWindowConstructorOptions` are ignored. The raw
+  `features` string is still available to the main process via
+  `setWindowOpenHandler`.
 * `frameName` follows the specification of `target` located in the [native documentation](https://developer.mozilla.org/en-US/docs/Web/API/Window/open#parameters).
 * When opening `about:blank`, the child window's [`WebPreferences`](structures/web-preferences.md) will be copied
   from the parent window, and there is no way to override it because Chromium

docs/breaking-changes.md

@@ -70,6 +70,9 @@ npm install electron --save-dev
 ELECTRON_INSTALL_PLATFORM=mas npx electron . --no
 ```
 
+This also means the `ELECTRON_SKIP_BINARY_DOWNLOAD` environment variable is no
+longer supported, as its primary purpose was to prevent the `postinstall` script from running.
+
 ### Removed: `quotas` object from `Session.clearStorageData(options)`
 
 When calling `Session.clearStorageData(options)`, the `options.quotas` object is no longer supported because it has been

docs/development/patches.md

@@ -79,7 +79,7 @@ $ ../../electron/script/git-import-patches ../../electron/patches/node
 $ ../../electron/script/git-export-patches -o ../../electron/patches/node
 ```
 
-Note that `git-import-patches` will mark the commit that was `HEAD` when it was run as `refs/patches/upstream-head`. This lets you keep track of which commits are from Electron patches (those that come after `refs/patches/upstream-head`) and which commits are in upstream (those before `refs/patches/upstream-head`).
+Note that `git-import-patches` will mark the commit that was `HEAD` when it was run as `refs/patches/upstream-head` (and a checkout-specific `refs/patches/upstream-head-<hash>` so that gclient worktrees sharing a `.git/refs` directory don't clobber each other). This lets you keep track of which commits are from Electron patches (those that come after `refs/patches/upstream-head`) and which commits are in upstream (those before `refs/patches/upstream-head`).
 
 #### Resolving conflicts
 

docs/tutorial/electron-timelines.md

@@ -2,28 +2,53 @@
 
 Electron frequently releases major versions alongside every other Chromium release.
 This document focuses on the release cadence and version support policy.
-For a more in-depth guide on our git branches and how Electron uses semantic versions,
-check out our [Electron Versioning](./electron-versioning.md) doc.
+
+> [!TIP]
+> See the [Electron Versioning](./electron-versioning.md) document for more details
+> on how Electron is versioned.
 
 ## Timeline
 
 [Electron's Release Schedule](https://releases.electronjs.org/schedule) lists a schedule of Electron major releases showing key milestones including alpha, beta, and stable release dates, as well as end-of-life dates and dependency versions.
 
-:::info Official support dates may change
+> [!IMPORTANT]
+> Electron's official support policy is the latest 3 stable releases. Our stable
+> release and end-of-life dates are determined by Chromium, and may be subject to
+> change. While we try to keep our planned release and end-of-life dates frequently
+> updated here, future dates may change if affected by upstream scheduling changes,
+> and may not always be accurately reflected.
+>
+> See [Chromium's public release schedule](https://chromiumdash.appspot.com/schedule) for
+> definitive information about Chromium's scheduled release dates.
 
-Electron's official support policy is the latest 3 stable releases. Our stable
-release and end-of-life dates are determined by Chromium, and may be subject to
-change. While we try to keep our planned release and end-of-life dates frequently
-updated here, future dates may change if affected by upstream scheduling changes,
-and may not always be accurately reflected.
+Electron's cadence between major version releases is 8 weeks long. Before each major
+version hits stable, it goes through a four-week **alpha** phase and a four-week
+**beta** phase.
 
- See [Chromium's public release schedule](https://chromiumdash.appspot.com/schedule) for
- definitive information about Chromium's scheduled release dates.
-
- :::
+```mermaid
+gantt
+    title Electron release cycle
+    dateFormat  YYYY-MM-DD
+    axisFormat  Week %W
+    todayMarker off
+    section v41
+    Alpha phase                    :a1, 2026-01-19, 4w
+    M146 enters Chrome beta        :milestone, bm1, after a1, 0d
+    Beta phase                     :b1, after a1, 4w
+    M146 enters Chrome stable      :milestone, s1, after b1, 0d
+    Supported until v44 release    :active, after b1, 12w
+    section v42
+    Alpha phase                    :a2, after b1, 4w
+    M148 enters Chrome beta        :milestone, bm2, after a2, 0d
+    Beta phase                     :b2, after a2, 4w
+    M148 enters Chrome stable      :milestone, s2, after b2, 0d
+    Supported until v45 release    :active, after b2, 4w
+```
 
 **Notes:**
 
+* Alphas are generally less stable than beta releases. The cutoff between the two
+  corresponds to when the underlying Chromium version enters Chrome's Beta channel.
 * The `-alpha.1`, `-beta.1`, and `stable` dates are our solid release dates.
 * We strive for weekly alpha/beta releases, but we often release more than scheduled.
 * All dates are our goals but there may be reasons for adjusting the stable deadline, such as security bugs.
@@ -38,10 +63,11 @@ and may not always be accurately reflected.
 ## Version support policy
 
 The latest three _stable_ major versions are supported by the Electron team.
-For example, if the latest release is 6.1.x, then the 5.0.x as well
-as the 4.2.x series are supported. We only support the latest minor release
+
+For example, if the latest release is 42.1.x, then the 41.0.x as well
+as the 40.2.x series are supported. We only support the latest minor release
 for each stable release series. This means that in the case of a security fix,
-6.1.x will receive the fix, but we will not release a new version of 6.0.x.
+42.1.x will receive the fix, but we will not release a new version of 42.0.x.
 
 The latest stable release unilaterally receives all fixes from `main`,
 and the version prior to that receives the vast majority of those fixes
@@ -50,11 +76,8 @@ only security fixes directly.
 
 ### Chromium version support
 
-:::info Chromium release schedule
-
-Chromium's public release schedule is [here](https://chromiumdash.appspot.com/schedule).
-
-:::
+> [!TIP]
+> Chromium's public release schedule is [here](https://chromiumdash.appspot.com/schedule).
 
 Electron targets Chromium even-number versions, releasing every 8 weeks in concert
 with Chromium's 4-week release schedule. For example, Electron 26 uses Chromium 116, while Electron 27 uses Chromium 118.
@@ -82,3 +105,7 @@ and that number is reduced to two in major version 10, the three-argument versio
 continue to work until, at minimum, major version 12. Past the minimum two-version
 threshold, we will attempt to support backwards compatibility beyond two versions
 until the maintainers feel the maintenance burden is too high to continue doing so.
+
+> [!TIP]
+> For a canonical list of breaking changes, see the [Breaking Changes](../breaking-changes.md)
+> document.

docs/tutorial/electron-versioning.md

@@ -14,18 +14,6 @@ To update an existing project to use the latest stable version:
 npm install --save-dev electron@latest
 ```
 
-## Versioning scheme
-
-There are several major changes from our 1.x strategy outlined below. Each change is intended to satisfy the needs and priorities of developers/maintainers and app developers.
-
-1. Strict use of the [SemVer](#semver) spec
-2. Introduction of semver-compliant `-beta` tags
-3. Introduction of [conventional commit messages](https://conventionalcommits.org/)
-4. Well-defined stabilization branches
-5. The `main` branch is versionless; only stabilization branches contain version information
-
-We will cover in detail how git branching works, how npm tagging works, what developers should expect to see, and how one can backport changes.
-
 ## SemVer
 
 Below is a table explicitly mapping types of changes to their corresponding category of SemVer (e.g. Major, Minor, Patch).
@@ -34,7 +22,7 @@ Below is a table explicitly mapping types of changes to their corresponding cate
 | ------------------------------- | ---------------------------------- | ----------------------------- |
 | Electron breaking API changes   | Electron non-breaking API changes  | Electron bug fixes            |
 | Node.js major version updates   | Node.js minor version updates      | Node.js patch version updates |
-| Chromium version updates        |                                    | fix-related chromium patches  |
+| Chromium version updates        |                                    | fix-related Chromium patches  |
 
 For more information, see the [Semantic Versioning 2.0.0](https://semver.org/) spec.
 
@@ -44,68 +32,189 @@ Note that most Chromium updates will be considered breaking. Fixes that can be b
 
 Stabilization branches are branches that run parallel to `main`, taking in only cherry-picked commits that are related to security or stability. These branches are never merged back to `main`.
 
-![Stabilization Branches](../images/versioning-sketch-1.png)
-
-Since Electron 8, stabilization branches are always **major** version lines, and named against the following template `$MAJOR-x-y` e.g. `8-x-y`.  Prior to that we used **minor** version lines and named them as `$MAJOR-$MINOR-x` e.g. `2-0-x`.
-
-We allow for multiple stabilization branches to exist simultaneously, one for each supported version. For more details on which versions are supported, see our [Electron Releases](./electron-timelines.md) doc.
-
-![Multiple Stability Branches](../images/versioning-sketch-2.png)
-
-Older lines will not be supported by the Electron project, but other groups can take ownership and backport stability and security fixes on their own. We discourage this, but recognize that it makes life easier for many app developers.
-
-## Beta releases and bug fixes
-
-Developers want to know which releases are _safe_ to use. Even seemingly innocent features can introduce regressions in complex applications. At the same time, locking to a fixed version is dangerous because you’re ignoring security patches and bug fixes that may have come out since your version. Our goal is to allow the following standard semver ranges in `package.json` :
-
-* Use `~2.0.0` to admit only stability or security related fixes to your `2.0.0` release.
-* Use `^2.0.0` to admit non-breaking _reasonably stable_ feature work as well as security and bug fixes.
-
-What’s important about the second point is that apps using `^` should still be able to expect a reasonable level of stability. To accomplish this, SemVer allows for a _pre-release identifier_ to indicate a particular version is not yet _safe_ or _stable_.
-
-Whatever you choose, you will periodically have to bump the version in your `package.json` as breaking changes are a fact of Chromium life.
-
-The process is as follows:
-
-1. All new major and minor releases lines begin with a beta series indicated by SemVer prerelease tags of `beta.N`, e.g. `2.0.0-beta.1`. After the first beta, subsequent beta releases must meet all of the following conditions:
-    1. The change is backwards API-compatible (deprecations are allowed)
-    2. The risk to meeting our stability timeline must be low.
-2. If allowed changes need to be made once a release is beta, they are applied and the prerelease tag is incremented, e.g. `2.0.0-beta.2`.
-3. If a particular beta release is _generally regarded_ as stable, it will be re-released as a stable build, changing only the version information. e.g. `2.0.0`. After the first stable, all changes must be backwards-compatible bug or security fixes.
-4. If future bug fixes or security patches need to be made once a release is stable, they are applied and the _patch_ version is incremented
-e.g. `2.0.1`.
-
-Specifically, the above means:
-
-1. Admitting non-breaking-API changes before Week 3 in the beta cycle is okay, even if those changes have the potential to cause moderate side-effects.
-2. Admitting feature-flagged changes, that do not otherwise alter existing code paths, at most points in the beta cycle is okay. Users can explicitly enable those flags in their apps.
-3. Admitting features of any sort after Week 3 in the beta cycle is 👎 without a very good reason.
-
-For each major and minor bump, you should expect to see something like the following:
-
-```plaintext
-2.0.0-beta.1
-2.0.0-beta.2
-2.0.0-beta.3
-2.0.0
-2.0.1
-2.0.2
+```mermaid
+gitGraph
+    commit
+    commit
+    branch N-x-y
+    checkout main
+    commit id:"fix-1"
+    checkout N-x-y
+    cherry-pick id:"fix-1"
+    checkout main
+    commit id:"fix-2"
+    checkout N-x-y
+    cherry-pick id:"fix-2"
+    checkout main
+    commit
+    commit
 ```
 
-An example lifecycle in pictures:
+Since Electron 8, stabilization branches are always **major** version lines, and named against the following template `$MAJOR-x-y` e.g. `8-x-y`. (Prior to that, we used **minor** version lines and named them as `$MAJOR-$MINOR-x` e.g. `2-0-x`.)
 
-* A new release branch is created that includes the latest set of features. It is published as `2.0.0-beta.1`.
-![New Release Branch](../images/versioning-sketch-3.png)
-* A bug fix comes into master that can be backported to the release branch. The patch is applied, and a new beta is published as `2.0.0-beta.2`.
-![Bugfix Backport to Beta](../images/versioning-sketch-4.png)
-* The beta is considered _generally stable_ and it is published again as a non-beta under `2.0.0`.
-![Beta to Stable](../images/versioning-sketch-5.png)
-* Later, a zero-day exploit is revealed and a fix is applied to master. We backport the fix to the `2-0-x` line and release `2.0.1`.
-![Security Backports](../images/versioning-sketch-6.png)
+We allow for multiple stabilization branches to exist simultaneously, one for each supported version.
 
-A few examples of how various SemVer ranges will pick up new releases:
+> [!TIP]
+> For more details on which versions are supported, see our [Electron Releases](./electron-timelines.md) doc.
 
