build: update deps to clear audit

.claude/skills/electron-node-upgrade/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: electron-node-upgrade
-description: Guide for performing Node.js version upgrades in the Electron project. Use when working on the roller/node/main branch to fix patch conflicts during `e sync --3`. Covers the patch application workflow, conflict resolution, analyzing upstream Node.js changes, building, running the Node.js test suite, and proper commit formatting for patch fixes.
+description: Guide for performing Node.js version upgrades in the Electron project. Use when working on the roller/node/main branch to fix patch conflicts during `e sync --3`. Covers the patch application workflow, conflict resolution, analyzing upstream Node.js changes, and proper commit formatting for patch fixes.
 ---
 
 # Electron Node.js Upgrade: Phase One
@@ -174,127 +174,10 @@ When the error is in Electron's own source code:
 1. Edit files directly in the electron repo
 2. Commit directly (no patch export needed)
 
-# Electron Node.js Upgrade: Phase Three
-
-## Summary
-
-Run the Node.js test suite via `script/node-spec-runner.js`, fix failing tests, and commit fixes until all tests pass. Certain tests are permanently disabled (listed in `script/node-disabled-tests.json`) and should not be run.
-
-Run Phase Three immediately after Phase Two is complete.
-
-## Success Criteria
-
-Phase Three is complete when:
-- `node script/node-spec-runner.js --default` exits with zero failures
-- All changes are committed per the commit guidelines
-
-Do not stop until these criteria are met.
-
-## Context
-
-Electron runs a subset of Node.js's upstream test suite using a custom runner (`script/node-spec-runner.js`). Tests are executed with the built Electron binary via `ELECTRON_RUN_AS_NODE=true`. Many tests need adaptation because Electron uses BoringSSL (not OpenSSL) and Chromium's V8 (which may differ from Node.js's bundled V8).
-
-**Key files:**
-- `script/node-spec-runner.js` — Test runner script
-- `script/node-disabled-tests.json` — Permanently disabled tests (do not try to fix these)
-- `../third_party/electron_node/test/` — Node.js test files (where patches apply)
-- `patches/node/fix_crypto_tests_to_run_with_bssl.patch` — BoringSSL crypto test adaptations
-- `patches/node/test_formally_mark_some_tests_as_flaky.patch` — Flaky test list
-
-## Workflow
-
-1. Run `node script/node-spec-runner.js --default` from the electron repo
-2. If all tests pass → Phase Three is complete
-3. If tests fail:
-    - Identify the failing test file(s) from the output
-    - Analyze each failure (see "Common Failure Patterns" below)
-    - Fix the test in `../third_party/electron_node/test/...`
-    - Re-run the specific failing test to verify: `node script/node-spec-runner.js {test-path}`
-        - The test path is relative to the node `test/` directory, e.g. `test/parallel/test-crypto-key-objects-raw.js`
-        - Do NOT use `--default` when running specific tests — it adds the full suite flags
-        - Do NOT run tests directly with `ELECTRON_RUN_AS_NODE` — the runner handles environment setup (e.g. temporarily switching `package.json` from ESM to CommonJS)
-    - Commit the fix using the fixup workflow and commit guidelines
-    - Return to step 1
-
-## Commands Reference
-
-| Command | Purpose |
-|---------|---------|
-| `node script/node-spec-runner.js --default` | Run full Node.js test suite |
-| `node script/node-spec-runner.js test/parallel/test-foo.js` | Run a single test |
-| `NODE_REGENERATE_SNAPSHOTS=1 node script/node-spec-runner.js test/test-runner/test-foo.mjs` | Regenerate snapshot for a snapshot-based test |
-
-## Common Failure Patterns
-
-### BoringSSL incompatibilities
-
-Electron uses BoringSSL (via Chromium) instead of OpenSSL. Many crypto features are missing or behave differently:
-
-| Unsupported in BoringSSL | Guard pattern |
-|--------------------------|---------------|
-| ChaCha20-Poly1305 | `if (!process.features.openssl_is_boringssl)` |
-| AES-CCM (aes-128-ccm, aes-256-ccm) | `if (ciphers.includes('aes-128-ccm'))` |
-| AES-KW (key wrapping) | `if (!process.features.openssl_is_boringssl)` |
-| DSA keys | `if (!process.features.openssl_is_boringssl)` |
-| Ed448 / X448 curves | `if (!process.features.openssl_is_boringssl)` |
-| DH key PEM loading | `if (!process.features.openssl_is_boringssl)` |
-| PQC algorithms (ML-KEM, ML-DSA, SLH-DSA) | `if (hasOpenSSL(3, 5))` (already guards these) |
-
-When guarding tests, prefer checking cipher availability (`ciphers.includes(algo)`) over blanket BoringSSL checks where possible, as it's more precise and self-documenting.
-
-New upstream tests that exercise these features will need guards added to the `fix_crypto_tests_to_run_with_bssl` patch.
-
-### Snapshot test mismatches
-
-Some tests compare output against committed `.snapshot` files using `assert.strictEqual` — these are NOT wildcard comparisons. When Chromium's V8 produces different output (e.g. different stack traces due to V8 enhancements), the snapshot must be regenerated:
-
-```bash
-NODE_REGENERATE_SNAPSHOTS=1 node script/node-spec-runner.js test/test-runner/test-foo.mjs
-```
-
-Then inspect the diff to verify the changes are expected, and commit the updated snapshot into the appropriate patch.
-
-### V8 behavioral differences
-
-Chromium's V8 may be ahead of Node.js's bundled V8. This can cause:
-- Different stack trace formats (e.g. thenable async stack frames)
-- Different error messages
-- Features available in Chromium V8 that aren't in stock Node.js V8 (or vice versa)
-
-## Two Types of Test Fixes
-
-### A. Patch Fixes (most common for test failures)
-
-Most test fixes go into existing patches in `patches/node/`. Use the fixup workflow:
-
-1. Edit the test file in `../third_party/electron_node/test/...`
-2. Find the relevant patch commit: `git log --oneline | grep -i "keyword"`
-    - Crypto/BoringSSL tests → `fix crypto tests to run with bssl`
-    - Snapshot tests → the specific snapshot patch (e.g. `test: accomodate V8 thenable`)
-    - Flaky tests → `test: formally mark some tests as flaky`
-3. Create a fixup commit:
-    ```bash
-    cd ../third_party/electron_node
-    git add test/path/to/test.js
-    git commit --fixup=<patch-commit-hash>
-    GIT_SEQUENCE_EDITOR=: git rebase --autosquash --autostash -i <commit>^
-    ```
-4. Export: `e patches node`
-5. **Read `references/phase-three-commit-guidelines.md` NOW**, then commit the updated patch file.
-
-### B. New Patches (rare)
-
-Only create a new patch when the fix doesn't belong in any existing patch. The new patch commit in `../third_party/electron_node` must include a description explaining why the patch exists and when it can be removed — the lint check enforces this.
-
-## Adding to Disabled Tests
-
-Only add a test to `script/node-disabled-tests.json` as a **last resort** — when the test is fundamentally incompatible with Electron's architecture (not just a BoringSSL difference that can be guarded). Tests disabled here are completely skipped and never run.
-
 # Critical: Read Before Committing
 
 - Before ANY Phase One commits: Read `references/phase-one-commit-guidelines.md`
 - Before ANY Phase Two commits: Read `references/phase-two-commit-guidelines.md`
-- Before ANY Phase Three commits: Read `references/phase-three-commit-guidelines.md`
 
 # High-Churn Patches
 
@@ -318,6 +201,5 @@ This skill has additional reference files in `references/`:
 - patch-analysis.md - How to analyze patch failures
 - phase-one-commit-guidelines.md - Commit format for Phase One
 - phase-two-commit-guidelines.md - Commit format for Phase Two
-- phase-three-commit-guidelines.md - Commit format for Phase Three
 
 Read these when referenced in the workflow steps.

.claude/skills/electron-node-upgrade/references/phase-three-commit-guidelines.md

@@ -1,80 +0,0 @@
-# Phase Three Commit Guidelines
-
-Only follow these instructions if there are uncommitted changes after fixing a test failure during Phase Three.
-
-Ignore other instructions about making commit messages, our guidelines are CRITICALLY IMPORTANT and must be followed.
-
-## Commit Message Style
-
-**Titles** follow the 60/80-character guideline: simple changes fit within 60 characters, otherwise the limit is 80 characters.
-
-Always include a `Co-Authored-By` trailer identifying the AI model that assisted (e.g., `Co-Authored-By: <AI model attribution>`).
-
-## Commit Types
-
-### Patch updates (most test fixes)
-
-Test fixes go into existing patches via the fixup workflow. Use `fix(patch):` prefix with a descriptive topic:
-
-```
-fix(patch): {topic headline}
-
-Ref: {Node.js commit or issue link}
-
-Co-Authored-By: <AI model attribution>
-```
-
-Examples:
-- `fix(patch): guard DH key test for BoringSSL`
-- `fix(patch): adapt new crypto tests for BoringSSL`
-- `fix(patch): correct thenable snapshot for Chromium V8`
-- `fix(patch): skip AES-KW tests with BoringSSL`
-
-Group related test fixes into a single commit when they address the same root cause (e.g., multiple crypto tests all needing BoringSSL guards for the same missing cipher). Don't create one commit per test file if they share the same fix pattern.
-
-### Snapshot regeneration
-
-When a snapshot test fails because Chromium's V8 produces different output, regenerate it:
-
-```bash
-NODE_REGENERATE_SNAPSHOTS=1 node script/node-spec-runner.js test/test-runner/test-foo.mjs
-```
-
-Then commit the updated snapshot patch with a title describing what changed:
-
-```
-fix(patch): correct {name} snapshot for Chromium V8
-
-Ref: {V8 CL or issue link if known}
-
-Co-Authored-By: <AI model attribution>
-```
-
-### Trivial patch updates
-
-After any patch modification, check for dependent patches that only have index/hunk header changes:
-
-```bash
-git status
-# If other .patch files show as modified with only trivial changes:
-git add patches/
-git commit -m "chore: update patches (trivial only)"
-```
-
-## Finding References
-
-For BoringSSL-related test fixes, the reference is typically the upstream Node.js PR that added the new test:
-
-```bash
-cd ../third_party/electron_node
-git log --oneline -5 -- test/parallel/test-crypto-foo.js
-git log -1 <commit> --format="%B" | grep "PR-URL"
-```
-
-For V8 behavioral differences, reference the Chromium CL:
-
-```
-Ref: https://chromium-review.googlesource.com/c/v8/v8/+/NNNNNNN
-```
-
-If no reference found after searching: `Ref: Unable to locate reference`

.github/actions/build-electron/action.yml

@@ -101,31 +101,12 @@ runs:
         git pack-refs
         cd ..
 
-        # Pre-create the ThinLTO cache directory so lld-link does not need to
-        # call CreateDirectoryW through the bindflt filter driver, which can
-        # return ERROR_INVALID_PARAMETER under concurrent I/O on ARC runners.
-        # Discover the path from GN instead of hardcoding it so we stay in
-        # sync with `cache_dir` in build/config/compiler/BUILD.gn; skip the
-        # pre-create when ThinLTO is disabled (non-official builds).
-        $env:ELECTRON_DEPOT_TOOLS_DISABLE_LOG = "1"
-        $ltoFlag = e d gn desc out/Default //electron:electron_app ldflags 2>$null |
-          Select-String -Pattern '^/lldltocache:(.+)$' |
-          Select-Object -First 1
-        if ($ltoFlag) {
-          $cachePath = Join-Path 'out\Default' $ltoFlag.Matches[0].Groups[1].Value
-          New-Item -ItemType Directory -Force -Path $cachePath | Out-Null
-        }
-
         $env:NINJA_SUMMARIZE_BUILD = 1
         if ("${{ inputs.is-release }}" -eq "true") {          
           e build --target electron:release_build
         } else {
           e build --target electron:testing_build
         }
-        if ($LASTEXITCODE -ne 0) {
-          Write-Host "e build failed with exit code $LASTEXITCODE"
-          exit $LASTEXITCODE
-        }
         Copy-Item out\Default\.ninja_log out\electron_ninja_log
         node electron\script\check-symlinks.js
 

.github/actions/build-image-sha/action.yml

@@ -1,24 +0,0 @@
-name: 'Build Image SHA'
-description: 'Single source of truth for the ghcr.io/electron/build image SHA'
-inputs:
-  override:
-    description: 'Optional override SHA (e.g. from a workflow_dispatch input)'
-    required: false
-    default: ''
-outputs:
-  build-image-sha:
-    description: 'The electron/build image SHA to use'
-    value: ${{ steps.set.outputs.build-image-sha }}
-runs:
-  using: 'composite'
-  steps:
-    - id: set
-      shell: bash
-      env:
-        OVERRIDE: ${{ inputs.override }}
-      run: |
-        if [ -n "$OVERRIDE" ]; then
-          echo "build-image-sha=$OVERRIDE" >> "$GITHUB_OUTPUT"
-        else
-          echo "build-image-sha=daad061f4b99a0ae1c841be4aa09188280a9c8a4" >> "$GITHUB_OUTPUT"
-        fi

.github/actions/fix-sync/action.yml

@@ -133,7 +133,7 @@ runs:
       run : |
         cd src/third_party/angle
         rm -f .git/objects/info/alternates
-        git remote set-url origin https://github.com/google/angle.git
+        git remote set-url origin https://chromium.googlesource.com/angle/angle.git
         cp .git/config .git/config.backup
         git remote remove origin
         mv .git/config.backup .git/config

.github/actions/install-dependencies/action.yml

@@ -21,28 +21,11 @@ runs:
       if [ "$TARGET_ARCH" = "x86" ]; then
         export npm_config_arch="ia32"
       fi
-      ARCH=$(uname -m)
-      node script/yarn.js install --immutable --mode=skip-build
       # if running on linux arm skip yarn Builds
+      ARCH=$(uname -m)
       if [ "$ARCH" = "armv7l" ]; then
         echo "Skipping yarn build on linux arm"
+        node script/yarn.js install --immutable --mode=skip-build
       else
-        # Pre-seed the node-gyp header cache so the parallel native-addon
-        # builds below don't race on a cold cache. Linux build containers
-        # already ship a warm cache (electron/build-images#68), so only do
-        # this on macOS / Windows runners.
-        if [ "$(uname -s)" != "Linux" ]; then
-          for i in 1 2 3; do
-            if node node_modules/node-gyp/bin/node-gyp.js install; then
-              break
-            fi
-            if [ "$i" = "3" ]; then
-              echo "node-gyp header pre-seed failed after 3 attempts" >&2
-              exit 1
-            fi
-            echo "node-gyp header pre-seed failed (attempt $i), retrying in 5s..." >&2
-            sleep 5
-          done
-        fi
         node script/yarn.js install --immutable
       fi

.github/siso-patches/0002-siso-retry-transient-ERROR_INVALID_PARAMETER-when-op.patch

@@ -1,132 +0,0 @@
-From a8afee1089ec2ae9ab5837b438d07338aefb3bc4 Mon Sep 17 00:00:00 2001
-From: Samuel Attard <sam@electronjs.org>
-Date: Wed, 22 Apr 2026 16:27:51 -0700
-Subject: [PATCH] siso: retry transient ERROR_INVALID_PARAMETER when opening
- ninja files on Windows
-
-ManifestParser.Load fans out across all subninja files (~90k in a
-Chromium build) at NumCPU parallelism. On Windows builders where out/
-is served through a filesystem filter driver (e.g. bindflt/wcifs for
-container bind mounts), CreateFileW can intermittently return
-ERROR_INVALID_PARAMETER under this concurrent open burst. The previous
-patch removes the redundant per-chunk re-open, but the single remaining
-open per file can still hit the race; without a retry a single transient
-failure aborts the entire manifest load.
-
-Wrap the remaining os.Open call in readFile in a small Windows-only
-retry for ERROR_INVALID_PARAMETER (5 attempts, 5-80ms backoff). Each
-retry is logged via clog.Warningf and also written to stderr so it is
-visible in CI step output where glog warnings are file-only by default.
-Other platforms keep the direct os.Open path.
----
- siso/toolsupport/ninjautil/file_parser.go     |  3 +-
- siso/toolsupport/ninjautil/openfile_other.go  | 18 +++++++
- .../toolsupport/ninjautil/openfile_windows.go | 50 +++++++++++++++++++
- 3 files changed, 69 insertions(+), 2 deletions(-)
- create mode 100644 siso/toolsupport/ninjautil/openfile_other.go
- create mode 100644 siso/toolsupport/ninjautil/openfile_windows.go
-
-diff --git a/siso/toolsupport/ninjautil/file_parser.go b/siso/toolsupport/ninjautil/file_parser.go
-index 6311666..324528d 100644
---- a/siso/toolsupport/ninjautil/file_parser.go
-+++ b/siso/toolsupport/ninjautil/file_parser.go
-@@ -7,7 +7,6 @@ package ninjautil
- import (
- 	"context"
- 	"fmt"
--	"os"
- 	"runtime/trace"
- 	"sync"
- 	"time"
-@@ -91,7 +90,7 @@ func (p *fileParser) parseFile(ctx context.Context, fname string) error {
- // readFile reads a file of fname in parallel.
- func (p *fileParser) readFile(ctx context.Context, fname string) ([]byte, error) {
- 	defer trace.StartRegion(ctx, "ninja.read").End()
--	f, err := os.Open(fname)
-+	f, err := openFile(ctx, fname)
- 	if err != nil {
- 		return nil, err
- 	}
-diff --git a/siso/toolsupport/ninjautil/openfile_other.go b/siso/toolsupport/ninjautil/openfile_other.go
-new file mode 100644
-index 0000000..9fca690
---- /dev/null
-+++ b/siso/toolsupport/ninjautil/openfile_other.go
-@@ -0,0 +1,18 @@
-+// Copyright 2026 The Chromium Authors
-+// Use of this source code is governed by a BSD-style license that can be
-+// found in the LICENSE file.
-+
-+//go:build !windows
-+
-+package ninjautil
-+
-+import (
-+	"context"
-+	"os"
-+)
-+
-+// openFile opens fname for reading.
-+// See openfile_windows.go for the Windows variant with transient-error retry.
-+func openFile(ctx context.Context, fname string) (*os.File, error) {
-+	return os.Open(fname)
-+}
-diff --git a/siso/toolsupport/ninjautil/openfile_windows.go b/siso/toolsupport/ninjautil/openfile_windows.go
-new file mode 100644
-index 0000000..f9d8e9d
---- /dev/null
-+++ b/siso/toolsupport/ninjautil/openfile_windows.go
-@@ -0,0 +1,50 @@
-+// Copyright 2026 The Chromium Authors
-+// Use of this source code is governed by a BSD-style license that can be
-+// found in the LICENSE file.
-+
-+//go:build windows
-+
-+package ninjautil
-+
-+import (
-+	"context"
-+	"errors"
-+	"fmt"
-+	"os"
-+	"time"
-+
-+	"golang.org/x/sys/windows"
-+
-+	"go.chromium.org/build/siso/o11y/clog"
-+)
-+
-+// openFile opens fname for reading, retrying transient
-+// ERROR_INVALID_PARAMETER failures.
-+//
-+// On Windows, CreateFileW can intermittently return
-+// ERROR_INVALID_PARAMETER when the target lives behind a filesystem
-+// filter driver (e.g. bindflt/wcifs for container bind mounts) under
-+// highly concurrent opens. loadFile fans out across ~90k subninja
-+// files at NumCPU parallelism, so a single transient failure would
-+// otherwise abort the whole manifest load.
-+func openFile(ctx context.Context, fname string) (*os.File, error) {
-+	const maxAttempts = 5
-+	delay := 5 * time.Millisecond
-+	for i := 0; ; i++ {
-+		f, err := os.Open(fname)
-+		if err == nil {
-+			return f, nil
-+		}
-+		if i+1 >= maxAttempts || !errors.Is(err, windows.ERROR_INVALID_PARAMETER) {
-+			return nil, err
-+		}
-+		clog.Warningf(ctx, "open %s: %v; retrying (%d/%d) after %s", fname, err, i+1, maxAttempts, delay)
-+		fmt.Fprintf(os.Stderr, "siso: open %s: %v; retrying (%d/%d) after %s\n", fname, err, i+1, maxAttempts, delay)
-+		select {
-+		case <-time.After(delay):
-+		case <-ctx.Done():
-+			return nil, context.Cause(ctx)
-+		}
-+		delay *= 2
-+	}
-+}
--- 
-2.53.0
-

.github/workflows/apply-patches.yml

@@ -18,7 +18,6 @@ jobs:
       pull-requests: read
     outputs:
       has-patches: ${{ steps.filter.outputs.patches }}
-      build-image-sha: ${{ steps.build-image-sha.outputs.build-image-sha }}
     steps:
     - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
       with:
@@ -34,9 +33,6 @@ jobs:
           patches:
             - DEPS
             - 'patches/**'
-    - name: Set Build Image SHA
-      id: build-image-sha
-      uses: ./.github/actions/build-image-sha
 
   apply-patches:
     needs: setup
@@ -45,7 +41,7 @@ jobs:
     permissions:
       contents: read
     container:
-      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
+      image: ghcr.io/electron/build:eac3529546ea8f3aa356d31e345715eef342233b
       options: --user root
       volumes:
         - /mnt/cross-instance-cache:/mnt/cross-instance-cache

.github/workflows/archaeologist-dig.yml

@@ -17,7 +17,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: Setup Node.js/npm
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f
         with:
           node-version: 24.12.x
       - name: Setting Up Dig Site

.github/workflows/audit-branch-ci.yml

@@ -17,7 +17,7 @@ jobs:
       contents: read
     steps:
       - name: Setup Node.js
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version: 22.17.x
       - name: Sparse checkout repository
@@ -36,7 +36,7 @@ jobs:
             const { chdir } = require('node:process');
             chdir('${{ github.workspace }}/.github/workflows');
 
-            const cache = require('@actions/cache');
+            const cache = await import('@actions/cache');
             const { ElectronVersions } = require('@electron/fiddle-core');
 
             const runsWithErrors = [];

.github/workflows/branch-created.yml

@@ -157,7 +157,7 @@ jobs:
             }))
       - name: Create Release Project Board
         if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: dsanders11/project-actions/copy-project@4b06452b0128cf601dac14399aa668a8eed2d684 # v2.0.1
+        uses: dsanders11/project-actions/copy-project@5767984408ccc6742f83acc8b8d8ea5e09f329af # v2.0.0
         id: create-release-board
         with:
           drafts: true
@@ -170,60 +170,6 @@ jobs:
           template-view: ${{ steps.generate-project-metadata.outputs.template-view }}
           title: ${{ steps.generate-project-metadata.outputs.major }}-x-y
           token: ${{ steps.generate-token.outputs.token }}
-      - name: Randomly Assign Draft Issues to Release WG Members
-        if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: dsanders11/project-actions/github-script@4b06452b0128cf601dac14399aa668a8eed2d684 # v2.0.1
-        env:
-          PROJECT_ID: ${{ steps.create-release-board.outputs.id }}
-        with:
-          token: ${{ steps.generate-token.outputs.token }}
-          script: |
-            const { data: members } = await github.rest.teams.listMembersInOrg({
-              org: 'electron',
-              team_slug: 'wg-releases',
-            });
-
-            const excludedLogins = ['nikwen'];
-            const memberLogins = new Set(members.map(m => m.login));
-            for (const login of excludedLogins) {
-              if (!memberLogins.has(login)) {
-                core.warning(`Excluded member "${login}" is not in @electron/wg-releases`);
-              }
-            }
-
-            const eligible = members.filter(m => !excludedLogins.includes(m.login));
-
-            if (eligible.length === 0) {
-              core.warning('No eligible members found in @electron/wg-releases team');
-              return;
-            }
-
-            const projectId = process.env.PROJECT_ID;
-            const draftIssues = await actions.getDraftIssues(projectId);
-
-            if (draftIssues.length === 0) {
-              core.info('No draft issues found in the project');
-              return;
-            }
-
-            // Fisher-Yates shuffle for uniform random assignment
-            const shuffled = [...eligible];
-            for (let i = shuffled.length - 1; i > 0; i--) {
-              const j = Math.floor(Math.random() * (i + 1));
-              [shuffled[i], shuffled[j]] = [shuffled[j], shuffled[i]];
-            }
-
-            // Assign draft issues round-robin across team members
-            for (let i = 0; i < draftIssues.length; i++) {
-              const member = shuffled[i % shuffled.length];
-              const draftIssue = draftIssues[i];
-              core.info(`Assigning "${draftIssue.content.title}" to ${member.login}`);
-              await actions.editItem(projectId, draftIssue.content.id, {
-                assignees: [member.login],
-              });
-            }
-
-            core.info(`Assigned ${draftIssues.length} draft issues to ${eligible.length} team members`);
       - name: Dump Release Project Board Contents
         if: ${{ steps.check-major-version.outputs.MAJOR }}
         run: gh project item-list ${{ steps.create-release-board.outputs.number }} --owner electron --format json | jq
@@ -231,7 +177,7 @@ jobs:
           GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
       - name: Find Previous Release Project Board
         if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: dsanders11/project-actions/find-project@4b06452b0128cf601dac14399aa668a8eed2d684 # v2.0.1
+        uses: dsanders11/project-actions/find-project@5767984408ccc6742f83acc8b8d8ea5e09f329af # v2.0.0
         id: find-prev-release-board
         with:
           fail-if-project-not-found: false
@@ -239,7 +185,7 @@ jobs:
           token: ${{ steps.generate-token.outputs.token }}
       - name: Close Previous Release Project Board
         if: ${{ steps.find-prev-release-board.outputs.number }}
-        uses: dsanders11/project-actions/close-project@4b06452b0128cf601dac14399aa668a8eed2d684 # v2.0.1
+        uses: dsanders11/project-actions/close-project@5767984408ccc6742f83acc8b8d8ea5e09f329af # v2.0.0
         with:
           project-number: ${{ steps.find-prev-release-board.outputs.number }}
           token: ${{ steps.generate-token.outputs.token }}

.github/workflows/build-git-cache.yml

@@ -2,38 +2,25 @@ name: Build Git Cache
 # This workflow updates git cache on the cross-instance cache volumes
 # It runs daily at midnight.
 
-on:
+on:  
   schedule:
     - cron: "0 0 * * *"
 
 permissions: {}
 
 jobs:
-  setup:
-    if: github.repository == 'electron/electron'
-    runs-on: ubuntu-slim
-    permissions:
-      contents: read
-    outputs:
-      build-image-sha: ${{ steps.build-image-sha.outputs.build-image-sha }}
-    steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-    - name: Set Build Image SHA
-      id: build-image-sha
-      uses: ./.github/actions/build-image-sha
-
   build-git-cache-linux:
-    needs: setup
+    if: github.repository == 'electron/electron'
     runs-on: electron-arc-centralus-linux-amd64-32core
     permissions:
       contents: read
     container:
-      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
+      image: ghcr.io/electron/build:eac3529546ea8f3aa356d31e345715eef342233b
       options: --user root
       volumes:
         - /mnt/cross-instance-cache:/mnt/cross-instance-cache
     env:
-      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
+      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}      
       GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True'
     steps:
     - name: Checkout Electron
@@ -47,12 +34,12 @@ jobs:
         target-platform: linux
 
   build-git-cache-windows:
-    needs: setup
+    if: github.repository == 'electron/electron'
     runs-on: electron-arc-centralus-linux-amd64-32core
     permissions:
       contents: read
     container:
-      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
+      image: ghcr.io/electron/build:eac3529546ea8f3aa356d31e345715eef342233b
       options: --user root --device /dev/fuse --cap-add SYS_ADMIN
       volumes:
         - /mnt/win-cache:/mnt/win-cache
@@ -72,13 +59,14 @@ jobs:
         target-platform: win
 
   build-git-cache-macos:
-    # This job updates the same git cache as linux, so it needs to run after the linux one.
-    needs: [setup, build-git-cache-linux]
+    if: github.repository == 'electron/electron'
     runs-on: electron-arc-centralus-linux-amd64-32core
     permissions:
       contents: read
+    # This job updates the same git cache as linux, so it needs to run after the linux one.
+    needs: build-git-cache-linux
     container:
-      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
+      image: ghcr.io/electron/build:eac3529546ea8f3aa356d31e345715eef342233b
       options: --user root
       volumes:
         - /mnt/cross-instance-cache:/mnt/cross-instance-cache
@@ -94,4 +82,4 @@ jobs:
     - name: Build Git Cache
       uses: ./src/electron/.github/actions/build-git-cache
       with:
-        target-platform: macos
+        target-platform: macos

.github/workflows/build.yml

@@ -6,8 +6,8 @@ on:
       build-image-sha:
         type: string
         description: 'SHA for electron/build image'
-        default: ''
-        required: false
+        default: 'eac3529546ea8f3aa356d31e345715eef342233b'
+        required: true
       skip-macos:
         type: boolean
         description: 'Skip macOS builds'
@@ -48,14 +48,14 @@ permissions: {}
 jobs:
   setup:
     if: github.repository == 'electron/electron'
-    runs-on: ubuntu-slim
+    runs-on: ubuntu-latest
     permissions:
       contents: read
       pull-requests: read
     outputs:
         docs: ${{ steps.filter.outputs.docs }}
         src: ${{ steps.filter.outputs.src }}
-        build-image-sha: ${{ steps.build-image-sha.outputs.build-image-sha }}
+        build-image-sha: ${{ steps.set-output.outputs.build-image-sha }}
         docs-only: ${{ steps.set-output.outputs.docs-only }}
     steps:
     - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
@@ -74,14 +74,14 @@ jobs:
             - CODE_OF_CONDUCT.md
           src:
             - '!{docs,.claude}/**'
-    - name: Set Build Image SHA
-      id: build-image-sha
-      uses: ./.github/actions/build-image-sha
-      with:
-        override: ${{ inputs.build-image-sha }}
-    - name: Set Docs Only
+    - name: Set Outputs for Build Image SHA & Docs Only
       id: set-output
       run: |
+        if [ -z "${{ inputs.build-image-sha }}" ]; then
+          echo "build-image-sha=eac3529546ea8f3aa356d31e345715eef342233b" >> "$GITHUB_OUTPUT"
+        else
+          echo "build-image-sha=${{ inputs.build-image-sha }}" >> "$GITHUB_OUTPUT"
+        fi
         echo "docs-only=${{ steps.filter.outputs.docs == 'true' && steps.filter.outputs.src == 'false' }}" >> "$GITHUB_OUTPUT"
 
   # Lint Jobs
@@ -275,11 +275,10 @@ jobs:
       contents: read
       issues: read
       pull-requests: read
-    uses: ./.github/workflows/pipeline-electron-build-and-tidy-and-test.yml
+    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: checkout-macos
     with:
       build-runs-on: macos-15-xlarge
-      clang-tidy-runs-on: macos-15-large
       test-runs-on: macos-15
       target-platform: macos
       target-arch: arm64
@@ -394,14 +393,12 @@ jobs:
       contents: read
       issues: read
       pull-requests: read
-    uses: ./.github/workflows/pipeline-electron-build-and-tidy-and-test.yml
+    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: [checkout-windows, build-siso-windows]
     if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
     with:
-      build-runs-on: electron-arc-centralus-windows-amd64-32core
-      clang-tidy-runs-on: electron-arc-centralus-linux-amd64-8core
+      build-runs-on: electron-arc-centralus-windows-amd64-16core
       test-runs-on: windows-latest
-      clang-tidy-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-windows.outputs.build-image-sha }}","options":"--user root --device /dev/fuse --cap-add SYS_ADMIN","volumes":["/mnt/win-cache:/mnt/win-cache"]}'
       target-platform: win
       target-arch: x64
       is-release: false
@@ -419,7 +416,7 @@ jobs:
     needs: [checkout-windows, build-siso-windows]
     if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
     with:
-      build-runs-on: electron-arc-centralus-windows-amd64-32core
+      build-runs-on: electron-arc-centralus-windows-amd64-16core
       test-runs-on: windows-latest
       target-platform: win
       target-arch: x86
@@ -438,7 +435,7 @@ jobs:
     needs: [checkout-windows, build-siso-windows]
     if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
     with:
-      build-runs-on: electron-arc-centralus-windows-amd64-32core
+      build-runs-on: electron-arc-centralus-windows-amd64-16core
       test-runs-on: windows-11-arm
       target-platform: win
       target-arch: arm64