-![Semvers and Releases](../images/versioning-sketch-7.png)
+```mermaid
+gitGraph
+    commit
+    branch "41-x-y"
+    checkout main
+    commit
+    commit
+    commit id:"fix-a"
+    checkout "41-x-y"
+    cherry-pick id:"fix-a"
+    checkout main
+    commit
+    commit id:"fix-b"
+    checkout "41-x-y"
+    cherry-pick id:"fix-b"
+    checkout main
+    commit
+    branch "42-x-y"
+    checkout main
+    commit
+    commit id:"fix-c"
+    checkout "41-x-y"
+    cherry-pick id:"fix-c"
+    checkout "42-x-y"
+    cherry-pick id:"fix-c"
+    checkout main
+    commit
+    commit id:"fix-d"
+    checkout "41-x-y"
+    cherry-pick id:"fix-d"
+    checkout "42-x-y"
+    cherry-pick id:"fix-d"
+    checkout main
+    commit
+```
+
+Older lines will not be supported by the Electron project.
+
+## Release cycle
+
+Electron follows an **8-week regular release cycle** where key milestones correspond to
+matching dates in the Chromium release cycle.
+
+```mermaid
+gantt
+    title Electron release cycle
+    dateFormat  YYYY-MM-DD
+    axisFormat  Week %W
+    todayMarker off
+    section v41
+    Alpha phase                    :a1, 2026-01-19, 4w
+    M146 enters Chrome beta        :milestone, bm1, after a1, 0d
+    Beta phase                     :b1, after a1, 4w
+    M146 enters Chrome stable      :milestone, s1, after b1, 0d
+    Supported until v44 release    :active, after b1, 12w
+    section v42
+    Alpha phase                    :a2, after b1, 4w
+    M148 enters Chrome beta        :milestone, bm2, after a2, 0d
+    Beta phase                     :b2, after a2, 4w
+    M148 enters Chrome stable      :milestone, s2, after b2, 0d
+    Supported until v45 release    :active, after b2, 4w
+```
+
+### Example
+
+When Electron 41 hits its stable release, the release line for Electron 42 is branched off of `main`.
+Its first alpha release is created with all the changes contained on `main`:
+
+```mermaid
+gitGraph
+    commit
+    commit
+    commit
+    branch "42-x-y"
+    checkout "42-x-y"
+    commit tag:"v42.0.0-alpha.1"
+```
+
+A bug fix comes into `main` that can be backported to the release branch. The patch is applied,
+and it is published in the next `v42.0.0-alpha.2` release.
+
+```mermaid
+gitGraph
+    commit
+    commit
+    commit
+    branch "42-x-y"
+    checkout "42-x-y"
+    commit id:"42.0.0-alpha.1" tag:"v42.0.0-alpha.1"
+    checkout "main"
+    commit
+    commit id:"fix-1"
+    checkout "42-x-y"
+    cherry-pick id:"fix-1" tag:"v42.0.0-alpha.2"
+```
+
+The version of Chromium that powers Electron 42 hits Chrome's beta channel. The `alpha` line is
+promoted to `beta`.
+
+```mermaid
+gitGraph
+    commit
+    commit
+    commit
+    branch "42-x-y"
+    checkout "42-x-y"
+    commit id:"42.0.0-alpha.1" tag:"v42.0.0-alpha.1"
+    checkout "main"
+    commit
+    commit id:"fix-1"
+    checkout "42-x-y"
+    cherry-pick id:"fix-1" tag:"v42.0.0-alpha.2"
+    checkout "main"
+    commit
+    commit
+    commit id:"fix-2"
+    checkout "42-x-y"
+    cherry-pick id:"fix-2" tag:"v42.0.0-beta.1"
+```
+
+Beta releases continue weekly until Electron 42 is promoted to stable and the same cycle starts again
+with `43-x-y`. Later, a zero-day exploit is revealed and a fix is applied to `main`. We backport the
+fix to the `42-x-y` line and release `42.0.1`.
+
+```mermaid
+gitGraph
+    commit
+    commit
+    commit
+    branch "42-x-y"
+    checkout "42-x-y"
+    commit id:"42.0.0-alpha.1" tag:"v42.0.0-alpha.1"
+    checkout "main"
+    commit
+    commit id:"fix-1"
+    checkout "42-x-y"
+    cherry-pick id:"fix-1" tag:"v42.0.0-alpha.2"
+    checkout "main"
+    commit
+    commit
+    commit id:"fix-2"
+    checkout "42-x-y"
+    cherry-pick id:"fix-2" tag:"v42.0.0-beta.1"
+    checkout "main"
+    commit id:"fix-3"
+    checkout "42-x-y"
+    cherry-pick id:"fix-3" tag:"v42.0.0"
+    checkout "main"
+    branch "43-x-y"
+    checkout "43-x-y"
+    commit id:"43.0.0-alpha.1" tag:"v43.0.0-alpha.1"
+    checkout "main"
+    commit id:"security-fix"
+    checkout "42-x-y"
+    cherry-pick id:"security-fix" tag:"v42.0.1"
+    checkout "43-x-y"
+    cherry-pick id:"security-fix" tag:"v43.0.0-alpha.2"
+```
 
 ### Backport request process
 
@@ -136,10 +245,11 @@ The `electron/electron` repository also enforces squash merging, so you only nee
 
 ## Versioned `main` branch
 
-* The `main` branch will always contain the next major version `X.0.0-nightly.DATE` in its `package.json`.
+* The `main` branch always corresponds to the major version above the current pre-release line.
+* Unstable nightly releases of `main` are released under the [`electron-nightly`](https://www.npmjs.com/package/electron-nightly)
+  package on npm.
 * Release branches are never merged back to `main`.
-* Release branches _do_ contain the correct version in their `package.json`.
-* As soon as a release branch is cut for a major, `main` must be bumped to the next major (i.e. `main` is always versioned as the next theoretical release branch).
+* All `package.json` values are fixed at `0.0.0-development`.
 
 ## Historical versioning (Electron 1.X)
 
@@ -147,6 +257,29 @@ Electron versions _< 2.0_ did not conform to the [SemVer](https://semver.org) sp
 
 Here is an example of the 1.x strategy:
 
-![1.x Versioning](../images/versioning-sketch-0.png)
+```mermaid
+---
+config:
+  gitGraph:
+    mainBranchName: 'master'
+---
+gitGraph
+    commit
+    branch "bugfix-1"
+    checkout "bugfix-1"
+    commit
+    checkout master
+    merge "bugfix-1" tag:"1.8.1"
+    branch "feature"
+    checkout "feature"
+    commit
+    checkout master
+    merge "feature" tag:"1.8.2"
+    branch "bugfix-2"
+    checkout "bugfix-2"
+    commit
+    checkout master
+    merge "bugfix-2" tag:"1.8.3"
+```
 
 An app developed with `1.8.1` cannot take the `1.8.3` bug fix without either absorbing the `1.8.2` feature, or by backporting the fix and maintaining a new release line.

docs/tutorial/fuses.md

@@ -146,13 +146,15 @@ The extra privileges granted to the `file://` protocol by this fuse are incomple
 The `wasmTrapHandlers` fuse controls whether V8 will use signal handlers to trap Out of Bounds memory
 access from WebAssembly. The feature works by surrounding the WebAssembly memory with large guard regions
 and then installing a signal handler that traps attempt to access memory in the guard region. The feature
-is only supported on the following 64-bit systems.
+is only supported on the following 64-bit systems:
 
-Linux. MacOS, Windows - x86_64
-Linux, MacOS - aarch64
+* Linux, macOS, Windows - x86_64
+* Linux, macOS - aarch64
 
+```text
 | Guard Pages | WASM heap | Guard Pages |
 |-----8GB-----|           |-----8GB-----|
+```
 
 When the fuse is disabled V8 will use explicit bound checks in the generated WebAssembly code to ensure
 memory safety. However, this method has some downsides

docs/tutorial/installation.md

@@ -25,16 +25,27 @@ included in the `electron` package:
 npx install-electron --no
 ```
 
-If you want to install your project's dependencies but don't need to use
-Electron functionality, you can set the `ELECTRON_SKIP_BINARY_DOWNLOAD` environment
-variable to prevent the binary from being downloaded. For instance, this feature can
-be useful in continuous integration environments when running unit tests that mock
-out the `electron` module.
+## Installing prereleases
+
+Electron [distributes experimental releases of future major versions](./electron-timelines.md)
+via npm as well.
+
+Nightly builds contain the latest changes from the `main` branch:
 
 ```sh
-ELECTRON_SKIP_BINARY_DOWNLOAD=1 npm install
+npm install electron-nightly --save-dev
 ```
 
+Alpha and beta builds contain changes slated for the next major version:
+
+```sh
+npm install electron@alpha --save-dev
+npm install electron@beta --save-dev
+```
+
+> [!TIP]
+> For more information on available Electron releases, see the [Release Status dashboard](https://releases.electronjs.org).
+
 ## Running Electron ad-hoc
 
 If you're in a pinch and would prefer to not use `npm install` in your local

docs/tutorial/native-code-and-electron-cpp-linux.md

@@ -1097,7 +1097,8 @@ public:
     Napi::Function func = DefineClass(env, "CppLinuxAddon", {
       InstanceMethod("helloWorld", &CppAddon::HelloWorld),
       InstanceMethod("helloGui", &CppAddon::HelloGui),
-      InstanceMethod("on", &CppAddon::On)
+      InstanceMethod("on", &CppAddon::On),
+      InstanceMethod("destroy", &CppAddon::Destroy)
     });
 
     Napi::FunctionReference *constructor = new Napi::FunctionReference();
@@ -1139,11 +1140,12 @@ private:
 
 Here, we create a C++ class that inherits from `Napi::ObjectWrap<CppAddon>`:
 
-`static Napi::Object Init` defines our JavaScript interface with three methods:
+`static Napi::Object Init` defines our JavaScript interface with four methods:
 
 * `helloWorld`: A simple function to test the bridge
 * `helloGui`: The function to launch our GTK3 UI
 * `on`: A method to register event callbacks
+* `destroy`: A method to release all persistent references before app quit
 
 The constructor initializes:
 
@@ -1354,7 +1356,8 @@ public:
     Napi::Function func = DefineClass(env, "CppLinuxAddon", {
       InstanceMethod("helloWorld", &CppAddon::HelloWorld),
       InstanceMethod("helloGui", &CppAddon::HelloGui),
-      InstanceMethod("on", &CppAddon::On)
+      InstanceMethod("on", &CppAddon::On),
+      InstanceMethod("destroy", &CppAddon::Destroy)
     });
 
     Napi::FunctionReference *constructor = new Napi::FunctionReference();
@@ -1497,6 +1500,20 @@ private:
     callbacks.Value().Set(info[0].As<Napi::String>(), info[1].As<Napi::Function>());
     return env.Undefined();
   }
+
+  Napi::Value Destroy(const Napi::CallbackInfo &info)
+  {
+    callbacks.Reset();
+    emitter.Reset();
+
+    if (tsfn_ != nullptr)
+    {
+      napi_release_threadsafe_function(tsfn_, napi_tsfn_abort);
+      tsfn_ = nullptr;
+    }
+
+    return info.Env().Undefined();
+  }
 };
 
 Napi::Object Init(Napi::Env env, Napi::Object exports)
@@ -1547,6 +1564,10 @@ class CppLinuxAddon extends EventEmitter {
     return this.addon.helloGui()
   }
 
+  destroy() {
+    this.addon.destroy()
+  }
+
   // Parse JSON and convert date to JavaScript Date object
   parse(payload) {
     const parsed = JSON.parse(payload)
@@ -1569,8 +1590,12 @@ This wrapper:
 * Only loads on Linux platforms
 * Forwards events from C++ to JavaScript
 * Provides clean methods to call into C++
+* Provides a `destroy()` method to release native resources
 * Converts JSON data into proper JavaScript objects
 
+> [!IMPORTANT]
+> You must call `destroy()` before the app quits (e.g. in the `will-quit` or `before-quit` event handler). Without this, persistent references to callbacks and the threadsafe function will prevent the native addon's destructor from running, causing Electron to hang on quit.
+
 ## 7) Building and testing the addon
 
 With all files in place, you can build the addon:

docs/tutorial/native-code-and-electron-cpp-win32.md

@@ -1099,7 +1099,8 @@ static Napi::Object Init(Napi::Env env, Napi::Object exports) {
     Napi::Function func = DefineClass(env, "CppWin32Addon", {
         InstanceMethod("helloWorld", &CppAddon::HelloWorld),
         InstanceMethod("helloGui", &CppAddon::HelloGui),
-        InstanceMethod("on", &CppAddon::On)
+        InstanceMethod("on", &CppAddon::On),
+        InstanceMethod("destroy", &CppAddon::Destroy)
     });
 
     // ... rest of Init function
@@ -1117,9 +1118,21 @@ Napi::Value On(const Napi::CallbackInfo& info) {
     callbacks.Value().Set(info[0].As<Napi::String>(), info[1].As<Napi::Function>());
     return env.Undefined();
 }
+
+Napi::Value Destroy(const Napi::CallbackInfo& info) {
+    callbacks.Reset();
+    emitter.Reset();
+
+    if (tsfn_ != nullptr) {
+        napi_release_threadsafe_function(tsfn_, napi_tsfn_abort);
+        tsfn_ = nullptr;
+    }
+
+    return info.Env().Undefined();
+}
 ```
 
-This allows JavaScript to register callbacks for specific event types.
+This allows JavaScript to register callbacks for specific event types. The `Destroy` method releases all persistent references and aborts the threadsafe function, which must be called before the app quits to prevent the process from hanging.
 
 ### Putting the bridge together
 
@@ -1261,6 +1274,18 @@ private:
         callbacks.Value().Set(info[0].As<Napi::String>(), info[1].As<Napi::Function>());
         return env.Undefined();
     }
+
+    Napi::Value Destroy(const Napi::CallbackInfo& info) {
+        callbacks.Reset();
+        emitter.Reset();
+
+        if (tsfn_ != nullptr) {
+            napi_release_threadsafe_function(tsfn_, napi_tsfn_abort);
+            tsfn_ = nullptr;
+        }
+
+        return info.Env().Undefined();
+    }
 };
 
 Napi::Object Init(Napi::Env env, Napi::Object exports) {
@@ -1309,6 +1334,10 @@ class CppWin32Addon extends EventEmitter {
     this.addon.helloGui()
   }
 
+  destroy() {
+    this.addon.destroy()
+  }
+
   #parse(payload) {
     const parsed = JSON.parse(payload)
 
@@ -1323,6 +1352,9 @@ if (process.platform === 'win32') {
 }
 ```
 
+> [!IMPORTANT]
+> You must call `destroy()` before the app quits (e.g. in the `will-quit` or `before-quit` event handler). Without this, persistent references to callbacks and the threadsafe function will prevent the native addon's destructor from running, causing Electron to hang on quit.
+
 ## 7) Building and Testing the Addon
 
 With all files in place, you can build the addon:

docs/tutorial/native-code-and-electron-objc-macos.md

@@ -753,7 +753,8 @@ public:
         Napi::Function func = DefineClass(env, "ObjcMacosAddon", {
             InstanceMethod("helloWorld", &ObjcAddon::HelloWorld),
             InstanceMethod("helloGui", &ObjcAddon::HelloGui),
-            InstanceMethod("on", &ObjcAddon::On)
+            InstanceMethod("on", &ObjcAddon::On),
+            InstanceMethod("destroy", &ObjcAddon::Destroy)
         });
 
         Napi::FunctionReference* constructor = new Napi::FunctionReference();
@@ -915,6 +916,18 @@ Napi::Value On(const Napi::CallbackInfo& info) {
     callbacks.Value().Set(info[0].As<Napi::String>(), info[1].As<Napi::Function>());
     return env.Undefined();
 }
+
+Napi::Value Destroy(const Napi::CallbackInfo& info) {
+    callbacks.Reset();
+    emitter.Reset();
+
+    if (tsfn_ != nullptr) {
+        napi_release_threadsafe_function(tsfn_, napi_tsfn_abort);
+        tsfn_ = nullptr;
+    }
+
+    return info.Env().Undefined();
+}
 ```
 
 Let's take a look at what we've added in this step:
@@ -922,10 +935,11 @@ Let's take a look at what we've added in this step:
 * `HelloWorld()`: Takes a string input, calls our Objective-C function, and returns the result
 * `HelloGui()`:  A simple wrapper around the Objective-C `hello_gui` function
 * `On`: Allows JavaScript to register event listeners that will be called when native events occur
+* `Destroy`: Releases all persistent references (callbacks and emitter) and aborts the threadsafe function, allowing the addon to be properly cleaned up on quit
 
 The `On` method is particularly important as it creates the event system that our JavaScript code will use to receive notifications from the native UI.
 
-Together, these three components form a complete bridge between our Objective-C code and the JavaScript world, allowing bidirectional communication. Here's what the finished file should look like:
+Together, these four components form a complete bridge between our Objective-C code and the JavaScript world, allowing bidirectional communication. Here's what the finished file should look like:
 
 ```objc title='src/objc_addon.mm'
 #include <napi.h>
@@ -938,7 +952,8 @@ public:
         Napi::Function func = DefineClass(env, "ObjcMacosAddon", {
             InstanceMethod("helloWorld", &ObjcAddon::HelloWorld),
             InstanceMethod("helloGui", &ObjcAddon::HelloGui),
-            InstanceMethod("on", &ObjcAddon::On)
+            InstanceMethod("on", &ObjcAddon::On),
+            InstanceMethod("destroy", &ObjcAddon::Destroy)
         });
 
         Napi::FunctionReference* constructor = new Napi::FunctionReference();
@@ -1061,6 +1076,18 @@ private:
         callbacks.Value().Set(info[0].As<Napi::String>(), info[1].As<Napi::Function>());
         return env.Undefined();
     }
+
+    Napi::Value Destroy(const Napi::CallbackInfo& info) {
+        callbacks.Reset();
+        emitter.Reset();
+
+        if (tsfn_ != nullptr) {
+            napi_release_threadsafe_function(tsfn_, napi_tsfn_abort);
+            tsfn_ = nullptr;
+        }
+
+        return info.Env().Undefined();
+    }
 };
 
 Napi::Object Init(Napi::Env env, Napi::Object exports) {
@@ -1101,6 +1128,10 @@ class ObjcMacosAddon extends EventEmitter {
     this.addon.helloGui()
   }
 
+  destroy () {
+    this.addon.destroy()
+  }
+
   parse (payload) {
     const parsed = JSON.parse(payload)
 
@@ -1122,7 +1153,11 @@ This wrapper:
 3. Loads the native addon
 4. Sets up event listeners and forwards them
 5. Provides a clean API for our functions
-6. Parses JSON payloads and converts timestamps to JavaScript Date objects
+6. Provides a `destroy()` method to release native resources
+7. Parses JSON payloads and converts timestamps to JavaScript Date objects
+
+> [!IMPORTANT]
+> You must call `destroy()` before the app quits (e.g. in the `will-quit` or `before-quit` event handler). Without this, persistent references to callbacks and the threadsafe function will prevent the native addon's destructor from running, causing Electron to hang on quit.
 
 ## 7) Building and Testing the Addon
 

docs/tutorial/native-code-and-electron-swift-macos.md

@@ -752,7 +752,8 @@ public:
         Napi::Function func = DefineClass(env, "SwiftAddon", {
             InstanceMethod("helloWorld", &SwiftAddon::HelloWorld),
             InstanceMethod("helloGui", &SwiftAddon::HelloGui),
-            InstanceMethod("on", &SwiftAddon::On)
+            InstanceMethod("on", &SwiftAddon::On),
+            InstanceMethod("destroy", &SwiftAddon::Destroy)
         });
 
         Napi::FunctionReference* constructor = new Napi::FunctionReference();
@@ -770,7 +771,7 @@ This first part:
 
 1. Defines a C++ class that inherits from `Napi::ObjectWrap`
 2. Creates a static `Init` method to register our class with Node.js
-3. Defines three methods: `helloWorld`, `helloGui`, and `on`
+3. Defines four methods: `helloWorld`, `helloGui`, `on`, and `destroy`
 
 ### Callback Mechanism
 
@@ -919,6 +920,18 @@ private:
         callbacks.Value().Set(info[0].As<Napi::String>(), info[1].As<Napi::Function>());
         return env.Undefined();
     }
+
+    Napi::Value Destroy(const Napi::CallbackInfo& info) {
+        callbacks.Reset();
+        emitter.Reset();
+
+        if (tsfn_ != nullptr) {
+            napi_release_threadsafe_function(tsfn_, napi_tsfn_abort);
+            tsfn_ = nullptr;
+        }
+
+        return info.Env().Undefined();
+    }
 };
 
 Napi::Object Init(Napi::Env env, Napi::Object exports) {
@@ -934,7 +947,8 @@ This final part does multiple things:
 2. The HelloWorld method implementation takes a string input from JavaScript, passes it to the Swift code, and returns the processed result back to the JavaScript environment.
 3. The `HelloGui` method implementation provides a simple wrapper that calls the Swift UI creation function to display the native macOS window.
 4. The `On` method implementation allows JavaScript code to register callback functions that will be invoked when specific events occur in the native Swift code.
-5. The code sets up the module initialization process that registers the addon with Node.js and makes its functionality available to JavaScript.
+5. The `Destroy` method releases all persistent references (callbacks and emitter) and aborts the threadsafe function. This must be called before the app quits to allow the destructor to run and prevent the process from hanging.
+6. The code sets up the module initialization process that registers the addon with Node.js and makes its functionality available to JavaScript.
 
 The final and full `src/swift_addon.mm` should look like:
 
@@ -949,7 +963,8 @@ public:
         Napi::Function func = DefineClass(env, "SwiftAddon", {
             InstanceMethod("helloWorld", &SwiftAddon::HelloWorld),
             InstanceMethod("helloGui", &SwiftAddon::HelloGui),
-            InstanceMethod("on", &SwiftAddon::On)
+            InstanceMethod("on", &SwiftAddon::On),
+            InstanceMethod("destroy", &SwiftAddon::Destroy)
         });
 
         Napi::FunctionReference* constructor = new Napi::FunctionReference();
@@ -1074,6 +1089,18 @@ private:
         callbacks.Value().Set(info[0].As<Napi::String>(), info[1].As<Napi::Function>());
         return env.Undefined();
     }
+
+    Napi::Value Destroy(const Napi::CallbackInfo& info) {
+        callbacks.Reset();
+        emitter.Reset();
+
+        if (tsfn_ != nullptr) {
+            napi_release_threadsafe_function(tsfn_, napi_tsfn_abort);
+            tsfn_ = nullptr;
+        }
+
+        return info.Env().Undefined();
+    }
 };
 
 Napi::Object Init(Napi::Env env, Napi::Object exports) {
@@ -1122,6 +1149,10 @@ class SwiftAddon extends EventEmitter {
     this.addon.helloGui()
   }
 
+  destroy () {
+    this.addon.destroy()
+  }
+
   parse (payload) {
     const parsed = JSON.parse(payload)
 
@@ -1143,7 +1174,11 @@ This wrapper:
 3. Loads the native addon
 4. Sets up event listeners and forwards them
 5. Provides a clean API for our functions
-6. Parses JSON payloads and converts timestamps to JavaScript Date objects
+6. Provides a `destroy()` method to release native resources
+7. Parses JSON payloads and converts timestamps to JavaScript Date objects
+
+> [!IMPORTANT]
+> You must call `destroy()` before the app quits (e.g. in the `will-quit` or `before-quit` event handler). Without this, persistent references to callbacks and the threadsafe function will prevent the native addon's destructor from running, causing Electron to hang on quit.
 
 ## 7) Building and Testing the Addon
 

docs/tutorial/tutorial-2-first-app.md

@@ -83,17 +83,6 @@ dependency.
 npm install electron --save-dev
 ```
 
-:::warning
-
-In order to correctly install Electron, you need to ensure that its `postinstall` lifecycle
-script is able to run. This means avoiding the `--ignore-scripts` flag on npm and allowlisting
-`electron` to run build scripts on other package managers.
-
-This is likely to change in a future version of Electron. See
-[electron/rfcs#22](https://github.com/electron/rfcs/pull/22) for more details.
-
-:::
-
 Your package.json file should look something like this after initializing your package
 and installing Electron. You should also now have a `node_modules` folder containing
 the Electron executable, as well as a `package-lock.json` lockfile that specifies

filenames.gni

@@ -432,6 +432,10 @@ filenames = {
     "shell/browser/media/media_capture_devices_dispatcher.h",
     "shell/browser/media/media_device_id_salt.cc",
     "shell/browser/media/media_device_id_salt.h",
+    "shell/browser/metrics/electron_metrics_log_uploader.cc",
+    "shell/browser/metrics/electron_metrics_log_uploader.h",
+    "shell/browser/metrics/electron_metrics_service_client.cc",
+    "shell/browser/metrics/electron_metrics_service_client.h",
     "shell/browser/microtasks_runner.cc",
     "shell/browser/microtasks_runner.h",
     "shell/browser/native_window.cc",
@@ -508,6 +512,10 @@ filenames = {
     "shell/browser/session_preferences.h",
     "shell/browser/special_storage_policy.cc",
     "shell/browser/special_storage_policy.h",
+    "shell/browser/tracing/electron_background_tracing_metrics_provider.cc",
+    "shell/browser/tracing/electron_background_tracing_metrics_provider.h",
+    "shell/browser/tracing/electron_tracing_delegate.cc",
+    "shell/browser/tracing/electron_tracing_delegate.h",
     "shell/browser/ui/accelerator_util.cc",
     "shell/browser/ui/accelerator_util.h",
     "shell/browser/ui/autofill_popup.cc",
@@ -781,6 +789,8 @@ filenames = {
     "shell/browser/extensions/electron_extension_system_factory.h",
     "shell/browser/extensions/electron_extension_system.cc",
     "shell/browser/extensions/electron_extension_system.h",
+    "shell/browser/extensions/electron_extension_tab_util.cc",
+    "shell/browser/extensions/electron_extension_tab_util.h",
     "shell/browser/extensions/electron_extension_web_contents_observer.cc",
     "shell/browser/extensions/electron_extension_web_contents_observer.h",
     "shell/browser/extensions/electron_extensions_api_client.cc",

lib/browser/api/web-contents.ts

@@ -782,8 +782,7 @@ WebContents.prototype._init = function () {
   const originCounts = new Map<string, number>();
   const openDialogs = new Set<AbortController>();
   this.on('-run-dialog', async (info, callback) => {
-    const originUrl = new URL(info.frame.url);
-    const origin = originUrl.protocol === 'file:' ? originUrl.href : originUrl.origin;
+    const origin = info.frame.origin === 'file://' ? info.frame.url : info.frame.origin;
     if ((originCounts.get(origin) ?? 0) < 0) return callback(false, '');
 
     const prefs = this.getLastWebPreferences();

lib/browser/default-menu.ts

@@ -1,5 +1,4 @@
-import { shell } from 'electron/common';
-import { app, Menu } from 'electron/main';
+import { Menu } from 'electron/main';
 
 const isMac = process.platform === 'darwin';
 
@@ -12,47 +11,13 @@ export const setApplicationMenuWasSet = () => {
 export const setDefaultApplicationMenu = () => {
   if (applicationMenuWasSet) return;
 
-  const helpMenu: Electron.MenuItemConstructorOptions = {
-    role: 'help',
-    submenu: app.isPackaged
-      ? []
-      : [
-          {
-            label: 'Learn More',
-            click: async () => {
-              await shell.openExternal('https://electronjs.org');
-            }
-          },
-          {
-            label: 'Documentation',
-            click: async () => {
-              const version = process.versions.electron;
-              await shell.openExternal(`https://github.com/electron/electron/tree/v${version}/docs#readme`);
-            }
-          },
-          {
-            label: 'Community Discussions',
-            click: async () => {
-              await shell.openExternal('https://discord.gg/electronjs');
-            }
-          },
-          {
-            label: 'Search Issues',
-            click: async () => {
-              await shell.openExternal('https://github.com/electron/electron/issues');
-            }
-          }
-        ]
-  };
-
   const macAppMenu: Electron.MenuItemConstructorOptions = { role: 'appMenu' };
   const template: Electron.MenuItemConstructorOptions[] = [
     ...(isMac ? [macAppMenu] : []),
     { role: 'fileMenu' },
     { role: 'editMenu' },
     { role: 'viewMenu' },
-    { role: 'windowMenu' },
-    helpMenu
+    { role: 'windowMenu' }
   ];
 
   const menu = Menu.buildFromTemplate(template);

lib/browser/guest-window-manager.ts

@@ -17,11 +17,6 @@ export type WindowOpenArgs = {
   features: string,
 }
 
-const frameNamesToWindow = new Map<string, WebContents>();
-const registerFrameNameToGuestWindow = (name: string, webContents: WebContents) => frameNamesToWindow.set(name, webContents);
-const unregisterFrameName = (name: string) => frameNamesToWindow.delete(name);
-const getGuestWebContentsByFrameName = (name: string) => frameNamesToWindow.get(name);
-
 /**
  * `openGuestWindow` is called to create and setup event handling for the new
  * window.
@@ -47,20 +42,6 @@ export function openGuestWindow ({ embedder, guest, referrer, disposition, postD
     ...overrideBrowserWindowOptions
   };
 
-  // To spec, subsequent window.open calls with the same frame name (`target` in
-  // spec parlance) will reuse the previous window.
-  // https://html.spec.whatwg.org/multipage/window-object.html#apis-for-creating-and-navigating-browsing-contexts-by-name
-  const existingWebContents = getGuestWebContentsByFrameName(frameName);
-  if (existingWebContents) {
-    if (existingWebContents.isDestroyed()) {
-      // FIXME(t57ser): The webContents is destroyed for some reason, unregister the frame name
-      unregisterFrameName(frameName);
-    } else {
-      existingWebContents.loadURL(url);
-      return;
-    }
-  }
-
   if (createWindow) {
     const webContents = createWindow({
       webContents: guest,
@@ -72,7 +53,7 @@ export function openGuestWindow ({ embedder, guest, referrer, disposition, postD
         throw new Error('Invalid webContents. Created window should be connected to webContents passed with options object.');
       }
 