.github/workflows/clean-orphaned-cache-uploads.yml

@@ -13,26 +13,13 @@ on:
 permissions: {}
 
 jobs:
-  setup:
-    if: github.repository == 'electron/electron'
-    runs-on: ubuntu-slim
-    permissions:
-      contents: read
-    outputs:
-      build-image-sha: ${{ steps.build-image-sha.outputs.build-image-sha }}
-    steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-    - name: Set Build Image SHA
-      id: build-image-sha
-      uses: ./.github/actions/build-image-sha
-
   clean-orphaned-uploads:
-    needs: setup
+    if: github.repository == 'electron/electron'
     runs-on: electron-arc-centralus-linux-amd64-32core
     permissions:
       contents: read
     container:
-      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
+      image: ghcr.io/electron/build:bc2f48b2415a670de18d13605b1cf0eb5fdbaae1
       options: --user root
       volumes:
         - /mnt/cross-instance-cache:/mnt/cross-instance-cache

.github/workflows/clean-src-cache.yml

@@ -12,28 +12,15 @@ on:
 permissions: {}
 
 jobs:
-  setup:
-    if: github.repository == 'electron/electron'
-    runs-on: ubuntu-slim
-    permissions:
-      contents: read
-    outputs:
-      build-image-sha: ${{ steps.build-image-sha.outputs.build-image-sha }}
-    steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-    - name: Set Build Image SHA
-      id: build-image-sha
-      uses: ./.github/actions/build-image-sha
-
   clean-src-cache:
-    needs: setup
+    if: github.repository == 'electron/electron'
     runs-on: electron-arc-centralus-linux-amd64-32core
     permissions:
       contents: read
     env:
       DD_API_KEY: ${{ secrets.DD_API_KEY }}
     container:
-      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
+      image: ghcr.io/electron/build:bc2f48b2415a670de18d13605b1cf0eb5fdbaae1
       options: --user root
       volumes:
         - /mnt/cross-instance-cache:/mnt/cross-instance-cache

.github/workflows/issue-labeled.yml

@@ -21,7 +21,7 @@ jobs:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
           org: electron
       - name: Set status
-        uses: dsanders11/project-actions/edit-item@4b06452b0128cf601dac14399aa668a8eed2d684 # v2.0.1
+        uses: dsanders11/project-actions/edit-item@5767984408ccc6742f83acc8b8d8ea5e09f329af # v2.0.0
         with:
           token: ${{ steps.generate-token.outputs.token }}
           project-number: 90
@@ -42,7 +42,7 @@ jobs:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
           org: electron
       - name: Set status
-        uses: dsanders11/project-actions/edit-item@4b06452b0128cf601dac14399aa668a8eed2d684 # v2.0.1
+        uses: dsanders11/project-actions/edit-item@5767984408ccc6742f83acc8b8d8ea5e09f329af # v2.0.0
         with:
           token: ${{ steps.generate-token.outputs.token }}
           project-number: 90

.github/workflows/issue-opened.yml

@@ -20,7 +20,7 @@ jobs:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
           org: electron
       - name: Add to Issue Triage
-        uses: dsanders11/project-actions/add-item@4b06452b0128cf601dac14399aa668a8eed2d684 # v2.0.1
+        uses: dsanders11/project-actions/add-item@5767984408ccc6742f83acc8b8d8ea5e09f329af # v2.0.0
         with:
           field: Reporter
           field-value: ${{ github.event.issue.user.login }}

.github/workflows/issue-transferred.yml

@@ -20,7 +20,7 @@ jobs:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
           org: electron
       - name: Remove from issue triage
-        uses: dsanders11/project-actions/delete-item@4b06452b0128cf601dac14399aa668a8eed2d684 # v2.0.1
+        uses: dsanders11/project-actions/delete-item@5767984408ccc6742f83acc8b8d8ea5e09f329af # v2.0.0
         with:
           token: ${{ steps.generate-token.outputs.token }}
           project-number: 90

.github/workflows/issue-unlabeled.yml

@@ -33,7 +33,7 @@ jobs:
           org: electron
       - name: Set status
         if: ${{ steps.check-for-blocked-labels.outputs.NOT_BLOCKED }}
-        uses: dsanders11/project-actions/edit-item@4b06452b0128cf601dac14399aa668a8eed2d684 # v2.0.1
+        uses: dsanders11/project-actions/edit-item@5767984408ccc6742f83acc8b8d8ea5e09f329af # v2.0.0
         with:
           token: ${{ steps.generate-token.outputs.token }}
           project-number: 90

.github/workflows/linux-publish.yml

@@ -6,8 +6,7 @@ on:
       build-image-sha:
         type: string
         description: 'SHA for electron/build image'
-        default: ''
-        required: false
+        default: 'eac3529546ea8f3aa356d31e345715eef342233b'
       upload-to-storage:
         description: 'Uploads to Azure storage'
         required: false
@@ -21,28 +20,13 @@ on:
 permissions: {}
 
 jobs:
-  setup:
-    if: github.repository == 'electron/electron'
-    runs-on: ubuntu-slim
-    permissions:
-      contents: read
-    outputs:
-      build-image-sha: ${{ steps.build-image-sha.outputs.build-image-sha }}
-    steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-    - name: Set Build Image SHA
-      id: build-image-sha
-      uses: ./.github/actions/build-image-sha
-      with:
-        override: ${{ inputs.build-image-sha }}
-
   checkout-linux:
-    needs: setup
+    if: github.repository == 'electron/electron'
     runs-on: electron-arc-centralus-linux-amd64-32core
     permissions:
       contents: read
     container:
-      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
+      image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
       options: --user root
       volumes:
         - /mnt/cross-instance-cache:/mnt/cross-instance-cache
@@ -66,11 +50,11 @@ jobs:
       attestations: write
       contents: read
       id-token: write
-    needs: [setup, checkout-linux]
+    needs: checkout-linux
     with:
       environment: production-release
       build-runs-on: electron-arc-centralus-linux-amd64-32core
-      build-container: '{"image":"ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
+      build-container: '{"image":"ghcr.io/electron/build:${{ inputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
       target-platform: linux
       target-arch: x64
       is-release: true
@@ -86,11 +70,11 @@ jobs:
       attestations: write
       contents: read
       id-token: write
-    needs: [setup, checkout-linux]
+    needs: checkout-linux
     with:
       environment: production-release
       build-runs-on: electron-arc-centralus-linux-amd64-32core
-      build-container: '{"image":"ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
+      build-container: '{"image":"ghcr.io/electron/build:${{ inputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
       target-platform: linux
       target-arch: arm
       is-release: true
@@ -106,11 +90,11 @@ jobs:
       attestations: write
       contents: read
       id-token: write
-    needs: [setup, checkout-linux]
+    needs: checkout-linux
     with:
       environment: production-release
       build-runs-on: electron-arc-centralus-linux-amd64-32core
-      build-container: '{"image":"ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
+      build-container: '{"image":"ghcr.io/electron/build:${{ inputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
       target-platform: linux
       target-arch: arm64
       is-release: true

.github/workflows/macos-publish.yml

@@ -6,8 +6,8 @@ on:
       build-image-sha:
         type: string
         description: 'SHA for electron/build image'
-        default: ''
-        required: false
+        default: 'eac3529546ea8f3aa356d31e345715eef342233b'
+        required: true
       upload-to-storage:
         description: 'Uploads to Azure storage'
         required: false
@@ -21,28 +21,13 @@ on:
 permissions: {}
 
 jobs:
-  setup:
-    if: github.repository == 'electron/electron'
-    runs-on: ubuntu-slim
-    permissions:
-      contents: read
-    outputs:
-      build-image-sha: ${{ steps.build-image-sha.outputs.build-image-sha }}
-    steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-    - name: Set Build Image SHA
-      id: build-image-sha
-      uses: ./.github/actions/build-image-sha
-      with:
-        override: ${{ inputs.build-image-sha }}
-
   checkout-macos:
-    needs: setup
+    if: github.repository == 'electron/electron'
     runs-on: electron-arc-centralus-linux-amd64-32core
     permissions:
       contents: read
     container:
-      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
+      image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
       options: --user root
       volumes:
         - /mnt/cross-instance-cache:/mnt/cross-instance-cache

.github/workflows/package.json

@@ -4,7 +4,7 @@
   "private": true,
   "type": "module",
   "dependencies": {
-    "@actions/cache": "^4.0.3",
+    "@actions/cache": "^6.0.0",
     "@electron/fiddle-core": "^2.0.1",
     "mdast-util-from-markdown": "^2.0.0",
     "semver": "^7.7.2",

.github/workflows/pipeline-segment-electron-build.yml

@@ -123,7 +123,7 @@ jobs:
       run: df -h
     - name: Setup Node.js/npm
       if: ${{ inputs.target-platform == 'macos' }}
-      uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
+      uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f
       with:
         node-version: 22.21.x
         cache: yarn

.github/workflows/pipeline-segment-electron-clang-tidy.yml

@@ -137,32 +137,13 @@ jobs:
       run: |
         e init -f --root=$(pwd) --out=${ELECTRON_OUT_DIR} testing --target-cpu ${TARGET_ARCH} --remote-build none
 
-        # For macOS use_remoteexec=false will cause GN errors, so even though we're doing no remote build, set it
-        export GN_EXTRA_ARGS="use_remoteexec=true target_cpu=\"${TARGET_ARCH}\""
+        export GN_EXTRA_ARGS="target_cpu=\"${TARGET_ARCH}\""
         if [ "${{ inputs.target-platform }}" = "win" ]; then
           export GN_EXTRA_ARGS="$GN_EXTRA_ARGS use_v8_context_snapshot=true target_os=\"win\""
         fi
 
         e build --only-gen
 
-        # Copy macOS framework headers so clang-tidy can find them via -F.
-        # This must happen after e build --only-gen since e init -f may
-        # recreate the output directory.
-        if [ "${{ inputs.target-platform }}" = "macos" ]; then
-          OUT=src/out/${ELECTRON_OUT_DIR}
-          SQRL=src/third_party/squirrel.mac
-
-          mkdir -p ${OUT}/{ReactiveObjC,Squirrel,Mantle}.framework/Headers
-
-          cp ${SQRL}/vendor/ReactiveObjC/ReactiveObjC/*.h ${OUT}/ReactiveObjC.framework/Headers/
-          cp ${SQRL}/vendor/ReactiveObjC/ReactiveObjC/extobjc/*.h ${OUT}/ReactiveObjC.framework/Headers/
-
-          cp ${SQRL}/Squirrel/*.h ${OUT}/Squirrel.framework/Headers/
-
-          cp ${SQRL}/vendor/Mantle/Mantle/include/*.h ${OUT}/Mantle.framework/Headers/
-          cp ${SQRL}/vendor/Mantle/Mantle/extobjc/include/*.h ${OUT}/Mantle.framework/Headers/
-        fi
-
         cd src/electron
         node script/yarn.js lint:clang-tidy --jobs 8 --out-dir ../out/${ELECTRON_OUT_DIR}
     - name: Remove Clang problem matcher

.github/workflows/pipeline-segment-electron-publish.yml

@@ -131,7 +131,7 @@ jobs:
         run: df -h
       - name: Setup Node.js/npm
         if: ${{ inputs.target-platform == 'macos' }}
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f
         with:
           node-version: 22.21.x
           cache: yarn

.github/workflows/pipeline-segment-electron-test.yml

@@ -79,7 +79,7 @@ jobs:
         cp $(which node) /mnt/runner-externals/node24/bin/
     - name: Setup Node.js/npm
       if: ${{ inputs.target-platform == 'win' }}
-      uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
+      uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f
       with:
         node-version: 22.21.x
     - name: Add TCC permissions on macOS

.github/workflows/pr-triage-automation.yml

@@ -37,7 +37,7 @@ jobs:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
           org: electron
       - name: Get project item status
-        uses: dsanders11/project-actions/get-item@4b06452b0128cf601dac14399aa668a8eed2d684 # v2.0.1
+        uses: dsanders11/project-actions/get-item@5767984408ccc6742f83acc8b8d8ea5e09f329af # v2.0.0
         id: get-item
         with:
           token: ${{ steps.generate-token.outputs.token }}
@@ -47,7 +47,7 @@ jobs:
         if: >-
           (steps.get-item.outputs.field-status == '🛑 Needs Submitter Response'
           || steps.get-item.outputs.field-status == '🟡 WIP')
-        uses: dsanders11/project-actions/edit-item@4b06452b0128cf601dac14399aa668a8eed2d684 # v2.0.1
+        uses: dsanders11/project-actions/edit-item@5767984408ccc6742f83acc8b8d8ea5e09f329af # v2.0.0
         with:
           token: ${{ steps.generate-token.outputs.token }}
           project-number: 118

.github/workflows/pull-request-labeled.yml

@@ -42,7 +42,7 @@ jobs:
           creds: ${{ secrets.RELEASE_BOARD_GH_APP_CREDS }}
           org: electron
       - name: Set status
-        uses: dsanders11/project-actions/edit-item@4b06452b0128cf601dac14399aa668a8eed2d684 # v2.0.1
+        uses: dsanders11/project-actions/edit-item@5767984408ccc6742f83acc8b8d8ea5e09f329af # v2.0.0
         with:
           token: ${{ steps.generate-token.outputs.token }}
           project-number: 94

.github/workflows/scorecards.yml

@@ -51,6 +51,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v3.29.5
+        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v3.29.5
         with:
           sarif_file: results.sarif

.github/workflows/stable-prep-items.yml

@@ -29,7 +29,7 @@ jobs:
           PROJECT_NUMBER=$(gh project list --owner electron --format json | jq -r '.projects | map(select(.title | test("^[0-9]+-x-y$"))) | max_by(.number) | .number')
           echo "PROJECT_NUMBER=$PROJECT_NUMBER" >> "$GITHUB_OUTPUT"
       - name: Update Completed Stable Prep Items
-        uses: dsanders11/project-actions/completed-by@4b06452b0128cf601dac14399aa668a8eed2d684 # v2.0.1
+        uses: dsanders11/project-actions/completed-by@5767984408ccc6742f83acc8b8d8ea5e09f329af # v2.0.0
         with:
           field: Prep Status
           field-value: ✅ Complete

.github/workflows/windows-publish.yml

@@ -6,8 +6,8 @@ on:
       build-image-sha:
         type: string
         description: 'SHA for electron/build image'
-        default: ''
-        required: false
+        default: 'eac3529546ea8f3aa356d31e345715eef342233b'
+        required: true
       upload-to-storage:
         description: 'Uploads to Azure storage'
         required: false
@@ -21,28 +21,13 @@ on:
 permissions: {}
 
 jobs:
-  setup:
-    if: github.repository == 'electron/electron'
-    runs-on: ubuntu-slim
-    permissions:
-      contents: read
-    outputs:
-      build-image-sha: ${{ steps.build-image-sha.outputs.build-image-sha }}
-    steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-    - name: Set Build Image SHA
-      id: build-image-sha
-      uses: ./.github/actions/build-image-sha
-      with:
-        override: ${{ inputs.build-image-sha }}
-
   checkout-windows:
-    needs: setup
+    if: github.repository == 'electron/electron'
     runs-on: electron-arc-centralus-linux-amd64-32core
     permissions:
       contents: read
     container:
-      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
+      image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
       options: --user root --device /dev/fuse --cap-add SYS_ADMIN
       volumes:
         - /mnt/win-cache:/mnt/win-cache
@@ -52,6 +37,8 @@ jobs:
       GCLIENT_EXTRA_ARGS: '--custom-var=checkout_win=True'
       TARGET_OS: 'win'
       ELECTRON_DEPOT_TOOLS_WIN_TOOLCHAIN: '1'
+    outputs:
+      build-image-sha: ${{ inputs.build-image-sha }}
     steps:
     - name: Checkout Electron
       uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
@@ -67,7 +54,7 @@ jobs:
   # Build the patched siso binary in parallel with checkout-windows; the
   # publish-*-win jobs consume it via SISO_PATH.
   build-siso-windows:
-    needs: setup
+    if: github.repository == 'electron/electron'
     uses: ./.github/workflows/pipeline-segment-build-siso-windows.yml
     permissions:
       contents: read
@@ -82,7 +69,7 @@ jobs:
     needs: [checkout-windows, build-siso-windows]
     with:
       environment: production-release
-      build-runs-on: electron-arc-centralus-windows-amd64-32core
+      build-runs-on: electron-arc-centralus-windows-amd64-16core
       target-platform: win
       target-arch: x64
       is-release: true
@@ -101,7 +88,7 @@ jobs:
     needs: [checkout-windows, build-siso-windows]
     with:
       environment: production-release
-      build-runs-on: electron-arc-centralus-windows-amd64-32core
+      build-runs-on: electron-arc-centralus-windows-amd64-16core
       target-platform: win
       target-arch: arm64
       is-release: true
@@ -120,7 +107,7 @@ jobs:
     needs: [checkout-windows, build-siso-windows]
     with:
       environment: production-release
-      build-runs-on: electron-arc-centralus-windows-amd64-32core
+      build-runs-on: electron-arc-centralus-windows-amd64-16core
       target-platform: win
       target-arch: x86
       is-release: true

.yarn/README.md

@@ -1,82 +0,0 @@
-# Vendored Yarn release
-
-This directory holds the Yarn release used by this repo (`yarnPath` in
-`.yarnrc.yml`). The release file is checked in so every contributor and CI job
-runs the exact same Yarn, and so we can carry small local patches when needed.
-
-`releases/yarn-4.12.0.cjs` currently carries one such patch, described below.
-If you bump the Yarn version, read the **Upgrading Yarn** section first.
-
-## Patch: use `JsZipImpl` for the node-modules link step
-
-### What changed
-
-Two call sites in `releases/yarn-4.12.0.cjs` are modified so the
-`node-modules` linker (and the `pnpm`-loose linker) construct their read-only
-`ZipOpenFS` with `customZipImplementation: ST` — Yarn's pure-JS `JsZipImpl` —
-instead of falling through to the default WASM-backed `LibZipImpl`:
-
-```text
-new $f({maxOpenFiles:80,readOnlyArchives:!0})
-  → new $f({maxOpenFiles:80,readOnlyArchives:!0,customZipImplementation:ST})
-```
-
-A comment block at the top of the `.cjs` file marks the file as patched and
-points back here.
-
-### Why
-
-On the `linux-arm` CI test shards we run a 32-bit `arm32v7` container. During
-`yarn install`'s **Link step**, Yarn opens up to 80 cache zips concurrently.
-With `LibZipImpl`, each open zip is `readFileSync`'d into a Node `Buffer`
-**and copied again into the WASM linear memory**, and every file read does a
-WASM `_malloc(size)` for the entry. The WASM heap has to grow as a single
-contiguous region of the 32-bit address space; once enough zips are resident,
-the `_malloc` for a large entry — most often `typescript/lib/typescript.js`
-(~9 MB inside a ~22 MB zip) — fails.
-
-Yarn's cross-FS `copyFilePromise` swallows the underlying error and re-throws
-a generic one, so CI shows:
-
-```text
-YN0001: While persisting .../typescript-patch-...zip/node_modules/typescript/
-  EINVAL: invalid argument, copyfile '/node_modules/typescript/lib/typescript.js' -> '...'
-```
-
-The unmasked form (occasionally seen on `pdfjs-dist`) is the WASM-heap failure
-string `Couldn't allocate enough memory`. This started failing ~1-in-3
-`linux-arm / test` shards at **Install Dependencies** on 2026-04-13, after
-[#50692](https://github.com/electron/electron/pull/50692) grew the cache enough
-to push the 32-bit process over the edge nondeterministically — e.g.
-[run 24739817558](https://github.com/electron/electron/actions/runs/24739817558/job/72380803746).
-
-`JsZipImpl` avoids the problem entirely: it opens the zip by file descriptor,
-reads only the central directory into memory, and `readSync`s individual
-entries into ordinary Node `Buffer`s — **no WASM heap involved**. It is
-read-only and path-based, which is exactly how the linker uses these archives.
-
-There is no `.yarnrc.yml` setting or environment variable to select the zip
-implementation (verified against the bundle), so editing the vendored release
-is the only way to switch it short of re-implementing the linker in a plugin.
-
-Upstream references:
-[yarnpkg/berry#3972](https://github.com/yarnpkg/berry/issues/3972),
-[yarnpkg/berry#6722](https://github.com/yarnpkg/berry/issues/6722),
-[yarnpkg/berry#6550](https://github.com/yarnpkg/berry/issues/6550).
-
-### Upgrading Yarn
-
-When bumping `releases/yarn-*.cjs`:
-
-1. Check whether upstream now defaults `readOnlyArchives` opens to `JsZipImpl`,
-   or exposes a config knob for the zip implementation. If so, drop this patch.
-2. Otherwise, re-apply: search the new bundle for
-   `maxOpenFiles:80,readOnlyArchives:!0` (the surrounding minified identifiers
-   will differ) and add `,customZipImplementation:<JsZipImpl symbol>` — that
-   symbol is whatever the new bundle exports as `JsZipImpl` from
-   `@yarnpkg/libzip`.
-3. Re-add the header comment pointing back to this README.
-4. Verify with
-   `rm -rf node_modules spec/node_modules && node script/yarn.js install --immutable --mode=skip-build`
-   and confirm `node_modules/typescript/lib/typescript.js` is byte-identical to
-   an unpatched install.

BUILD.gn

@@ -105,25 +105,21 @@ electron_mac_bundle_id = branding.mac_bundle_id
 if (override_electron_version != "") {
   electron_version = override_electron_version
 } else {
-  # When building from a source code tarball there is no git tag available and
+  # When building from source code tarball there is no git tag available and
   # builders must explicitly pass override_electron_version in gn args.
-  #
-  # Resolve the real locations of packed-refs and HEAD via git so that this
-  # also works when electron/ is a `git worktree` (where .git is a file, not a
-  # directory, and GN's read_file cannot follow the gitdir indirection).
-  electron_git_ref_paths =
-      exec_script("script/get-git-ref-paths.py", [], "list lines")
-
   # This read_file call will assert if there is no git information, without it
   # gn will generate a malformed build configuration and ninja will get into
   # infinite loop.
-  read_file(electron_git_ref_paths[0], "string")
+  read_file(".git/packed-refs", "string")
 
   # Set electron version from git tag.
   electron_version = exec_script("script/get-git-version.py",
                                  [],
                                  "trim string",
-                                 electron_git_ref_paths)
+                                 [
+                                   ".git/packed-refs",
+                                   ".git/HEAD",
+                                 ])
 }
 
 if (is_mas_build) {
@@ -499,10 +495,8 @@ source_set("electron_lib") {
     "//components/certificate_transparency",
     "//components/compose:buildflags",
     "//components/embedder_support:user_agent",
-    "//components/heap_profiling/multi_process",
     "//components/input",
     "//components/language/core/browser",
-    "//components/memory_system",
     "//components/net_log",
     "//components/network_hints/browser",
     "//components/network_hints/common:mojo_bindings",

DEPS

@@ -4,7 +4,7 @@ vars = {
   'chromium_version':
     '148.0.7778.0',
   'node_version':
-    'v24.15.0',
+    'v24.14.1',
   'nan_version':
     '675cefebca42410733da8a454c8d9391fcebfbc2',
   'squirrel.mac_version':

docs/api/content-tracing.md

@@ -124,65 +124,4 @@ Returns `Promise<Object>` - Resolves with an object containing the `value` and `
 Get the maximum usage across processes of trace buffer as a percentage of the
 full state.
 
-### `contentTracing.enableHeapProfiling([options])` _Experimental_
-
-<!--
-```YAML history
-added:
-  - pr-url: https://github.com/electron/electron/pull/50826
-```
--->
-
-* `options` ([EnableHeapProfilingOptions](structures/enable-heap-profiling-options.md)) (optional)
-
-Returns `Promise<void>` - Resolves once heap profiling has been enabled.
-
-Enable [heap profiling](https://chromium.googlesource.com/chromium/src/+/lkgr/docs/memory-infra/heap_profiler.md)
-for MemoryInfra traces. Equivalent to the `--memlog` switch in Chrome.
-
-Only takes effect if the `disabled-by-default-memory-infra` category is included.
-
-Needs to be called before `contentTracing.startRecording()`.
-
-Usage:
-
-```js
-const { contentTracing } = require('electron')
-
-async function recordTrace () {
-  await contentTracing.enableHeapProfiling()
-  await contentTracing.startRecording({
-    included_categories: ['disabled-by-default-memory-infra'],
-    excluded_categories: ['*'],
-    memory_dump_config: {
-      triggers: [
-        { mode: 'detailed', periodic_interval_ms: 1000 }
-      ]
-    }
-  })
-
-  await new Promise(resolve => setTimeout(resolve, 5000))
-
-  const filePath = await contentTracing.stopRecording()
-}
-```
-
-To view the recorded heap dumps:
-
-1. Download the breakpad symbols for your Electron version from the Electron GitHub
-   [releases](https://github.com/electron/electron/releases)
-2. Clone the [Electron source code](../development/build-instructions-gn.md)
-3. In your Chromium checkout for Electron, run this command to symbolicate the heap dump:
-
-   ```bash
-   python3 third_party/catapult/tracing/bin/symbolize_trace --use-breakpad-symbols --breakpad-symbols-directory /path/to/breakpad_symbols /path/to/trace.json
-   ```
-
-4. Open the symbolicated trace in `chrome://tracing` (the Perfetto UI does not support memory dumps
-   yet)
-5. Click on one of the `M` symbols
-6. Click on a `☰` triple bar icon (e.g., in the `malloc` column)
-
-<img src="../images/viewing-heap-dumps.png" alt="Screenshot showing how to view a heapdump in Chromium's tracing view" />
-
 [trace viewer]: https://chromium.googlesource.com/catapult/+/HEAD/tracing/README.md

docs/api/session.md

@@ -650,7 +650,7 @@ Clears the session’s HTTP cache.
     `scheme://host:port`.
   * `storages` string[] (optional) - The types of storages to clear, can be
     `cookies`, `filesystem`, `indexdb`, `localstorage`,
-    `shadercache`, `serviceworkers`, `cachestorage`. If not
+    `shadercache`, `websql`, `serviceworkers`, `cachestorage`. If not
     specified, clear all storage types.
 
 Returns `Promise<void>` - resolves when the storage data has been cleared.

docs/api/structures/enable-heap-profiling-options.md

@@ -1,26 +0,0 @@
-# EnableHeapProfilingOptions Object
-
-* `mode` string (optional) - Controls which processes are profiled. Equivalent to `--memlog` in
-  Chrome. Default is `all`.
-  * `all` - Profile all processes.
-  * `browser` - Profile only the browser process.
-  * `gpu` - Profile only the GPU process.
-  * `minimal` - Profile only the browser and GPU processes.
-  * `renderer-sampling` - Profile at most 1 renderer process. Each renderer process has a fixed
-    probability of being profiled when the renderer process is started or, for existing processes,
-    when heap profiling is enabled.
-  * `all-renderers` - Profile all renderer processes.
-  * `utility-sampling` - Each utility process has a fixed probability of being profiled.
-  * `all-utilities` - Profile all utility processes.
-  * `utility-and-browser` - Profile all utility processes and the browser process.
-* `samplingRate` number (optional) - Controls the sampling interval in bytes. The lower the
-  interval, the more precise the profile is. However it comes at the cost of performance. Default
-  is `100000` (100KB). That is enough to observe allocation sites that make allocations >500KB
-  total, where total equals to a single allocation size times the number of such allocations at the
-  same call site. Equivalent to `--memlog-sampling-rate` in Chrome. Must be an integer between
-  `1000` and `10000000`.
-* `stackMode` string (optional) - Controls the type of metadata recorded for each allocation.
-  Equivalent to `--memlog-stack-mode` in Chrome. Default is `native`.
-  * `native` - Instruction addresses from unwinding the stack.
-  * `native-with-thread-names` - Instruction addresses from unwinding the stack. Includes the thread
-    name as the first frame.

docs/api/structures/shared-texture-import-texture-info.md

@@ -5,7 +5,6 @@
   * `rgba` - 32bpp RGBA (byte-order), 1 plane.
   * `rgbaf16` - Half float RGBA, 1 plane.
   * `nv12` - 12bpp with Y plane followed by a 2x2 interleaved UV plane.
-  * `nv16` - 16bpp with Y plane followed by a 2x1 interleaved UV plane.
   * `p010le` - 4:2:0 10-bit YUV (little-endian), Y plane followed by a 2x2 interleaved UV plane.
 * `colorSpace` [ColorSpace](color-space.md) (optional) - The color space of the texture.
 * `codedSize` [Size](size.md) - The full dimensions of the shared texture.

docs/api/web-contents.md

@@ -2275,20 +2275,6 @@ Returns `Integer` - The Chromium internal `pid` of the associated renderer. Can
 be compared to the `frameProcessId` passed by frame specific navigation events
 (e.g. `did-frame-navigate`)
 
-#### `contents.clone()`
-
-Returns `WebContents` - A cloned WebContents instance. This method creates a copy
-of the WebContents with the following attributes:
-
-* **WebPreferences** - All preferences from the original WebContents are copied
-* **SiteInstance** - Uses the same SiteInstance as the original. This means the cloned WebContents will reuse the same render process as the original when loading same-origin pages, and only spawn a new render process for cross-origin navigations. This process allocation behavior is consistent with window.open and tab duplication in Chromium. For more details, see [Chromium's Site Isolation](https://www.chromium.org/developers/design-documents/site-isolation/) design document.
-* **Opener relationship** - Inherits the opener (window.opener) relationship
-* **Navigation state** - Copies the navigation history and controller state
-
-The cloned WebContents is an independent instance with its own lifecycle that can be destroyed separately and will not contain any open web pages.
-
-This API is useful for use cases where you want to create a new WebContents that shares the same render process with the original for same-origin content, while maintaining full lifecycle independence. Additionally, reusing the existing render process can help optimize memory usage and page load speed to a certain extent, as it eliminates the overhead of spawning and initializing a new render process from scratch.
-
 #### `contents.takeHeapSnapshot(filePath)`
 
 * `filePath` string - Path to the output file.

docs/tutorial/electron-timelines.md

@@ -2,53 +2,28 @@
 
 Electron frequently releases major versions alongside every other Chromium release.
 This document focuses on the release cadence and version support policy.
-
-> [!TIP]
-> See the [Electron Versioning](./electron-versioning.md) document for more details
-> on how Electron is versioned.
+For a more in-depth guide on our git branches and how Electron uses semantic versions,
+check out our [Electron Versioning](./electron-versioning.md) doc.
 
 ## Timeline
 
 [Electron's Release Schedule](https://releases.electronjs.org/schedule) lists a schedule of Electron major releases showing key milestones including alpha, beta, and stable release dates, as well as end-of-life dates and dependency versions.
 