-      handleWindowLifecycleEvents({ embedder, frameName, guest, outlivesOpener });
+      handleWindowLifecycleEvents({ embedder, guest, outlivesOpener });
     }
 
     return;
@@ -96,7 +77,7 @@ export function openGuestWindow ({ embedder, guest, referrer, disposition, postD
     });
   }
 
-  handleWindowLifecycleEvents({ embedder, frameName, guest: window.webContents, outlivesOpener });
+  handleWindowLifecycleEvents({ embedder, guest: window.webContents, outlivesOpener });
 
   embedder.emit('did-create-window', window, { url, frameName, options: browserWindowOptions, disposition, referrer, postData });
 }
@@ -107,10 +88,9 @@ export function openGuestWindow ({ embedder, guest, referrer, disposition, postD
  * too is the guest destroyed; this is Electron convention and isn't based in
  * browser behavior.
  */
-const handleWindowLifecycleEvents = function ({ embedder, guest, frameName, outlivesOpener }: {
+const handleWindowLifecycleEvents = function ({ embedder, guest, outlivesOpener }: {
   embedder: WebContents,
   guest: WebContents,
-  frameName: string,
   outlivesOpener: boolean
 }) {
   const closedByEmbedder = function () {
@@ -128,13 +108,6 @@ const handleWindowLifecycleEvents = function ({ embedder, guest, frameName, outl
     embedder.once('current-render-view-deleted' as any, closedByEmbedder);
   }
   guest.once('destroyed', closedByUser);
-
-  if (frameName) {
-    registerFrameNameToGuestWindow(frameName, guest);
-    guest.once('destroyed', function () {
-      unregisterFrameName(frameName);
-    });
-  }
 };
 
 // Security options that child windows will always inherit from parent windows

lib/browser/parse-features-string.ts

@@ -78,6 +78,27 @@ export function parseWebViewWebPreferences (preferences: string) {
 const allowedWebPreferences = ['zoomFactor', 'nodeIntegration', 'javascript', 'contextIsolation', 'webviewTag'] as const;
 type AllowedWebPreference = (typeof allowedWebPreferences)[number];
 
+// Top-level BrowserWindow options that may be set via the window.open()
+// features string. Options not listed here are silently dropped; apps that
+// need to pass other options should use setWindowOpenHandler in the main
+// process.
+const allowedWindowOptions = new Set<string>([
+  // standard window.open() position/size features
+  'top', 'left', 'innerWidth', 'innerHeight',
+  // numeric
+  'x', 'y', 'width', 'height',
+  'minWidth', 'minHeight', 'maxWidth', 'maxHeight', 'opacity',
+  // presentational booleans
+  'show', 'center', 'useContentSize', 'frame', 'transparent', 'hasShadow',
+  'movable', 'closable', 'focusable', 'minimizable', 'maximizable',
+  'fullscreenable', 'alwaysOnTop', 'skipTaskbar', 'modal', 'acceptFirstMouse',
+  'autoHideMenuBar', 'enableLargerThanScreen', 'paintWhenInitiallyHidden',
+  'roundedCorners', 'thickFrame', 'disableAutoHideCursor', 'hiddenInMissionControl',
+  // presentational strings (no filesystem/network side effects)
+  'title', 'backgroundColor', 'tabbingIdentifier', 'titleBarStyle', 'vibrancy',
+  'visualEffectState', 'backgroundMaterial'
+]);
+
 /**
  * Parses a feature string that has the format used in window.open().
  */
@@ -100,8 +121,15 @@ export function parseFeatures (features: string) {
   if (parsed.left !== undefined) parsed.x = parsed.left;
   if (parsed.top !== undefined) parsed.y = parsed.top;
 
+  const options: { [key: string]: CoercedValue } = {};
+  for (const key of Object.keys(parsed)) {
+    if (allowedWindowOptions.has(key)) {
+      options[key] = parsed[key];
+    }
+  }
+
   return {
-    options: parsed as Omit<BrowserWindowConstructorOptions, 'webPreferences'>,
+    options: options as Omit<BrowserWindowConstructorOptions, 'webPreferences'>,
     webPreferences
   };
 }

lib/node/asar-fs-wrapper.ts

@@ -135,10 +135,10 @@ const asarStatsToFsStats = function (stats: NodeJS.AsarFileStat) {
     uid,
     gid,
     0, // rdev
-    undefined, // blksize
+    4096, // blksize
     ++nextInode, // ino
     stats.size,
-    undefined, // blocks,
+    Math.ceil(stats.size / 512), // blocks (512-byte units)
     fakeTime.getTime(), // atim_msec
     fakeTime.getTime(), // mtim_msec
     fakeTime.getTime(), // ctim_msec
@@ -1232,6 +1232,8 @@ export const wrapFsWithAsar = (fs: Record<string, any>) => {
   // has filesystem caching.
   overrideAPI(fs, 'copyFile');
   overrideAPISync(fs, 'copyFileSync');
+  overrideAPI(fs, 'cp');
+  overrideAPISync(fs, 'cpSync');
 
   overrideAPI(fs, 'open');
   overrideAPISync(process, 'dlopen', 1);

npm/install.js

@@ -11,10 +11,6 @@ const path = require('path');
 
 const { version } = require('./package');
 
-if (process.env.ELECTRON_SKIP_BINARY_DOWNLOAD) {
-  process.exit(0);
-}
-
 const platformPath = getPlatformPath();
 
 if (isInstalled()) {

package.json

@@ -15,6 +15,7 @@
     "@hurdlegroup/robotjs": "^0.12.3",
     "@octokit/rest": "^20.1.2",
     "@primer/octicons": "^10.0.0",
+    "@sentry/cli": "1.72.0",
     "@types/minimist": "^1.2.5",
     "@types/node": "^24.9.0",
     "@types/semver": "^7.5.8",
@@ -153,6 +154,9 @@
     "spec/fixtures/native-addon/*"
   ],
   "dependenciesMeta": {
+    "@sentry/cli": {
+      "built": true
+    },
     "abstract-socket": {
       "built": true
     }

patches/boringssl/expose_ripemd160.patch

@@ -10,10 +10,10 @@ this patch is required to provide ripemd160 support in the nodejs crypto
 module.
 
 diff --git a/crypto/digest/digest_extra.cc b/crypto/digest/digest_extra.cc
-index 17961ba6bd9de78b5b1b1008eb1f73babd49d0e7..6a870dce37df8f49106c24b183308a2c7a03fd7d 100644
+index d38e0c1132da60ec96c3a5c2416ff07589f03b80..cd60baaf22a8d5dc20544d861d36b7d74d986e7b 100644
 --- a/crypto/digest/digest_extra.cc
 +++ b/crypto/digest/digest_extra.cc
-@@ -47,6 +47,7 @@ static const struct nid_to_digest nid_to_digest_mapping[] = {
+@@ -48,6 +48,7 @@ static const struct nid_to_digest nid_to_digest_mapping[] = {
      {NID_sha512, EVP_sha512, SN_sha512, LN_sha512},
      {NID_sha512_256, EVP_sha512_256, SN_sha512_256, LN_sha512_256},
      {NID_md5_sha1, EVP_md5_sha1, SN_md5_sha1, LN_md5_sha1},
@@ -62,10 +62,10 @@ index a246a51103701e0ac8a0722324350a462f95bcc9..ddf0a90337d4e40de09bc345cf959dff
 +
  #undef CHECK
 diff --git a/decrepit/evp/evp_do_all.cc b/decrepit/evp/evp_do_all.cc
-index feaf17c72cecb8099bc11ac10747fbad719ddca9..891a73f229e3f0838cb2fa99b8fb24fdeac1962b 100644
+index 584b1390a841cc1b1dcb69e16d8242a88e4bb9cb..637aeccb8de8d793eabc38e32bef6834ac0e6ad3 100644
 --- a/decrepit/evp/evp_do_all.cc
 +++ b/decrepit/evp/evp_do_all.cc
-@@ -79,6 +79,7 @@ void EVP_MD_do_all_sorted(void (*callback)(const EVP_MD *cipher,
+@@ -82,6 +82,7 @@ void EVP_MD_do_all_sorted(void (*callback)(const EVP_MD *md,
    callback(EVP_sha384(), "SHA384", nullptr, arg);
    callback(EVP_sha512(), "SHA512", nullptr, arg);
    callback(EVP_sha512_256(), "SHA512-256", nullptr, arg);
@@ -73,16 +73,16 @@ index feaf17c72cecb8099bc11ac10747fbad719ddca9..891a73f229e3f0838cb2fa99b8fb24fd
  
    callback(EVP_md4(), "md4", nullptr, arg);
    callback(EVP_md5(), "md5", nullptr, arg);
-@@ -88,6 +89,7 @@ void EVP_MD_do_all_sorted(void (*callback)(const EVP_MD *cipher,
+@@ -91,6 +92,7 @@ void EVP_MD_do_all_sorted(void (*callback)(const EVP_MD *md,
    callback(EVP_sha384(), "sha384", nullptr, arg);
    callback(EVP_sha512(), "sha512", nullptr, arg);
    callback(EVP_sha512_256(), "sha512-256", nullptr, arg);
 +  callback(EVP_ripemd160(), "ripemd160", nullptr, arg);
  }
  
- void EVP_MD_do_all(void (*callback)(const EVP_MD *cipher, const char *name,
+ void EVP_MD_do_all(void (*callback)(const EVP_MD *md, const char *name,
 diff --git a/include/openssl/digest.h b/include/openssl/digest.h
-index 40670234682ac00dec268dea43f0ee1e39e8684f..293fbc9faf01ea0ca4e58b0a65b14597fe4916a6 100644
+index 62ad57368cb3059ee25df08bb07876fef499de2e..322daef194b3c7b73011419bb74bccb311eb03a5 100644
 --- a/include/openssl/digest.h
 +++ b/include/openssl/digest.h
 @@ -48,6 +48,9 @@ OPENSSL_EXPORT const EVP_MD *EVP_blake2b256(void);

patches/boringssl/feat_expose_several_extra_cipher_functions.patch

@@ -64,10 +64,10 @@ index dabc54aa13745600a62e57ecbb427e48a4565282..ce213e00573102ce9405a794d3c140d9
  
  const EVP_CIPHER *EVP_get_cipherbynid(int nid) {
 diff --git a/decrepit/evp/evp_do_all.cc b/decrepit/evp/evp_do_all.cc
-index 891a73f229e3f0838cb2fa99b8fb24fdeac1962b..f7d0c5dc66f016eb9338c15e7f5ef59e6de2969d 100644
+index 637aeccb8de8d793eabc38e32bef6834ac0e6ad3..c5dd0b18d7338457e47ae47088d9822472b24212 100644
 --- a/decrepit/evp/evp_do_all.cc
 +++ b/decrepit/evp/evp_do_all.cc
-@@ -20,8 +20,10 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
+@@ -23,8 +23,10 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
                                                 const char *unused, void *arg),
                                void *arg) {
    callback(EVP_aes_128_cbc(), "AES-128-CBC", nullptr, arg);
@@ -78,7 +78,7 @@ index 891a73f229e3f0838cb2fa99b8fb24fdeac1962b..f7d0c5dc66f016eb9338c15e7f5ef59e
    callback(EVP_aes_128_ctr(), "AES-128-CTR", nullptr, arg);
    callback(EVP_aes_192_ctr(), "AES-192-CTR", nullptr, arg);
    callback(EVP_aes_256_ctr(), "AES-256-CTR", nullptr, arg);
-@@ -34,9 +36,13 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
+@@ -37,9 +39,13 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
    callback(EVP_aes_128_gcm(), "AES-128-GCM", nullptr, arg);
    callback(EVP_aes_192_gcm(), "AES-192-GCM", nullptr, arg);
    callback(EVP_aes_256_gcm(), "AES-256-GCM", nullptr, arg);
@@ -92,7 +92,7 @@ index 891a73f229e3f0838cb2fa99b8fb24fdeac1962b..f7d0c5dc66f016eb9338c15e7f5ef59e
    callback(EVP_des_ede_cbc(), "DES-EDE-CBC", nullptr, arg);
    callback(EVP_des_ede3_cbc(), "DES-EDE3-CBC", nullptr, arg);
    callback(EVP_rc2_cbc(), "RC2-CBC", nullptr, arg);
-@@ -44,8 +50,10 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
+@@ -47,8 +53,10 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
  
    // OpenSSL returns everything twice, the second time in lower case.
    callback(EVP_aes_128_cbc(), "aes-128-cbc", nullptr, arg);
@@ -103,7 +103,7 @@ index 891a73f229e3f0838cb2fa99b8fb24fdeac1962b..f7d0c5dc66f016eb9338c15e7f5ef59e
    callback(EVP_aes_128_ctr(), "aes-128-ctr", nullptr, arg);
    callback(EVP_aes_192_ctr(), "aes-192-ctr", nullptr, arg);
    callback(EVP_aes_256_ctr(), "aes-256-ctr", nullptr, arg);
-@@ -58,9 +66,13 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
+@@ -61,9 +69,13 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
    callback(EVP_aes_128_gcm(), "aes-128-gcm", nullptr, arg);
    callback(EVP_aes_192_gcm(), "aes-192-gcm", nullptr, arg);
    callback(EVP_aes_256_gcm(), "aes-256-gcm", nullptr, arg);

patches/chromium/.patches

@@ -52,7 +52,6 @@ adjust_accessibility_ui_for_electron.patch
 worker_feat_add_hook_to_notify_script_ready.patch
 chore_provide_iswebcontentscreationoverridden_with_full_params.patch
 fix_properly_honor_printing_page_ranges.patch
-export_gin_v8platform_pageallocator_for_usage_outside_of_the_gin.patch
 fix_export_zlib_symbols.patch
 web_contents.patch
 webview_fullscreen.patch
@@ -104,7 +103,6 @@ chore_remove_check_is_test_on_script_injection_tracker.patch
 fix_restore_original_resize_performance_on_macos.patch
 feat_allow_code_cache_in_custom_schemes.patch
 build_run_reclient_cfg_generator_after_chrome.patch
-fix_getcursorscreenpoint_wrongly_returns_0_0.patch
 fix_add_support_for_skipping_first_2_no-op_refreshes_in_thumb_cap.patch
 refactor_expose_file_system_access_blocklist.patch
 feat_add_support_for_missing_dialog_features_to_shell_dialogs.patch
@@ -121,14 +119,12 @@ build_disable_thin_lto_mac.patch
 feat_corner_smoothing_css_rule_and_blink_painting.patch
 build_add_public_config_simdutf_config.patch
 fix_multiple_scopedpumpmessagesinprivatemodes_instances.patch
-revert_code_health_clean_up_stale_macwebcontentsocclusion.patch
+fix_handle_embedder_windows_shown_after_webcontentsviewcocoa_attach.patch
 feat_add_signals_when_embedder_cleanup_callbacks_run_for.patch
 feat_separate_content_settings_callback_for_sync_and_async_clipboard.patch
 fix_win32_synchronous_spellcheck.patch
 chore_grandfather_in_electron_views_and_delegates.patch
 refactor_patch_electron_permissiontypes_into_blink.patch
-revert_views_remove_desktopwindowtreehostwin_window_enlargement.patch
-build_partial_revert_mac_fullscreen_top_chrome_mouse_events.patch
 fix_add_macos_memory_query_fallback_to_avoid_crash.patch
 fix_resolve_dynamic_background_material_update_issue_on_windows_11.patch
 feat_add_support_for_embedder_snapshot_validation.patch
@@ -148,3 +144,16 @@ fix_wayland_test_crash_on_teardown.patch
 fix_set_correct_app_id_on_linux.patch
 fix_pass_trigger_for_global_shortcuts_on_wayland.patch
 feat_plumb_node_integration_in_worker_through_workersettings.patch
+fix_restore_sdk_inputs_cross-toolchain_deps_for_macos.patch
+fix_fire_menu_popup_start_for_dynamically_created_aria_menus.patch
+feat_allow_enabling_extensions_on_custom_protocols.patch
+fix_initialize_com_on_desktopmedialistcapturethread_on_windows.patch
+fix_use_fresh_lazynow_for_onendworkitemimpl_after_didruntask.patch
+cherry-pick-b173791bf402.patch
+cherry-pick-be87466afecb.patch
+cherry-pick-c0390bcd64ba.patch
+cherry-pick-1b69067db7d2.patch
+cherry-pick-d513cd2fe668.patch
+cherry-pick-dc5e20c4c055.patch
+cherry-pick-847b11ad2fa3.patch
+cherry-pick-fc79e8cc2dfc.patch

patches/chromium/add_contentgpuclient_precreatemessageloop_callback.patch

@@ -10,10 +10,10 @@ Allows Electron to restore WER when ELECTRON_DEFAULT_ERROR_MODE is set.
 This should be upstreamed.
 
 diff --git a/content/gpu/gpu_main.cc b/content/gpu/gpu_main.cc
-index 7265019647734154f64108efd7e6376b7a9fc1ba..398aaff3af5bff791f114e4023d0e07be86dd79a 100644
+index 26619daf25f3cc455d2dba7b5f16c9449e6103c1..387fca1b54b818a5af435e96bf8f435e2963fe39 100644
 --- a/content/gpu/gpu_main.cc
 +++ b/content/gpu/gpu_main.cc
-@@ -272,6 +272,10 @@ int GpuMain(MainFunctionParams parameters) {
+@@ -277,6 +277,10 @@ int GpuMain(MainFunctionParams parameters) {
    // to the GpuProcessHost once the GpuServiceImpl has started.
    viz::GpuLogMessageManager::GetInstance()->InstallPreInitializeLogHandler();
  
@@ -24,7 +24,7 @@ index 7265019647734154f64108efd7e6376b7a9fc1ba..398aaff3af5bff791f114e4023d0e07b
    // We are experiencing what appear to be memory-stomp issues in the GPU
    // process. These issues seem to be impacting the task executor and listeners
    // registered to it. Create the task executor on the heap to guard against
-@@ -380,7 +384,6 @@ int GpuMain(MainFunctionParams parameters) {
+@@ -385,7 +389,6 @@ int GpuMain(MainFunctionParams parameters) {
  #endif
    const bool dead_on_arrival = !init_success;
  
@@ -33,7 +33,7 @@ index 7265019647734154f64108efd7e6376b7a9fc1ba..398aaff3af5bff791f114e4023d0e07b
      client->PostSandboxInitialized();
    }
 diff --git a/content/public/gpu/content_gpu_client.h b/content/public/gpu/content_gpu_client.h
-index e5389b44df98ab1a5c976524a66a26c763e5c436..4a183b4959fae18e6875440e6570b8ada6823d81 100644
+index ad511f0966c29e46a1e4c07e09c3172b38c7c906..ca3a35d213147c6fcb9fbbbe118c15a3075875fa 100644
 --- a/content/public/gpu/content_gpu_client.h
 +++ b/content/public/gpu/content_gpu_client.h
 @@ -36,6 +36,10 @@ class CONTENT_EXPORT ContentGpuClient {

patches/chromium/add_didinstallconditionalfeatures.patch

@@ -10,7 +10,7 @@ DidCreateScriptContext is called, not all JS APIs are available in the
 context, which can cause some preload scripts to trip.
 
 diff --git a/content/public/renderer/render_frame_observer.h b/content/public/renderer/render_frame_observer.h
-index 8077ed85e45e56d6cccb691223216c1f6a94b5ee..dd4cee346f16df703d414bf206bbe6c9f4b1f796 100644
+index 3f8cf4edc7448e6b584adae8fcbb872d27377126..1d03dc809d4c18f24314d94811e0bf527aa7b5b4 100644
 --- a/content/public/renderer/render_frame_observer.h
 +++ b/content/public/renderer/render_frame_observer.h
 @@ -141,6 +141,8 @@ class CONTENT_EXPORT RenderFrameObserver {
@@ -23,10 +23,10 @@ index 8077ed85e45e56d6cccb691223216c1f6a94b5ee..dd4cee346f16df703d414bf206bbe6c9
                                          int32_t world_id) {}
    virtual void DidClearWindowObject() {}
 diff --git a/content/renderer/render_frame_impl.cc b/content/renderer/render_frame_impl.cc
-index 42a0a7e5be01fe346cc2ad83d3395425a41e1699..40d1f104794795dba6cd59518819e98a4cdbfc44 100644
+index ab959e66f8841d7367863bb13d6c7a0854d0df23..5279ba15f45bd7634b5f24553ad64c0069318cc0 100644
 --- a/content/renderer/render_frame_impl.cc
 +++ b/content/renderer/render_frame_impl.cc
-@@ -4769,6 +4769,12 @@ void RenderFrameImpl::DidCreateScriptContext(v8::Local<v8::Context> context,
+@@ -4733,6 +4733,12 @@ void RenderFrameImpl::DidCreateScriptContext(v8::Local<v8::Context> context,
      observer.DidCreateScriptContext(context, world_id);
  }
  
@@ -40,10 +40,10 @@ index 42a0a7e5be01fe346cc2ad83d3395425a41e1699..40d1f104794795dba6cd59518819e98a
                                                 int world_id) {
    for (auto& observer : observers_)
 diff --git a/content/renderer/render_frame_impl.h b/content/renderer/render_frame_impl.h
-index c803bf1d93bb9aabf0f9098c4d58aa7528d18d79..ced097d57cec93b3d3062a6d7d9f7d037a355e6c 100644
+index 1733f28e69b331b33f36084391f1d3ddb47c8e14..2ce05bce0a02338aba018c18f0a808a4eb392ff4 100644
 --- a/content/renderer/render_frame_impl.h
 +++ b/content/renderer/render_frame_impl.h
-@@ -606,6 +606,8 @@ class CONTENT_EXPORT RenderFrameImpl
+@@ -607,6 +607,8 @@ class CONTENT_EXPORT RenderFrameImpl
    void DidObserveLayoutShift(double score, bool after_input_or_scroll) override;
    void DidCreateScriptContext(v8::Local<v8::Context> context,
                                int world_id) override;
@@ -53,10 +53,10 @@ index c803bf1d93bb9aabf0f9098c4d58aa7528d18d79..ced097d57cec93b3d3062a6d7d9f7d03
                                  int world_id) override;
    void DidChangeScrollOffset() override;
 diff --git a/third_party/blink/public/web/web_local_frame_client.h b/third_party/blink/public/web/web_local_frame_client.h
-index 7e5f1d80ff5395ea11eb558acabe63ccc3e5a17e..d241042fc37ffe4a2afecbc3c02e89f18e990929 100644
+index 0f218d3f96f0c3a3a5773937e50ba9e8d7df0498..27b21f02d2dbfd60cb64f09be393b0e50928756f 100644
 --- a/third_party/blink/public/web/web_local_frame_client.h
 +++ b/third_party/blink/public/web/web_local_frame_client.h
-@@ -674,6 +674,9 @@ class BLINK_EXPORT WebLocalFrameClient {
+@@ -675,6 +675,9 @@ class BLINK_EXPORT WebLocalFrameClient {
    virtual void DidCreateScriptContext(v8::Local<v8::Context>,
                                        int32_t world_id) {}
  
@@ -79,10 +79,10 @@ index d293c49e6774de889fa9959234c82b41a4b1efe1..0787bc8a602c60e5b42933813baa6b9d
    if (World().IsMainWorld()) {
      probe::DidCreateMainWorldContext(GetFrame());
 diff --git a/third_party/blink/renderer/core/frame/local_frame_client.h b/third_party/blink/renderer/core/frame/local_frame_client.h
-index 52cc48e0099ded3686c6fc056514b6446afcae5d..a6331653b0aaf30cedba6ff6df787aa944142ac4 100644
+index a68832975b5d359f7eddaf2326bd47ff1e7e18df..ae565a4d3fdc2d02e2c7a27312d8296bbdf61e0b 100644
 --- a/third_party/blink/renderer/core/frame/local_frame_client.h
 +++ b/third_party/blink/renderer/core/frame/local_frame_client.h
-@@ -309,6 +309,8 @@ class CORE_EXPORT LocalFrameClient : public FrameClient {
+@@ -310,6 +310,8 @@ class CORE_EXPORT LocalFrameClient : public FrameClient {
  
    virtual void DidCreateScriptContext(v8::Local<v8::Context>,
                                        int32_t world_id) = 0;
@@ -92,7 +92,7 @@ index 52cc48e0099ded3686c6fc056514b6446afcae5d..a6331653b0aaf30cedba6ff6df787aa9
                                          int32_t world_id) = 0;
    virtual bool AllowScriptExtensions() = 0;
 diff --git a/third_party/blink/renderer/core/frame/local_frame_client_impl.cc b/third_party/blink/renderer/core/frame/local_frame_client_impl.cc
-index ebf1c82da02efbe73f1bb7b20cb1011c1bd7a335..26410fc221baf1fadb6220eb653c651b47fb3da7 100644
+index 5e5e43e204f006989a859a6077dcb56c81a08e60..aaf03855e53d5529bb51d70cd9b4355d68fed48c 100644
 --- a/third_party/blink/renderer/core/frame/local_frame_client_impl.cc
 +++ b/third_party/blink/renderer/core/frame/local_frame_client_impl.cc
 @@ -301,6 +301,13 @@ void LocalFrameClientImpl::DidCreateScriptContext(
@@ -110,7 +110,7 @@ index ebf1c82da02efbe73f1bb7b20cb1011c1bd7a335..26410fc221baf1fadb6220eb653c651b
      v8::Local<v8::Context> context,
      int32_t world_id) {
 diff --git a/third_party/blink/renderer/core/frame/local_frame_client_impl.h b/third_party/blink/renderer/core/frame/local_frame_client_impl.h
-index 9bdfacfc0270bf4ac3a965f6308e4cfc19193f4f..ea9e16b6dd6c96333c653fc602edfbd84cd9e5de 100644
+index b00211cf215fb820b3fe49139b8ef95be6a10d21..cc593168947e469b599794260692e1deb9b5f1a5 100644
 --- a/third_party/blink/renderer/core/frame/local_frame_client_impl.h
 +++ b/third_party/blink/renderer/core/frame/local_frame_client_impl.h
 @@ -78,6 +78,8 @@ class CORE_EXPORT LocalFrameClientImpl final : public LocalFrameClient {
@@ -123,10 +123,10 @@ index 9bdfacfc0270bf4ac3a965f6308e4cfc19193f4f..ea9e16b6dd6c96333c653fc602edfbd8
                                  int32_t world_id) override;
  
 diff --git a/third_party/blink/renderer/core/loader/empty_clients.h b/third_party/blink/renderer/core/loader/empty_clients.h
-index b1f17f3abd6763deaee274dd41693f0e6e420865..1e844f4709bc9e616711f717b4a79daf26c561fd 100644
+index bcdcc5f04edaf06d89375b05eb2d5f6bfa3d3237..5a0f42b4b7e5eb67d476c948caa201ee6fc7b3ca 100644
 --- a/third_party/blink/renderer/core/loader/empty_clients.h
 +++ b/third_party/blink/renderer/core/loader/empty_clients.h
-@@ -423,6 +423,8 @@ class CORE_EXPORT EmptyLocalFrameClient : public LocalFrameClient {
+@@ -425,6 +425,8 @@ class CORE_EXPORT EmptyLocalFrameClient : public LocalFrameClient {
  
    void DidCreateScriptContext(v8::Local<v8::Context>,
                                int32_t world_id) override {}

patches/chromium/add_electron_deps_to_license_credits_file.patch

@@ -7,10 +7,10 @@ Ensure that licenses for the dependencies introduced by Electron
 are included in `LICENSES.chromium.html`
 
 diff --git a/tools/licenses/licenses.py b/tools/licenses/licenses.py
-index f87d1ffc90ba5bd6da87a90c6dd904c01ae42e23..9987b33124cfec689502f991b92c0b05d0433106 100755
+index 4272e2ab96c64b1970e1cf035a3385893b1f2f0c..387fa19ca4ea8aace08bfef67d4b7c0870ad1d23 100755
 --- a/tools/licenses/licenses.py
 +++ b/tools/licenses/licenses.py
-@@ -355,6 +355,31 @@ SPECIAL_CASES = {
+@@ -354,6 +354,31 @@ SPECIAL_CASES = {
          "License": "Apache 2.0",
          "License File": ["//third_party/sample3/the_license"],
      },

patches/chromium/add_ui_scopedcliboardwriter_writeunsaferawdata.patch

@@ -8,10 +8,10 @@ was removed as part of the Raw Clipboard API scrubbing.
 https://bugs.chromium.org/p/chromium/issues/detail?id=1217643
 
 diff --git a/ui/base/clipboard/scoped_clipboard_writer.cc b/ui/base/clipboard/scoped_clipboard_writer.cc
-index 503225a84c1fe3835e97d8cc521f661339de105e..9949bd699ccca7fef8750816663fd66701b08d69 100644
+index 12695bb8f3d2cc3f498e5c6e37e4729d9586962f..6bd7b6f2908d3c8316191e3106e50b2137068a0f 100644
 --- a/ui/base/clipboard/scoped_clipboard_writer.cc
 +++ b/ui/base/clipboard/scoped_clipboard_writer.cc
-@@ -240,6 +240,16 @@ void ScopedClipboardWriter::WriteData(std::u16string_view format,
+@@ -239,6 +239,16 @@ void ScopedClipboardWriter::WriteData(std::u16string_view format,
    }
  }
  