-> [!IMPORTANT]
-> Electron's official support policy is the latest 3 stable releases. Our stable
-> release and end-of-life dates are determined by Chromium, and may be subject to
-> change. While we try to keep our planned release and end-of-life dates frequently
-> updated here, future dates may change if affected by upstream scheduling changes,
-> and may not always be accurately reflected.
->
-> See [Chromium's public release schedule](https://chromiumdash.appspot.com/schedule) for
-> definitive information about Chromium's scheduled release dates.
+:::info Official support dates may change
 
-Electron's cadence between major version releases is 8 weeks long. Before each major
-version hits stable, it goes through a four-week **alpha** phase and a four-week
-**beta** phase.
+Electron's official support policy is the latest 3 stable releases. Our stable
+release and end-of-life dates are determined by Chromium, and may be subject to
+change. While we try to keep our planned release and end-of-life dates frequently
+updated here, future dates may change if affected by upstream scheduling changes,
+and may not always be accurately reflected.
 
-```mermaid
-gantt
-    title Electron release cycle
-    dateFormat  YYYY-MM-DD
-    axisFormat  Week %W
-    todayMarker off
-    section v41
-    Alpha phase                    :a1, 2026-01-19, 4w
-    M146 enters Chrome beta        :milestone, bm1, after a1, 0d
-    Beta phase                     :b1, after a1, 4w
-    M146 enters Chrome stable      :milestone, s1, after b1, 0d
-    Supported until v44 release    :active, after b1, 12w
-    section v42
-    Alpha phase                    :a2, after b1, 4w
-    M148 enters Chrome beta        :milestone, bm2, after a2, 0d
-    Beta phase                     :b2, after a2, 4w
-    M148 enters Chrome stable      :milestone, s2, after b2, 0d
-    Supported until v45 release    :active, after b2, 4w
-```
+ See [Chromium's public release schedule](https://chromiumdash.appspot.com/schedule) for
+ definitive information about Chromium's scheduled release dates.
+
+ :::
 
 **Notes:**
 
-* Alphas are generally less stable than beta releases. The cutoff between the two
-  corresponds to when the underlying Chromium version enters Chrome's Beta channel.
 * The `-alpha.1`, `-beta.1`, and `stable` dates are our solid release dates.
 * We strive for weekly alpha/beta releases, but we often release more than scheduled.
 * All dates are our goals but there may be reasons for adjusting the stable deadline, such as security bugs.
@@ -63,11 +38,10 @@ gantt
 ## Version support policy
 
 The latest three _stable_ major versions are supported by the Electron team.
-
-For example, if the latest release is 42.1.x, then the 41.0.x as well
-as the 40.2.x series are supported. We only support the latest minor release
+For example, if the latest release is 6.1.x, then the 5.0.x as well
+as the 4.2.x series are supported. We only support the latest minor release
 for each stable release series. This means that in the case of a security fix,
-42.1.x will receive the fix, but we will not release a new version of 42.0.x.
+6.1.x will receive the fix, but we will not release a new version of 6.0.x.
 
 The latest stable release unilaterally receives all fixes from `main`,
 and the version prior to that receives the vast majority of those fixes
@@ -76,8 +50,11 @@ only security fixes directly.
 
 ### Chromium version support
 
-> [!TIP]
-> Chromium's public release schedule is [here](https://chromiumdash.appspot.com/schedule).
+:::info Chromium release schedule
+
+Chromium's public release schedule is [here](https://chromiumdash.appspot.com/schedule).
+
+:::
 
 Electron targets Chromium even-number versions, releasing every 8 weeks in concert
 with Chromium's 4-week release schedule. For example, Electron 26 uses Chromium 116, while Electron 27 uses Chromium 118.
@@ -105,7 +82,3 @@ and that number is reduced to two in major version 10, the three-argument versio
 continue to work until, at minimum, major version 12. Past the minimum two-version
 threshold, we will attempt to support backwards compatibility beyond two versions
 until the maintainers feel the maintenance burden is too high to continue doing so.
-
-> [!TIP]
-> For a canonical list of breaking changes, see the [Breaking Changes](../breaking-changes.md)
-> document.

docs/tutorial/electron-versioning.md

@@ -14,6 +14,18 @@ To update an existing project to use the latest stable version:
 npm install --save-dev electron@latest
 ```
 
+## Versioning scheme
+
+There are several major changes from our 1.x strategy outlined below. Each change is intended to satisfy the needs and priorities of developers/maintainers and app developers.
+
+1. Strict use of the [SemVer](#semver) spec
+2. Introduction of semver-compliant `-beta` tags
+3. Introduction of [conventional commit messages](https://conventionalcommits.org/)
+4. Well-defined stabilization branches
+5. The `main` branch is versionless; only stabilization branches contain version information
+
+We will cover in detail how git branching works, how npm tagging works, what developers should expect to see, and how one can backport changes.
+
 ## SemVer
 
 Below is a table explicitly mapping types of changes to their corresponding category of SemVer (e.g. Major, Minor, Patch).
@@ -22,7 +34,7 @@ Below is a table explicitly mapping types of changes to their corresponding cate
 | ------------------------------- | ---------------------------------- | ----------------------------- |
 | Electron breaking API changes   | Electron non-breaking API changes  | Electron bug fixes            |
 | Node.js major version updates   | Node.js minor version updates      | Node.js patch version updates |
-| Chromium version updates        |                                    | fix-related Chromium patches  |
+| Chromium version updates        |                                    | fix-related chromium patches  |
 
 For more information, see the [Semantic Versioning 2.0.0](https://semver.org/) spec.
 
@@ -32,189 +44,68 @@ Note that most Chromium updates will be considered breaking. Fixes that can be b
 
 Stabilization branches are branches that run parallel to `main`, taking in only cherry-picked commits that are related to security or stability. These branches are never merged back to `main`.
 
-```mermaid
-gitGraph
-    commit
-    commit
-    branch N-x-y
-    checkout main
-    commit id:"fix-1"
-    checkout N-x-y
-    cherry-pick id:"fix-1"
-    checkout main
-    commit id:"fix-2"
-    checkout N-x-y
-    cherry-pick id:"fix-2"
-    checkout main
-    commit
-    commit
+![Stabilization Branches](../images/versioning-sketch-1.png)
+
+Since Electron 8, stabilization branches are always **major** version lines, and named against the following template `$MAJOR-x-y` e.g. `8-x-y`.  Prior to that we used **minor** version lines and named them as `$MAJOR-$MINOR-x` e.g. `2-0-x`.
+
+We allow for multiple stabilization branches to exist simultaneously, one for each supported version. For more details on which versions are supported, see our [Electron Releases](./electron-timelines.md) doc.
+
+![Multiple Stability Branches](../images/versioning-sketch-2.png)
+
+Older lines will not be supported by the Electron project, but other groups can take ownership and backport stability and security fixes on their own. We discourage this, but recognize that it makes life easier for many app developers.
+
+## Beta releases and bug fixes
+
+Developers want to know which releases are _safe_ to use. Even seemingly innocent features can introduce regressions in complex applications. At the same time, locking to a fixed version is dangerous because you’re ignoring security patches and bug fixes that may have come out since your version. Our goal is to allow the following standard semver ranges in `package.json` :
+
+* Use `~2.0.0` to admit only stability or security related fixes to your `2.0.0` release.
+* Use `^2.0.0` to admit non-breaking _reasonably stable_ feature work as well as security and bug fixes.
+
+What’s important about the second point is that apps using `^` should still be able to expect a reasonable level of stability. To accomplish this, SemVer allows for a _pre-release identifier_ to indicate a particular version is not yet _safe_ or _stable_.
+
+Whatever you choose, you will periodically have to bump the version in your `package.json` as breaking changes are a fact of Chromium life.
+
+The process is as follows:
+
+1. All new major and minor releases lines begin with a beta series indicated by SemVer prerelease tags of `beta.N`, e.g. `2.0.0-beta.1`. After the first beta, subsequent beta releases must meet all of the following conditions:
+    1. The change is backwards API-compatible (deprecations are allowed)
+    2. The risk to meeting our stability timeline must be low.
+2. If allowed changes need to be made once a release is beta, they are applied and the prerelease tag is incremented, e.g. `2.0.0-beta.2`.
+3. If a particular beta release is _generally regarded_ as stable, it will be re-released as a stable build, changing only the version information. e.g. `2.0.0`. After the first stable, all changes must be backwards-compatible bug or security fixes.
+4. If future bug fixes or security patches need to be made once a release is stable, they are applied and the _patch_ version is incremented
+e.g. `2.0.1`.
+
+Specifically, the above means:
+
+1. Admitting non-breaking-API changes before Week 3 in the beta cycle is okay, even if those changes have the potential to cause moderate side-effects.
+2. Admitting feature-flagged changes, that do not otherwise alter existing code paths, at most points in the beta cycle is okay. Users can explicitly enable those flags in their apps.
+3. Admitting features of any sort after Week 3 in the beta cycle is 👎 without a very good reason.
+
+For each major and minor bump, you should expect to see something like the following:
+
+```plaintext
+2.0.0-beta.1
+2.0.0-beta.2
+2.0.0-beta.3
+2.0.0
+2.0.1
+2.0.2
 ```
 
-Since Electron 8, stabilization branches are always **major** version lines, and named against the following template `$MAJOR-x-y` e.g. `8-x-y`. (Prior to that, we used **minor** version lines and named them as `$MAJOR-$MINOR-x` e.g. `2-0-x`.)
+An example lifecycle in pictures:
 
-We allow for multiple stabilization branches to exist simultaneously, one for each supported version.
+* A new release branch is created that includes the latest set of features. It is published as `2.0.0-beta.1`.
+![New Release Branch](../images/versioning-sketch-3.png)
+* A bug fix comes into master that can be backported to the release branch. The patch is applied, and a new beta is published as `2.0.0-beta.2`.
+![Bugfix Backport to Beta](../images/versioning-sketch-4.png)
+* The beta is considered _generally stable_ and it is published again as a non-beta under `2.0.0`.
+![Beta to Stable](../images/versioning-sketch-5.png)
+* Later, a zero-day exploit is revealed and a fix is applied to master. We backport the fix to the `2-0-x` line and release `2.0.1`.
+![Security Backports](../images/versioning-sketch-6.png)
 
-> [!TIP]
-> For more details on which versions are supported, see our [Electron Releases](./electron-timelines.md) doc.
+A few examples of how various SemVer ranges will pick up new releases:
 
-```mermaid
-gitGraph
-    commit
-    branch "41-x-y"
-    checkout main
-    commit
-    commit
-    commit id:"fix-a"
-    checkout "41-x-y"
-    cherry-pick id:"fix-a"
-    checkout main
-    commit
-    commit id:"fix-b"
-    checkout "41-x-y"
-    cherry-pick id:"fix-b"
-    checkout main
-    commit
-    branch "42-x-y"
-    checkout main
-    commit
-    commit id:"fix-c"
-    checkout "41-x-y"
-    cherry-pick id:"fix-c"
-    checkout "42-x-y"
-    cherry-pick id:"fix-c"
-    checkout main
-    commit
-    commit id:"fix-d"
-    checkout "41-x-y"
-    cherry-pick id:"fix-d"
-    checkout "42-x-y"
-    cherry-pick id:"fix-d"
-    checkout main
-    commit
-```
-
-Older lines will not be supported by the Electron project.
-
-## Release cycle
-
-Electron follows an **8-week regular release cycle** where key milestones correspond to
-matching dates in the Chromium release cycle.
-
-```mermaid
-gantt
-    title Electron release cycle
-    dateFormat  YYYY-MM-DD
-    axisFormat  Week %W
-    todayMarker off
-    section v41
-    Alpha phase                    :a1, 2026-01-19, 4w
-    M146 enters Chrome beta        :milestone, bm1, after a1, 0d
-    Beta phase                     :b1, after a1, 4w
-    M146 enters Chrome stable      :milestone, s1, after b1, 0d
-    Supported until v44 release    :active, after b1, 12w
-    section v42
-    Alpha phase                    :a2, after b1, 4w
-    M148 enters Chrome beta        :milestone, bm2, after a2, 0d
-    Beta phase                     :b2, after a2, 4w
-    M148 enters Chrome stable      :milestone, s2, after b2, 0d
-    Supported until v45 release    :active, after b2, 4w
-```
-
-### Example
-
-When Electron 41 hits its stable release, the release line for Electron 42 is branched off of `main`.
-Its first alpha release is created with all the changes contained on `main`:
-
-```mermaid
-gitGraph
-    commit
-    commit
-    commit
-    branch "42-x-y"
-    checkout "42-x-y"
-    commit tag:"v42.0.0-alpha.1"
-```
-
-A bug fix comes into `main` that can be backported to the release branch. The patch is applied,
-and it is published in the next `v42.0.0-alpha.2` release.
-
-```mermaid
-gitGraph
-    commit
-    commit
-    commit
-    branch "42-x-y"
-    checkout "42-x-y"
-    commit id:"42.0.0-alpha.1" tag:"v42.0.0-alpha.1"
-    checkout "main"
-    commit
-    commit id:"fix-1"
-    checkout "42-x-y"
-    cherry-pick id:"fix-1" tag:"v42.0.0-alpha.2"
-```
-
-The version of Chromium that powers Electron 42 hits Chrome's beta channel. The `alpha` line is
-promoted to `beta`.
-
-```mermaid
-gitGraph
-    commit
-    commit
-    commit
-    branch "42-x-y"
-    checkout "42-x-y"
-    commit id:"42.0.0-alpha.1" tag:"v42.0.0-alpha.1"
-    checkout "main"
-    commit
-    commit id:"fix-1"
-    checkout "42-x-y"
-    cherry-pick id:"fix-1" tag:"v42.0.0-alpha.2"
-    checkout "main"
-    commit
-    commit
-    commit id:"fix-2"
-    checkout "42-x-y"
-    cherry-pick id:"fix-2" tag:"v42.0.0-beta.1"
-```
-
-Beta releases continue weekly until Electron 42 is promoted to stable and the same cycle starts again
-with `43-x-y`. Later, a zero-day exploit is revealed and a fix is applied to `main`. We backport the
-fix to the `42-x-y` line and release `42.0.1`.
-
-```mermaid
-gitGraph
-    commit
-    commit
-    commit
-    branch "42-x-y"
-    checkout "42-x-y"
-    commit id:"42.0.0-alpha.1" tag:"v42.0.0-alpha.1"
-    checkout "main"
-    commit
-    commit id:"fix-1"
-    checkout "42-x-y"
-    cherry-pick id:"fix-1" tag:"v42.0.0-alpha.2"
-    checkout "main"
-    commit
-    commit
-    commit id:"fix-2"
-    checkout "42-x-y"
-    cherry-pick id:"fix-2" tag:"v42.0.0-beta.1"
-    checkout "main"
-    commit id:"fix-3"
-    checkout "42-x-y"
-    cherry-pick id:"fix-3" tag:"v42.0.0"
-    checkout "main"
-    branch "43-x-y"
-    checkout "43-x-y"
-    commit id:"43.0.0-alpha.1" tag:"v43.0.0-alpha.1"
-    checkout "main"
-    commit id:"security-fix"
-    checkout "42-x-y"
-    cherry-pick id:"security-fix" tag:"v42.0.1"
-    checkout "43-x-y"
-    cherry-pick id:"security-fix" tag:"v43.0.0-alpha.2"
-```
+![Semvers and Releases](../images/versioning-sketch-7.png)
 
 ### Backport request process
 
@@ -245,11 +136,10 @@ The `electron/electron` repository also enforces squash merging, so you only nee
 
 ## Versioned `main` branch
 
-* The `main` branch always corresponds to the major version above the current pre-release line.
-* Unstable nightly releases of `main` are released under the [`electron-nightly`](https://www.npmjs.com/package/electron-nightly)
-  package on npm.
+* The `main` branch will always contain the next major version `X.0.0-nightly.DATE` in its `package.json`.
 * Release branches are never merged back to `main`.
-* All `package.json` values are fixed at `0.0.0-development`.
+* Release branches _do_ contain the correct version in their `package.json`.
+* As soon as a release branch is cut for a major, `main` must be bumped to the next major (i.e. `main` is always versioned as the next theoretical release branch).
 
 ## Historical versioning (Electron 1.X)
 
@@ -257,29 +147,6 @@ Electron versions _< 2.0_ did not conform to the [SemVer](https://semver.org) sp
 
 Here is an example of the 1.x strategy:
 
-```mermaid
----
-config:
-  gitGraph:
-    mainBranchName: 'master'
----
-gitGraph
-    commit
-    branch "bugfix-1"
-    checkout "bugfix-1"
-    commit
-    checkout master
-    merge "bugfix-1" tag:"1.8.1"
-    branch "feature"
-    checkout "feature"
-    commit
-    checkout master
-    merge "feature" tag:"1.8.2"
-    branch "bugfix-2"
-    checkout "bugfix-2"
-    commit
-    checkout master
-    merge "bugfix-2" tag:"1.8.3"
-```
+![1.x Versioning](../images/versioning-sketch-0.png)
 
 An app developed with `1.8.1` cannot take the `1.8.3` bug fix without either absorbing the `1.8.2` feature, or by backporting the fix and maintaining a new release line.

filenames.auto.gni

@@ -91,7 +91,6 @@ auto_filenames = {
     "docs/api/structures/custom-scheme.md",
     "docs/api/structures/desktop-capturer-source.md",
     "docs/api/structures/display.md",
-    "docs/api/structures/enable-heap-profiling-options.md",
     "docs/api/structures/extension-info.md",
     "docs/api/structures/extension.md",
     "docs/api/structures/file-filter.md",

lib/browser/api/web-contents.ts

@@ -229,7 +229,7 @@ function parsePageSize(pageSize: string | ElectronInternal.PageSize) {
 
 // Translate the options of printToPDF.
 
-const printToPDFQueues = new WeakMap<Electron.WebContents, Promise<unknown>>();
+let pendingPromise: Promise<any> | undefined;
 WebContents.prototype.printToPDF = async function (options) {
   const margins = checkType(options.margins ?? {}, 'object', 'margins');
   const pageSize = parsePageSize(options.pageSize ?? 'letter');
@@ -261,19 +261,16 @@ WebContents.prototype.printToPDF = async function (options) {
     ...pageSize
   };
 
-  if (!this._printToPDF) {
+  if (this._printToPDF) {
+    if (pendingPromise) {
+      pendingPromise = pendingPromise.then(() => this._printToPDF(printSettings));
+    } else {
+      pendingPromise = this._printToPDF(printSettings);
+    }
+    return pendingPromise;
+  } else {
     throw new Error('Printing feature is disabled');
   }
-
-  const prev = printToPDFQueues.get(this) ?? Promise.resolve();
-  const next = prev.catch(() => {}).then(() => this._printToPDF(printSettings));
-  printToPDFQueues.set(this, next);
-  next
-    .finally(() => {
-      if (printToPDFQueues.get(this) === next) printToPDFQueues.delete(this);
-    })
-    .catch(() => {});
-  return next;
 };
 
 // TODO(codebytere): deduplicate argument sanitization by moving rest of

lib/common/deprecate.ts

@@ -56,7 +56,7 @@ export function removeFunction<T extends Function>(fn: T, removedName: string):
   const warn = warnOnce(`${fn.name} function`);
   return function (this: any) {
     warn();
-    return fn.apply(this, arguments);
+    fn.apply(this, arguments);
   } as unknown as typeof fn;
 }
 

npm/package.json

@@ -6,11 +6,11 @@
     "install-electron": "install.js"
   },
   "dependencies": {
-    "@electron/get": "^5.0.0",
+    "@electron/get": "^4.0.3",
     "@types/node": "^24.9.0",
     "extract-zip": "^2.0.1"
   },
   "engines": {
-    "node": ">= 22.12.0"
+    "node": ">= 12.20.55"
   }
 }

package.json

@@ -21,7 +21,7 @@
     "@types/semver": "^7.5.8",
     "@types/stream-json": "^1.7.8",
     "@types/temp": "^0.9.4",
-    "@xmldom/xmldom": "^0.8.12",
+    "@xmldom/xmldom": "^0.9.9",
     "buffer": "^6.0.3",
     "chalk": "^4.1.0",
     "check-for-leaks": "^1.2.1",
@@ -78,7 +78,7 @@
     "gn-typescript-definitions": "npm run create-typescript-definitions && node script/cp.mjs electron.d.ts",
     "pre-flight": "pre-flight",
     "gn-check": "node ./script/gn-check.js",
-    "gn-format": "node ./script/lint.js --gn --fix",
+    "gn-format": "python3 script/run-gn-format.py",
     "precommit": "lint-staged",
     "preinstall": "node -e 'process.exit(0)'",
     "pretest": "npm run create-typescript-definitions",
@@ -117,7 +117,7 @@
     ],
     "*.{gn,gni}": [
       "npm run gn-check",
-      "node ./script/lint.js --gn --fix --only --"
+      "npm run gn-format"
     ],
     "*.py": [
       "node script/lint.js --py --fix --only --"

patches/node/.patches

@@ -44,4 +44,5 @@ src_refactor_module_wrap_cc_to_update_fixedarray_get_params.patch
 src_refactor_wasmstreaming_finish_to_accept_a_callback.patch
 src_stop_using_v8_propertycallbackinfo_t_this.patch
 build_restore_macos_deployment_target_to_12_0.patch
+fix_generate_config_gypi_needs_to_generate_valid_json.patch
 fix_add_externalpointertypetag_to_v8_external_api_calls.patch

patches/node/api_delete_deprecated_fields_on_v8_isolate.patch

@@ -6,7 +6,7 @@ Subject: Delete deprecated fields on v8::Isolate
 https://chromium-review.googlesource.com/c/v8/v8/+/7081397
 
 diff --git a/src/api/environment.cc b/src/api/environment.cc
-index 6873a9f203ccace7d5c501b62bed56732332d060..7ba7943c666d9cf3de47bf9a18b8e6e0e1196886 100644
+index 2111ee63a6ace438c1a143c90a807ed9fc2bcc9d..ce6426a1bf2dadb1a642874a05718724ef0f3d7c 100644
 --- a/src/api/environment.cc
 +++ b/src/api/environment.cc
 @@ -218,8 +218,6 @@ void SetIsolateCreateParamsForNode(Isolate::CreateParams* params) {

patches/node/api_promote_deprecation_of_v8_context_and_v8_object_api_methods.patch

@@ -44,7 +44,7 @@ index 37d83e41b618a07aca98118260abe9618f11256d..26d5c1bd3c8191fce1d22b969996b6bf
  
  template <typename T>
 diff --git a/src/base_object.cc b/src/base_object.cc
-index 8a14a8c32626f98c2afa402786e1b6b2fbbb0988..946e60ea2d0ffe984328185a0e7762603be8e0dd 100644
+index 404e2aa8c88d0cc0e6717c01e0df68899c64cc32..16462f305a2ac6b6c3d7b85024f2e52648c4300c 100644
 --- a/src/base_object.cc
 +++ b/src/base_object.cc
 @@ -45,7 +45,8 @@ BaseObject::~BaseObject() {
@@ -72,7 +72,7 @@ index 74bbb9fb83246a90bc425e259150f0868020ac9e..a4b3a1c0907c9d50baf6c8cd473cb4c7
  
  inline Environment* Environment::GetCurrent(
 diff --git a/src/histogram.cc b/src/histogram.cc
-index 2bcfcbdd9547db136c5992335a76dd3190886d6d..c34a83c9ccc83ec2973228a32cf0a51d29b4d681 100644
+index 836a51b0e5aa4b1910604537c8b380038c27a7db..c4634e42fd2e5a27b0139a9b1716bc04875be469 100644
 --- a/src/histogram.cc
 +++ b/src/histogram.cc
 @@ -136,7 +136,8 @@ HistogramBase::HistogramBase(
@@ -116,7 +116,7 @@ index 2bcfcbdd9547db136c5992335a76dd3190886d6d..c34a83c9ccc83ec2973228a32cf0a51d
  
  std::unique_ptr<worker::TransferData>
 diff --git a/src/js_udp_wrap.cc b/src/js_udp_wrap.cc
-index 6b35871d92ceb1b1eead21e328088cf87a10fa6e..57c96645fa0fdb7ed77c0a36c877b2628b7f0571 100644
+index 51e4f8c45ffd38fcf925ab8d283b3b88f2a35832..0c30c8b4609e4870c0ccfc5e9e465248c20763b8 100644
 --- a/src/js_udp_wrap.cc
 +++ b/src/js_udp_wrap.cc
 @@ -55,8 +55,9 @@ JSUDPWrap::JSUDPWrap(Environment* env, Local<Object> obj)
@@ -207,10 +207,10 @@ index 0af487a9abc9ee1783367ac86b0016ab89e02006..c01cef477aaba52f9894943acede7fb2
  
  inline Realm* Realm::GetCurrent(
 diff --git a/src/node_snapshotable.cc b/src/node_snapshotable.cc
-index c3e995adf437413fe956e45c2ccc704d8737de59..8561933060ac30e3559d7ce2ac633d25f1e4d6ec 100644
+index e34d24d51d5c090b560d06f727043f20924e6f46..07615933c858a17515836a29f7e27ace4b81e6ff 100644
 --- a/src/node_snapshotable.cc
 +++ b/src/node_snapshotable.cc
-@@ -1461,7 +1461,8 @@ StartupData SerializeNodeContextInternalFields(Local<Object> holder,
+@@ -1400,7 +1400,8 @@ StartupData SerializeNodeContextInternalFields(Local<Object> holder,
    // For the moment we do not set any internal fields in ArrayBuffer
    // or ArrayBufferViews, so just return nullptr.
    if (holder->IsArrayBuffer() || holder->IsArrayBufferView()) {
@@ -220,7 +220,7 @@ index c3e995adf437413fe956e45c2ccc704d8737de59..8561933060ac30e3559d7ce2ac633d25
      return StartupData{nullptr, 0};
    }
  
-@@ -1481,7 +1482,8 @@ StartupData SerializeNodeContextInternalFields(Local<Object> holder,
+@@ -1420,7 +1421,8 @@ StartupData SerializeNodeContextInternalFields(Local<Object> holder,
                       *holder);
  
    BaseObject* object_ptr = static_cast<BaseObject*>(
@@ -296,7 +296,7 @@ index 29a4c29f3d3822394d23c453899cdd6aae280f3f..2a953d6390d5e4e251e54c1e847d4e5e
  
  }  // namespace node
 diff --git a/src/udp_wrap.cc b/src/udp_wrap.cc
-index 6f3e68b79f1c7089b8c17a6ed5cd33eee4078b02..e09cd7a553464060619ecf4ac51e028382e2e148 100644
+index 150ef0f0400bed9df4f4b1a4c20ec4045ef7a5f6..2ca2ac177c6b5edc3b40712a40ff4a36e96904dc 100644
 --- a/src/udp_wrap.cc
 +++ b/src/udp_wrap.cc
 @@ -126,8 +126,8 @@ void UDPWrapBase::set_listener(UDPListener* listener) {

patches/node/api_remove_deprecated_getisolate.patch

@@ -6,7 +6,7 @@ Subject: Remove deprecated `GetIsolate`
 https://chromium-review.googlesource.com/c/v8/v8/+/6905244
 
 diff --git a/src/api/environment.cc b/src/api/environment.cc
-index ec1496467f5071a810a3d7a76d80f3d12a8582dc..6873a9f203ccace7d5c501b62bed56732332d060 100644
+index 8974bac7dca43294cc5cc4570f8e2e78f42aefaa..2111ee63a6ace438c1a143c90a807ed9fc2bcc9d 100644
 --- a/src/api/environment.cc
 +++ b/src/api/environment.cc
 @@ -795,7 +795,7 @@ std::unique_ptr<MultiIsolatePlatform> MultiIsolatePlatform::Create(
@@ -85,7 +85,7 @@ index cc60ddddb037e0279615bbe24821eb20fd8da677..37d83e41b618a07aca98118260abe961
  
    return handle;
 diff --git a/src/crypto/crypto_context.cc b/src/crypto/crypto_context.cc
-index cb586936a904e7b9a017732e993a35ef1115ff9a..fd2dfa9fcf444fe705a2d42cd0963531cea9a74c 100644
+index 2e3f31e1765024373c3fc2acd33fc3bfb352a906..ca62d3001bf51193d78caac0cccd93c188a8410c 100644
 --- a/src/crypto/crypto_context.cc
 +++ b/src/crypto/crypto_context.cc
 @@ -1045,7 +1045,7 @@ bool ArrayOfStringsToX509s(Local<Context> context,
@@ -98,21 +98,21 @@ index cb586936a904e7b9a017732e993a35ef1115ff9a..fd2dfa9fcf444fe705a2d42cd0963531
    uint32_t array_length = cert_array->Length();
  
 diff --git a/src/crypto/crypto_x509.cc b/src/crypto/crypto_x509.cc
-index 6b7e4211a8969351168fc982fe3466a2096bed3a..76c84dd516719849a44e7d67f42ea16dd315b190 100644
+index 4c5427596d1c90d3a413cdd9ff4f1151e657073d..70135a6be65e41fcb3564ddf6d1e8083a59ef8bb 100644
 --- a/src/crypto/crypto_x509.cc
 +++ b/src/crypto/crypto_x509.cc
-@@ -109,7 +109,7 @@ MaybeLocal<Value> ToV8Value(Local<Context> context, BIOPointer&& bio) {
-   if (!mem) [[unlikely]]
+@@ -107,7 +107,7 @@ MaybeLocal<Value> ToV8Value(Local<Context> context, BIOPointer&& bio) {
      return {};
+   BUF_MEM* mem = bio;
    Local<Value> ret;
 -  if (!String::NewFromUtf8(context->GetIsolate(),
 +  if (!String::NewFromUtf8(Isolate::GetCurrent(),
                             mem->data,
                             NewStringType::kNormal,
                             mem->length)
-@@ -125,7 +125,7 @@ MaybeLocal<Value> ToV8Value(Local<Context> context, const BIOPointer& bio) {
-   if (!mem) [[unlikely]]
+@@ -121,7 +121,7 @@ MaybeLocal<Value> ToV8Value(Local<Context> context, const BIOPointer& bio) {
      return {};
+   BUF_MEM* mem = bio;
    Local<Value> ret;
 -  if (!String::NewFromUtf8(context->GetIsolate(),
 +  if (!String::NewFromUtf8(Isolate::GetCurrent(),
@@ -133,10 +133,10 @@ index 6fe4f0492dc1f3eaf576c8ff7866080a54cb81c1..41e8e052ff81df78ece87163b0499966
    // Recreate the buffer in the constructor.
    InternalFieldInfo* casted_info = static_cast<InternalFieldInfo*>(info);
 diff --git a/src/env.cc b/src/env.cc
-index dd8be35de7c447c9a77f8b9849a6a3de19bc55af..79a309661aff7ebb18f96e64d0d2b860ab80dc57 100644
+index 57a46c8be2e052b298ed841eed6f291d62711750..e4ffaa465a4ffe21334496c52334fcb1404f67a9 100644
 --- a/src/env.cc
 +++ b/src/env.cc
-@@ -1763,10 +1763,10 @@ void AsyncHooks::Deserialize(Local<Context> context) {
+@@ -1764,10 +1764,10 @@ void AsyncHooks::Deserialize(Local<Context> context) {
          context->GetDataFromSnapshotOnce<Array>(
              info_->js_execution_async_resources).ToLocalChecked();
    } else {
@@ -149,7 +149,7 @@ index dd8be35de7c447c9a77f8b9849a6a3de19bc55af..79a309661aff7ebb18f96e64d0d2b860
  