@@ -29,7 +29,7 @@ index 503225a84c1fe3835e97d8cc521f661339de105e..9949bd699ccca7fef8750816663fd667
    objects_.clear();
    raw_objects_.clear();
 diff --git a/ui/base/clipboard/scoped_clipboard_writer.h b/ui/base/clipboard/scoped_clipboard_writer.h
-index 8c2be540757856a3e704764fe56003205b24812f..e31fbc01f68c0e92284a72298cac878d7247e7fb 100644
+index 7d7d015f9725ef39b7d5e82b83ac5195e2cfe309..83565b6d73cbe30e3c24913468862173cfd3a83e 100644
 --- a/ui/base/clipboard/scoped_clipboard_writer.h
 +++ b/ui/base/clipboard/scoped_clipboard_writer.h
 @@ -91,6 +91,10 @@ class COMPONENT_EXPORT(UI_BASE_CLIPBOARD) ScopedClipboardWriter {

patches/chromium/adjust_accessibility_ui_for_electron.patch

@@ -10,7 +10,7 @@ usage of BrowserList and Browser as we subclass related methods and use our
 WindowList.
 
 diff --git a/chrome/browser/ui/webui/accessibility/accessibility_ui.cc b/chrome/browser/ui/webui/accessibility/accessibility_ui.cc
-index 9b22efa07e43b60a8bd8bb6288792846709fae87..cf60a541720ffbcdaa5163d727a7761dcb30f131 100644
+index 1322a7c5f9b3baca837488de2e5323ee5c49800c..cb1895f2be25d210f7508433a352bc1e93369f4a 100644
 --- a/chrome/browser/ui/webui/accessibility/accessibility_ui.cc
 +++ b/chrome/browser/ui/webui/accessibility/accessibility_ui.cc
 @@ -48,6 +48,7 @@
@@ -64,7 +64,7 @@ index 9b22efa07e43b60a8bd8bb6288792846709fae87..cf60a541720ffbcdaa5163d727a7761d
    data.Set(kBrowsersField, std::move(browser_list));
  
  #if BUILDFLAG(IS_WIN)
-@@ -847,7 +848,8 @@ void AccessibilityUIMessageHandler::SetGlobalString(
+@@ -870,7 +871,8 @@ void AccessibilityUIMessageHandler::HandleSetGlobalString(
    const std::string value = CheckJSValue(data.FindString(kValueField));
  
    if (string_name == kApiTypeField) {
@@ -74,7 +74,7 @@ index 9b22efa07e43b60a8bd8bb6288792846709fae87..cf60a541720ffbcdaa5163d727a7761d
      pref->SetString(prefs::kShownAccessibilityApiType, value);
    }
  }
-@@ -901,7 +903,8 @@ void AccessibilityUIMessageHandler::RequestWebContentsTree(
+@@ -924,7 +926,8 @@ void AccessibilityUIMessageHandler::HandleRequestWebContentsTree(
                       AXPropertyFilter::ALLOW_EMPTY);
    AddPropertyFilters(property_filters, deny, AXPropertyFilter::DENY);
  
@@ -84,7 +84,7 @@ index 9b22efa07e43b60a8bd8bb6288792846709fae87..cf60a541720ffbcdaa5163d727a7761d
    ui::AXApiType::Type api_type =
        ui::AXApiType::From(pref->GetString(prefs::kShownAccessibilityApiType));
    std::string accessibility_contents =
-@@ -921,7 +924,7 @@ void AccessibilityUIMessageHandler::RequestNativeUITree(
+@@ -944,7 +947,7 @@ void AccessibilityUIMessageHandler::HandleRequestNativeUITree(
  
    AllowJavascript();
  
@@ -93,7 +93,7 @@ index 9b22efa07e43b60a8bd8bb6288792846709fae87..cf60a541720ffbcdaa5163d727a7761d
    std::vector<AXPropertyFilter> property_filters;
    AddPropertyFilters(property_filters, allow, AXPropertyFilter::ALLOW);
    AddPropertyFilters(property_filters, allow_empty,
-@@ -948,7 +951,7 @@ void AccessibilityUIMessageHandler::RequestNativeUITree(
+@@ -971,7 +974,7 @@ void AccessibilityUIMessageHandler::HandleRequestNativeUITree(
    if (found) {
      return;
    }
@@ -102,7 +102,7 @@ index 9b22efa07e43b60a8bd8bb6288792846709fae87..cf60a541720ffbcdaa5163d727a7761d
    // No browser with the specified |session_id| was found.
    base::DictValue result;
    result.Set(kSessionIdField, session_id);
-@@ -991,11 +994,13 @@ void AccessibilityUIMessageHandler::StopRecording(
+@@ -1014,11 +1017,13 @@ void AccessibilityUIMessageHandler::StopRecording(
  }
  
  ui::AXApiType::Type AccessibilityUIMessageHandler::GetRecordingApiType() {
@@ -119,7 +119,7 @@ index 9b22efa07e43b60a8bd8bb6288792846709fae87..cf60a541720ffbcdaa5163d727a7761d
    // Check to see if it is in the supported types list.
    if (std::find(supported_types.begin(), supported_types.end(), api_type) ==
        supported_types.end()) {
-@@ -1065,10 +1070,13 @@ void AccessibilityUIMessageHandler::RequestAccessibilityEvents(
+@@ -1088,10 +1093,13 @@ void AccessibilityUIMessageHandler::HandleRequestAccessibilityEvents(
  // static
  void AccessibilityUIMessageHandler::RegisterProfilePrefs(
      user_prefs::PrefRegistrySyncable* registry) {
@@ -134,7 +134,7 @@ index 9b22efa07e43b60a8bd8bb6288792846709fae87..cf60a541720ffbcdaa5163d727a7761d
  
  void AccessibilityUIMessageHandler::OnVisibilityChanged(
 diff --git a/chrome/browser/ui/webui/accessibility/accessibility_ui.h b/chrome/browser/ui/webui/accessibility/accessibility_ui.h
-index 67f7e34271994ff66da2a3c3b90c2f02797c2d14..8f786bc00dc4a7cc775ca3ff3fca4da680272682 100644
+index 184a10239d7072572a043f2b4e29bcdb5344f3ec..77d3ca336eaa28b7c476861c8d4a43e45804ac7a 100644
 --- a/chrome/browser/ui/webui/accessibility/accessibility_ui.h
 +++ b/chrome/browser/ui/webui/accessibility/accessibility_ui.h
 @@ -28,6 +28,8 @@ namespace content {
@@ -146,12 +146,12 @@ index 67f7e34271994ff66da2a3c3b90c2f02797c2d14..8f786bc00dc4a7cc775ca3ff3fca4da6
  namespace user_prefs {
  class PrefRegistrySyncable;
  }  // namespace user_prefs
-@@ -79,6 +81,8 @@ class AccessibilityUIMessageHandler : public content::WebUIMessageHandler,
+@@ -81,6 +83,8 @@ class AccessibilityUIMessageHandler : public content::WebUIMessageHandler,
    static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);
  
   private:
 +  friend class ElectronAccessibilityUIMessageHandler;
 +
-   void ToggleAccessibilityForWebContents(const base::ListValue& args);
-   void SetGlobalFlag(const base::ListValue& args);
-   void SetGlobalString(const base::ListValue& args);
+   void HandleInitialize(const base::ListValue& args);
+   void HandleToggleAccessibilityForWebContents(const base::ListValue& args);
+   void HandleSetGlobalFlag(const base::ListValue& args);

patches/chromium/allow_disabling_blink_scheduler_throttling_per_renderview.patch

@@ -6,7 +6,7 @@ Subject: allow disabling blink scheduler throttling per RenderView
 This allows us to disable throttling for hidden windows.
 
 diff --git a/content/browser/renderer_host/navigation_controller_impl_unittest.cc b/content/browser/renderer_host/navigation_controller_impl_unittest.cc
-index c33775220e161d38e41efe8fea897815737341f8..e9636b69a8eb748aaa493466c3190ec602e16449 100644
+index f5a6ffc61f6cdff3897a97003b74838aac27e2a1..9b10aeb457a010db0ab89211610ea97b1a364453 100644
 --- a/content/browser/renderer_host/navigation_controller_impl_unittest.cc
 +++ b/content/browser/renderer_host/navigation_controller_impl_unittest.cc
 @@ -168,6 +168,12 @@ class MockPageBroadcast : public blink::mojom::PageBroadcast {
@@ -23,10 +23,10 @@ index c33775220e161d38e41efe8fea897815737341f8..e9636b69a8eb748aaa493466c3190ec6
      return receiver_.BindNewEndpointAndPassDedicatedRemote();
    }
 diff --git a/content/browser/renderer_host/render_view_host_impl.cc b/content/browser/renderer_host/render_view_host_impl.cc
-index 5b1453e29d09170b698eb67a95f2822510525740..24d72cca5a230af3aaa43ad9ada92c2af17f06bf 100644
+index 6b881f610932eacd5412accd61431e6a59124e71..999022342a06592cc1bc7838b49afddaed1f9995 100644
 --- a/content/browser/renderer_host/render_view_host_impl.cc
 +++ b/content/browser/renderer_host/render_view_host_impl.cc
-@@ -762,6 +762,11 @@ void RenderViewHostImpl::SetBackgroundOpaque(bool opaque) {
+@@ -761,6 +761,11 @@ void RenderViewHostImpl::SetBackgroundOpaque(bool opaque) {
    GetWidget()->GetAssociatedFrameWidget()->SetBackgroundOpaque(opaque);
  }
  
@@ -51,7 +51,7 @@ index 89fed16c112d55c13a9f23695e2898d630f7d815..b7f486337f46daac015644525c9870f5
    void SendRendererPreferencesToRenderer(
        const blink::RendererPreferences& preferences);
 diff --git a/content/browser/renderer_host/render_widget_host_view_aura.cc b/content/browser/renderer_host/render_widget_host_view_aura.cc
-index 79bd8d43a71731e5076196877448462656a04d48..b5d7f50817f503956f19fcea687b5b0751268b44 100644
+index 53ec5cd693539d74424c683f78e953e85c13c098..ccfe78580c2acb9a3afa43d246e1a83cc0e28598 100644
 --- a/content/browser/renderer_host/render_widget_host_view_aura.cc
 +++ b/content/browser/renderer_host/render_widget_host_view_aura.cc
 @@ -655,8 +655,8 @@ void RenderWidgetHostViewAura::ShowImpl(PageVisibilityState page_visibility) {
@@ -116,10 +116,10 @@ index 932658273154ef2e022358e493a8e7c00c86e732..57bbfb5cde62c9496c351c861880a189
    // Visibility -----------------------------------------------------------
  
 diff --git a/third_party/blink/renderer/core/exported/web_view_impl.cc b/third_party/blink/renderer/core/exported/web_view_impl.cc
-index f5bdcb8176a94705a3710ba5dbc536a96b35fed9..657a0e059f954a72d4f8654d1a8938ff255ec193 100644
+index b5a7e1b177f031837f670c26bff7394315eb6ea5..ed63aa041733e2fb09d77a219c93c322985cc81e 100644
 --- a/third_party/blink/renderer/core/exported/web_view_impl.cc
 +++ b/third_party/blink/renderer/core/exported/web_view_impl.cc
-@@ -2502,6 +2502,10 @@ void WebViewImpl::SetPageLifecycleStateInternal(
+@@ -2471,6 +2471,10 @@ void WebViewImpl::SetPageLifecycleStateInternal(
    TRACE_EVENT2("navigation", "WebViewImpl::SetPageLifecycleStateInternal",
                 "old_state", old_state, "new_state", new_state);
  
@@ -130,7 +130,7 @@ index f5bdcb8176a94705a3710ba5dbc536a96b35fed9..657a0e059f954a72d4f8654d1a8938ff
    bool storing_in_bfcache = new_state->is_in_back_forward_cache &&
                              !old_state->is_in_back_forward_cache;
    bool restoring_from_bfcache = !new_state->is_in_back_forward_cache &&
-@@ -4182,10 +4186,23 @@ PageScheduler* WebViewImpl::Scheduler() const {
+@@ -4170,10 +4174,23 @@ PageScheduler* WebViewImpl::Scheduler() const {
    return GetPage()->GetPageScheduler();
  }
  
@@ -155,7 +155,7 @@ index f5bdcb8176a94705a3710ba5dbc536a96b35fed9..657a0e059f954a72d4f8654d1a8938ff
    // Do not throttle if the page should be painting.
    bool is_visible =
 diff --git a/third_party/blink/renderer/core/exported/web_view_impl.h b/third_party/blink/renderer/core/exported/web_view_impl.h
-index ff153875857fe718676389ee4f0096ca41407cf3..8b354c18c9d74432f85847d58e7aafc389c6b03c 100644
+index b2ad789e53146b06e0e416f2dcf384cf7e9c17ae..838c67ac5b02c427858febbfbddf25fb03632b37 100644
 --- a/third_party/blink/renderer/core/exported/web_view_impl.h
 +++ b/third_party/blink/renderer/core/exported/web_view_impl.h
 @@ -446,6 +446,7 @@ class CORE_EXPORT WebViewImpl final : public WebView,
@@ -166,7 +166,7 @@ index ff153875857fe718676389ee4f0096ca41407cf3..8b354c18c9d74432f85847d58e7aafc3
    void SetVisibilityState(mojom::blink::PageVisibilityState visibility_state,
                            bool is_initial_state) override;
    mojom::blink::PageVisibilityState GetVisibilityState() override;
-@@ -955,6 +956,8 @@ class CORE_EXPORT WebViewImpl final : public WebView,
+@@ -957,6 +958,8 @@ class CORE_EXPORT WebViewImpl final : public WebView,
    // If true, we send IPC messages when |preferred_size_| changes.
    bool send_preferred_size_changes_ = false;
  

patches/chromium/allow_in-process_windows_to_have_different_web_prefs.patch

@@ -8,7 +8,7 @@ WebPreferences of in-process child windows, rather than relying on
 process-level command line switches, as before.
 