    // The native_execution_async_resources_ field requires v8::Local<> instances
    // for async calls whose resources were on the stack as JS objects when they
-@@ -1806,7 +1806,7 @@ AsyncHooks::SerializeInfo AsyncHooks::Serialize(Local<Context> context,
+@@ -1807,7 +1807,7 @@ AsyncHooks::SerializeInfo AsyncHooks::Serialize(Local<Context> context,
    info.async_id_fields = async_id_fields_.Serialize(context, creator);
    if (!js_execution_async_resources_.IsEmpty()) {
      info.js_execution_async_resources = creator->AddData(
@@ -353,10 +353,10 @@ index 52483740bb377a2bc2a16af701615d9a4e448eae..84d17a46efe146c1794a43963c41a446
    CHECK(!env->temporary_required_module_facade_original.IsEmpty());
    return env->temporary_required_module_facade_original.Get(isolate);
 diff --git a/src/node.h b/src/node.h
-index 8aac774805a002f5af9e9aca62abc56e8f986bab..da87773ba7f0d38f04a7b3851d8a1a6df0eca489 100644
+index bbe35c7a8f1bc0bcddf628af42b71efaef8a7759..102bcc0b3400fd334bdf259a076a3ac3b5d4a266 100644
 --- a/src/node.h
 +++ b/src/node.h
-@@ -1144,7 +1144,7 @@ NODE_DEPRECATED("Use v8::Date::ValueOf() directly",
+@@ -1142,7 +1142,7 @@ NODE_DEPRECATED("Use v8::Date::ValueOf() directly",
  
  #define NODE_DEFINE_CONSTANT(target, constant)                                 \
    do {                                                                         \
@@ -365,7 +365,7 @@ index 8aac774805a002f5af9e9aca62abc56e8f986bab..da87773ba7f0d38f04a7b3851d8a1a6d
      v8::Local<v8::Context> context = isolate->GetCurrentContext();             \
      v8::Local<v8::String> constant_name = v8::String::NewFromUtf8Literal(      \
          isolate, #constant, v8::NewStringType::kInternalized);                 \
-@@ -1160,7 +1160,7 @@ NODE_DEPRECATED("Use v8::Date::ValueOf() directly",
+@@ -1158,7 +1158,7 @@ NODE_DEPRECATED("Use v8::Date::ValueOf() directly",
  
  #define NODE_DEFINE_HIDDEN_CONSTANT(target, constant)                          \
    do {                                                                         \
@@ -375,10 +375,10 @@ index 8aac774805a002f5af9e9aca62abc56e8f986bab..da87773ba7f0d38f04a7b3851d8a1a6d
      v8::Local<v8::String> constant_name = v8::String::NewFromUtf8Literal(      \
          isolate, #constant, v8::NewStringType::kInternalized);                 \
 diff --git a/src/node_blob.cc b/src/node_blob.cc
-index 40407527800075b6afec5b6c7d98de2c6229e85a..6371aad07beb8514ca2a3acfd30d7c68969e8e20 100644
+index 4311d71bb0526f9a83a16525243446a590092910..417cd8cbd307b9bfc498ad2df24ed193616ac512 100644
 --- a/src/node_blob.cc
 +++ b/src/node_blob.cc
-@@ -561,7 +561,7 @@ void BlobBindingData::Deserialize(Local<Context> context,
+@@ -562,7 +562,7 @@ void BlobBindingData::Deserialize(Local<Context> context,
                                    int index,
                                    InternalFieldInfoBase* info) {
    DCHECK_IS_SNAPSHOT_SLOT(index);
@@ -388,37 +388,37 @@ index 40407527800075b6afec5b6c7d98de2c6229e85a..6371aad07beb8514ca2a3acfd30d7c68
    BlobBindingData* binding = realm->AddBindingData<BlobBindingData>(holder);
    CHECK_NOT_NULL(binding);
 diff --git a/src/node_builtins.cc b/src/node_builtins.cc
-index 7922f2f936f64cbb7bd08f0d367f66f0b9eb083b..04d76fdd3d170a7c501bd773b698d380b8bb2426 100644
+index 3377d697615ee168e49e83c4202bc227581f1aaf..1a9a57b73e635ac61016598687167a08b073f84a 100644
 --- a/src/node_builtins.cc
 +++ b/src/node_builtins.cc
-@@ -274,7 +274,7 @@ MaybeLocal<Data> BuiltinLoader::LookupAndCompile(
-     Local<Context> context,
-     const BuiltinSource* builtin_source,
+@@ -260,7 +260,7 @@ MaybeLocal<Function> BuiltinLoader::LookupAndCompileInternal(
+     const char* id,
+     LocalVector<String>* parameters,
      Realm* optional_realm) {
 -  Isolate* isolate = context->GetIsolate();
 +  Isolate* isolate = Isolate::GetCurrent();
    EscapableHandleScope scope(isolate);
  
-   BuiltinCodeCacheData cached_data{};
-@@ -442,7 +442,7 @@ void BuiltinLoader::SaveCodeCache(const std::string& id, Local<Data> data) {
- 
- MaybeLocal<Function> BuiltinLoader::LookupAndCompileFunction(
-     Local<Context> context, const char* id, Realm* optional_realm) {
+   Local<String> source;
+@@ -382,7 +382,7 @@ void BuiltinLoader::SaveCodeCache(const char* id, Local<Function> fun) {
+ MaybeLocal<Function> BuiltinLoader::LookupAndCompile(Local<Context> context,
+                                                      const char* id,
+                                                      Realm* optional_realm) {
 -  Isolate* isolate = context->GetIsolate();
 +  Isolate* isolate = Isolate::GetCurrent();
    LocalVector<String> parameters(isolate);
- 
-   Local<Data> data;
-@@ -483,7 +483,7 @@ MaybeLocal<Function> BuiltinLoader::LookupAndCompileFunction(
+   // Detects parameters of the scripts based on module ids.
+   // internal/bootstrap/realm: process, getLinkedBinding,
+@@ -436,7 +436,7 @@ MaybeLocal<Function> BuiltinLoader::LookupAndCompile(Local<Context> context,
  MaybeLocal<Value> BuiltinLoader::CompileAndCall(Local<Context> context,
                                                  const char* id,
                                                  Realm* realm) {
 -  Isolate* isolate = context->GetIsolate();
 +  Isolate* isolate = Isolate::GetCurrent();
-   const BuiltinSource* builtin_source = LoadBuiltinSource(isolate, id);
-   if (builtin_source == nullptr) {
-     THROW_ERR_MODULE_NOT_FOUND(isolate, "Cannot find module %s", id);
-@@ -555,7 +555,7 @@ MaybeLocal<Value> BuiltinLoader::CompileAndCallWith(Local<Context> context,
+   // Detects parameters of the scripts based on module ids.
+   // internal/bootstrap/realm: process, getLinkedBinding,
+   //                           getInternalBinding, primordials
+@@ -492,7 +492,7 @@ MaybeLocal<Value> BuiltinLoader::CompileAndCall(Local<Context> context,
    if (!maybe_fn.ToLocal(&fn)) {
      return MaybeLocal<Value>();
    }
@@ -427,17 +427,17 @@ index 7922f2f936f64cbb7bd08f0d367f66f0b9eb083b..04d76fdd3d170a7c501bd773b698d380
    return fn->Call(context, undefined, argc, argv);
  }
  
-@@ -579,14 +579,14 @@ bool BuiltinLoader::CompileAllBuiltinsAndCopyCodeCache(
+@@ -530,14 +530,14 @@ bool BuiltinLoader::CompileAllBuiltinsAndCopyCodeCache(
        to_eager_compile_.emplace(id);
      }
  
 -    TryCatch bootstrapCatch(context->GetIsolate());
 +    TryCatch bootstrapCatch(Isolate::GetCurrent());
-     auto data = LookupAndCompile(context, id.data(), nullptr);
+     auto fn = LookupAndCompile(context, id.data(), nullptr);
      if (bootstrapCatch.HasCaught()) {
        per_process::Debug(DebugCategory::CODE_CACHE,
                           "Failed to compile code cache for %s\n",
-                          id);
+                          id.data());
        all_succeeded = false;
 -      PrintCaughtException(context->GetIsolate(), context, bootstrapCatch);
 +      PrintCaughtException(Isolate::GetCurrent(), context, bootstrapCatch);
@@ -458,19 +458,19 @@ index fea0426496978c0003fe1481afcf93fc9c23edca..c9588880d05435ab9f4e23fcff74c933
  
    CHECK(
 diff --git a/src/node_contextify.cc b/src/node_contextify.cc
-index 0f5da3e48a2049a3e61fe81da94426a3b5928c7d..1561e5096f5d8274001429000aa26731bca1b34e 100644
+index 986a2d8da7fd04b5d4060d9c8d44c61a231dcce6..9f11d32c70366524cf3b7c1cfdfd24f31e438e7b 100644
 --- a/src/node_contextify.cc
 +++ b/src/node_contextify.cc
-@@ -108,6 +108,8 @@ using v8::Value;
- // For every `set` of a global property, the interceptor callback defines or
- // changes the property both on the sandbox and the global proxy.
+@@ -113,7 +113,7 @@ namespace {
  
-+
-+
- ContextifyContext* ContextifyContext::New(Environment* env,
-                                           Local<Object> sandbox_obj,
-                                           ContextOptions* options) {
-@@ -667,7 +669,7 @@ Intercepted ContextifyContext::PropertyDefinerCallback(
+ // Convert an int to a V8 Name (String or Symbol).
+ MaybeLocal<String> Uint32ToName(Local<Context> context, uint32_t index) {
+-  return Uint32::New(context->GetIsolate(), index)->ToString(context);
++  return Uint32::New(Isolate::GetCurrent(), index)->ToString(context);
+ }
+ 
+ }  // anonymous namespace
+@@ -677,7 +677,7 @@ Intercepted ContextifyContext::PropertyDefinerCallback(
    }
  
    Local<Context> context = ctx->context();
@@ -479,7 +479,7 @@ index 0f5da3e48a2049a3e61fe81da94426a3b5928c7d..1561e5096f5d8274001429000aa26731
  
    PropertyAttribute attributes = PropertyAttribute::None;
    bool is_declared =
-@@ -1640,7 +1642,7 @@ static MaybeLocal<Function> CompileFunctionForCJSLoader(
+@@ -1665,7 +1665,7 @@ static MaybeLocal<Function> CompileFunctionForCJSLoader(
      bool* cache_rejected,
      bool is_cjs_scope,
      ScriptCompiler::CachedData* cached_data) {
@@ -489,7 +489,7 @@ index 0f5da3e48a2049a3e61fe81da94426a3b5928c7d..1561e5096f5d8274001429000aa26731
  
    Local<Symbol> symbol = env->vm_dynamic_import_default_internal();
 diff --git a/src/node_env_var.cc b/src/node_env_var.cc
-index 5550a4bee3ce9ec8759d216335a9b2b96e20c96e..b38c2f75a92f2d6c1b9c6e7b7aca924653f7494d 100644
+index 6aad252eb5681bb9ab9890812602b43c418e7a7f..5f7ef8cc58f589ba30a44abaaaaaf1514458c3f0 100644
 --- a/src/node_env_var.cc
 +++ b/src/node_env_var.cc
 @@ -311,7 +311,7 @@ std::shared_ptr<KVStore> KVStore::CreateMapKVStore() {
@@ -502,10 +502,10 @@ index 5550a4bee3ce9ec8759d216335a9b2b96e20c96e..b38c2f75a92f2d6c1b9c6e7b7aca9246
    Local<Array> keys;
    if (!entries->GetOwnPropertyNames(context).ToLocal(&keys))
 diff --git a/src/node_errors.cc b/src/node_errors.cc
-index c6404e00d04e61b675a8c4a02139b36da25bd2a8..ea90e6501bb58260f06d6720cc2fc4989752a347 100644
+index 55a0c986c5b6989ee9ce277bb6a9778abb2ad2ee..809d88f21e5572807e38132d40ee75870ab8de07 100644
 --- a/src/node_errors.cc
 +++ b/src/node_errors.cc
-@@ -629,7 +629,7 @@ v8::ModifyCodeGenerationFromStringsResult ModifyCodeGenerationFromStrings(
+@@ -631,7 +631,7 @@ v8::ModifyCodeGenerationFromStringsResult ModifyCodeGenerationFromStrings(
      v8::Local<v8::Context> context,
      v8::Local<v8::Value> source,
      bool is_code_like) {
@@ -514,7 +514,7 @@ index c6404e00d04e61b675a8c4a02139b36da25bd2a8..ea90e6501bb58260f06d6720cc2fc498
  
    if (context->GetNumberOfEmbedderDataFields() <=
        ContextEmbedderIndex::kAllowCodeGenerationFromStrings) {
-@@ -1035,7 +1035,7 @@ const char* errno_string(int errorno) {
+@@ -1037,7 +1037,7 @@ const char* errno_string(int errorno) {
  }
  
  void PerIsolateMessageListener(Local<Message> message, Local<Value> error) {
@@ -523,7 +523,7 @@ index c6404e00d04e61b675a8c4a02139b36da25bd2a8..ea90e6501bb58260f06d6720cc2fc498
    switch (message->ErrorLevel()) {
      case Isolate::MessageErrorLevel::kMessageWarning: {
        Environment* env = Environment::GetCurrent(isolate);
-@@ -1195,7 +1195,7 @@ void Initialize(Local<Object> target,
+@@ -1197,7 +1197,7 @@ void Initialize(Local<Object> target,
    SetMethod(
        context, target, "getErrorSourcePositions", GetErrorSourcePositions);
  
@@ -533,10 +533,10 @@ index c6404e00d04e61b675a8c4a02139b36da25bd2a8..ea90e6501bb58260f06d6720cc2fc498
    READONLY_PROPERTY(target, "exitCodes", exit_codes);
  
 diff --git a/src/node_file.cc b/src/node_file.cc
-index 4c0a128628e0184af53451d37149b33342f6e647..c775015350c8269fa3fcb99b8db70762c22b9fcf 100644
+index c7a9648b0f83e910190dc620f4b72577ffde6c44..46cd16b535d9bd651ef733ca52ea58db7d39b09f 100644
 --- a/src/node_file.cc
 +++ b/src/node_file.cc
-@@ -3898,7 +3898,7 @@ void BindingData::Deserialize(Local<Context> context,
+@@ -3857,7 +3857,7 @@ void BindingData::Deserialize(Local<Context> context,
                                int index,
                                InternalFieldInfoBase* info) {
    DCHECK_IS_SNAPSHOT_SLOT(index);
@@ -647,10 +647,10 @@ index ba2dd7e676bfdfe7da66a4a79db3c791a505c9a8..28e6cfac682e301b605c00c4ef2eaf01
      if (!error_obj->GetOwnPropertyNames(context).ToLocal(&keys)) {
        return writer->json_objectend();  // the end of 'errorProperties'
 diff --git a/src/node_snapshotable.cc b/src/node_snapshotable.cc
-index 41b0773f4c37a016cfa55aff6bb03baf50905b32..c3e995adf437413fe956e45c2ccc704d8737de59 100644
+index c2e24b4645e7903e08c80aead1c18c7bcff1bd89..e34d24d51d5c090b560d06f727043f20924e6f46 100644
 --- a/src/node_snapshotable.cc
 +++ b/src/node_snapshotable.cc
-@@ -1675,7 +1675,7 @@ void BindingData::Deserialize(Local<Context> context,
+@@ -1614,7 +1614,7 @@ void BindingData::Deserialize(Local<Context> context,
                                int index,
                                InternalFieldInfoBase* info) {
    DCHECK_IS_SNAPSHOT_SLOT(index);
@@ -660,10 +660,10 @@ index 41b0773f4c37a016cfa55aff6bb03baf50905b32..c3e995adf437413fe956e45c2ccc704d
    // Recreate the buffer in the constructor.
    InternalFieldInfo* casted_info = static_cast<InternalFieldInfo*>(info);
 diff --git a/src/node_sqlite.cc b/src/node_sqlite.cc
-index d7c5bc5514044aa1ed39dd4e1c0cef346498c96f..91b80b4fb44c26e95503556064e7429b8cbf4639 100644
+index 050d779bdcd2b3129abddc3fefa1e852831df236..3f4749286406e03e77de6567b667c0098fbc2a18 100644
 --- a/src/node_sqlite.cc
 +++ b/src/node_sqlite.cc
-@@ -2436,7 +2436,7 @@ bool StatementSync::BindParams(const FunctionCallbackInfo<Value>& args) {
+@@ -2162,7 +2162,7 @@ bool StatementSync::BindParams(const FunctionCallbackInfo<Value>& args) {
  
    if (args[0]->IsObject() && !args[0]->IsArrayBufferView()) {
      Local<Object> obj = args[0].As<Object>();
@@ -699,7 +699,7 @@ index 9b676a0156ab8ef47f62627be953c23d4fcbf4f4..6294cd03667980e2ad23cae9e7961262
    BindingData* binding = realm->AddBindingData<BindingData>(holder);
    CHECK_NOT_NULL(binding);
 diff --git a/src/node_v8.cc b/src/node_v8.cc
-index 4ee452d5bc6b67da52e91d98531ac35a7af155c7..b226d6fe60f4fdf5a237c336b9101c5a974ce837 100644
+index 8dd32dad262679444c10878299eb6bb8fb04e120..935ea2cf5157c3a2fbdf142fc7024ec6b6d5de26 100644
 --- a/src/node_v8.cc
 +++ b/src/node_v8.cc
 @@ -163,7 +163,7 @@ void BindingData::Deserialize(Local<Context> context,
@@ -736,10 +736,10 @@ index 370221d3cddc201180260ecb3a222bc831c91093..f5aff2f65fe6b9f48cf970ab3e7c57cf
      THROW_ERR_WASI_NOT_STARTED(isolate);
      return EinvalError<R>();
 diff --git a/src/node_webstorage.cc b/src/node_webstorage.cc
-index 013322e8fb6cb76074326c2a45a04eb0f8e133f1..0a169a8dcf27eeb5b5b0c1b00ac8b79ed43d551b 100644
+index 5c7d268d38ff55ce4db07463b1ea0bcb2f4e63ea..bd83654012442195866e57173b6e5d4d25fecf0f 100644
 --- a/src/node_webstorage.cc
 +++ b/src/node_webstorage.cc
-@@ -56,7 +56,7 @@ using v8::Value;
+@@ -57,7 +57,7 @@ using v8::Value;
    } while (0)
  
  static void ThrowQuotaExceededException(Local<Context> context) {
@@ -748,17 +748,17 @@ index 013322e8fb6cb76074326c2a45a04eb0f8e133f1..0a169a8dcf27eeb5b5b0c1b00ac8b79e
    auto dom_exception_str = FIXED_ONE_BYTE_STRING(isolate, "DOMException");
    auto err_name = FIXED_ONE_BYTE_STRING(isolate, "QuotaExceededError");
    auto err_message =
-@@ -435,6 +435,8 @@ Maybe<void> Storage::Store(Local<Name> key, Local<Value> value) {
-   return JustVoid();
+@@ -437,7 +437,7 @@ Maybe<void> Storage::Store(Local<Name> key, Local<Value> value) {
+ }
+ 
+ static MaybeLocal<String> Uint32ToName(Local<Context> context, uint32_t index) {
+-  return Uint32::New(context->GetIsolate(), index)->ToString(context);
++  return Uint32::New(Isolate::GetCurrent(), index)->ToString(context);
  }
  
-+
-+
  static void Clear(const FunctionCallbackInfo<Value>& info) {
-   Storage* storage;
-   ASSIGN_OR_RETURN_UNWRAP(&storage, info.This());
 diff --git a/src/node_worker.cc b/src/node_worker.cc
-index a2631a96371becb0f4ea4f47a52313f4f02477da..4866c7ff589825d41fe84786ed8f9b3fccd3d1b7 100644
+index 1acc61af0c995ddefbc00fe232b2454de77a84a3..3041746fc8a132f68cc1d801bb1700634699828d 100644
 --- a/src/node_worker.cc
 +++ b/src/node_worker.cc
 @@ -1465,8 +1465,6 @@ void GetEnvMessagePort(const FunctionCallbackInfo<Value>& args) {
@@ -784,10 +784,10 @@ index da4206187f7c7d2becb8a101c1ff5346a10e13f4..03f0910926f3d403121e227cee32a546
    // Recreate the buffer in the constructor.
    BindingData* binding = realm->AddBindingData<BindingData>(holder);
 diff --git a/src/util-inl.h b/src/util-inl.h
-index f42c7b1250d1eb2e4d9f8e10c5ea9a9ca310924b..d59e30a635b08b97d255ed2e5540a66db54b068f 100644
+index aae5956742f195279ab6af04029d76dee6af2e84..6898e8ea794675e903e13e2b45524d572a3f68bb 100644
 --- a/src/util-inl.h
 +++ b/src/util-inl.h
-@@ -337,14 +337,14 @@ v8::Maybe<void> FromV8Array(v8::Local<v8::Context> context,
+@@ -336,14 +336,14 @@ v8::Maybe<void> FromV8Array(v8::Local<v8::Context> context,
                              std::vector<v8::Global<v8::Value>>* out) {
    uint32_t count = js_array->Length();
    out->reserve(count);
@@ -804,7 +804,7 @@ index f42c7b1250d1eb2e4d9f8e10c5ea9a9ca310924b..d59e30a635b08b97d255ed2e5540a66d
    if (str.size() >= static_cast<size_t>(v8::String::kMaxLength)) [[unlikely]] {
      // V8 only has a TODO comment about adding an exception when the maximum
      // string size is exceeded.
-@@ -360,7 +360,7 @@ v8::MaybeLocal<v8::Value> ToV8Value(v8::Local<v8::Context> context,
+@@ -359,7 +359,7 @@ v8::MaybeLocal<v8::Value> ToV8Value(v8::Local<v8::Context> context,
  v8::MaybeLocal<v8::Value> ToV8Value(v8::Local<v8::Context> context,
                                      std::u16string_view str,
                                      v8::Isolate* isolate) {
@@ -813,7 +813,7 @@ index f42c7b1250d1eb2e4d9f8e10c5ea9a9ca310924b..d59e30a635b08b97d255ed2e5540a66d
    if (str.length() >= static_cast<size_t>(v8::String::kMaxLength))
        [[unlikely]] {
      // V8 only has a TODO comment about adding an exception when the maximum
-@@ -380,7 +380,7 @@ v8::MaybeLocal<v8::Value> ToV8Value(v8::Local<v8::Context> context,
+@@ -379,7 +379,7 @@ v8::MaybeLocal<v8::Value> ToV8Value(v8::Local<v8::Context> context,
  v8::MaybeLocal<v8::Value> ToV8Value(v8::Local<v8::Context> context,
                                      v8_inspector::StringView str,
                                      v8::Isolate* isolate) {
@@ -822,7 +822,7 @@ index f42c7b1250d1eb2e4d9f8e10c5ea9a9ca310924b..d59e30a635b08b97d255ed2e5540a66d
    if (str.length() >= static_cast<size_t>(v8::String::kMaxLength))
        [[unlikely]] {
      // V8 only has a TODO comment about adding an exception when the maximum
-@@ -407,7 +407,7 @@ template <typename T>
+@@ -406,7 +406,7 @@ template <typename T>
  v8::MaybeLocal<v8::Value> ToV8Value(v8::Local<v8::Context> context,
                                      const std::vector<T>& vec,
                                      v8::Isolate* isolate) {
@@ -831,7 +831,7 @@ index f42c7b1250d1eb2e4d9f8e10c5ea9a9ca310924b..d59e30a635b08b97d255ed2e5540a66d
    v8::EscapableHandleScope handle_scope(isolate);
  
    MaybeStackBuffer<v8::Local<v8::Value>, 128> arr(vec.size());
-@@ -424,7 +424,7 @@ template <typename T>
+@@ -423,7 +423,7 @@ template <typename T>
  v8::MaybeLocal<v8::Value> ToV8Value(v8::Local<v8::Context> context,
                                      const std::set<T>& set,
                                      v8::Isolate* isolate) {
@@ -840,7 +840,7 @@ index f42c7b1250d1eb2e4d9f8e10c5ea9a9ca310924b..d59e30a635b08b97d255ed2e5540a66d
    v8::Local<v8::Set> set_js = v8::Set::New(isolate);
    v8::HandleScope handle_scope(isolate);
  
-@@ -443,7 +443,7 @@ template <typename T, std::size_t U>
+@@ -442,7 +442,7 @@ template <typename T, std::size_t U>
  v8::MaybeLocal<v8::Value> ToV8Value(v8::Local<v8::Context> context,
                                      const std::ranges::elements_view<T, U>& vec,
                                      v8::Isolate* isolate) {
@@ -849,7 +849,7 @@ index f42c7b1250d1eb2e4d9f8e10c5ea9a9ca310924b..d59e30a635b08b97d255ed2e5540a66d
    v8::EscapableHandleScope handle_scope(isolate);
  
    MaybeStackBuffer<v8::Local<v8::Value>, 128> arr(vec.size());
-@@ -462,7 +462,7 @@ template <typename T, typename U>
+@@ -461,7 +461,7 @@ template <typename T, typename U>
  v8::MaybeLocal<v8::Value> ToV8Value(v8::Local<v8::Context> context,
                                      const std::unordered_map<T, U>& map,
                                      v8::Isolate* isolate) {
@@ -858,7 +858,7 @@ index f42c7b1250d1eb2e4d9f8e10c5ea9a9ca310924b..d59e30a635b08b97d255ed2e5540a66d
    v8::EscapableHandleScope handle_scope(isolate);
  
    v8::Local<v8::Map> ret = v8::Map::New(isolate);
-@@ -505,7 +505,7 @@ template <typename T, typename>
+@@ -504,7 +504,7 @@ template <typename T, typename>
  v8::MaybeLocal<v8::Value> ToV8Value(v8::Local<v8::Context> context,
                                      const T& number,
                                      v8::Isolate* isolate) {
@@ -867,7 +867,7 @@ index f42c7b1250d1eb2e4d9f8e10c5ea9a9ca310924b..d59e30a635b08b97d255ed2e5540a66d
    return ConvertNumberToV8Value(isolate, number);
  }
  
-@@ -518,7 +518,7 @@ v8::Local<v8::Array> ToV8ValuePrimitiveArray(v8::Local<v8::Context> context,
+@@ -517,7 +517,7 @@ v8::Local<v8::Array> ToV8ValuePrimitiveArray(v8::Local<v8::Context> context,
            std::is_floating_point_v<T>,
        "Only primitive types (bool, integral, floating-point) are supported.");
  
@@ -876,7 +876,7 @@ index f42c7b1250d1eb2e4d9f8e10c5ea9a9ca310924b..d59e30a635b08b97d255ed2e5540a66d
    v8::EscapableHandleScope handle_scope(isolate);
  
    v8::LocalVector<v8::Value> elements(isolate);
-@@ -811,7 +811,7 @@ inline v8::MaybeLocal<v8::Object> NewDictionaryInstanceNullProto(
+@@ -803,7 +803,7 @@ inline v8::MaybeLocal<v8::Object> NewDictionaryInstanceNullProto(
      if (value.IsEmpty()) return v8::MaybeLocal<v8::Object>();
    }
    v8::Local<v8::Object> obj = tmpl->NewInstance(context, property_values);
@@ -935,7 +935,7 @@ index 660cfff6b8a0c583be843e555e7a06cd09e0d279..c4b39450c5b7f91c46f7027db367c30d
        context, that, OneByteString(isolate, name), tmpl, flag);
  }
 diff --git a/src/util.h b/src/util.h
-index 51f0b6463ab6bc33aa4e66bd55e0ab3822840ab0..ee05fa017f48c5b03e7179d6fef39b6e32e488a5 100644
+index 81d08c27fb7037d16e12843dc03c3d8f9caee723..52e6a149d6760640d93c56ce91a759ae9207a8c7 100644
 --- a/src/util.h
 +++ b/src/util.h
 @@ -753,7 +753,7 @@ inline v8::MaybeLocal<v8::Value> ToV8Value(

patches/node/build_add_gn_build_files.patch

@@ -10,15 +10,11 @@ however those files were cherry-picked from main branch and do not
 really in 20/21. We have to wait until 22 is released to be able to
 build with upstream GN files.
 
-src/inspector/unofficial.gni - The node_protocol_generated_sources action
-was missing gypi_values.node_pdl_files from its inputs, causing Ninja to skip
-regeneration when PDL domain files changed. Should be upstreamed.
-
 diff --git a/configure.py b/configure.py
-index fa25de8c316b71d3ad5b55b5ce398b69a5d4a965..fc48438060e0dd84edc60d1aebf3d0946be98ea9 100755
+index 98a8b147e4cbfd5957c35688f2b37ae0ca52a818..fd13970ae73bbe5db186f81faed792a5597bbcd0 100755
 --- a/configure.py
 +++ b/configure.py
-@@ -1838,7 +1838,7 @@ def configure_v8(o, configs):
+@@ -1821,7 +1821,7 @@ def configure_v8(o, configs):
    # Until we manage to get rid of all those, v8_enable_sandbox cannot be used.
    # Note that enabling pointer compression without enabling sandbox is unsupported by V8,
    # so this can be broken at any time.
@@ -27,8 +23,54 @@ index fa25de8c316b71d3ad5b55b5ce398b69a5d4a965..fc48438060e0dd84edc60d1aebf3d094
    # We set v8_enable_pointer_compression_shared_cage to 0 always, even when
    # pointer compression is enabled so that we don't accidentally enable shared
    # cage mode when pointer compression is on.
+diff --git a/deps/merve/BUILD.gn b/deps/merve/BUILD.gn
+new file mode 100644
+index 0000000000000000000000000000000000000000..7bb318f8835dba6f4a6f211d8534bb6923958747
+--- /dev/null
++++ b/deps/merve/BUILD.gn
+@@ -0,0 +1,14 @@
++##############################################################################
++#                                                                            #
++#                       DO NOT EDIT THIS FILE!                               #
++#                                                                            #
++##############################################################################
++
++# This file is used by GN for building, which is NOT the build system used for
++# building official binaries.
++# Please modify the gyp files if you are making changes to build system.
++
++import("unofficial.gni")
++
++merve_gn_build("merve") {
++}
+diff --git a/deps/merve/unofficial.gni b/deps/merve/unofficial.gni
+new file mode 100644
+index 0000000000000000000000000000000000000000..dfb508d1d22f84accb146620ed07d89715b367e6
+--- /dev/null
++++ b/deps/merve/unofficial.gni
+@@ -0,0 +1,20 @@
++# This file is used by GN for building, which is NOT the build system used for
++# building official binaries.
++# Please edit the gyp files if you are making changes to build system.
++
++# The actual configurations are put inside a template in unofficial.gni to
++# prevent accidental edits from contributors.
++template("merve_gn_build") {
++  config("merve_config") {
++    include_dirs = [ "." ]
++  }
++  gypi_values = exec_script("../../tools/gypi_to_gn.py",
++                            [ rebase_path("merve.gyp") ],
++                            "scope",
++                            [ "merve.gyp" ])
++  source_set(target_name) {
++    forward_variables_from(invoker, "*")
++    public_configs = [ ":merve_config" ]
++    sources = gypi_values.merve_sources
++  }
++}
 diff --git a/node.gni b/node.gni
-index 41f200189a34e150e4c8f25da2a72c2108259720..156fee33b3813fe4d94a1c9585f217a99dbfbd5f 100644
+index d4438f7fd61598afac2c1e3184721a759d22b10c..156fee33b3813fe4d94a1c9585f217a99dbfbd5f 100644
 --- a/node.gni
 +++ b/node.gni
 @@ -5,10 +5,10 @@
@@ -44,7 +86,16 @@ index 41f200189a34e150e4c8f25da2a72c2108259720..156fee33b3813fe4d94a1c9585f217a9
  
    # The location of OpenSSL - use the one from node's deps by default.
    node_openssl_path = "$node_path/deps/openssl"
-@@ -48,7 +48,7 @@ declare_args() {
+@@ -26,8 +26,6 @@ declare_args() {
+   # TODO(zcbenz): This is currently copied from configure.py, we should share
+   # the list between configure.py and GN configurations.
+   node_builtin_shareable_builtins = [
+-    "deps/cjs-module-lexer/lexer.js",
+-    "deps/cjs-module-lexer/dist/lexer.js",
+     "deps/undici/undici.js",
+     "deps/amaro/dist/index.js",
+   ]
+@@ -50,7 +48,7 @@ declare_args() {
    node_openssl_system_ca_path = ""
  
    # Initialize v8 platform during node.js startup.
@@ -53,7 +104,7 @@ index 41f200189a34e150e4c8f25da2a72c2108259720..156fee33b3813fe4d94a1c9585f217a9
  
    # Custom build tag.
    node_tag = ""
-@@ -68,10 +68,16 @@ declare_args() {
+@@ -70,10 +68,16 @@ declare_args() {
    # TODO(zcbenz): There are few broken things for now:
    #   1. cross-os compilation is not supported.
    #   2. node_mksnapshot crashes when cross-compiling for x64 from arm64.
@@ -71,65 +122,12 @@ index 41f200189a34e150e4c8f25da2a72c2108259720..156fee33b3813fe4d94a1c9585f217a9
  }
  
  assert(!node_enable_inspector || node_use_openssl,
-diff --git a/src/inspector/unofficial.gni b/src/inspector/unofficial.gni
-index 4810d93eb971b253f7dadff7011a632f6dbe6a2b..48cf5102630737ffeba98719a8b508b52fe5e27a 100644
---- a/src/inspector/unofficial.gni
-+++ b/src/inspector/unofficial.gni
-@@ -29,7 +29,7 @@ template("inspector_gn_build") {
-     deps = [ ":node_protocol_json" ]
- 
-     outputs = gypi_values.node_inspector_generated_sources
--    inputs = gypi_values.node_protocol_files + [
-+    inputs = gypi_values.node_protocol_files + gypi_values.node_pdl_files + [
-       "node_protocol_config.json",
-       "$node_gen_dir/src/node_protocol.json",
-     ]
 diff --git a/src/node_builtins.cc b/src/node_builtins.cc
-index 6506dcea3f4f88a7781975fae1ee5f8b87d4dfb2..a077ad673fdf7eab61878940e5fef43921c2e453 100644
+index f25ca01d6ef016489371a3a1c9d8500da65e8023..2c816bef8d64f3e0ba2993c4885641620ee64272 100644
 --- a/src/node_builtins.cc
 +++ b/src/node_builtins.cc
-@@ -455,6 +455,30 @@ MaybeLocal<Function> BuiltinLoader::LookupAndCompileFunction(
-   return value.As<Function>();
- }
- 
-+MaybeLocal<Function> BuiltinLoader::LookupAndCompileFunction(
-+    Local<Context> context,
-+    const char* id,
-+    LocalVector<String>* parameters,
-+    Realm* optional_realm) {
-+  Isolate* isolate = Isolate::GetCurrent();
-+  const BuiltinSource* builtin_source = LoadBuiltinSource(isolate, id);
-+  if (builtin_source == nullptr) {
-+    THROW_ERR_MODULE_NOT_FOUND(isolate, "Cannot find module %s", id);
-+    return MaybeLocal<Function>();
-+  }
-+  std::string filename_s = std::string("node:") + builtin_source->id;
-+  Local<String> filename = OneByteString(isolate, filename_s);
-+  Local<String> source = builtin_source->source.ToStringChecked(isolate);
-+  ScriptOrigin origin(filename, 0, 0, true);
-+  ScriptCompiler::Source script_source(source, origin);
-+  return ScriptCompiler::CompileFunction(context,
-+                                         &script_source,
-+                                         parameters->size(),
-+                                         parameters->data(),
-+                                         0,
-+                                         nullptr);
-+}
-+
- MaybeLocal<Value> BuiltinLoader::CompileAndCall(Local<Context> context,
-                                                 const char* id,
-                                                 Realm* realm) {
-@@ -741,7 +765,7 @@ MaybeLocal<Module> BuiltinLoader::LoadBuiltinSourceTextModule(Realm* realm,
-   // Pre-fetch all dependencies.
-   if (requests->Length() > 0) {
-     for (int i = 0; i < requests->Length(); i++) {
--      Local<ModuleRequest> req = requests->Get(context, i).As<ModuleRequest>();
-+      Local<ModuleRequest> req = requests->Get(i).As<ModuleRequest>();
-       std::string specifier =
-           Utf8Value(isolate, req->GetSpecifier()).ToString();
-       std::string resolved_id = ResolveRequestForBuiltin(specifier);
-@@ -900,6 +924,7 @@ void BuiltinLoader::RegisterExternalReferences(
-   registry->Register(ImportBuiltinSourceTextModule);
+@@ -760,6 +760,7 @@ void BuiltinLoader::RegisterExternalReferences(
+   registry->Register(GetNatives);
  
    RegisterExternalReferencesForInternalizedBuiltinCode(registry);
 +  EmbedderRegisterExternalReferencesForInternalizedBuiltinCode(registry);
@@ -137,10 +135,10 @@ index 6506dcea3f4f88a7781975fae1ee5f8b87d4dfb2..a077ad673fdf7eab61878940e5fef439
  
  }  // namespace builtins
 diff --git a/src/node_builtins.h b/src/node_builtins.h
-index e4af1f42f4442b4c1ec94cf25d8d811f0e82d89e..490f429986e43653e0dd2048d9e3bd2e99ae44b2 100644
+index 7a7b84337feb67960819472e43192dbdc151e299..bcdd50f635757f41287c87df1db9cd3b55c4b6b9 100644
 --- a/src/node_builtins.h
 +++ b/src/node_builtins.h
-@@ -82,6 +82,8 @@ using BuiltinCodeCacheMap =
+@@ -75,6 +75,8 @@ using BuiltinCodeCacheMap =
  // Generated by tools/js2c.cc as node_javascript.cc
  void RegisterExternalReferencesForInternalizedBuiltinCode(
      ExternalReferenceRegistry* registry);
@@ -149,27 +147,13 @@ index e4af1f42f4442b4c1ec94cf25d8d811f0e82d89e..490f429986e43653e0dd2048d9e3bd2e
  
  // Handles compilation and caching of built-in JavaScript modules and
  // bootstrap scripts, whose source are bundled into the binary as static data.
-@@ -104,6 +106,13 @@ class NODE_EXTERN_PRIVATE BuiltinLoader {
-   v8::MaybeLocal<v8::Function> LookupAndCompileFunction(
-       v8::Local<v8::Context> context, const char* id, Realm* optional_realm);
- 
-+  // Overload that accepts custom parameters for embedder scripts.
-+  v8::MaybeLocal<v8::Function> LookupAndCompileFunction(
-+      v8::Local<v8::Context> context,
-+      const char* id,
-+      v8::LocalVector<v8::String>* parameters,
-+      Realm* optional_realm);
-+
-   v8::MaybeLocal<v8::Value> CompileAndCallWith(v8::Local<v8::Context> context,
-                                                const char* id,
-                                                int argc,
 diff --git a/tools/js2c.cc b/tools/js2c.cc
 old mode 100644
 new mode 100755
-index 2cb09f8e1d7ba6ba389f70cdfc6300458f469caa..1a7b6ec6e6c51cf947694fac5dfd860b345d478f
+index 9c2f70de4e00834ff448e573743898072dc14c5d..71a12c606f4da7165cc41a295a278b2e504af1b6
 --- a/tools/js2c.cc
 +++ b/tools/js2c.cc
-@@ -29,6 +29,7 @@ namespace js2c {
+@@ -28,6 +28,7 @@ namespace js2c {
  int Main(int argc, char* argv[]);
  
  static bool is_verbose = false;
@@ -177,7 +161,7 @@ index 2cb09f8e1d7ba6ba389f70cdfc6300458f469caa..1a7b6ec6e6c51cf947694fac5dfd860b
  
  void Debug(const char* format, ...) {
    va_list arguments;
-@@ -176,6 +177,7 @@ const char* kTemplate = R"(
+@@ -175,6 +176,7 @@ const char* kTemplate = R"(
  #include "node_builtins.h"
  #include "node_external_reference.h"
  #include "node_internals.h"
@@ -185,7 +169,7 @@ index 2cb09f8e1d7ba6ba389f70cdfc6300458f469caa..1a7b6ec6e6c51cf947694fac5dfd860b
  
  namespace node {
  
-@@ -191,7 +193,11 @@ const ThreadsafeCopyOnWrite<BuiltinSourceMap> global_source_map {
+@@ -190,7 +192,11 @@ const ThreadsafeCopyOnWrite<BuiltinSourceMap> global_source_map {
  }  // anonymous namespace
  
  void BuiltinLoader::LoadJavaScriptSource() {
@@ -198,7 +182,7 @@ index 2cb09f8e1d7ba6ba389f70cdfc6300458f469caa..1a7b6ec6e6c51cf947694fac5dfd860b
  }
  
  void RegisterExternalReferencesForInternalizedBuiltinCode(
-@@ -208,6 +214,45 @@ UnionBytes BuiltinLoader::GetConfig() {
+@@ -207,6 +213,45 @@ UnionBytes BuiltinLoader::GetConfig() {
  }  // namespace node
  )";
  
@@ -244,7 +228,7 @@ index 2cb09f8e1d7ba6ba389f70cdfc6300458f469caa..1a7b6ec6e6c51cf947694fac5dfd860b
  Fragment Format(const Fragments& definitions,
                  const Fragments& initializers,
                  const Fragments& registrations) {
-@@ -217,13 +262,12 @@ Fragment Format(const Fragments& definitions,
+@@ -216,13 +261,12 @@ Fragment Format(const Fragments& definitions,
    size_t init_size = init_buf.size();
    std::vector<char> reg_buf = Join(registrations, "\n");
    size_t reg_size = reg_buf.size();
@@ -261,7 +245,7 @@ index 2cb09f8e1d7ba6ba389f70cdfc6300458f469caa..1a7b6ec6e6c51cf947694fac5dfd860b
                     static_cast<int>(def_buf.size()),
                     def_buf.data(),
                     static_cast<int>(init_buf.size()),
-@@ -848,12 +892,15 @@ int JS2C(const FileList& js_files,
+@@ -836,12 +880,15 @@ int JS2C(const FileList& js_files,
      }
    }
  
@@ -277,7 +261,7 @@ index 2cb09f8e1d7ba6ba389f70cdfc6300458f469caa..1a7b6ec6e6c51cf947694fac5dfd860b
    Fragment out = Format(definitions, initializers, registrations);
    return WriteIfChanged(out, dest);
  }
-@@ -879,6 +926,8 @@ int Main(int argc, char* argv[]) {
+@@ -867,6 +914,8 @@ int Main(int argc, char* argv[]) {
      std::string arg(argv[i]);
      if (arg == "--verbose") {
        is_verbose = true;
@@ -286,7 +270,7 @@ index 2cb09f8e1d7ba6ba389f70cdfc6300458f469caa..1a7b6ec6e6c51cf947694fac5dfd860b
      } else if (arg == "--root") {
        if (i == argc - 1) {
          fprintf(stderr, "--root must be followed by a path\n");
-@@ -927,6 +976,14 @@ int Main(int argc, char* argv[]) {
+@@ -915,6 +964,14 @@ int Main(int argc, char* argv[]) {
      }
    }
  
@@ -301,7 +285,7 @@ index 2cb09f8e1d7ba6ba389f70cdfc6300458f469caa..1a7b6ec6e6c51cf947694fac5dfd860b
    // Should have exactly 3 types: `.js`, `.mjs` and `.gypi`.
    assert(file_map.size() == 3);
    auto gypi_it = file_map.find(".gypi");
-@@ -953,6 +1010,7 @@ int Main(int argc, char* argv[]) {
+@@ -941,6 +998,7 @@ int Main(int argc, char* argv[]) {
    std::sort(mjs_it->second.begin(), mjs_it->second.end());
  
    return JS2C(js_it->second, mjs_it->second, gypi_it->second[0], output);
@@ -322,10 +306,10 @@ index 856878c33681a73d41016729dabe48b0a6a80589..91a11852d206b65485fe90fd037a0bd1
      if sys.platform == 'win32':
        files = [ x.replace('\\', '/') for x in files ]
 diff --git a/unofficial.gni b/unofficial.gni
-index aa78f9ce60c0439536eaf6e23880e30ebef0e1a9..df0ae804a5338d8f2ec4d331a1e2ed053c3c3955 100644
+index c742b62c484e9dd205eff63dcffad78c76828375..bff7b0650cfe8578a044e45d0f9e352859909695 100644
 --- a/unofficial.gni
 +++ b/unofficial.gni
-@@ -147,32 +147,42 @@ template("node_gn_build") {
+@@ -147,31 +147,42 @@ template("node_gn_build") {
      public_configs = [
        ":node_external_config",
        "deps/googletest:googletest_config",
@@ -344,7 +328,7 @@ index aa78f9ce60c0439536eaf6e23880e30ebef0e1a9..df0ae804a5338d8f2ec4d331a1e2ed05
        "deps/cares",
        "deps/histogram",
        "deps/llhttp",
-       "deps/merve",
++      "deps/merve",
        "deps/nbytes",
        "deps/nghttp2",
 -      "deps/ngtcp2",
@@ -371,7 +355,7 @@ index aa78f9ce60c0439536eaf6e23880e30ebef0e1a9..df0ae804a5338d8f2ec4d331a1e2ed05
        "$target_gen_dir/node_javascript.cc",
      ] + gypi_values.node_sources
  
-@@ -195,7 +205,7 @@ template("node_gn_build") {
+@@ -194,7 +205,7 @@ template("node_gn_build") {
      }
      if (node_use_openssl) {
        deps += [ "deps/ncrypto" ]
@@ -380,7 +364,7 @@ index aa78f9ce60c0439536eaf6e23880e30ebef0e1a9..df0ae804a5338d8f2ec4d331a1e2ed05
        sources += gypi_values.node_crypto_sources
      }
      if (node_use_sqlite) {
-@@ -224,6 +234,10 @@ template("node_gn_build") {
+@@ -223,6 +234,10 @@ template("node_gn_build") {
      }
    }
  
@@ -391,7 +375,7 @@ index aa78f9ce60c0439536eaf6e23880e30ebef0e1a9..df0ae804a5338d8f2ec4d331a1e2ed05
    executable(target_name) {
      forward_variables_from(invoker, "*")
  
-@@ -315,6 +329,7 @@ template("node_gn_build") {
+@@ -314,6 +329,7 @@ template("node_gn_build") {
    }
  
    executable("node_js2c") {
@@ -399,9 +383,9 @@ index aa78f9ce60c0439536eaf6e23880e30ebef0e1a9..df0ae804a5338d8f2ec4d331a1e2ed05
      deps = [
        "deps/uv",
        "$node_simdutf_path",
-@@ -327,26 +342,75 @@ template("node_gn_build") {
-       "src/builtin_info.cc",
-       "src/builtin_info.h",
+@@ -324,26 +340,75 @@ template("node_gn_build") {
+       "src/embedded_data.cc",
+       "src/embedded_data.h",
      ]
 -    include_dirs = [ "src" ]
 +    include_dirs = [ "src", "tools" ]
@@ -485,7 +469,7 @@ index aa78f9ce60c0439536eaf6e23880e30ebef0e1a9..df0ae804a5338d8f2ec4d331a1e2ed05
      outputs = [ "$target_gen_dir/node_javascript.cc" ]
  
      # Get the path to node_js2c executable of the host toolchain.
-@@ -360,11 +424,11 @@ template("node_gn_build") {
+@@ -357,11 +422,11 @@ template("node_gn_build") {
          get_label_info(":node_js2c($host_toolchain)", "name") +
          host_executable_suffix
  

patches/node/build_allow_unbundling_of_node_js_dependencies.patch

@@ -14,7 +14,7 @@ We don't need to do this for zlib, as the existing gn workflow uses the same
 Upstreamed at https://github.com/nodejs/node/pull/55903
 
 diff --git a/unofficial.gni b/unofficial.gni
-index eeffbafa4023ed68f56410c858e459f569ed6344..d7c717d5c2799692c7ea4537d7faea234faefaa2 100644
+index a773152813376bef1fa227c331241a1d944c9317..43f09d1e68c88d3ba3b862a1a74769f73c370894 100644
 --- a/unofficial.gni
 +++ b/unofficial.gni
 @@ -203,7 +203,17 @@ template("node_gn_build") {

patches/node/build_enable_perfetto.patch

@@ -168,10 +168,10 @@ index 06a4f8a239855571dcc67cd81e7da7a255a9ebfd..1fa9e314ad796cdf74f718f0eb2a1553
      }
  
 diff --git a/node.gyp b/node.gyp
-index 0620850e0872cfea9a1241b2a56f7bede7fa291a..934bee079ed785e4e72f33f71f445aae4ca6c0a6 100644
+index f5cd416b5fe7a51084bc4af9a4427a8e62599fd8..b7072ce74354495bec49357f962f4ef2999bf727 100644
 --- a/node.gyp
 +++ b/node.gyp
-@@ -184,9 +184,9 @@
+@@ -182,9 +182,9 @@
        'src/timers.cc',
        'src/timer_wrap.cc',
        'src/tracing/agent.cc',
@@ -182,7 +182,7 @@ index 0620850e0872cfea9a1241b2a56f7bede7fa291a..934bee079ed785e4e72f33f71f445aae
        'src/tracing/traced_value.cc',
        'src/tty_wrap.cc',
        'src/udp_wrap.cc',
-@@ -318,9 +318,9 @@
+@@ -314,9 +314,9 @@
        'src/tcp_wrap.h',
        'src/timers.h',
        'src/tracing/agent.h',
@@ -194,10 +194,10 @@ index 0620850e0872cfea9a1241b2a56f7bede7fa291a..934bee079ed785e4e72f33f71f445aae
        'src/tracing/traced_value.h',
        'src/timer_wrap.h',
 diff --git a/src/async_wrap.cc b/src/async_wrap.cc
-index 4ebb63b2f591dde25ead2ddd869e1740adc243db..f9123d5a629a43783b9a3ffe14b57f6d6cc9ac5d 100644
+index 301f77c419f178c4eea258e0896327f69389dda7..d5068a18392a6128ceee7f0146f8f9c77f9924bb 100644
 --- a/src/async_wrap.cc
 +++ b/src/async_wrap.cc
-@@ -113,8 +113,7 @@ void AsyncWrap::EmitPromiseResolve(Environment* env, double async_id) {
+@@ -110,8 +110,7 @@ void AsyncWrap::EmitPromiseResolve(Environment* env, double async_id) {
  }
  
  void AsyncWrap::EmitTraceAsyncStart() const {
@@ -208,10 +208,10 @@ index 4ebb63b2f591dde25ead2ddd869e1740adc243db..f9123d5a629a43783b9a3ffe14b57f6d
                                  get_trigger_async_id());
      TRACE_EVENT_NESTABLE_ASYNC_BEGIN1(TRACING_CATEGORY_NODE1(async_hooks),
 diff --git a/src/env.cc b/src/env.cc
-index bbb30dd8a50f7b8550caf1967de8547cc7d8af47..ef6e14245fa668d04d0e9b1f71fcce48ec267f4e 100644
+index fdabe48dd7776c59298f7d972286d0d2ed062752..c185d822b29c0b691bbf5f724f71f59638c6184d 100644
 --- a/src/env.cc
 +++ b/src/env.cc
-@@ -649,8 +649,8 @@ void TrackingTraceStateObserver::UpdateTraceCategoryState() {
+@@ -650,8 +650,8 @@ void TrackingTraceStateObserver::UpdateTraceCategoryState() {
      return;
    }
  
@@ -222,7 +222,7 @@ index bbb30dd8a50f7b8550caf1967de8547cc7d8af47..ef6e14245fa668d04d0e9b1f71fcce48
  
    Isolate* isolate = env_->isolate();
    HandleScope handle_scope(isolate);
-@@ -892,8 +892,7 @@ Environment::Environment(IsolateData* isolate_data,
+@@ -893,8 +893,7 @@ Environment::Environment(IsolateData* isolate_data,
        time_origin_timestamp_,
        MAYBE_FIELD_PTR(env_info, performance_state));
  
@@ -285,10 +285,10 @@ index 0bc086ccd1ff449c0f3fb08a972a0c45d3178f1c..ca74e83ef6f7b0e8b8496457af3813f0
    bool use_wasm_trap_handler =
        !per_process::cli_options->disable_wasm_trap_handler;
 diff --git a/src/node_contextify.cc b/src/node_contextify.cc
-index d3568da72a0f99419b4029b93d9eb1e9328d6bd5..0f5da3e48a2049a3e61fe81da94426a3b5928c7d 100644
+index 3c234205e89be7e976dae5c3fcc73ca67953e034..986a2d8da7fd04b5d4060d9c8d44c61a231dcce6 100644
 --- a/src/node_contextify.cc
 +++ b/src/node_contextify.cc
-@@ -1001,8 +1001,7 @@ void ContextifyScript::New(const FunctionCallbackInfo<Value>& args) {
+@@ -1026,8 +1026,7 @@ void ContextifyScript::New(const FunctionCallbackInfo<Value>& args) {
  
    ContextifyScript* contextify_script = New(env, args.This());
  
@@ -331,7 +331,7 @@ index c9173d404c79a69743fc75ddb6bba0ac9579c1ef..8ffac047a69b3900f37d712334c504a1
  #define FS_DIR_ASYNC_TRACE_BEGIN0(fs_type, id)                                 \
    TRACE_EVENT_NESTABLE_ASYNC_BEGIN0(TRACING_CATEGORY_NODE2(fs_dir, async),     \
 diff --git a/src/node_file.cc b/src/node_file.cc
-index bf202f5e2bf5eaf2dd9192dfd701e621126c492c..4c0a128628e0184af53451d37149b33342f6e647 100644
+index 96aac2d86695732bf6805f2ad2168a62241b5045..c7a9648b0f83e910190dc620f4b72577ffde6c44 100644
 --- a/src/node_file.cc
 +++ b/src/node_file.cc
 @@ -147,16 +147,23 @@ static const char* get_fs_func_name_by_type(uv_fs_type req_type) {
@@ -799,7 +799,7 @@ index 0bc9df81d87562243817a6618641a49b602654e3..b6dd8b9a9c21051f3d385d5ecea9c50c
  namespace tracing {
  
 diff --git a/unofficial.gni b/unofficial.gni
-index df0ae804a5338d8f2ec4d331a1e2ed053c3c3955..eeffbafa4023ed68f56410c858e459f569ed6344 100644
+index bff7b0650cfe8578a044e45d0f9e352859909695..a773152813376bef1fa227c331241a1d944c9317 100644
 --- a/unofficial.gni
 +++ b/unofficial.gni
 @@ -143,7 +143,10 @@ template("node_gn_build") {

patches/node/build_ensure_native_module_compilation_fails_if_not_using_a_new.patch

@@ -7,7 +7,7 @@ Subject: build: ensure native module compilation fails if not using a new
 This should not be upstreamed, it is a quality-of-life patch for downstream module builders.
 
 diff --git a/common.gypi b/common.gypi
-index d398e33d5acc9acd096e2c263a6f8ad9d947d1b0..f760bb6e6a498c3f9786b46b60fbbf38521ab60a 100644
+index d9eb9527e3cbb3b101274ab19e6d6ace42f0e022..a1243ad39b8fcf564285ace0b51b1482bd85071b 100644
 --- a/common.gypi
 +++ b/common.gypi
 @@ -89,6 +89,8 @@
@@ -42,19 +42,19 @@ index d398e33d5acc9acd096e2c263a6f8ad9d947d1b0..f760bb6e6a498c3f9786b46b60fbbf38
        # list in v8/BUILD.gn.
        ['v8_enable_v8_checks == 1', {
 diff --git a/configure.py b/configure.py
-index fc48438060e0dd84edc60d1aebf3d0946be98ea9..4e30f58c3f33ed400301ed08a365a738b49f530f 100755
+index fd13970ae73bbe5db186f81faed792a5597bbcd0..162e3b09c92b49cd39d32a87ff97a54555d3e47b 100755
 --- a/configure.py
 +++ b/configure.py
-@@ -1810,6 +1810,7 @@ def configure_library(lib, output, pkgname=None):
+@@ -1802,6 +1802,7 @@ def configure_library(lib, output, pkgname=None):
  def configure_v8(o, configs):
-   set_configuration_variable(configs, 'v8_enable_v8_checks', release=0, debug=1)
+   set_configuration_variable(configs, 'v8_enable_v8_checks', release=1, debug=0)
  
 +  o['variables']['using_electron_config_gypi'] = 1
    o['variables']['v8_enable_webassembly'] = 0 if options.v8_lite_mode else 1
    o['variables']['v8_enable_javascript_promise_hooks'] = 1
    o['variables']['v8_enable_lite_mode'] = 1 if options.v8_lite_mode else 0
 diff --git a/src/node.h b/src/node.h
-index 2087509f7961dcacf02c634f2c4940e45f374072..0225ff4f43e8b82c08e8ec5492df73223a82066c 100644
+index ebfd7229b5f0044b628fbe0b03ac211f0c6ed9a6..b92a9d42da8419741c435643b7401efcb21a9e8b 100644
 --- a/src/node.h
 +++ b/src/node.h
 @@ -22,6 +22,12 @@

patches/node/build_modify_js2c_py_to_allow_injection_of_original-fs_and_custom_embedder_js.patch

@@ -34,10 +34,10 @@ index a493c9579669072d97c7caa9049e846bda36f8b9..334ffaa6f2d955125ca8b427ace1442c
  let kResistStopPropagation;
  
 diff --git a/src/node_builtins.cc b/src/node_builtins.cc
-index a077ad673fdf7eab61878940e5fef43921c2e453..7922f2f936f64cbb7bd08f0d367f66f0b9eb083b 100644
+index 2c816bef8d64f3e0ba2993c4885641620ee64272..3377d697615ee168e49e83c4202bc227581f1aaf 100644
 --- a/src/node_builtins.cc
 +++ b/src/node_builtins.cc
-@@ -46,6 +46,7 @@ using v8::Value;
+@@ -39,6 +39,7 @@ using v8::Value;
  BuiltinLoader::BuiltinLoader()
      : config_(GetConfig()), code_cache_(std::make_shared<BuiltinCodeCache>()) {
    LoadJavaScriptSource();
@@ -46,10 +46,10 @@ index a077ad673fdf7eab61878940e5fef43921c2e453..7922f2f936f64cbb7bd08f0d367f66f0
    AddExternalizedBuiltin("internal/deps/undici/undici",
                           STRINGIFY(NODE_SHARED_BUILTIN_UNDICI_UNDICI_PATH));
 diff --git a/src/node_builtins.h b/src/node_builtins.h
-index 490f429986e43653e0dd2048d9e3bd2e99ae44b2..05b1c5bbc38f851b11383b7e3e48c1c92f47aba1 100644
+index bcdd50f635757f41287c87df1db9cd3b55c4b6b9..e908f3c0e314b90ff7b6c599940ea8f4e657c709 100644
 --- a/src/node_builtins.h
 +++ b/src/node_builtins.h
-@@ -150,6 +150,7 @@ class NODE_EXTERN_PRIVATE BuiltinLoader {
+@@ -141,6 +141,7 @@ class NODE_EXTERN_PRIVATE BuiltinLoader {
  
    // Generated by tools/js2c.cc as node_javascript.cc
    void LoadJavaScriptSource();  // Loads data into source_

patches/node/build_restore_clang_as_default_compiler_on_macos.patch

@@ -11,7 +11,7 @@ node-gyp will use the result of `process.config` that reflects the environment
 in which the binary got built.
 
 diff --git a/common.gypi b/common.gypi
-index f760bb6e6a498c3f9786b46b60fbbf38521ab60a..d9ba0816ae424e5eb77fa742f8fd3d2d1c9845fc 100644
+index a1243ad39b8fcf564285ace0b51b1482bd85071b..60ac7a50718fd8239fd96b811cdccd1c73b2d606 100644
 --- a/common.gypi
 +++ b/common.gypi
 @@ -128,6 +128,7 @@

patches/node/build_restore_macos_deployment_target_to_12_0.patch

@@ -10,7 +10,7 @@ M151, and so we should allow for building until then.
 This patch can be removed at the M151 branch point.
 
 diff --git a/common.gypi b/common.gypi
-index d9ba0816ae424e5eb77fa742f8fd3d2d1c9845fc..537332b67dc7a45ef2b9ca4e439081a9f39a5f69 100644
+index 60ac7a50718fd8239fd96b811cdccd1c73b2d606..709eb83801eeed81f79c4305a86d1a19710298c2 100644
 --- a/common.gypi
 +++ b/common.gypi
 @@ -677,7 +677,7 @@

patches/node/chore_allow_the_node_entrypoint_to_be_a_builtin_module.patch

@@ -8,10 +8,10 @@ they use themselves as the entry point. We should try to upstream some form
 of this.
 
 diff --git a/lib/internal/process/pre_execution.js b/lib/internal/process/pre_execution.js
-index e9ab2b2a8958e99a6cd9d4280641c05eedec18aa..4a42dd66f451eece98fded909a72dd5ffcfd9708 100644
+index 8ed8802adcda308166d700e463c8d6cbcb26d94a..9a99ff6d44320c0e28f4a787d24ea98ae1c96196 100644
 --- a/lib/internal/process/pre_execution.js
 +++ b/lib/internal/process/pre_execution.js
-@@ -281,12 +281,14 @@ function patchProcessObject(expandArgv1) {
+@@ -276,12 +276,14 @@ function patchProcessObject(expandArgv1) {
    // the entry point.
    if (expandArgv1 && process.argv[1] && process.argv[1][0] !== '-') {
      // Expand process.argv[1] into a full path.

patches/node/chore_disable_deprecation_ftbfs_in_simdjson_header.patch

@@ -14,10 +14,10 @@ and
 This patch can be removed once this is fixed upstream in simdjson.
 
 diff --git a/deps/simdjson/simdjson.h b/deps/simdjson/simdjson.h
-index 3a413a7d1e046e93babfdda9982bd602f35ba3fc..76a6d4a30efcf0f5c9d14a314f1be670e8184524 100644
+index 1d6560e80fab0458b22f0ac2437056bce4873e8f..c3dbe2b6fc08c36a07ced5e29a814f7bcd85b748 100644
 --- a/deps/simdjson/simdjson.h
 +++ b/deps/simdjson/simdjson.h
-@@ -4408,12 +4408,17 @@ private:
+@@ -4215,12 +4215,17 @@ inline std::ostream& operator<<(std::ostream& out, simdjson_result<padded_string
  
  } // namespace simdjson
  
@@ -35,7 +35,7 @@ index 3a413a7d1e046e93babfdda9982bd602f35ba3fc..76a6d4a30efcf0f5c9d14a314f1be670
  namespace simdjson {
  namespace internal {
  