 diff --git a/third_party/blink/common/web_preferences/web_preferences_mojom_traits.cc b/third_party/blink/common/web_preferences/web_preferences_mojom_traits.cc
-index 23672617af41f1d88b551da7b4ad0a19e39a2092..df032abeeca76c0cd914cbefcb6ba1a9509e7f95 100644
+index 9ab1b47509c8b72b7844e83f1d69499d13e26837..8fe07713a01123cc21d2649f8a3e9347a49a2bb8 100644
 --- a/third_party/blink/common/web_preferences/web_preferences_mojom_traits.cc
 +++ b/third_party/blink/common/web_preferences/web_preferences_mojom_traits.cc
 @@ -149,6 +149,19 @@ bool StructTraits<blink::mojom::WebPreferencesDataView,
@@ -32,18 +32,18 @@ index 23672617af41f1d88b551da7b4ad0a19e39a2092..df032abeeca76c0cd914cbefcb6ba1a9
    out->accelerated_video_decode_enabled =
        data.accelerated_video_decode_enabled();
 diff --git a/third_party/blink/public/common/web_preferences/web_preferences.h b/third_party/blink/public/common/web_preferences/web_preferences.h
-index cd34e8f534e86d4ff11ea1d8020d215f37cd730b..9ee7cd49b021ff4277b7bfd9c9e015eb75489562 100644
+index efcb7d9457045c2d58ecec4b68d7c4547cb5d08a..e37fa2e8cb0896e61ef11259df13d97b8fbff548 100644
 --- a/third_party/blink/public/common/web_preferences/web_preferences.h
 +++ b/third_party/blink/public/common/web_preferences/web_preferences.h
-@@ -9,6 +9,7 @@
- #include <string>
+@@ -10,6 +10,7 @@
  #include <vector>
  
+ #include "base/time/time.h"
 +#include "base/files/file_path.h"
  #include "build/build_config.h"
  #include "net/nqe/effective_connection_type.h"
  #include "third_party/blink/public/common/common_export.h"
-@@ -472,6 +473,19 @@ struct BLINK_COMMON_EXPORT WebPreferences {
+@@ -481,6 +482,19 @@ struct BLINK_COMMON_EXPORT WebPreferences {
    bool should_screenshot_on_mainframe_same_doc_navigation = true;
  #endif  // BUILDFLAG(IS_ANDROID)
  
@@ -64,7 +64,7 @@ index cd34e8f534e86d4ff11ea1d8020d215f37cd730b..9ee7cd49b021ff4277b7bfd9c9e015eb
    // chrome, except for the cases where it would require lots of extra work for
    // the embedder to use the same default value.
 diff --git a/third_party/blink/public/common/web_preferences/web_preferences_mojom_traits.h b/third_party/blink/public/common/web_preferences/web_preferences_mojom_traits.h
-index 9bb06fb430cbf31b6fc1343229191565a62421a8..a69327c42d386390bafb29d89063dd91315de834 100644
+index fade1dd1310d8339fff45b9ae74ebff4673eec37..ea3f8f3e30f76ebf71ed470f43e4f61995829932 100644
 --- a/third_party/blink/public/common/web_preferences/web_preferences_mojom_traits.h
 +++ b/third_party/blink/public/common/web_preferences/web_preferences_mojom_traits.h
 @@ -8,6 +8,7 @@
@@ -129,7 +129,7 @@ index 9bb06fb430cbf31b6fc1343229191565a62421a8..a69327c42d386390bafb29d89063dd91
      return r.cookie_enabled;
    }
 diff --git a/third_party/blink/public/mojom/webpreferences/web_preferences.mojom b/third_party/blink/public/mojom/webpreferences/web_preferences.mojom
-index ec6f13d3924cf861c505ed6d3abde0371fd65475..4830affa94db76d7cf87482671b9e20a68bcc449 100644
+index c637783517d250b7aa6f34af11fd3ca804a2a705..0268d33da3150a37ca8206695a5f324d8fde22e6 100644
 --- a/third_party/blink/public/mojom/webpreferences/web_preferences.mojom
 +++ b/third_party/blink/public/mojom/webpreferences/web_preferences.mojom
 @@ -4,6 +4,7 @@
@@ -138,9 +138,9 @@ index ec6f13d3924cf861c505ed6d3abde0371fd65475..4830affa94db76d7cf87482671b9e20a
  
 +import "mojo/public/mojom/base/file_path.mojom";
  import "mojo/public/mojom/base/string16.mojom";
+ import "mojo/public/mojom/base/time.mojom";
  import "skia/public/mojom/skcolor.mojom";
- import "third_party/blink/public/mojom/css/preferred_color_scheme.mojom";
-@@ -221,6 +222,19 @@ struct WebPreferences {
+@@ -222,6 +223,19 @@ struct WebPreferences {
    // If true, stylus handwriting recognition to text input will be available in
    // editable input fields which are non-password type.
    bool stylus_handwriting_enabled;

patches/chromium/blink_local_frame.patch

@@ -15,7 +15,7 @@ Refs changes in:
 This patch reverts the changes to fix associated crashes in Electron.
 
 diff --git a/third_party/blink/renderer/core/frame/frame.cc b/third_party/blink/renderer/core/frame/frame.cc
-index 901b727ed898cdd840df5ff7e2380fbee5d7fde2..1caacaeed9ddf1162cfa393fe4a7c86ac27f674a 100644
+index 9827a89c56141596fde57b78f9c9894f273db83e..cedb4bd8217a0ad3ab07d85421e1850bc4d910f5 100644
 --- a/third_party/blink/renderer/core/frame/frame.cc
 +++ b/third_party/blink/renderer/core/frame/frame.cc
 @@ -135,14 +135,6 @@ bool Frame::Detach(FrameDetachType type) {
@@ -49,10 +49,10 @@ index 901b727ed898cdd840df5ff7e2380fbee5d7fde2..1caacaeed9ddf1162cfa393fe4a7c86a
    // its owning reference back to our owning LocalFrame.
    client_->Detached(type);
 diff --git a/third_party/blink/renderer/core/frame/local_frame.cc b/third_party/blink/renderer/core/frame/local_frame.cc
-index 44bd9c7356a30394f4bfa5333743619443d42216..91fa883ae557d3341789c006c3791f8788e39238 100644
+index 4c38cd881b5a81b7939f61688f05949be799f008..8970537416e171d513bc9c015706fb18a574eab6 100644
 --- a/third_party/blink/renderer/core/frame/local_frame.cc
 +++ b/third_party/blink/renderer/core/frame/local_frame.cc
-@@ -779,10 +779,6 @@ bool LocalFrame::DetachImpl(FrameDetachType type) {
+@@ -758,10 +758,6 @@ bool LocalFrame::DetachImpl(FrameDetachType type) {
    }
    DCHECK(!view_ || !view_->IsAttached());
  
@@ -63,7 +63,7 @@ index 44bd9c7356a30394f4bfa5333743619443d42216..91fa883ae557d3341789c006c3791f87
    if (!Client())
      return false;
  
-@@ -839,6 +835,11 @@ bool LocalFrame::DetachImpl(FrameDetachType type) {
+@@ -817,6 +813,11 @@ bool LocalFrame::DetachImpl(FrameDetachType type) {
    DCHECK(!view_->IsAttached());
    Client()->WillBeDetached();
  

patches/chromium/boringssl_build_gn.patch

@@ -6,7 +6,7 @@ Subject: boringssl BUILD.gn
 Build BoringSSL with some extra functions that nodejs needs.
 
 diff --git a/third_party/boringssl/BUILD.gn b/third_party/boringssl/BUILD.gn
-index 31174ca1c75252b226af14548324d50744ac8c35..8469a37a4e50c76751160ab6ef484662c3626296 100644
+index 708bb2066269b57ff54649638938a1719d657b6a..7485078ed7a4cfdc8bfecf2d3a4a009e10ca4893 100644
 --- a/third_party/boringssl/BUILD.gn
 +++ b/third_party/boringssl/BUILD.gn
 @@ -48,6 +48,21 @@ all_sources = bcm_internal_headers + bcm_sources + crypto_internal_headers +

patches/chromium/build_add_electron_tracing_category.patch

@@ -8,7 +8,7 @@ categories in use are known / declared.  This patch is required for us
 to introduce a new Electron category for Electron-specific tracing.
 
 diff --git a/base/trace_event/builtin_categories.h b/base/trace_event/builtin_categories.h
-index 39168e90fd6ea68e562f0a2c6d8ba1162bc29e71..1b2b58497541b06857bc8f0d79172e8106003845 100644
+index 440349df6c5767fe3f93b51f78b33bf9d3bb5c1a..85c6f973788938b6a48a7a89e9fa803dc1030580 100644
 --- a/base/trace_event/builtin_categories.h
 +++ b/base/trace_event/builtin_categories.h
 @@ -133,6 +133,7 @@ PERFETTO_DEFINE_CATEGORIES_IN_NAMESPACE_WITH_ATTRS(

patches/chromium/build_allow_electron_to_use_exec_script.patch

@@ -6,13 +6,13 @@ Subject: build: allow electron to use exec_script
 This is similar to the //build usecase so we're OK adding ourselves here
 
 diff --git a/.gn b/.gn
-index ae58a0b0a64ae1fdb3f9cd8587041d71a121c6b9..f9d4e9b015ad266452dfa2a442b432ef31d09a5b 100644
+index 0013a7fd5a260ea4f04f6421031a571c7bbf90b9..216974ae53ec574514abbfb0a1d7276a396380e5 100644
 --- a/.gn
 +++ b/.gn
-@@ -167,4 +167,28 @@ exec_script_allowlist =
- 
-       "//tools/grit/grit_rule.gni",
+@@ -169,4 +169,28 @@ exec_script_allowlist =
        "//tools/gritsettings/BUILD.gn",
+ 
+       "//third_party/blink/renderer/build/scripts/scripts.gni",
 +
 +      "//electron/BUILD.gn",
 +      "//third_party/electron_node/deps/ada/unofficial.gni",

patches/chromium/build_disable_thin_lto_mac.patch

@@ -11,10 +11,10 @@ This patch can (and should) be removed when we can prevent those symbols
 from being stripped in the release build.
 
 diff --git a/build/config/compiler/compiler.gni b/build/config/compiler/compiler.gni
-index beb5213714e1ab6260ed735099b0bcac90cdab66..fcbf88740deea6335ec70ab61795f501f4b432ce 100644
+index 9e7353df432d5de6c24c485579c1d99bc1dc5bb2..0d799db2dcd3dfd635b0b7f8e0142ef76ae29beb 100644
 --- a/build/config/compiler/compiler.gni
 +++ b/build/config/compiler/compiler.gni
-@@ -113,7 +113,7 @@ declare_args() {
+@@ -149,7 +149,7 @@ declare_args() {
    # Chrome's clang. crbug.com/1033839
    use_thin_lto =
        is_cfi || (is_clang && is_official_build && chrome_pgo_phase != 1 &&

patches/chromium/build_do_not_depend_on_packed_resource_integrity.patch

@@ -11,10 +11,10 @@ if we ever align our .pak file generation with Chrome we can remove this
 patch.
 
 diff --git a/chrome/BUILD.gn b/chrome/BUILD.gn
-index 4b1fd316496e33f9e805aec89a91062587e6ee16..1b6fce9e2780a37e1e8bf3f8a62dc6bc80e101d1 100644
+index 0af4d4b75d0519fabcb5d48bd9d5bd465bc80e92..eb6b23655afaa268f25d99301a0853aaecd23652 100644
 --- a/chrome/BUILD.gn
 +++ b/chrome/BUILD.gn
-@@ -201,11 +201,16 @@ if (!is_android && !is_mac) {
+@@ -201,6 +201,12 @@ if (!is_android && !is_mac) {
          "common/crash_keys.h",
        ]
  
@@ -27,29 +27,11 @@ index 4b1fd316496e33f9e805aec89a91062587e6ee16..1b6fce9e2780a37e1e8bf3f8a62dc6bc
        deps += [
          ":chrome_dll",
          ":chrome_exe_version",
-         ":copy_first_run",
--        ":packed_resources_integrity_header",
-         ":visual_elements_resources",
-         "//base",
-         "//build:branding_buildflags",
-diff --git a/chrome/browser/BUILD.gn b/chrome/browser/BUILD.gn
-index 589d635d17884050b20b491d65833b7893f5e3e6..672da0774617ae3ac79983aa460b333d6aa325f2 100644
---- a/chrome/browser/BUILD.gn
-+++ b/chrome/browser/BUILD.gn
-@@ -4637,7 +4637,7 @@ static_library("browser") {
-       ]
-     }
- 
--    if (!is_win) {
-+    if (!is_win && !is_electron_build) {
-       # On Windows, the hashes are embedded in //chrome:chrome_initial rather
-       # than here in :chrome_dll.
-       deps += [ "//chrome:packed_resources_integrity_header" ]
 diff --git a/chrome/test/BUILD.gn b/chrome/test/BUILD.gn
-index cfea9608df1620632dfe6f225e857e32ff0fab4f..3cb2213bc57db3b0c01f75c06a8a07609a1cfa86 100644
+index e91f97276866bd500720962c74acaca2c22fff7c..22867153821d2b1e83feb1a2a7a6b8c26ba776eb 100644
 --- a/chrome/test/BUILD.gn
 +++ b/chrome/test/BUILD.gn
-@@ -7776,9 +7776,12 @@ test("unit_tests") {
+@@ -7737,6 +7737,10 @@ test("unit_tests") {
        "//chrome/notification_helper",
      ]
  
@@ -59,11 +41,8 @@ index cfea9608df1620632dfe6f225e857e32ff0fab4f..3cb2213bc57db3b0c01f75c06a8a0760
 +
      deps += [
        "//chrome:other_version",
--      "//chrome:packed_resources_integrity_header",
        "//chrome//services/util_win:unit_tests",
-       "//chrome/app:chrome_dll_resources",
-       "//chrome/app:win_unit_tests",
-@@ -8773,6 +8776,10 @@ test("unit_tests") {
+@@ -8711,6 +8715,10 @@ test("unit_tests") {
        "../browser/performance_manager/policies/background_tab_loading_policy_unittest.cc",
      ]
  