-@@ -5105,6 +5110,9 @@ simdjson_inline bool padded_memory_map::is_valid() const noexcept {
+@@ -4729,6 +4734,9 @@ inline simdjson_result<padded_string> padded_string::load(std::wstring_view file
  
  } // namespace simdjson
  
@@ -45,16 +45,16 @@ index 3a413a7d1e046e93babfdda9982bd602f35ba3fc..76a6d4a30efcf0f5c9d14a314f1be670
  inline simdjson::padded_string operator ""_padded(const char *str, size_t len) {
    return simdjson::padded_string(str, len);
  }
-@@ -5113,6 +5121,8 @@ inline simdjson::padded_string operator ""_padded(const char8_t *str, size_t len
+@@ -4737,6 +4745,8 @@ inline simdjson::padded_string operator ""_padded(const char8_t *str, size_t len
    return simdjson::padded_string(reinterpret_cast<const char *>(str), len);
  }
  #endif
 +#pragma clang diagnostic pop
 +
- 
  #endif // SIMDJSON_PADDED_STRING_INL_H
  /* end file simdjson/padded_string-inl.h */
-@@ -72412,12 +72422,16 @@ simdjson_inline simdjson_warn_unused std::unique_ptr<ondemand::parser>& parser::
+ /* skipped duplicate #include "simdjson/padded_string_view.h" */
+@@ -44745,12 +44755,16 @@ simdjson_inline simdjson_warn_unused std::unique_ptr<ondemand::parser>& parser::
    return parser_instance;
  }
  
@@ -71,7 +71,7 @@ index 3a413a7d1e046e93babfdda9982bd602f35ba3fc..76a6d4a30efcf0f5c9d14a314f1be670
  
  } // namespace ondemand
  } // namespace arm64
-@@ -85564,12 +85578,16 @@ simdjson_inline simdjson_warn_unused std::unique_ptr<ondemand::parser>& parser::
+@@ -59221,12 +59235,16 @@ simdjson_inline simdjson_warn_unused std::unique_ptr<ondemand::parser>& parser::
    return parser_instance;
  }
  

patches/node/chore_exclude_electron_node_folder_from_exit-time-destructors.patch

@@ -20,7 +20,7 @@ index ab7dc27de3e304f6d912d5834da47e3b4eb25495..b6c0fd4ceee989dac55c7d54e52fef18
    }
  }
 diff --git a/unofficial.gni b/unofficial.gni
-index d7c717d5c2799692c7ea4537d7faea234faefaa2..bf44e39c0debe9d3dce4dcb490b6ce3bc16dca2a 100644
+index 43f09d1e68c88d3ba3b862a1a74769f73c370894..cedd2b0a0941fe66bdae479c4fc768ce3d7bc6ac 100644
 --- a/unofficial.gni
 +++ b/unofficial.gni
 @@ -146,6 +146,7 @@ template("node_gn_build") {
@@ -31,8 +31,8 @@ index d7c717d5c2799692c7ea4537d7faea234faefaa2..bf44e39c0debe9d3dce4dcb490b6ce3b
      ]
      public_configs = [
        ":node_external_config",
-@@ -370,6 +371,7 @@ template("node_gn_build") {
-       "src/builtin_info.h",
+@@ -368,6 +369,7 @@ template("node_gn_build") {
+       "src/embedded_data.h",
      ]
      include_dirs = [ "src", "tools" ]
 +    configs += [ "//build/config/compiler:no_exit_time_destructors" ]

patches/node/chore_expose_importmoduledynamically_and.patch

@@ -11,7 +11,7 @@ its own blended handler between Node and Blink.
 Not upstreamable.
 
 diff --git a/lib/internal/modules/esm/utils.js b/lib/internal/modules/esm/utils.js
-index 5019477c55e5ff1121a2b51168f12e008d54d59e..8eb390fbe16401a7abf836030233832925ab5c9e 100644
+index 0af25ebbf6c3f2b790238e32f01addfb648e4e52..bd726088f7480853b8507c39668cc4716c4ce61f 100644
 --- a/lib/internal/modules/esm/utils.js
 +++ b/lib/internal/modules/esm/utils.js
 @@ -35,7 +35,7 @@ const {

patches/node/expose_get_builtin_module_function.patch

@@ -9,10 +9,10 @@ modules to sandboxed renderers.
 TODO(codebytere): remove and replace with a public facing API.
 
 diff --git a/src/node_binding.cc b/src/node_binding.cc
-index b76ecc8cab47dfb96adce17294eb0191a60a2efd..0ddc080f6f1e1b3d0aaa0e55c9aa5ddb7409b11b 100644
+index 740706e917b7d28c520abdbd743605bf73274f30..9ab30b3c9bc663d2947fcbfaac6f06d2c8f8a5b1 100644
 --- a/src/node_binding.cc
 +++ b/src/node_binding.cc
-@@ -657,6 +657,10 @@ void GetInternalBinding(const FunctionCallbackInfo<Value>& args) {
+@@ -656,6 +656,10 @@ void GetInternalBinding(const FunctionCallbackInfo<Value>& args) {
    args.GetReturnValue().Set(exports);
  }
  
@@ -24,10 +24,10 @@ index b76ecc8cab47dfb96adce17294eb0191a60a2efd..0ddc080f6f1e1b3d0aaa0e55c9aa5ddb
    Environment* env = Environment::GetCurrent(args);
  
 diff --git a/src/node_binding.h b/src/node_binding.h
-index bb6547e5dac4086e29fd588d46e1b69d4e5dbc15..58f68485c298dce116a6a8ee6960c85edcb65e93 100644
+index a55a9c6a5787983c0477cb268ef1355162e72911..3455eb3d223a49cd73d80c72c209c26d49b769dc 100644
 --- a/src/node_binding.h
 +++ b/src/node_binding.h
-@@ -155,6 +155,8 @@ void GetInternalBinding(const v8::FunctionCallbackInfo<v8::Value>& args);
+@@ -154,6 +154,8 @@ void GetInternalBinding(const v8::FunctionCallbackInfo<v8::Value>& args);
  void GetLinkedBinding(const v8::FunctionCallbackInfo<v8::Value>& args);
  void DLOpen(const v8::FunctionCallbackInfo<v8::Value>& args);
  

patches/node/fix_add_default_values_for_variables_in_common_gypi.patch

@@ -7,7 +7,7 @@ common.gypi is a file that's included in the node header bundle, despite
 the fact that we do not build node with gyp.
 
 diff --git a/common.gypi b/common.gypi
-index 576d5057d988fca43a604a6db6a0b5723e960e2e..d398e33d5acc9acd096e2c263a6f8ad9d947d1b0 100644
+index 283c60eab356a5befc15027cd186ea0416914ee6..d9eb9527e3cbb3b101274ab19e6d6ace42f0e022 100644
 --- a/common.gypi
 +++ b/common.gypi
 @@ -91,6 +91,23 @@

patches/node/fix_add_externalpointertypetag_to_v8_external_api_calls.patch

@@ -8,7 +8,7 @@ an ExternalPointerTypeTag parameter. Use kExternalPointerTypeTagDefault
 for all existing call sites.
 
 diff --git a/src/crypto/crypto_context.cc b/src/crypto/crypto_context.cc
-index ff7a5917b554fc0c67edf4e36f567e7223e70577..23aaa364e955753a92c3cb575646955c40cdfd55 100644
+index d6af2460c3745901415d4e785cf210da8a730a8d..4b5b892b81727c8f93e3041d33902c31d3776a52 100644
 --- a/src/crypto/crypto_context.cc
 +++ b/src/crypto/crypto_context.cc
 @@ -2336,7 +2336,7 @@ int SecureContext::TicketCompatibilityCallback(SSL* ssl,
@@ -100,7 +100,7 @@ index d067b47e7e30a95740fe0275c70445707dec426b..391c57eed9058602bd8311d885cf5fc6
    env->compile_cache_handler()->MaybeSave(cache_entry, utf8.ToStringView());
  }
 diff --git a/src/node_util.cc b/src/node_util.cc
-index 065ed602b314f367c2e7dec94019521fd5d23bf4..8be8a8b5726a265a838841a21bb023fa41ceeb13 100644
+index e9f4c1cdb60c03dce210f49e18dda57a4934a8b5..263edfd92e38c66f7912c602b306d420b503a839 100644
 --- a/src/node_util.cc
 +++ b/src/node_util.cc
 @@ -93,7 +93,7 @@ static void GetExternalValue(

patches/node/fix_allow_disabling_fetch_in_renderer_and_worker_processes.patch

@@ -9,10 +9,10 @@ conflict with Blink's in renderer and worker processes.
 We should try to upstream some version of this.
 
 diff --git a/doc/api/cli.md b/doc/api/cli.md
-index ba9fcc3a3abf48f7ab4416a7ec13e689fd5802c7..4311a6e35ab85876b24c03036e5d91d5adb5c369 100644
+index f05686608297e538f0a6f65abb389281bced4291..c8da076f80a559b9ee6d2ffed831b088c15c8e88 100644
 --- a/doc/api/cli.md
 +++ b/doc/api/cli.md
-@@ -1802,6 +1802,14 @@ changes:
+@@ -1820,6 +1820,14 @@ changes:
  
  Disable using [syntax detection][] to determine module type.
  
@@ -27,7 +27,7 @@ index ba9fcc3a3abf48f7ab4416a7ec13e689fd5802c7..4311a6e35ab85876b24c03036e5d91d5
  ### `--no-experimental-global-navigator`
  
  <!-- YAML
-@@ -3516,6 +3524,7 @@ one is included in the list below.
+@@ -3499,6 +3507,7 @@ one is included in the list below.
  * `--no-addons`
  * `--no-async-context-frame`
  * `--no-deprecation`
@@ -36,7 +36,7 @@ index ba9fcc3a3abf48f7ab4416a7ec13e689fd5802c7..4311a6e35ab85876b24c03036e5d91d5
  * `--no-experimental-repl-await`
  * `--no-experimental-sqlite`
 diff --git a/doc/node.1 b/doc/node.1
-index bed0774b43a21a75eac7466905d7c06d6e9f4f8a..ebc364bbd79972f012a7489853530adc87b580a6 100644
+index 9a0f5beb5b995fb92b31514c166e1c76e18d8ca9..fab0b24b630e755658b58a7281df1dacc4b7f32a 100644
 --- a/doc/node.1
 +++ b/doc/node.1
 @@ -201,6 +201,9 @@ Enable transformation of TypeScript-only syntax into JavaScript code.
@@ -50,7 +50,7 @@ index bed0774b43a21a75eac7466905d7c06d6e9f4f8a..ebc364bbd79972f012a7489853530adc
  Disable experimental support for the WebSocket API.
  .
 diff --git a/lib/internal/process/pre_execution.js b/lib/internal/process/pre_execution.js
-index 4a42dd66f451eece98fded909a72dd5ffcfd9708..a693e35135fc8f7e918e1410a104d4607ece5489 100644
+index 9a99ff6d44320c0e28f4a787d24ea98ae1c96196..8f5810267d1ba430bae02be141f087f2a5d3cf9f 100644
 --- a/lib/internal/process/pre_execution.js
 +++ b/lib/internal/process/pre_execution.js
 @@ -117,6 +117,7 @@ function prepareExecution(options) {
@@ -61,7 +61,7 @@ index 4a42dd66f451eece98fded909a72dd5ffcfd9708..a693e35135fc8f7e918e1410a104d460
    setupWebsocket();
    setupEventsource();
    setupCodeCoverage();
-@@ -350,6 +351,16 @@ function setupWarningHandler() {
+@@ -345,6 +346,16 @@ function setupWarningHandler() {
    }
  }
  
@@ -79,10 +79,10 @@ index 4a42dd66f451eece98fded909a72dd5ffcfd9708..a693e35135fc8f7e918e1410a104d460
  function setupWebsocket() {
    if (getOptionValue('--no-experimental-websocket')) {
 diff --git a/src/node_options.cc b/src/node_options.cc
-index 79d7c8cac002ba85b95c1d58a8e7cbf84fc35e89..cf66678164f4fca371f853c8afe3c0b7e7e3bc82 100644
+index f6f81f50c8bd91a72ca96093dc64c183bd58039b..aa18dab6e4171d8a7f0af4b7db1b8c2c07191859 100644
 --- a/src/node_options.cc
 +++ b/src/node_options.cc
-@@ -551,7 +551,11 @@ EnvironmentOptionsParser::EnvironmentOptionsParser() {
+@@ -545,7 +545,11 @@ EnvironmentOptionsParser::EnvironmentOptionsParser() {
              &EnvironmentOptions::experimental_eventsource,
              kAllowedInEnvvar,
              false);

patches/node/fix_allow_passing_fileexists_fn_to_legacymainresolve.patch

@@ -11,16 +11,19 @@ We can fix this by allowing the C++ implementation of legacyMainResolve to use
 a fileExists function that does take Asar into account.
 
 diff --git a/lib/internal/modules/esm/resolve.js b/lib/internal/modules/esm/resolve.js
-index b01eafd3c476c065a16701317aca2a1def559376..a7471f3c55d94b7572061f5a04cb67cef120fe79 100644
+index 81799fc159cf20344aac64cd7129240deb9a4fe8..12b476ff97603718186dd25b1f435d377841bd89 100644
 --- a/lib/internal/modules/esm/resolve.js
 +++ b/lib/internal/modules/esm/resolve.js
-@@ -28,11 +28,10 @@ const { BuiltinModule } = require('internal/bootstrap/realm');
+@@ -28,14 +28,13 @@ const { BuiltinModule } = require('internal/bootstrap/realm');
  const fs = require('fs');
  const { getOptionValue } = require('internal/options');
  // Do not eagerly grab .manifest, it may be in TDZ
 -const { sep, posix: { relative: relativePosixPath }, resolve } = require('path');
--const { URL, pathToFileURL, fileURLToPath, isURL, URLParse } = require('internal/url');
 +const { sep, posix: { relative: relativePosixPath }, toNamespacedPath, resolve } = require('path');
+ const preserveSymlinks = getOptionValue('--preserve-symlinks');
+ const preserveSymlinksMain = getOptionValue('--preserve-symlinks-main');
+ const inputTypeFlag = getOptionValue('--input-type');
+-const { URL, pathToFileURL, fileURLToPath, isURL, URLParse } = require('internal/url');
 +const { URL, pathToFileURL, fileURLToPath, isURL, URLParse, toPathIfFileURL } = require('internal/url');
  const { getCWDURL, setOwnProperty } = require('internal/util');
  const { canParse: URLCanParse } = internalBinding('url');
@@ -28,7 +31,7 @@ index b01eafd3c476c065a16701317aca2a1def559376..a7471f3c55d94b7572061f5a04cb67ce
  const {
    ERR_INPUT_TYPE_NOT_ALLOWED,
    ERR_INVALID_ARG_TYPE,
-@@ -180,6 +179,11 @@ const legacyMainResolveExtensionsIndexes = {
+@@ -184,6 +183,11 @@ const legacyMainResolveExtensionsIndexes = {
    kResolvedByPackageAndNode: 9,
  };
  
@@ -40,7 +43,7 @@ index b01eafd3c476c065a16701317aca2a1def559376..a7471f3c55d94b7572061f5a04cb67ce
  /**
   * Legacy CommonJS main resolution:
   * 1. let M = pkg_url + (json main field)
-@@ -198,7 +202,7 @@ function legacyMainResolve(packageJSONUrl, packageConfig, base) {
+@@ -202,7 +206,7 @@ function legacyMainResolve(packageJSONUrl, packageConfig, base) {
  
    const baseStringified = isURL(base) ? base.href : base;
  
@@ -50,10 +53,10 @@ index b01eafd3c476c065a16701317aca2a1def559376..a7471f3c55d94b7572061f5a04cb67ce
    const maybeMain = resolvedOption <= legacyMainResolveExtensionsIndexes.kResolvedByMainIndexNode ?
      packageConfig.main || './' : '';
 diff --git a/src/node_file.cc b/src/node_file.cc
-index 65bd2661bbceba2f1ab76f662d8a25f3419ed723..bf202f5e2bf5eaf2dd9192dfd701e621126c492c 100644
+index c69b4eb461cab79906833152d02f76f81149ad7e..96aac2d86695732bf6805f2ad2168a62241b5045 100644
 --- a/src/node_file.cc
 +++ b/src/node_file.cc
-@@ -3640,13 +3640,25 @@ static void CpSyncCopyDir(const FunctionCallbackInfo<Value>& args) {
+@@ -3599,13 +3599,25 @@ static void CpSyncCopyDir(const FunctionCallbackInfo<Value>& args) {
  }
  
  BindingData::FilePathIsFileReturnType BindingData::FilePathIsFile(
@@ -80,7 +83,7 @@ index 65bd2661bbceba2f1ab76f662d8a25f3419ed723..bf202f5e2bf5eaf2dd9192dfd701e621
    uv_fs_t req;
  
    int rc = uv_fs_stat(env->event_loop(), &req, file_path.c_str(), nullptr);
-@@ -3704,6 +3716,11 @@ void BindingData::LegacyMainResolve(const FunctionCallbackInfo<Value>& args) {
+@@ -3663,6 +3675,11 @@ void BindingData::LegacyMainResolve(const FunctionCallbackInfo<Value>& args) {
    std::optional<std::string> initial_file_path;
    std::string file_path;
  
@@ -92,7 +95,7 @@ index 65bd2661bbceba2f1ab76f662d8a25f3419ed723..bf202f5e2bf5eaf2dd9192dfd701e621
    if (args.Length() >= 2 && args[1]->IsString()) {
      auto package_config_main = Utf8Value(isolate, args[1]).ToString();
  
-@@ -3724,7 +3741,7 @@ void BindingData::LegacyMainResolve(const FunctionCallbackInfo<Value>& args) {
+@@ -3683,7 +3700,7 @@ void BindingData::LegacyMainResolve(const FunctionCallbackInfo<Value>& args) {
        BufferValue buff_file_path(isolate, local_file_path);
        ToNamespacedPath(env, &buff_file_path);
  
@@ -101,7 +104,7 @@ index 65bd2661bbceba2f1ab76f662d8a25f3419ed723..bf202f5e2bf5eaf2dd9192dfd701e621
          case BindingData::FilePathIsFileReturnType::kIsFile:
            return args.GetReturnValue().Set(i);
          case BindingData::FilePathIsFileReturnType::kIsNotFile:
-@@ -3761,7 +3778,7 @@ void BindingData::LegacyMainResolve(const FunctionCallbackInfo<Value>& args) {
+@@ -3720,7 +3737,7 @@ void BindingData::LegacyMainResolve(const FunctionCallbackInfo<Value>& args) {
      BufferValue buff_file_path(isolate, local_file_path);
      ToNamespacedPath(env, &buff_file_path);
  
@@ -111,7 +114,7 @@ index 65bd2661bbceba2f1ab76f662d8a25f3419ed723..bf202f5e2bf5eaf2dd9192dfd701e621
          return args.GetReturnValue().Set(i);
        case BindingData::FilePathIsFileReturnType::kIsNotFile:
 diff --git a/src/node_file.h b/src/node_file.h
-index 95bc5802051642a0e8c21ac97fd402396d7d45aa..f84886d0c33dcad50370775c9437bf0a96fd9204 100644
+index 224fa6f7ade375cb673c8adcc95927fa04f9c248..343c6bec67e6cf70ffb91b87e7837dbaf6071cee 100644
 --- a/src/node_file.h
 +++ b/src/node_file.h
 @@ -101,7 +101,8 @@ class BindingData : public SnapshotableObject {

patches/node/fix_avoid_external_memory_leak_on_invalid_tls_protocol_versions.patch

@@ -39,7 +39,7 @@ index 66331d2d9999e93e59cbce9e153affb942b79946..0f7fd0747ea779f76a9e64ed37d195bd
    if (secureOptions) {
      validateInteger(secureOptions, 'secureOptions');
 diff --git a/src/crypto/crypto_context.cc b/src/crypto/crypto_context.cc
-index fd2dfa9fcf444fe705a2d42cd0963531cea9a74c..ff7a5917b554fc0c67edf4e36f567e7223e70577 100644
+index ca62d3001bf51193d78caac0cccd93c188a8410c..d6af2460c3745901415d4e785cf210da8a730a8d 100644
 --- a/src/crypto/crypto_context.cc
 +++ b/src/crypto/crypto_context.cc
 @@ -1377,10 +1377,8 @@ SecureContext::SecureContext(Environment* env, Local<Object> wrap)

patches/node/fix_crypto_tests_to_run_with_bssl.patch

@@ -42,7 +42,7 @@ index 9876c4bb6ecd2e5b8879f153811cd0a0a22997aa..2c4bf03452eb10fec52c38a361b6aad9
  // Test Parallel Execution w/ KeyObject is threadsafe in openssl3
  {
 diff --git a/test/parallel/test-crypto-authenticated.js b/test/parallel/test-crypto-authenticated.js
-index 9778ea548e81d719f1ca01f9e6fb8cfb821d4103..d6178dba6faa94778203d615b0638bd5afb4f9da 100644
+index e8fedf2d5d5072e00afd493ac2ac44748212b02e..6fcbe244871d25b2151d39160149aaa50dc96012 100644
 --- a/test/parallel/test-crypto-authenticated.js
 +++ b/test/parallel/test-crypto-authenticated.js
 @@ -627,21 +627,25 @@ for (const test of TEST_CASES) {
@@ -130,20 +130,13 @@ index 9778ea548e81d719f1ca01f9e6fb8cfb821d4103..d6178dba6faa94778203d615b0638bd5
    const rfcTestCases = TEST_CASES.filter(({ algo, tampered }) => {
      return algo === 'chacha20-poly1305' && tampered === false;
    });
-@@ -771,10 +781,12 @@ for (const test of TEST_CASES) {
+@@ -771,4 +781,6 @@ for (const test of TEST_CASES) {
    assert.throws(() => {
      decipher.final();
    }, /Unsupported state or unable to authenticate data/);
 +} else {
 +  common.printSkipMessage('Skipping unsupported chacha20-poly1305 test');
  }
- 
- // Refs: https://github.com/nodejs/node/issues/62342
--{
-+if (ciphers.includes('aes-128-ccm')) {
-   const key = crypto.randomBytes(16);
-   const nonce = crypto.randomBytes(13);
- 
 diff --git a/test/parallel/test-crypto-cipheriv-decipheriv.js b/test/parallel/test-crypto-cipheriv-decipheriv.js
 index 6742722f9e90914b4dc8c079426d10040d476f72..8801ddfe7023fd0f7d5657b86a9164d75765322e 100644
 --- a/test/parallel/test-crypto-cipheriv-decipheriv.js
@@ -305,58 +298,6 @@ index d22281abbd5c3cab3aaa3ac494301fa6b4a8a968..5f0c6a4aed2e868a1a1049212edf2187
  
  s.pipe(h).on('data', common.mustCall(function(c) {
    assert.strictEqual(c, expect);
-diff --git a/test/parallel/test-crypto-key-objects-raw.js b/test/parallel/test-crypto-key-objects-raw.js
-index f301cc1942fd9a46ea91e18e580504d09ce53e48..a025c74d8832e55999f7513e9525d48533670c4b 100644
---- a/test/parallel/test-crypto-key-objects-raw.js
-+++ b/test/parallel/test-crypto-key-objects-raw.js
-@@ -34,10 +34,13 @@ const { hasOpenSSL } = require('../common/crypto');
- 
- // Key types that don't support raw-* formats
- {
--  for (const [type, pub, priv] of [
-+  const unsupportedKeyTypes = [
-     ['rsa', 'rsa_public_2048.pem', 'rsa_private_2048.pem'],
--    ['dsa', 'dsa_public.pem', 'dsa_private.pem'],
--  ]) {
-+  ];
-+  if (!process.features.openssl_is_boringssl) {
-+    unsupportedKeyTypes.push(['dsa', 'dsa_public.pem', 'dsa_private.pem']);
-+  }
-+  for (const [type, pub, priv] of unsupportedKeyTypes) {
-     const pubKeyObj = crypto.createPublicKey(
-       fixtures.readKey(pub, 'ascii'));
-     const privKeyObj = crypto.createPrivateKey(
-@@ -58,7 +61,7 @@ const { hasOpenSSL } = require('../common/crypto');
-   }
- 
-   // DH keys also don't support raw formats
--  {
-+  if (!process.features.openssl_is_boringssl) {
-     const privKeyObj = crypto.createPrivateKey(
-       fixtures.readKey('dh_private.pem', 'ascii'));
-     assert.throws(() => privKeyObj.export({ format: 'raw-private' }),
-@@ -224,7 +227,9 @@ if (hasOpenSSL(3, 5)) {
-   assert.throws(() => ecPriv.export({ format: 'raw-seed' }),
-                 { code: 'ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS' });
- 
--  for (const type of ['ed25519', 'ed448', 'x25519', 'x448']) {
-+  const seedKeyTypes = process.features.openssl_is_boringssl ?
-+    ['ed25519', 'x25519'] : ['ed25519', 'ed448', 'x25519', 'x448'];
-+  for (const type of seedKeyTypes) {
-     const priv = crypto.createPrivateKey(
-       fixtures.readKey(`${type}_private.pem`, 'ascii'));
-     assert.throws(() => priv.export({ format: 'raw-seed' }),
-@@ -392,7 +397,9 @@ if (hasOpenSSL(3, 5)) {
- 
- // x25519, ed25519, x448, and ed448 cannot be used as 'ec' namedCurve values
- {
--  for (const type of ['ed25519', 'x25519', 'ed448', 'x448']) {
-+  const curveTypes = process.features.openssl_is_boringssl ?
-+    ['ed25519', 'x25519'] : ['ed25519', 'x25519', 'ed448', 'x448'];
-+  for (const type of curveTypes) {
-     const priv = crypto.createPrivateKey(
-       fixtures.readKey(`${type}_private.pem`, 'ascii'));
-     const pub = crypto.createPublicKey(
 diff --git a/test/parallel/test-crypto-key-objects-to-crypto-key.js b/test/parallel/test-crypto-key-objects-to-crypto-key.js
 index 141e51d1ab74a4fc3b176b303807fb1cf2a58ce1..ba4fc881aa72ba7c39e8ae227a08be0ecf501c6f 100644
 --- a/test/parallel/test-crypto-key-objects-to-crypto-key.js
@@ -393,10 +334,10 @@ index 141e51d1ab74a4fc3b176b303807fb1cf2a58ce1..ba4fc881aa72ba7c39e8ae227a08be0e
      assert.throws(() => {
        publicKey.toCryptoKey(algorithm === 'Ed25519' ? 'X25519' : 'Ed25519', true, []);
 diff --git a/test/parallel/test-crypto-key-objects.js b/test/parallel/test-crypto-key-objects.js
-index 6c1c3fd3afa448f4a84da6c33873bb2a7a1d6c31..257c34b13995b54c9bd4ec5ffb2e2ba7d0f915f1 100644
+index e8359ed6d0362c6e8da8be08b0fd42245fa7ae47..bd8211d98261a1acc928e849bf713578c85ff877 100644
 --- a/test/parallel/test-crypto-key-objects.js
 +++ b/test/parallel/test-crypto-key-objects.js
-@@ -319,11 +319,11 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
+@@ -302,11 +302,11 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
    }, hasOpenSSL3 ? {
      message: 'error:1E08010C:DECODER routines::unsupported',
    } : {
@@ -411,7 +352,7 @@ index 6c1c3fd3afa448f4a84da6c33873bb2a7a1d6c31..257c34b13995b54c9bd4ec5ffb2e2ba7
    });
  
    // This should not abort either: https://github.com/nodejs/node/issues/29904
-@@ -346,12 +346,12 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
+@@ -329,12 +329,12 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
      message: /error:1E08010C:DECODER routines::unsupported/,
      library: 'DECODER routines'
    } : {
@@ -427,7 +368,7 @@ index 6c1c3fd3afa448f4a84da6c33873bb2a7a1d6c31..257c34b13995b54c9bd4ec5ffb2e2ba7
    { private: fixtures.readKey('ed25519_private.pem', 'ascii'),
      public: fixtures.readKey('ed25519_public.pem', 'ascii'),
      keyType: 'ed25519',
-@@ -361,17 +361,6 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
+@@ -344,17 +344,6 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
        d: 'wVK6M3SMhQh3NK-7GRrSV-BVWQx1FO5pW8hhQeu_NdA',
        kty: 'OKP'
      } },
@@ -445,7 +386,7 @@ index 6c1c3fd3afa448f4a84da6c33873bb2a7a1d6c31..257c34b13995b54c9bd4ec5ffb2e2ba7
    { private: fixtures.readKey('x25519_private.pem', 'ascii'),
      public: fixtures.readKey('x25519_public.pem', 'ascii'),
      keyType: 'x25519',
-@@ -381,18 +370,37 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
+@@ -364,18 +353,37 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
        d: 'mL_IWm55RrALUGRfJYzw40gEYWMvtRkesP9mj8o8Omc',
        kty: 'OKP'
      } },
@@ -488,7 +429,7 @@ index 6c1c3fd3afa448f4a84da6c33873bb2a7a1d6c31..257c34b13995b54c9bd4ec5ffb2e2ba7
    const keyType = info.keyType;
  
    {
-@@ -461,7 +469,7 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
+@@ -417,7 +425,7 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
    }
  });
  
@@ -497,7 +438,7 @@ index 6c1c3fd3afa448f4a84da6c33873bb2a7a1d6c31..257c34b13995b54c9bd4ec5ffb2e2ba7
    { private: fixtures.readKey('ec_p256_private.pem', 'ascii'),
      public: fixtures.readKey('ec_p256_public.pem', 'ascii'),
      keyType: 'ec',
-@@ -473,17 +481,6 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
+@@ -429,17 +437,6 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
        x: 'X0mMYR_uleZSIPjNztIkAS3_ud5LhNpbiIFp6fNf2Gs',
        y: 'UbJuPy2Xi0lW7UYTBxPK3yGgDu9EAKYIecjkHX5s2lI'
      } },
@@ -515,7 +456,7 @@ index 6c1c3fd3afa448f4a84da6c33873bb2a7a1d6c31..257c34b13995b54c9bd4ec5ffb2e2ba7
    { private: fixtures.readKey('ec_p384_private.pem', 'ascii'),
      public: fixtures.readKey('ec_p384_public.pem', 'ascii'),
      keyType: 'ec',
-@@ -509,7 +506,25 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
+@@ -465,7 +462,25 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
        y: 'Ad3flexBeAfXceNzRBH128kFbOWD6W41NjwKRqqIF26vmgW_8COldGKZjFkOSEASxPB' +
           'cvA2iFJRUyQ3whC00j0Np'
      } },
@@ -542,7 +483,7 @@ index 6c1c3fd3afa448f4a84da6c33873bb2a7a1d6c31..257c34b13995b54c9bd4ec5ffb2e2ba7
    const { keyType, namedCurve } = info;
  
    {
-@@ -623,7 +638,7 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
+@@ -540,7 +555,7 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
      format: 'pem',
      passphrase: Buffer.alloc(1024, 'a')
    }), {
@@ -551,7 +492,7 @@ index 6c1c3fd3afa448f4a84da6c33873bb2a7a1d6c31..257c34b13995b54c9bd4ec5ffb2e2ba7
    });
  
    const publicKey = createPublicKey(publicDsa);
-@@ -649,7 +664,7 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
+@@ -566,7 +581,7 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
  