@@ -74,11 +53,12 @@ index cfea9608df1620632dfe6f225e857e32ff0fab4f..3cb2213bc57db3b0c01f75c06a8a0760
      sources += [
        # The importer code is not used on Android.
        "../common/importer/firefox_importer_utils_unittest.cc",
-@@ -8830,7 +8837,6 @@ test("unit_tests") {
+@@ -8767,7 +8775,7 @@ test("unit_tests") {
      # TODO(crbug.com/417513088): Maybe merge with the non-android `deps` declaration above?
      deps += [
        "../browser/screen_ai:screen_ai_install_state",
--      "//chrome:packed_resources_integrity_header",
+-      "//chrome:packed_resources",
++
        "//chrome/browser/apps:icon_standardizer",
        "//chrome/browser/apps/app_service",
        "//chrome/browser/apps/app_service:app_registry_cache_waiter",

patches/chromium/build_gn.patch

@@ -7,7 +7,7 @@ These are variables we add to the root BUILDCONFIG so that they're available
 everywhere, without having to import("//electron/.../flags.gni").
 
 diff --git a/build/config/BUILDCONFIG.gn b/build/config/BUILDCONFIG.gn
-index 4d1ac59b9b7dc05a20a3bb523b17706a00761cde..23af9a129531a06dc87573b18b44a921e7fb11ea 100644
+index cc00f84630e063fee2b1897eced42c6a53a3a79e..5d4a82783dbe86636bbef47f2fb26ff9147ea57b 100644
 --- a/build/config/BUILDCONFIG.gn
 +++ b/build/config/BUILDCONFIG.gn
 @@ -123,6 +123,9 @@ if (current_os == "") {

patches/chromium/build_partial_revert_mac_fullscreen_top_chrome_mouse_events.patch

@@ -1,31 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Keeley Hammond <khammond@slack-corp.com>
-Date: Wed, 25 Jun 2025 10:21:31 -0400
-Subject: build: partially revert Mac fullscreen top-chrome mouse events
-
-Reverts "mac: fix missing mouse up and down event in fullscreen top-chrome".
-This CL caused all interactions to fail when loading a page via loadURL
-on Mac. This patch can be removed when upstream is fixed, or when a better
-solution is put in place.
-
-This reverts commit 8c004781dde7d42d9a3fed8cafcaa4929943dd69.
-
-diff --git a/components/remote_cocoa/app_shim/bridged_content_view.mm b/components/remote_cocoa/app_shim/bridged_content_view.mm
-index 98fccf63096e970ef5f7e7bd58b9db88e48920dd..d1a79368a2a0d60b8d9e128df21cc169e1da793a 100644
---- a/components/remote_cocoa/app_shim/bridged_content_view.mm
-+++ b/components/remote_cocoa/app_shim/bridged_content_view.mm
-@@ -305,14 +305,6 @@ - (NSView*)hitTest:(NSPoint)point {
-     return nil;
-   }
- 
--  // Send event to views::RootView.
--  if (hitTestResult == remote_cocoa::mojom::HitTestResult::kRootView) {
--    // Most commonly this NSView is NSWindow's contentView. However in immersive
--    // fullscreen, the view may be a subview of another AppKit-owned view in the
--    // titlebar.
--    return self;
--  }
--
-   return [super hitTest:point];
- }
- 

patches/chromium/can_create_window.patch

@@ -9,10 +9,10 @@ potentially prevent a window from being created.
 TODO(loc): this patch is currently broken.
 
 diff --git a/content/browser/renderer_host/render_frame_host_impl.cc b/content/browser/renderer_host/render_frame_host_impl.cc
-index c5ee522e5ffb316bebfce23adb116b0b7cbd8ab8..f92fc4bbddd99bcd4b3e38d59e8c8df4ef6f59e4 100644
+index ac474e220d411dec278c40448f038b25e6788d2a..e4ff8f11bed9e53f3134068492ac94b4c9bb4df2 100644
 --- a/content/browser/renderer_host/render_frame_host_impl.cc
 +++ b/content/browser/renderer_host/render_frame_host_impl.cc
-@@ -10124,6 +10124,7 @@ void RenderFrameHostImpl::CreateNewWindow(
+@@ -10228,6 +10228,7 @@ void RenderFrameHostImpl::CreateNewWindow(
            last_committed_origin_, params->window_container_type,
            params->target_url, params->referrer.To<Referrer>(),
            params->frame_name, params->disposition, *params->features,
@@ -21,10 +21,10 @@ index c5ee522e5ffb316bebfce23adb116b0b7cbd8ab8..f92fc4bbddd99bcd4b3e38d59e8c8df4
            &no_javascript_access);
  
 diff --git a/content/browser/web_contents/web_contents_impl.cc b/content/browser/web_contents/web_contents_impl.cc
-index 382b9ad9c6e8df480f6b36df04f799318233e249..310d4cdd98bd0808e3d414b07bc3c14dc64482a1 100644
+index 3e0c8bd308d8a947a2bd295a2d83e385e53853fb..4e91b3aeb5630476c660e8814e2fd9d92c5a9ca1 100644
 --- a/content/browser/web_contents/web_contents_impl.cc
 +++ b/content/browser/web_contents/web_contents_impl.cc
-@@ -5377,6 +5377,10 @@ FrameTree* WebContentsImpl::CreateNewWindow(
+@@ -5501,6 +5501,10 @@ FrameTree* WebContentsImpl::CreateNewWindow(
    create_params.initially_hidden = renderer_started_hidden;
    create_params.initial_popup_url = params.target_url;
  
@@ -35,7 +35,7 @@ index 382b9ad9c6e8df480f6b36df04f799318233e249..310d4cdd98bd0808e3d414b07bc3c14d
    // Even though all codepaths leading here are in response to a renderer
    // trying to open a new window, if the new window ends up in a different
    // browsing instance, then the RenderViewHost, RenderWidgetHost,
-@@ -5431,6 +5435,12 @@ FrameTree* WebContentsImpl::CreateNewWindow(
+@@ -5555,6 +5559,12 @@ FrameTree* WebContentsImpl::CreateNewWindow(
    // Sets the newly created WebContents WindowOpenDisposition.
    new_contents_impl->original_window_open_disposition_ = params.disposition;
  
@@ -48,7 +48,7 @@ index 382b9ad9c6e8df480f6b36df04f799318233e249..310d4cdd98bd0808e3d414b07bc3c14d
    // If the new frame has a name, make sure any SiteInstances that can find
    // this named frame have proxies for it.  Must be called after
    // SetSessionStorageNamespace, since this calls CreateRenderView, which uses
-@@ -5472,12 +5482,6 @@ FrameTree* WebContentsImpl::CreateNewWindow(
+@@ -5596,12 +5606,6 @@ FrameTree* WebContentsImpl::CreateNewWindow(
      AddWebContentsDestructionObserver(new_contents_impl);
    }
  
@@ -62,10 +62,10 @@ index 382b9ad9c6e8df480f6b36df04f799318233e249..310d4cdd98bd0808e3d414b07bc3c14d
                               new_contents_impl, opener, params.target_url,
                               params.referrer.To<Referrer>(), params.disposition,
 diff --git a/content/common/frame.mojom b/content/common/frame.mojom
-index 19dbb921c9644522588ff74d0a1925f826736957..4e7b36729741a79cfdf04f89a8ec615d3148b294 100644
+index 444fa7009d0db33470cac9ab9cfdc23ceacec942..ab9aeb852e5ea89583284386d9a78a3e3e17a310 100644
 --- a/content/common/frame.mojom
 +++ b/content/common/frame.mojom
-@@ -658,6 +658,10 @@ struct CreateNewWindowParams {
+@@ -617,6 +617,10 @@ struct CreateNewWindowParams {
    pending_associated_remote<blink.mojom.Widget> widget;
    pending_associated_receiver<blink.mojom.FrameWidgetHost> frame_widget_host;
    pending_associated_remote<blink.mojom.FrameWidget> frame_widget;
@@ -77,10 +77,10 @@ index 19dbb921c9644522588ff74d0a1925f826736957..4e7b36729741a79cfdf04f89a8ec615d
  
  // Operation result when the renderer asks the browser to create a new window.
 diff --git a/content/public/browser/content_browser_client.cc b/content/public/browser/content_browser_client.cc
-index d2dccc29b0e13ab5c87b4c6803e79dc781e52ea2..be6639ef1a7eebb147afee483a35898d1ea5d95f 100644
+index e806de04ca92cb8351e9a242a5241c0d4286da97..d0b3e4bc348921df7e6446dbc1f14860b8a84d87 100644
 --- a/content/public/browser/content_browser_client.cc
 +++ b/content/public/browser/content_browser_client.cc
-@@ -877,6 +877,8 @@ bool ContentBrowserClient::CanCreateWindow(
+@@ -854,6 +854,8 @@ bool ContentBrowserClient::CanCreateWindow(
      const std::string& frame_name,
      WindowOpenDisposition disposition,
      const blink::mojom::WindowFeatures& features,
@@ -90,7 +90,7 @@ index d2dccc29b0e13ab5c87b4c6803e79dc781e52ea2..be6639ef1a7eebb147afee483a35898d
      bool opener_suppressed,
      bool* no_javascript_access) {
 diff --git a/content/public/browser/content_browser_client.h b/content/public/browser/content_browser_client.h
-index 3b6c42b2c4cd5d9e5753af25b27925ff0d933568..e6f51d39b4f2f6b162814996921958ca1252e1d7 100644
+index 70588ccd619ac7969918771bccf5c054320e4f6f..eb684232648424fab4ba73b1fc813b0b3f8b809b 100644
 --- a/content/public/browser/content_browser_client.h
 +++ b/content/public/browser/content_browser_client.h
 @@ -205,6 +205,7 @@ class NetworkService;
@@ -101,7 +101,7 @@ index 3b6c42b2c4cd5d9e5753af25b27925ff0d933568..e6f51d39b4f2f6b162814996921958ca
  }  // namespace network
  
  namespace sandbox {
-@@ -1468,6 +1469,8 @@ class CONTENT_EXPORT ContentBrowserClient {
+@@ -1406,6 +1407,8 @@ class CONTENT_EXPORT ContentBrowserClient {
        const std::string& frame_name,
        WindowOpenDisposition disposition,
        const blink::mojom::WindowFeatures& features,
@@ -170,10 +170,10 @@ index 0650197909d484b8a0f48ab61b22471c71bce0e8..29c380d7845aab1a7b3417e0d3940ea0
    // typically happens when popups are created.
    virtual void WebContentsCreated(WebContents* source_contents,
 diff --git a/content/renderer/render_frame_impl.cc b/content/renderer/render_frame_impl.cc
-index 6ee766c52202804adc532b1585224b4e35239f9a..42a0a7e5be01fe346cc2ad83d3395425a41e1699 100644
+index 5936c5eaa081abde7f7c26cc990a122622e46908..ab959e66f8841d7367863bb13d6c7a0854d0df23 100644
 --- a/content/renderer/render_frame_impl.cc
 +++ b/content/renderer/render_frame_impl.cc
-@@ -6879,6 +6879,10 @@ WebView* RenderFrameImpl::CreateNewWindow(
+@@ -6845,6 +6845,10 @@ WebView* RenderFrameImpl::CreateNewWindow(
    params->started_by_ad =
        GetWebFrame()->IsAdFrame() || GetWebFrame()->IsAdScriptInStack();
  
@@ -185,10 +185,10 @@ index 6ee766c52202804adc532b1585224b4e35239f9a..42a0a7e5be01fe346cc2ad83d3395425
    // moved on send.
    bool is_background_tab =
 diff --git a/content/web_test/browser/web_test_content_browser_client.cc b/content/web_test/browser/web_test_content_browser_client.cc
-index 7a57cb3a1414a77704c42ae01a9dc89fae4ad4a3..769601c2749f0781317f668cf806042db626c348 100644
+index 9453418ab164904cb9d75930d649abe21b94bb03..b2acd05882e8dfb04e5a75b249705c1a15209056 100644
 --- a/content/web_test/browser/web_test_content_browser_client.cc
 +++ b/content/web_test/browser/web_test_content_browser_client.cc
-@@ -539,6 +539,8 @@ bool WebTestContentBrowserClient::CanCreateWindow(
+@@ -540,6 +540,8 @@ bool WebTestContentBrowserClient::CanCreateWindow(
      const std::string& frame_name,
      WindowOpenDisposition disposition,
      const blink::mojom::WindowFeatures& features,
@@ -198,10 +198,10 @@ index 7a57cb3a1414a77704c42ae01a9dc89fae4ad4a3..769601c2749f0781317f668cf806042d
      bool opener_suppressed,
      bool* no_javascript_access) {
 diff --git a/content/web_test/browser/web_test_content_browser_client.h b/content/web_test/browser/web_test_content_browser_client.h
-index 790f004d2a3a9ae5a3588fda097732a5daac0c75..83fcc9418b89b669863e730f2049a1d836eef260 100644
+index 25e88c235485f75831bc67d72e9c10f67561ba99..f64dd47225c47407bef3a6d942903ee8b7a4cf20 100644
 --- a/content/web_test/browser/web_test_content_browser_client.h
 +++ b/content/web_test/browser/web_test_content_browser_client.h
-@@ -98,6 +98,8 @@ class WebTestContentBrowserClient : public ShellContentBrowserClient {
+@@ -101,6 +101,8 @@ class WebTestContentBrowserClient : public ShellContentBrowserClient {
                         const std::string& frame_name,
                         WindowOpenDisposition disposition,
                         const blink::mojom::WindowFeatures& features,
@@ -224,10 +224,10 @@ index d92bab531c12c62a5321a23f4a0cb89691668127..2060e04795ba8e7a923fd0fe3485b8c5
  
  }  // namespace blink
 diff --git a/third_party/blink/renderer/core/frame/local_dom_window.cc b/third_party/blink/renderer/core/frame/local_dom_window.cc
-index 06efc300ee7a014759de6d0d61d0ced6c8bb965f..d8354c7554750bd17c5ad67db2a07453e7a4e5ca 100644
+index 51f03729c2d40a225dbcfc42091d44f78f77d971..780ee21199701b01a97932cd4a59aeb5db98017b 100644
 --- a/third_party/blink/renderer/core/frame/local_dom_window.cc
 +++ b/third_party/blink/renderer/core/frame/local_dom_window.cc
-@@ -2341,6 +2341,8 @@ DOMWindow* LocalDOMWindow::open(v8::Isolate* isolate,
+@@ -2342,6 +2342,8 @@ DOMWindow* LocalDOMWindow::open(v8::Isolate* isolate,
    WebWindowFeatures window_features =
        GetWindowFeaturesFromString(features, entered_window);