  {
    // Test RSA-PSS.
@@ -560,7 +501,7 @@ index 6c1c3fd3afa448f4a84da6c33873bb2a7a1d6c31..257c34b13995b54c9bd4ec5ffb2e2ba7
      // This key pair does not restrict the message digest algorithm or salt
      // length.
      const publicPem = fixtures.readKey('rsa_pss_public_2048.pem');
-@@ -708,6 +723,8 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
+@@ -625,6 +640,8 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
      }, {
        code: 'ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS'
      });
@@ -600,7 +541,7 @@ index 75cb4800ff1bd51fedd7bc4e2d7e6af6f4f48346..b4363c31592763235116d970a5f45d4c
  {
    // Default outputLengths.
 diff --git a/test/parallel/test-crypto-pqc-key-objects-ml-dsa.js b/test/parallel/test-crypto-pqc-key-objects-ml-dsa.js
-index aef1012098fbb95d009093b27dbf204420f74269..99761be00162ed4e7b9c9b536e2d8861f185d687 100644
+index 37eab463deae472a78102c9fc6e03d4b642854ce..99e8c47702c55a9518ff093a58d87c753bec3aa8 100644
 --- a/test/parallel/test-crypto-pqc-key-objects-ml-dsa.js
 +++ b/test/parallel/test-crypto-pqc-key-objects-ml-dsa.js
 @@ -4,6 +4,10 @@ const common = require('../common');
@@ -715,7 +656,7 @@ index eafdfe392bde8eb1fde1dc7e7e9ae51682c74b87..2907e0175379266c90acb9df829d1028
    };
    assert.throws(() => crypto.scrypt('pass', 'salt', 1, options, () => {}),
 diff --git a/test/parallel/test-crypto-sign-verify.js b/test/parallel/test-crypto-sign-verify.js
-index 1900f244b8491ae422963a5145663ea20e55ce27..cf7f641710c26e2ae42af34b6379e15627428bb1 100644
+index a66f0a94efd7c952c1d2320fbc7a39fe3a88a8a1..dc5846db0e3dcf8f7cb5f7efcdbc81c1d767ab88 100644
 --- a/test/parallel/test-crypto-sign-verify.js
 +++ b/test/parallel/test-crypto-sign-verify.js
 @@ -33,7 +33,7 @@ const keySize = 2048;
@@ -749,22 +690,21 @@ index 1900f244b8491ae422963a5145663ea20e55ce27..cf7f641710c26e2ae42af34b6379e156
    });
  }
  
-@@ -424,12 +424,14 @@ assert.throws(
+@@ -423,11 +423,13 @@ assert.throws(
+     public: fixtures.readKey('ed25519_public.pem', 'ascii'),
      algo: null,
-     sigLen: 64,
-     raw: true },
+     sigLen: 64 },
 +  /*
    { private: fixtures.readKey('ed448_private.pem', 'ascii'),
      public: fixtures.readKey('ed448_public.pem', 'ascii'),
      algo: null,
      supportsContext: true,
-     sigLen: 114,
-     raw: true },
+     sigLen: 114 },
 +    */
    { private: fixtures.readKey('rsa_private_2048.pem', 'ascii'),
      public: fixtures.readKey('rsa_public_2048.pem', 'ascii'),
      algo: 'sha1',
-@@ -573,7 +575,7 @@ assert.throws(
+@@ -547,7 +549,7 @@ assert.throws(
  
  {
    const data = Buffer.from('Hello world');
@@ -928,10 +868,10 @@ index d21a6bd3d98d6db26cc82896e62da2869cf22842..21553911f8e16a76187bfff120dfbeea
  
  // Make sure memory isn't released before being returned
 diff --git a/test/parallel/test-tls-client-auth.js b/test/parallel/test-tls-client-auth.js
-index 67aed40914c9fe87b654e28be942a530ec8ecd92..aac870c3075bc8d52543912ba41b5a1e9424480f 100644
+index 04bf40b9a9e1ac6b92e98e3c4201c3e6e427d70c..495a7590be29370900659d1385afcbbb99a1fbf8 100644
 --- a/test/parallel/test-tls-client-auth.js
 +++ b/test/parallel/test-tls-client-auth.js
-@@ -111,7 +111,7 @@ if (tls.DEFAULT_MAX_VERSION === 'TLSv1.3') connect({
+@@ -110,7 +110,7 @@ if (tls.DEFAULT_MAX_VERSION === 'TLSv1.3') connect({
    // and sends a fatal Alert to the client that the client discovers there has
    // been a fatal error.
    pair.client.conn.once('error', common.mustCall((err) => {
@@ -1007,10 +947,10 @@ index 53fcc0b16b5bd6f50c334fb7cc5671e31c1546b9..da428f1320e9e7bd1683724806a7438e
          client.end();
          server.close();
 diff --git a/test/parallel/test-tls-set-sigalgs.js b/test/parallel/test-tls-set-sigalgs.js
-index 1bce814f3e86042901395bc72afc0ccdfb840eee..ef2719a88685240a813541187e4f1a1ef7eb242d 100644
+index 985ca13ba2ac7d58f87c263c7654c4f4087efddf..21c199bdb12739f82a075c4e10e08faf8c587cf4 100644
 --- a/test/parallel/test-tls-set-sigalgs.js
 +++ b/test/parallel/test-tls-set-sigalgs.js
-@@ -65,14 +65,15 @@ test('RSA-PSS+SHA256:RSA-PSS+SHA512:ECDSA+SHA256',
+@@ -65,13 +65,14 @@ test('RSA-PSS+SHA256:RSA-PSS+SHA512:ECDSA+SHA256',
       'RSA-PSS+SHA256:ECDSA+SHA256',
       ['RSA-PSS+SHA256', 'ECDSA+SHA256']);
  
@@ -1018,9 +958,8 @@ index 1bce814f3e86042901395bc72afc0ccdfb840eee..ef2719a88685240a813541187e4f1a1e
 +  'ERR_SSL_NO_COMMON_SIGNATURE_ALGORITHMS' : 'ERR_SSL_NO_SHARED_SIGNATURE_ALGORITHMS';
 +
  // Do not have shared sigalgs.
- const handshakeErr = hasOpenSSL(4, 0) ?
-   'ERR_SSL_TLS_ALERT_HANDSHAKE_FAILURE' : hasOpenSSL(3, 2) ?
-     'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE';
+ const handshakeErr = hasOpenSSL(3, 2) ?
+   'ERR_SSL_SSL/TLS_ALERT_HANDSHAKE_FAILURE' : 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE';
  test('RSA-PSS+SHA384', 'ECDSA+SHA256',
 -     undefined, handshakeErr,
 -     'ERR_SSL_NO_SHARED_SIGNATURE_ALGORITHMS');
@@ -1051,38 +990,6 @@ index ae203e1005de0ab4370bd611f4f2ae64bb7a9a6a..216ce5fd14001183e7deb2abadc93178
 +} else {
 +  common.printSkipMessage('Skipping RSA key import tests');
  }
-diff --git a/test/parallel/test-webcrypto-promise-prototype-pollution.mjs b/test/parallel/test-webcrypto-promise-prototype-pollution.mjs
-index b4fbedba5e32423821879a856cc56716bacb77fe..a927089fbf1f04710b66ecdc0d870c722f501f6a 100644
---- a/test/parallel/test-webcrypto-promise-prototype-pollution.mjs
-+++ b/test/parallel/test-webcrypto-promise-prototype-pollution.mjs
-@@ -59,17 +59,19 @@ await subtle.deriveKey(
-   true,
-   ['encrypt', 'decrypt']);
- 
--const wrappingKey = await subtle.generateKey(
--  { name: 'AES-KW', length: 256 }, true, ['wrapKey', 'unwrapKey']);
-+if (!process.features.openssl_is_boringssl) {
-+  const wrappingKey = await subtle.generateKey(
-+    { name: 'AES-KW', length: 256 }, true, ['wrapKey', 'unwrapKey']);
- 
--const keyToWrap = await subtle.generateKey(
--  { name: 'AES-CBC', length: 256 }, true, ['encrypt', 'decrypt']);
-+  const keyToWrap = await subtle.generateKey(
-+    { name: 'AES-CBC', length: 256 }, true, ['encrypt', 'decrypt']);
- 
--const wrapped = await subtle.wrapKey('raw', keyToWrap, wrappingKey, 'AES-KW');
-+  const wrapped = await subtle.wrapKey('raw', keyToWrap, wrappingKey, 'AES-KW');
- 
--await subtle.unwrapKey(
--  'raw', wrapped, wrappingKey, 'AES-KW',
--  { name: 'AES-CBC', length: 256 }, true, ['encrypt', 'decrypt']);
-+  await subtle.unwrapKey(
-+    'raw', wrapped, wrappingKey, 'AES-KW',
-+    { name: 'AES-CBC', length: 256 }, true, ['encrypt', 'decrypt']);
-+}
- 
- const { privateKey } = await subtle.generateKey(
-   { name: 'ECDSA', namedCurve: 'P-256' }, true, ['sign', 'verify']);
 diff --git a/test/parallel/test-webcrypto-wrap-unwrap.js b/test/parallel/test-webcrypto-wrap-unwrap.js
 index bd788ec4ed88289d35798b8af8c9490a68e081a2..c6a6f33490595faabaefc9b58afdd813f0887258 100644
 --- a/test/parallel/test-webcrypto-wrap-unwrap.js

patches/node/fix_do_not_resolve_electron_entrypoints.patch

@@ -6,10 +6,10 @@ Subject: fix: do not resolve electron entrypoints
 This wastes fs cycles and can result in strange behavior if this path actually exists on disk
 
 diff --git a/lib/internal/modules/esm/translators.js b/lib/internal/modules/esm/translators.js
-index a048d887c4717b2c187e162d8b559285cf540a10..9a15b872a81e9cd7aac3015c58caeb5ae81e5ac8 100644
+index a6fbcb6fd3c2413df96273d93b7339cad3f25f7a..130fe48b233691d8ee4c5d56f80d331924619008 100644
 --- a/lib/internal/modules/esm/translators.js
 +++ b/lib/internal/modules/esm/translators.js
-@@ -390,6 +390,10 @@ function cjsPreparseModuleExports(filename, source, format) {
+@@ -392,6 +392,10 @@ function cjsPreparseModuleExports(filename, source, format) {
      return { module, exportNames: module[kModuleExportNames] };
    }
  

patches/node/fix_expose_readfilesync_override_for_modules.patch

@@ -8,10 +8,10 @@ an API override to replace the native `ReadFileSync` in the `modules`
 binding.
 
 diff --git a/src/env_properties.h b/src/env_properties.h
-index 75b718e6171853e77737f96ddff16bf2aa178cec..86dd5c6e36312eb68fb7e3282ffc5289c0707f48 100644
+index 454750db0113d289e7f8c8cb160e91797790572c..09786f710a88e0243bfaab10d0eca5cb2db62245 100644
 --- a/src/env_properties.h
 +++ b/src/env_properties.h
-@@ -496,6 +496,7 @@
+@@ -492,6 +492,7 @@
    V(maybe_cache_generated_source_map, v8::Function)                            \
    V(messaging_deserialize_create_object, v8::Function)                         \
    V(message_port, v8::Object)                                                  \

patches/node/fix_expose_the_built-in_electron_module_via_the_esm_loader.patch

@@ -6,10 +6,10 @@ Subject: fix: expose the built-in electron module via the ESM loader
 This allows usage of `import { app } from 'electron'` and `import('electron')` natively in the browser + non-sandboxed renderer
 
 diff --git a/lib/internal/modules/esm/get_format.js b/lib/internal/modules/esm/get_format.js
-index 4f334c7d88c3369578880d5d343b756c3dda0a5a..c26059eb083ae721eddeeb85a3a0a1cb84217fe2 100644
+index 48ccb97a6244eab4bcfbee92feb9829ca32ad0c5..043d094540845228556b0f9837f48fbaddedfb47 100644
 --- a/lib/internal/modules/esm/get_format.js
 +++ b/lib/internal/modules/esm/get_format.js
-@@ -76,6 +76,7 @@ const protocolHandlers = {
+@@ -26,6 +26,7 @@ const protocolHandlers = {
    'data:': getDataProtocolModuleFormat,
    'file:': getFileProtocolModuleFormat,
    'node:'() { return 'builtin'; },
@@ -64,10 +64,10 @@ index c284163fba86ec820af1996571fbd3d092d41d34..5f1921d15bc1d3a68c35990f85e36a0e
    }
  }
 diff --git a/lib/internal/modules/esm/loader.js b/lib/internal/modules/esm/loader.js
-index 9d08c0819b1ccecb5402265979df857da06e389e..c09274bd7b3ff2a4f8a8f5c5c91cdeb9f900960e 100644
+index 22c1e9f1ae652b033903f56f394352806ddff754..961da666a233541203b5416909fd1ff0326e63e1 100644
 --- a/lib/internal/modules/esm/loader.js
 +++ b/lib/internal/modules/esm/loader.js
-@@ -415,7 +415,7 @@ class ModuleLoader {
+@@ -437,7 +437,7 @@ class ModuleLoader {
      assert(wrap instanceof ModuleWrap, `Translator used for require(${url}) should not be async`);
  
      const cjsModule = wrap[imported_cjs_symbol];
@@ -77,10 +77,10 @@ index 9d08c0819b1ccecb5402265979df857da06e389e..c09274bd7b3ff2a4f8a8f5c5c91cdeb9
        if (cjsModule?.[kIsExecuting]) {
          const parentFilename = urlToFilename(parentURL);
 diff --git a/lib/internal/modules/esm/resolve.js b/lib/internal/modules/esm/resolve.js
-index cbdc120302443cd45d0d568069716b466600ebb3..008160b7d5e8efde13c7907e2b7212974a04d3f2 100644
+index cc1230648881d8d14ba3902fca78291c90fb79fb..edf347102fedbb28bce221defa99c37b5834024b 100644
 --- a/lib/internal/modules/esm/resolve.js
 +++ b/lib/internal/modules/esm/resolve.js
-@@ -747,6 +747,9 @@ function packageImportsResolve(name, base, conditions) {
+@@ -751,6 +751,9 @@ function packageImportsResolve(name, base, conditions) {
    throw importNotDefined(name, packageJSONUrl, base);
  }
  
@@ -90,7 +90,7 @@ index cbdc120302443cd45d0d568069716b466600ebb3..008160b7d5e8efde13c7907e2b721297
  
  /**
   * Resolves a package specifier to a URL.
-@@ -761,6 +764,11 @@ function packageResolve(specifier, base, conditions) {
+@@ -765,6 +768,11 @@ function packageResolve(specifier, base, conditions) {
      return new URL('node:' + specifier);
    }
  
@@ -103,10 +103,10 @@ index cbdc120302443cd45d0d568069716b466600ebb3..008160b7d5e8efde13c7907e2b721297
  
    const packageConfig = packageJsonReader.read(packageJSONPath, { __proto__: null, specifier, base, isESM: true });
 diff --git a/lib/internal/modules/esm/translators.js b/lib/internal/modules/esm/translators.js
-index 12c3cef5e6801437037aaf83465d30b5bfd1a59a..12d90864129b20ac29eddc0545e6ae629d99049e 100644
+index d6c96996a900da8e7d4f7f5104312e73e72c2d62..ec76d7ffa45f49721d395e8e33be79114daa0369 100644
 --- a/lib/internal/modules/esm/translators.js
 +++ b/lib/internal/modules/esm/translators.js
-@@ -212,7 +212,9 @@ function createCJSModuleWrap(url, translateContext, parentURL, loadCJS = loadCJS
+@@ -214,7 +214,9 @@ function createCJSModuleWrap(url, translateContext, parentURL, loadCJS = loadCJS
    const { exportNames, module } = cjsPreparseModuleExports(filename, source, sourceFormat);
    cjsCache.set(url, module);
  
@@ -117,7 +117,7 @@ index 12c3cef5e6801437037aaf83465d30b5bfd1a59a..12d90864129b20ac29eddc0545e6ae62
    if (!exportNames.has('default')) {
      ArrayPrototypePush(wrapperNames, 'default');
    }
-@@ -311,6 +313,10 @@ translators.set('require-commonjs', (url, translateContext, parentURL) => {
+@@ -313,6 +315,10 @@ translators.set('require-commonjs', (url, translateContext, parentURL) => {
    return createCJSModuleWrap(url, translateContext, parentURL);
  });
  

patches/node/fix_generate_config_gypi_needs_to_generate_valid_json.patch

@@ -0,0 +1,34 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Shelley Vohr <shelley.vohr@gmail.com>
+Date: Tue, 10 Feb 2026 16:48:47 +0100
+Subject: fix: generate_config_gypi needs to generate valid JSON
+
+Node.js added new process.config.variables entries, which the GN generator
+emitted with Python repr (single quotes). This made the JSON parse blow
+up. Fix this by switching to json.dumps.
+
+This should be upstreamed.
+
+diff --git a/tools/generate_config_gypi.py b/tools/generate_config_gypi.py
+index abd11e1dbda8d400cb900343c6e8d2d6e84fe944..436767e633e1f492fa858645e25ce9b904a5fccb 100755
+--- a/tools/generate_config_gypi.py
++++ b/tools/generate_config_gypi.py
+@@ -58,7 +58,7 @@ def translate_config(out_dir, config, v8_config):
+       'llvm_version': 13,
+       'napi_build_version': config['napi_build_version'],
+       'node_builtin_shareable_builtins':
+-          eval(config['node_builtin_shareable_builtins']),
++          json.loads(config['node_builtin_shareable_builtins']),
+       'node_module_version': int(config['node_module_version']),
+       'node_use_openssl': config['node_use_openssl'],
+       'node_use_amaro': config['node_use_amaro'],
+@@ -102,7 +102,8 @@ def main():
+ 
+   # Write output.
+   with open(args.target, 'w') as f:
+-    f.write(repr(translate_config(args.out_dir, config, v8_config)))
++    f.write(json.dumps(translate_config(args.out_dir, config, v8_config),
++                       sort_keys=True))
+ 
+   # Write depfile. Force regenerating config.gypi when GN configs change.
+   if args.dep_file:

patches/node/fix_handle_boringssl_and_openssl_incompatibilities.patch

@@ -17,7 +17,7 @@ Upstreams:
 - https://github.com/nodejs/node/pull/39136
 
 diff --git a/deps/ncrypto/ncrypto.cc b/deps/ncrypto/ncrypto.cc
-index 3e3e8d4720a45650c0699f0106a3cdb2fd49e9ca..7de5d24b008f3da6265e84161ca59b9448b86f3b 100644
+index 461819ce0fa732048e4365c40a86ef55d984c35f..f1c85e94cf526d0255f47c003664680d26413ec3 100644
 --- a/deps/ncrypto/ncrypto.cc
 +++ b/deps/ncrypto/ncrypto.cc
 @@ -11,6 +11,7 @@
@@ -28,7 +28,7 @@ index 3e3e8d4720a45650c0699f0106a3cdb2fd49e9ca..7de5d24b008f3da6265e84161ca59b94
  #if OPENSSL_VERSION_MAJOR >= 3
  #include <openssl/core_names.h>
  #include <openssl/params.h>
-@@ -3103,9 +3104,11 @@ const Cipher Cipher::AES_256_GCM = Cipher::FromNid(NID_aes_256_gcm);
+@@ -3090,9 +3091,11 @@ const Cipher Cipher::AES_256_GCM = Cipher::FromNid(NID_aes_256_gcm);
  const Cipher Cipher::AES_128_KW = Cipher::FromNid(NID_id_aes128_wrap);
  const Cipher Cipher::AES_192_KW = Cipher::FromNid(NID_id_aes192_wrap);
  const Cipher Cipher::AES_256_KW = Cipher::FromNid(NID_id_aes256_wrap);
@@ -41,10 +41,10 @@ index 3e3e8d4720a45650c0699f0106a3cdb2fd49e9ca..7de5d24b008f3da6265e84161ca59b94
  
  bool Cipher::isGcmMode() const {
 diff --git a/deps/ncrypto/ncrypto.h b/deps/ncrypto/ncrypto.h
-index 4f86702da88267ded46d33a943a80ae3c2e17fa6..854c29f27f95634b96780b4750d23986d6ba522f 100644
+index 175ec8ba0f2a908ffad2ce48434aeed573b09c90..3218590ddce1e92c2a9d776f20f9fb016612061d 100644
 --- a/deps/ncrypto/ncrypto.h
 +++ b/deps/ncrypto/ncrypto.h
-@@ -309,9 +309,13 @@ class Cipher final {
+@@ -306,9 +306,13 @@ class Cipher final {
  #else
    static constexpr size_t MAX_AUTH_TAG_LENGTH = 16;
  #endif
@@ -119,7 +119,7 @@ index d005bf0ffb93445fa6611a1beb1b465764271ede..01770687bd191c61af02e76d7de24bba
        X509View ca(sk_X509_value(peer_certs.get(), i));
        if (!cert->view().isIssuedBy(ca)) continue;
 diff --git a/src/crypto/crypto_context.cc b/src/crypto/crypto_context.cc
-index 980b7fafb3144b1db0ff26dc157e0f08633c3c9e..cb586936a904e7b9a017732e993a35ef1115ff9a 100644
+index 4e968477ebcc08fb0ccd6abd4d66240309cf76e8..2e3f31e1765024373c3fc2acd33fc3bfb352a906 100644
 --- a/src/crypto/crypto_context.cc
 +++ b/src/crypto/crypto_context.cc
 @@ -143,7 +143,7 @@ int SSL_CTX_use_certificate_chain(SSL_CTX* ctx,
@@ -192,10 +192,10 @@ index 33cde71b105c7cf22b559583d2e46bfb50016f6d..659910992dff7c05bb7e367e1cba1425
    // This is to cause hash() to fail when an incorrect
    // outputLength option was passed for a non-XOF hash function.
 diff --git a/src/crypto/crypto_keys.cc b/src/crypto/crypto_keys.cc
-index c05872d73f6fc21cf362928559f3b232a907238d..8efe004ce88ae4d798a24504d47073b331f6525f 100644
+index e805a984322c8348ceba950fe6f45e002ade10b3..bb9b1f8e1b3c6dd8479ee463e303088e3240d6be 100644
 --- a/src/crypto/crypto_keys.cc
 +++ b/src/crypto/crypto_keys.cc
-@@ -1225,6 +1225,7 @@ void KeyObjectHandle::GetAsymmetricKeyType(
+@@ -1034,6 +1034,7 @@ void KeyObjectHandle::GetAsymmetricKeyType(
  }
  
  bool KeyObjectHandle::CheckEcKeyData() const {
@@ -203,7 +203,7 @@ index c05872d73f6fc21cf362928559f3b232a907238d..8efe004ce88ae4d798a24504d47073b3
    MarkPopErrorOnReturn mark_pop_error_on_return;
  
    const auto& key = data_.GetAsymmetricKey();
-@@ -1234,6 +1235,9 @@ bool KeyObjectHandle::CheckEcKeyData() const {
+@@ -1043,6 +1044,9 @@ bool KeyObjectHandle::CheckEcKeyData() const {
  
    return data_.GetKeyType() == kKeyTypePrivate ? ctx.privateCheck()
                                                 : ctx.publicCheck();
@@ -214,7 +214,7 @@ index c05872d73f6fc21cf362928559f3b232a907238d..8efe004ce88ae4d798a24504d47073b3
  
  void KeyObjectHandle::CheckEcKeyData(const FunctionCallbackInfo<Value>& args) {
 diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
-index 3435e43b3baa0c188b984fa1905c6a8614c77de3..a2fa1132c47d8cc4b875396c6cbaa9db6fe20262 100644
+index 205e248e0f20f019e189a6c69d3c011a616b3939..12b0d804c6f1d4998b85160b0aac8eb7a3b5576b 100644
 --- a/src/crypto/crypto_util.cc
 +++ b/src/crypto/crypto_util.cc
 @@ -533,24 +533,15 @@ Maybe<void> Decorate(Environment* env,

patches/node/fix_lazyload_fs_in_esm_loaders_to_apply_asar_patches.patch

@@ -28,7 +28,7 @@ index 5f1921d15bc1d3a68c35990f85e36a0e8a5b3ec4..99c6ce57c04768d125dd0a1c6bd62bca
      const result = dataURLProcessor(url);
      if (result === 'failure') {
 diff --git a/lib/internal/modules/esm/resolve.js b/lib/internal/modules/esm/resolve.js
-index 008160b7d5e8efde13c7907e2b7212974a04d3f2..b01eafd3c476c065a16701317aca2a1def559376 100644
+index edf347102fedbb28bce221defa99c37b5834024b..81799fc159cf20344aac64cd7129240deb9a4fe8 100644
 --- a/lib/internal/modules/esm/resolve.js
 +++ b/lib/internal/modules/esm/resolve.js
 @@ -25,7 +25,7 @@ const {
@@ -40,7 +40,7 @@ index 008160b7d5e8efde13c7907e2b7212974a04d3f2..b01eafd3c476c065a16701317aca2a1d
  const { getOptionValue } = require('internal/options');
  // Do not eagerly grab .manifest, it may be in TDZ
  const { sep, posix: { relative: relativePosixPath }, resolve } = require('path');
-@@ -273,7 +273,7 @@ function finalizeResolution(resolved, base, preserveSymlinks) {
+@@ -277,7 +277,7 @@ function finalizeResolution(resolved, base, preserveSymlinks) {
    }
  
    if (!preserveSymlinks) {
@@ -50,7 +50,7 @@ index 008160b7d5e8efde13c7907e2b7212974a04d3f2..b01eafd3c476c065a16701317aca2a1d
      });
      const { search, hash } = resolved;
 diff --git a/lib/internal/modules/esm/translators.js b/lib/internal/modules/esm/translators.js
-index 12d90864129b20ac29eddc0545e6ae629d99049e..a048d887c4717b2c187e162d8b559285cf540a10 100644
+index ec76d7ffa45f49721d395e8e33be79114daa0369..a6fbcb6fd3c2413df96273d93b7339cad3f25f7a 100644
 --- a/lib/internal/modules/esm/translators.js
 +++ b/lib/internal/modules/esm/translators.js
 @@ -23,7 +23,7 @@ const {
@@ -62,7 +62,7 @@ index 12d90864129b20ac29eddc0545e6ae629d99049e..a048d887c4717b2c187e162d8b559285
  const { dirname, extname } = require('path');
  const {
    assertBufferSource,
-@@ -348,7 +348,7 @@ translators.set('commonjs', function commonjsStrategy(url, translateContext, par
+@@ -350,7 +350,7 @@ translators.set('commonjs', function commonjsStrategy(url, translateContext, par
  
    try {
      // We still need to read the FS to detect the exports.

patches/node/fix_redefined_macos_sdk_header_symbols.patch

@@ -10,7 +10,7 @@ change, it seems to introduce an incompatibility when compiling
 using clang modules. Disabling them resolves the issue.
 
 diff --git a/unofficial.gni b/unofficial.gni
-index bf44e39c0debe9d3dce4dcb490b6ce3bc16dca2a..1285f83662e4f252faa1730df04cafc588cd7556 100644
+index cedd2b0a0941fe66bdae479c4fc768ce3d7bc6ac..86bd7d18ca299d0866c872b52fb0508174c148d9 100644
 --- a/unofficial.gni
 +++ b/unofficial.gni
 @@ -199,6 +199,10 @@ template("node_gn_build") {
@@ -24,7 +24,7 @@ index bf44e39c0debe9d3dce4dcb490b6ce3bc16dca2a..1285f83662e4f252faa1730df04cafc5
      }
      if (is_posix) {
        configs -= [ "//build/config/gcc:symbol_visibility_hidden" ]
-@@ -373,6 +377,12 @@ template("node_gn_build") {
+@@ -371,6 +375,12 @@ template("node_gn_build") {
      include_dirs = [ "src", "tools" ]
      configs += [ "//build/config/compiler:no_exit_time_destructors" ]
  

patches/node/fix_remove_deprecated_errno_constants.patch

@@ -86,10 +86,10 @@ index fd28e0904d05e24e8eeb74fa36abd9727699a649..fea0426496978c0003fe1481afcf93fc
    NODE_DEFINE_CONSTANT(target, ETIMEDOUT);
  #endif
 diff --git a/src/node_errors.cc b/src/node_errors.cc
-index 0388e2e31c9739b8b4bfbcbfb1f8c11b2a84c233..c6404e00d04e61b675a8c4a02139b36da25bd2a8 100644
+index d148127b89b632b339a63eb50370dfa0daca6308..55a0c986c5b6989ee9ce277bb6a9778abb2ad2ee 100644
 --- a/src/node_errors.cc
 +++ b/src/node_errors.cc
-@@ -897,10 +897,6 @@ const char* errno_string(int errorno) {
+@@ -899,10 +899,6 @@ const char* errno_string(int errorno) {
      ERRNO_CASE(ENOBUFS);
  #endif
  
@@ -100,7 +100,7 @@ index 0388e2e31c9739b8b4bfbcbfb1f8c11b2a84c233..c6404e00d04e61b675a8c4a02139b36d
  #ifdef ENODEV
      ERRNO_CASE(ENODEV);
  #endif
-@@ -939,14 +935,6 @@ const char* errno_string(int errorno) {
+@@ -941,14 +937,6 @@ const char* errno_string(int errorno) {
      ERRNO_CASE(ENOSPC);
  #endif
  
@@ -115,7 +115,7 @@ index 0388e2e31c9739b8b4bfbcbfb1f8c11b2a84c233..c6404e00d04e61b675a8c4a02139b36d
  #ifdef ENOSYS
      ERRNO_CASE(ENOSYS);
  #endif
-@@ -1029,10 +1017,6 @@ const char* errno_string(int errorno) {
+@@ -1031,10 +1019,6 @@ const char* errno_string(int errorno) {
      ERRNO_CASE(ESTALE);
  #endif
  

patches/node/fix_suppress_nodiscard_warning_for_copy_options_operator.patch

@@ -7,10 +7,10 @@ libc++ added [[nodiscard]] to std::filesystem::copy_options operator|=
 which causes build failures with -Werror.
 
 diff --git a/src/node_file.cc b/src/node_file.cc
-index c775015350c8269fa3fcb99b8db70762c22b9fcf..fe8bb0f53c4f5c8f7ffb64de7ce74a03c60ef9c6 100644
+index 46cd16b535d9bd651ef733ca52ea58db7d39b09f..7a7c71a0fcbb71e1c3dfcac7a00da207c4c3bf56 100644
 --- a/src/node_file.cc
 +++ b/src/node_file.cc
-@@ -3508,11 +3508,11 @@ static void CpSyncCopyDir(const FunctionCallbackInfo<Value>& args) {
+@@ -3467,11 +3467,11 @@ static void CpSyncCopyDir(const FunctionCallbackInfo<Value>& args) {
  
    auto file_copy_opts = std::filesystem::copy_options::recursive;
    if (force) {

patches/node/pass_all_globals_through_require.patch

@@ -6,7 +6,7 @@ Subject: Pass all globals through "require"
 (cherry picked from commit 7d015419cb7a0ecfe6728431a4ed2056cd411d62)
 
 diff --git a/lib/internal/modules/cjs/loader.js b/lib/internal/modules/cjs/loader.js
-index df656b86016a87477e696da30f685fd2ec66865f..a405f1662452bd1dc969019f1f0fcbf9dd6ea54d 100644
+index 0a6788d1b848d860fa3fa3e857c7feab6f16311e..a6b01d7e143fa6ffeda6fa7723e279db7678ddd4 100644
 --- a/lib/internal/modules/cjs/loader.js
 +++ b/lib/internal/modules/cjs/loader.js
 @@ -209,6 +209,13 @@ const {
@@ -23,7 +23,7 @@ index df656b86016a87477e696da30f685fd2ec66865f..a405f1662452bd1dc969019f1f0fcbf9
  const {
    isProxy,
  } = require('internal/util/types');
-@@ -1825,9 +1832,12 @@ Module.prototype._compile = function(content, filename, format) {
+@@ -1807,9 +1814,12 @@ Module.prototype._compile = function(content, filename, format) {
    if (this[kIsMainSymbol] && getOptionValue('--inspect-brk')) {
      const { callAndPauseOnStart } = internalBinding('inspector');
      result = callAndPauseOnStart(compiledWrapper, thisValue, exports,

patches/node/refactor_allow_embedder_overriding_of_internal_fs_calls.patch

@@ -7,7 +7,7 @@ We use this to allow node's 'fs' module to read from ASAR files as if they were
 a real filesystem.
 
 diff --git a/lib/internal/bootstrap/node.js b/lib/internal/bootstrap/node.js
-index 7e7e79c661cfdbd9b6f4e347fd3683b03e071473..96d4809368bc488fdc3506345dcbb1071c107e5c 100644
+index de18fc4934bcfef6485dc0bc853ca324ed17fc4e..52998c967109c797f3eab64f2f99990b2d69841a 100644
 --- a/lib/internal/bootstrap/node.js
 +++ b/lib/internal/bootstrap/node.js
 @@ -129,6 +129,10 @@ process.domain = null;

patches/node/refactor_attach_cppgc_heap_on_v8_isolate_creation.patch

@@ -18,7 +18,7 @@ This can be removed when Node.js upgrades to a version of V8 containing CLs
 from the above issue.
 
 diff --git a/src/api/environment.cc b/src/api/environment.cc
-index befaa423abbe86f523a7b8902d74599e56c5b078..ec1496467f5071a810a3d7a76d80f3d12a8582dc 100644
+index 5f51ad205189bd75d0d9638b1104c12b537b4e9b..8974bac7dca43294cc5cc4570f8e2e78f42aefaa 100644
 --- a/src/api/environment.cc
 +++ b/src/api/environment.cc
 @@ -323,6 +323,10 @@ Isolate* NewIsolate(Isolate::CreateParams* params,
@@ -89,10 +89,10 @@ index fb2af584a4ae777022c9ef8c20ada1edcbbbefdc..fe6300a5d5d2d6602a84cbd33736c213
  #endif  // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
  
 diff --git a/src/env.cc b/src/env.cc
-index ef6e14245fa668d04d0e9b1f71fcce48ec267f4e..dd8be35de7c447c9a77f8b9849a6a3de19bc55af 100644
+index c185d822b29c0b691bbf5f724f71f59638c6184d..57a46c8be2e052b298ed841eed6f291d62711750 100644
 --- a/src/env.cc
 +++ b/src/env.cc
-@@ -610,7 +610,7 @@ IsolateData::~IsolateData() {}
+@@ -611,7 +611,7 @@ IsolateData::~IsolateData() {}
  // Deprecated API, embedders should use v8::Object::Wrap() directly instead.
  void SetCppgcReference(Isolate* isolate,
                         Local<Object> object,
@@ -102,7 +102,7 @@ index ef6e14245fa668d04d0e9b1f71fcce48ec267f4e..dd8be35de7c447c9a77f8b9849a6a3de
        isolate, object, wrappable);
  }
 diff --git a/src/node.h b/src/node.h
-index 0225ff4f43e8b82c08e8ec5492df73223a82066c..8aac774805a002f5af9e9aca62abc56e8f986bab 100644
+index b92a9d42da8419741c435643b7401efcb21a9e8b..bbe35c7a8f1bc0bcddf628af42b71efaef8a7759 100644
 --- a/src/node.h
 +++ b/src/node.h
 @@ -78,6 +78,7 @@
@@ -113,7 +113,7 @@ index 0225ff4f43e8b82c08e8ec5492df73223a82066c..8aac774805a002f5af9e9aca62abc56e
  
  #include "v8-platform.h"  // NOLINT(build/include_order)
  #include "node_version.h"  // NODE_MODULE_VERSION
-@@ -605,7 +606,8 @@ NODE_EXTERN v8::Isolate* NewIsolate(
+@@ -603,7 +604,8 @@ NODE_EXTERN v8::Isolate* NewIsolate(
      struct uv_loop_s* event_loop,
      MultiIsolatePlatform* platform,
      const EmbedderSnapshotData* snapshot_data = nullptr,
@@ -123,7 +123,7 @@ index 0225ff4f43e8b82c08e8ec5492df73223a82066c..8aac774805a002f5af9e9aca62abc56e
  NODE_EXTERN v8::Isolate* NewIsolate(
      std::shared_ptr<ArrayBufferAllocator> allocator,
      struct uv_loop_s* event_loop,
-@@ -1704,9 +1706,10 @@ void RegisterSignalHandler(int signal,
+@@ -1702,9 +1704,10 @@ void RegisterSignalHandler(int signal,
  // work with only Node.js versions with v8::Object::Wrap() should use that
  // instead.
  NODE_DEPRECATED("Use v8::Object::Wrap()",
@@ -135,7 +135,7 @@ index 0225ff4f43e8b82c08e8ec5492df73223a82066c..8aac774805a002f5af9e9aca62abc56e
 +                  v8::Local<v8::Object> object,
 +                  v8::Object::Wrappable* wrappable));
  
- namespace crypto {
+ }  // namespace node
  
 diff --git a/src/node_main_instance.cc b/src/node_main_instance.cc
 index 6f674df3ed0dc1b4e5cd3a249fb787a9fc98361d..90f9eb84b6835c36a91ce23d77722812ce173c0f 100644
@@ -151,7 +151,7 @@ index 6f674df3ed0dc1b4e5cd3a249fb787a9fc98361d..90f9eb84b6835c36a91ce23d77722812
    isolate_ =
        NewIsolate(isolate_params_.get(), event_loop, platform, snapshot_data);
 diff --git a/src/node_worker.cc b/src/node_worker.cc
-index 1d07449c5293f0839082a328d10bfd42cf522107..a2631a96371becb0f4ea4f47a52313f4f02477da 100644
+index fa7dc52b19119ed3d2dc407c029f56107476bc39..1acc61af0c995ddefbc00fe232b2454de77a84a3 100644
 --- a/src/node_worker.cc
 +++ b/src/node_worker.cc
 @@ -181,6 +181,9 @@ class WorkerThreadData {

patches/node/src_stop_using_v8_propertycallbackinfo_t_this.patch

@@ -19,10 +19,10 @@ index 2c95ac99be70b0750372e9c858753bf519498e3d..5ab30502fd232196739ca2b450e35cc9
    Local<Module> module = obj->module_.Get(isolate);
    if (module->GetStatus() < Module::kInstantiated) {
 diff --git a/src/node_contextify.cc b/src/node_contextify.cc
-index 1561e5096f5d8274001429000aa26731bca1b34e..2655cc5604205b7e16fbc14c9beefb2d30b86a28 100644
+index 9f11d32c70366524cf3b7c1cfdfd24f31e438e7b..3f1772b62aa0300540d25fb93012c49bce9d8134 100644
 --- a/src/node_contextify.cc
 +++ b/src/node_contextify.cc
-@@ -452,7 +452,7 @@ ContextifyContext* ContextifyContext::Get(const PropertyCallbackInfo<T>& args) {
+@@ -460,7 +460,7 @@ ContextifyContext* ContextifyContext::Get(const PropertyCallbackInfo<T>& args) {
    // args.GetIsolate()->GetCurrentContext() and take the pointer at
    // ContextEmbedderIndex::kContextifyContext, as V8 is supposed to
    // push the creation context before invoking these callbacks.
@@ -31,7 +31,7 @@ index 1561e5096f5d8274001429000aa26731bca1b34e..2655cc5604205b7e16fbc14c9beefb2d
  }
  
  ContextifyContext* ContextifyContext::Get(Local<Object> object) {
-@@ -585,10 +585,21 @@ Intercepted ContextifyContext::PropertySetterCallback(
+@@ -593,10 +593,21 @@ Intercepted ContextifyContext::PropertySetterCallback(
      return Intercepted::kNo;
    }
  
@@ -53,7 +53,7 @@ index 1561e5096f5d8274001429000aa26731bca1b34e..2655cc5604205b7e16fbc14c9beefb2d
    bool is_contextual_store = ctx->global_proxy() != args.This();
  
    // Indicator to not return before setting (undeclared) function declarations
-@@ -605,7 +616,7 @@ Intercepted ContextifyContext::PropertySetterCallback(
+@@ -613,7 +624,7 @@ Intercepted ContextifyContext::PropertySetterCallback(
        !is_function) {
      return Intercepted::kNo;
    }
@@ -75,30 +75,8 @@ index b925434940baeeb6b06882242ca947736866d175..d067b47e7e30a95740fe0275c7044570
    if (!receiver_val->IsObject()) {
      THROW_ERR_INVALID_INVOCATION(isolate);
      return;
-diff --git a/src/node_sqlite.cc b/src/node_sqlite.cc
-index 91b80b4fb44c26e95503556064e7429b8cbf4639..1a468abbf42161ffdebe2176bd2c7a8c9e119532 100644
---- a/src/node_sqlite.cc
-+++ b/src/node_sqlite.cc
-@@ -729,7 +729,7 @@ Intercepted DatabaseSyncLimits::LimitsGetter(
-   }
- 
-   DatabaseSyncLimits* limits;
--  ASSIGN_OR_RETURN_UNWRAP(&limits, info.This(), Intercepted::kNo);
-+  ASSIGN_OR_RETURN_UNWRAP(&limits, info.HolderV2(), Intercepted::kNo);
- 
-   Environment* env = limits->env();
-   Isolate* isolate = env->isolate();
-@@ -761,7 +761,7 @@ Intercepted DatabaseSyncLimits::LimitsSetter(
-   }
- 
-   DatabaseSyncLimits* limits;
--  ASSIGN_OR_RETURN_UNWRAP(&limits, info.This(), Intercepted::kNo);
-+  ASSIGN_OR_RETURN_UNWRAP(&limits, info.HolderV2(), Intercepted::kNo);
- 
-   Environment* env = limits->env();
-   Isolate* isolate = env->isolate();
 diff --git a/src/node_util.cc b/src/node_util.cc
-index fbfda9c1551e071132e35b90fc3676a9b493abee..065ed602b314f367c2e7dec94019521fd5d23bf4 100644
+index af42a3bd72c3f4aa6aff4a95231f3f3da5008176..e9f4c1cdb60c03dce210f49e18dda57a4934a8b5 100644
 --- a/src/node_util.cc
 +++ b/src/node_util.cc
 @@ -366,7 +366,7 @@ static void DefineLazyPropertiesGetter(
@@ -111,10 +89,10 @@ index fbfda9c1551e071132e35b90fc3676a9b493abee..065ed602b314f367c2e7dec94019521f
      THROW_ERR_INVALID_INVOCATION(isolate);
      return;
 diff --git a/src/node_webstorage.cc b/src/node_webstorage.cc
-index 0a169a8dcf27eeb5b5b0c1b00ac8b79ed43d551b..a4a86f2f5ada6481a89e0682d2c7a5de056d51e8 100644
+index bd83654012442195866e57173b6e5d4d25fecf0f..9f31a56b00600b2754d8c7115630a1132335bffc 100644
 --- a/src/node_webstorage.cc
 +++ b/src/node_webstorage.cc
-@@ -532,7 +532,7 @@ template <typename T>
+@@ -535,7 +535,7 @@ template <typename T>
  static bool ShouldIntercept(Local<Name> property,
                              const PropertyCallbackInfo<T>& info) {
    Environment* env = Environment::GetCurrent(info);
@@ -123,7 +101,7 @@ index 0a169a8dcf27eeb5b5b0c1b00ac8b79ed43d551b..a4a86f2f5ada6481a89e0682d2c7a5de
  
    if (proto->IsObject()) {
      bool has_prop;
-@@ -556,7 +556,7 @@ static Intercepted StorageGetter(Local<Name> property,
+@@ -559,7 +559,7 @@ static Intercepted StorageGetter(Local<Name> property,
    }
  
    Storage* storage;
@@ -132,7 +110,7 @@ index 0a169a8dcf27eeb5b5b0c1b00ac8b79ed43d551b..a4a86f2f5ada6481a89e0682d2c7a5de
    Local<Value> result;
  
    if (storage->Load(property).ToLocal(&result) && !result->IsNull()) {
-@@ -570,7 +570,7 @@ static Intercepted StorageSetter(Local<Name> property,
+@@ -573,7 +573,7 @@ static Intercepted StorageSetter(Local<Name> property,
                                   Local<Value> value,
                                   const PropertyCallbackInfo<void>& info) {
    Storage* storage;
@@ -141,7 +119,7 @@ index 0a169a8dcf27eeb5b5b0c1b00ac8b79ed43d551b..a4a86f2f5ada6481a89e0682d2c7a5de
  
    if (storage->Store(property, value).IsNothing()) {
      info.GetReturnValue().SetFalse();
-@@ -586,7 +586,7 @@ static Intercepted StorageQuery(Local<Name> property,
+@@ -589,7 +589,7 @@ static Intercepted StorageQuery(Local<Name> property,
    }
  
    Storage* storage;
@@ -150,7 +128,7 @@ index 0a169a8dcf27eeb5b5b0c1b00ac8b79ed43d551b..a4a86f2f5ada6481a89e0682d2c7a5de
    Local<Value> result;
    if (!storage->Load(property).ToLocal(&result) || result->IsNull()) {
      return Intercepted::kNo;
-@@ -599,7 +599,7 @@ static Intercepted StorageQuery(Local<Name> property,
+@@ -602,7 +602,7 @@ static Intercepted StorageQuery(Local<Name> property,
  static Intercepted StorageDeleter(Local<Name> property,
                                    const PropertyCallbackInfo<Boolean>& info) {
    Storage* storage;
@@ -159,7 +137,7 @@ index 0a169a8dcf27eeb5b5b0c1b00ac8b79ed43d551b..a4a86f2f5ada6481a89e0682d2c7a5de
  
    info.GetReturnValue().Set(storage->Remove(property).IsJust());
  
-@@ -608,7 +608,7 @@ static Intercepted StorageDeleter(Local<Name> property,
+@@ -611,7 +611,7 @@ static Intercepted StorageDeleter(Local<Name> property,
  
  static void StorageEnumerator(const PropertyCallbackInfo<Array>& info) {
    Storage* storage;
@@ -168,7 +146,7 @@ index 0a169a8dcf27eeb5b5b0c1b00ac8b79ed43d551b..a4a86f2f5ada6481a89e0682d2c7a5de
    Local<Array> result;
    if (!storage->Enumerate().ToLocal(&result)) {
      return;
-@@ -620,7 +620,7 @@ static Intercepted StorageDefiner(Local<Name> property,
+@@ -623,7 +623,7 @@ static Intercepted StorageDefiner(Local<Name> property,
                                    const PropertyDescriptor& desc,
                                    const PropertyCallbackInfo<void>& info) {
    Storage* storage;

patches/node/support_v8_sandboxed_pointers.patch

@@ -7,7 +7,7 @@ This refactors several allocators to allocate within the V8 memory cage,
 allowing them to be compatible with the V8_SANDBOXED_POINTERS feature.
 
 diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
-index a2fa1132c47d8cc4b875396c6cbaa9db6fe20262..efce181ae28383745fca2ff086cf2dac3107487a 100644
+index 12b0d804c6f1d4998b85160b0aac8eb7a3b5576b..27bd93769233dc65a064710db4095d9cdc3a8b1a 100644
 --- a/src/crypto/crypto_util.cc
 +++ b/src/crypto/crypto_util.cc
 @@ -346,24 +346,30 @@ std::unique_ptr<BackingStore> ByteSource::ReleaseToBackingStore(
@@ -57,7 +57,7 @@ index a2fa1132c47d8cc4b875396c6cbaa9db6fe20262..efce181ae28383745fca2ff086cf2dac
  #else
    std::unique_ptr<BackingStore> ptr = ArrayBuffer::NewBackingStore(
        allocated_data_,
-@@ -664,23 +670,16 @@ namespace {
+@@ -662,23 +668,16 @@ namespace {
  // using OPENSSL_malloc. However, if the secure heap is
  // initialized, SecureBuffer will automatically use it.
  void SecureBuffer(const FunctionCallbackInfo<Value>& args) {
@@ -87,12 +87,12 @@ index a2fa1132c47d8cc4b875396c6cbaa9db6fe20262..efce181ae28383745fca2ff086cf2dac
      return THROW_ERR_OPERATION_FAILED(env, "Allocation failed");
    }
 diff --git a/src/crypto/crypto_x509.cc b/src/crypto/crypto_x509.cc
-index cb1ad6bcfa7ea421642d097d6a9a8a5e04d5cf7c..6b7e4211a8969351168fc982fe3466a2096bed3a 100644
+index b30297eac08ad9587642b723f91d7e3b954294d4..4c5427596d1c90d3a413cdd9ff4f1151e657073d 100644
 --- a/src/crypto/crypto_x509.cc
 +++ b/src/crypto/crypto_x509.cc
-@@ -141,19 +141,17 @@ MaybeLocal<Value> ToBuffer(Environment* env, BIOPointer* bio) {
-   if (!mem) [[unlikely]]
+@@ -135,19 +135,17 @@ MaybeLocal<Value> ToBuffer(Environment* env, BIOPointer* bio) {
      return {};
+   BUF_MEM* mem = *bio;
  #ifdef V8_ENABLE_SANDBOX
 -  // If the v8 sandbox is enabled, then all array buffers must be allocated
 -  // via the isolate. External buffers are not allowed. So, instead of wrapping
@@ -121,10 +121,10 @@ index cb1ad6bcfa7ea421642d097d6a9a8a5e04d5cf7c..6b7e4211a8969351168fc982fe3466a2
    auto backing = ArrayBuffer::NewBackingStore(
        mem->data,
 diff --git a/src/node_buffer.cc b/src/node_buffer.cc
-index 362ac268483ea37c1d6fd65fc0cd9fcec7c8448d..93e0c8445056f45c3228bc9c64db3b91d0c84096 100644
+index e1bee00825d140232456d6dc2337420fde6bda17..04edc4ca3c0e7c2284d2822fe9f5de66ff64fda2 100644
 --- a/src/node_buffer.cc
 +++ b/src/node_buffer.cc
-@@ -1477,7 +1477,7 @@ inline size_t CheckNumberToSize(Local<Value> number) {
+@@ -1443,7 +1443,7 @@ inline size_t CheckNumberToSize(Local<Value> number) {
    CHECK(value >= 0 && value < maxSize);
    size_t size = static_cast<size_t>(value);
  #ifdef V8_ENABLE_SANDBOX
@@ -133,7 +133,7 @@ index 362ac268483ea37c1d6fd65fc0cd9fcec7c8448d..93e0c8445056f45c3228bc9c64db3b91
  #endif
    return size;
  }
-@@ -1500,6 +1500,26 @@ void CreateUnsafeArrayBuffer(const FunctionCallbackInfo<Value>& args) {
+@@ -1466,6 +1466,26 @@ void CreateUnsafeArrayBuffer(const FunctionCallbackInfo<Value>& args) {
        env->isolate_data()->is_building_snapshot()) {
      buf = ArrayBuffer::New(isolate, size);
    } else {
@@ -160,7 +160,7 @@ index 362ac268483ea37c1d6fd65fc0cd9fcec7c8448d..93e0c8445056f45c3228bc9c64db3b91
      std::unique_ptr<BackingStore> store = ArrayBuffer::NewBackingStore(
          isolate,
          size,
-@@ -1510,6 +1530,7 @@ void CreateUnsafeArrayBuffer(const FunctionCallbackInfo<Value>& args) {
+@@ -1476,6 +1496,7 @@ void CreateUnsafeArrayBuffer(const FunctionCallbackInfo<Value>& args) {
        THROW_ERR_MEMORY_ALLOCATION_FAILED(env);
        return;
      }
@@ -344,3 +344,17 @@ index ef659f1c39f7ee958879bf395377bc99911fc346..225b1465b7c97d972a38968faf6d6850
    auto ab = ArrayBuffer::New(isolate, std::move(bs));
    v8::Local<Uint8Array> u8 = v8::Uint8Array::New(ab, 0, 1);
  
+diff --git a/test/parallel/test-buffer-concat.js b/test/parallel/test-buffer-concat.js
+index 9f0eadd2f10163c3c30657c84eb0ba55db17364d..7c1a6f71ca24dd2e54f9f5987aae2014b44bfba6 100644
+--- a/test/parallel/test-buffer-concat.js
++++ b/test/parallel/test-buffer-concat.js
+@@ -84,8 +84,7 @@ assert.throws(() => {
+   Buffer.concat([Buffer.from('hello')], -2);
+ }, {
+   code: 'ERR_OUT_OF_RANGE',
+-  message: 'The value of "length" is out of range. It must be >= 0 && <= 9007199254740991. ' +
+-           'Received -2'
++  message: /The value of "length" is out of range\. It must be >= 0 && <= (?:34359738367|9007199254740991)\. Received -2/
+ });
+ 
+ // eslint-disable-next-line node-core/crypto-check

patches/node/test_accomodate_v8_thenable_stack_trace_change_in_snapshot.patch

@@ -12,22 +12,23 @@ See:
 https://chromium-review.googlesource.com/c/v8/v8/+/6826001
 
 diff --git a/test/fixtures/test-runner/output/describe_it.snapshot b/test/fixtures/test-runner/output/describe_it.snapshot
-index 4df2c20a45f3b7c06172d5c5a2045c3dc066824e..9be9d988f0ffa9c4b84dce321935cfca3719a3fa 100644
+index cae467f6487ffef4fbe94da229e30c2537fe9e95..f1240a6a99dafc18ad51d413719df58b757893ab 100644
 --- a/test/fixtures/test-runner/output/describe_it.snapshot
 +++ b/test/fixtures/test-runner/output/describe_it.snapshot
-@@ -659,6 +659,7 @@ not ok 60 - timeouts
+@@ -726,6 +726,8 @@ not ok 60 - timeouts
        code: 'ERR_TEST_FAILURE'
        stack: |-
-         Object.<anonymous> (<project-root>/test/fixtures/test-runner/output/describe_it.js:372:50)
-+        <node-internal-frames>
+         *
++        *
++        *
        ...
      1..2
  not ok 61 - successful thenable
-@@ -681,6 +682,7 @@ not ok 62 - rejected thenable
+@@ -748,6 +750,7 @@ not ok 62 - rejected thenable
    code: 'ERR_TEST_FAILURE'
    stack: |-
-     Object.<anonymous> (<project-root>/test/fixtures/test-runner/output/describe_it.js:393:48)
-+    <node-internal-frames>
+     *
++    *
    ...
  # Subtest: async describe function
      # Subtest: it inside describe 1

patches/squirrel.mac/.patches

@@ -12,4 +12,4 @@ use_uttype_class_instead_of_deprecated_uttypeconformsto.patch
 fix_clean_up_orphaned_staged_updates_before_downloading_new_update.patch
 fix_add_explicit_json_property_mappings_for_shipit_request_model.patch
 fix_resolve_target_bundle_path_once_at_start_of_install.patch
-fix_trigger_shipit_mach_service_after_smjobsubmit_to_unblock.patch
+fix_remove_vestigial_machservices_from_shipit_launchd_job.patch

patches/squirrel.mac/fix_remove_vestigial_machservices_from_shipit_launchd_job.patch

@@ -0,0 +1,49 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Keeley Hammond <vertedinde@electronjs.org>
+Date: Tue, 14 Apr 2026 10:00:00 -0700
+Subject: fix: remove vestigial MachServices from ShipIt launchd job
+
+The MachServices key in the ShipIt launchd job dictionary is a leftover
+from when ShipIt was an XPC service (removed in Squirrel/Squirrel.Mac@d6ca1c2
+":fire: XPC :fire:" in October 2013). Since then, nothing connects to
+the registered Mach port.
+
+When a macOS system update is pending, launchd puts the user domain into
+"on-demand-only mode", where only jobs with an on-demand trigger (like a
+MachServices connection) are started. Since nothing connects to ShipIt's
+Mach port, launchd pends the spawn indefinitely with:
+
+  "pending spawn, domain in on-demand-only mode"
+
+This prevents ShipIt from running, causing Electron auto-updates to fail
+whenever a macOS update is staged. By the time the domain exits
+on-demand-only mode (after reboot/update completion), the staged update
+bundle is often stale, leading to "Too many attempts to install" errors.
+
+Removing the MachServices key eliminates the on-demand trigger, so
+launchd falls back to evaluating KeepAlive.SuccessfulExit which
+correctly starts ShipIt immediately on submission.
+
+Also removes the stale "service name" comment on the jobLabel argument,
+since ShipIt is no longer a Mach service.
+
+diff --git a/Squirrel/SQRLShipItLauncher.m b/Squirrel/SQRLShipItLauncher.m
+index 6a9151d92f399184fff9854eb00ea506165bbbe2..0ebd2a23d62424c41e15413edeab360bef87ecc4 100644
+--- a/Squirrel/SQRLShipItLauncher.m
++++ b/Squirrel/SQRLShipItLauncher.m
+@@ -50,14 +50,10 @@ + (RACSignal *)shipItJobDictionary {
+ 				@(LAUNCH_JOBKEY_KEEPALIVE_SUCCESSFULEXIT): @NO
+ 			};
+ 
+-			jobDict[@(LAUNCH_JOBKEY_MACHSERVICES)] = @{
+-				jobLabel: @YES
+-			};
+-
+ 			NSMutableArray *arguments = [[NSMutableArray alloc] init];
+ 			[arguments addObject:[squirrelBundle URLForResource:@"ShipIt" withExtension:nil].path];
+ 
+-			// Pass in the service name so ShipIt knows how to broadcast itself.
++			// Pass in the job label so ShipIt can identify itself.
+ 			[arguments addObject:jobLabel];
+ 
+ 			// We need to pass the path to ShipIt rather than having ShipIt

patches/squirrel.mac/fix_trigger_shipit_mach_service_after_smjobsubmit_to_unblock.patch

@@ -1,139 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Keeley Hammond <vertedinde@electronjs.org>
-Date: Tue, 14 Apr 2026 10:00:00 -0700
-Subject: fix: trigger ShipIt Mach service after SMJobSubmit to unblock
- on-demand-only mode
-
-When a macOS system update is pending (downloaded but not yet installed),
-launchd puts the user domain (gui/<uid>) into "on-demand-only mode".
-In this mode, launchd only starts jobs triggered by an on-demand event
-such as a Mach port connection -- KeepAlive and RunAtLoad are suppressed.
-
-ShipIt's launchd job registers a MachServices endpoint, but nothing ever
-connects to it. The MachServices key was originally used when ShipIt was
-a full XPC service (removed in Squirrel/Squirrel.Mac@d6ca1c2 in October
-2013). The client-side connection was removed but the server-side
-MachServices registration was left behind, creating a trigger that
-launchd waits on but nothing ever fires.
-
-Fix: after SMJobSubmit, open a lightweight XPC connection to the
-registered Mach service name and send an empty message. This satisfies
-launchd's on-demand trigger and causes it to start ShipIt immediately.
-In normal operation (no pending update), the job starts via KeepAlive
-anyway and the trigger is a harmless no-op. Unlike launchctl kickstart,
-this preserves KeepAlive.SuccessfulExit respawn behavior because launchd
-treats the activation as a legitimate on-demand event.
-
-The trigger message stays in the Mach port's kernel queue (ShipIt has
-no XPC listener), which creates standing demand that provides the
-on-demand activity needed for KeepAlive retries in on-demand-only mode.
-To prevent this standing demand from also respawning ShipIt after a
-successful exit(0), ShipIt checks in for its Mach service port and
-dequeues every pending message before each exit(EXIT_SUCCESS). Checking
-in alone is not sufficient: launchd tracks demand independently of the
-port's lifetime and will respawn the job if the message was never read.
-On failure exits, the message is left in place so launchd treats the
-KeepAlive respawn as demand-backed.
-
-diff --git a/Squirrel/SQRLShipItLauncher.m b/Squirrel/SQRLShipItLauncher.m
-index 6a9151d92f399184fff9854eb00ea506165bbbe2..a087f20043fa79a07391ed065031396d7ec6fce4 100644
---- a/Squirrel/SQRLShipItLauncher.m
-+++ b/Squirrel/SQRLShipItLauncher.m
-@@ -10,6 +10,7 @@
- #import <ReactiveObjC/EXTScope.h>
- #import "SQRLDirectoryManager.h"
- #import <ReactiveObjC/ReactiveObjC.h>
-+#import <xpc/xpc.h>
- #import <Security/Security.h>
- #import <ServiceManagement/ServiceManagement.h>
- #import <launch.h>
-@@ -57,7 +58,7 @@ + (RACSignal *)shipItJobDictionary {
- 			NSMutableArray *arguments = [[NSMutableArray alloc] init];
- 			[arguments addObject:[squirrelBundle URLForResource:@"ShipIt" withExtension:nil].path];
- 
--			// Pass in the service name so ShipIt knows how to broadcast itself.
-+			// Pass in the job label so ShipIt can identify itself.
- 			[arguments addObject:jobLabel];
- 
- 			// We need to pass the path to ShipIt rather than having ShipIt
-@@ -154,6 +155,23 @@ + (RACSignal *)launchPrivileged:(BOOL)privileged {
- 				return [RACSignal error:CFBridgingRelease(cfError)];
- 			}
- 
-+			// Trigger an on-demand launch by sending a message to the job's
-+			// Mach service. When loginwindow begins a restart (e.g. for a
-+			// pending macOS update) it puts the per-user launchd domain into
-+			// on-demand-only mode, which defers RunAtLoad/KeepAlive spawns
-+			// but still honors real IPC demand. The system domain is not
-+			// affected, so this is only needed for the unprivileged path.
-+			if (!privileged) {
-+				xpc_connection_t trigger = xpc_connection_create_mach_service(self.shipItJobLabel.UTF8String, NULL, 0);
-+				xpc_connection_set_event_handler(trigger, ^(xpc_object_t __unused event) {});
-+				xpc_connection_resume(trigger);
-+				xpc_connection_send_message(trigger, xpc_dictionary_create(NULL, NULL, 0));
-+				// send_message is async; keep the connection alive until the
-+				// message is actually on the wire so ARC releasing `trigger`
-+				// at end-of-scope can't drop it first.
-+				xpc_connection_send_barrier(trigger, ^{ (void)trigger; });
-+			}
-+
- 			return [RACSignal empty];
- 		}]
- 		flatten]
-diff --git a/Squirrel/ShipIt-main.m b/Squirrel/ShipIt-main.m
-index acf545199dbf1831fe8a73155c6e4d0db4047934..e26c0f11870ddbe801e572b1696af484231bf1dc 100644
---- a/Squirrel/ShipIt-main.m
-+++ b/Squirrel/ShipIt-main.m
-@@ -15,6 +15,8 @@
- 
- #include <spawn.h>
- #include <sys/wait.h>
-+#include <mach/mach.h>
-+#include <servers/bootstrap.h>
- 
- #import "NSError+SQRLVerbosityExtensions.h"
- #import "RACSignal+SQRLTransactionExtensions.h"
-@@ -63,6 +65,28 @@ static BOOL clearInstallationAttempts(NSString *applicationIdentifier) {
- 	return CFPreferencesSynchronize((__bridge CFStringRef)applicationIdentifier, kCFPreferencesCurrentUser, kCFPreferencesCurrentHost);
- }
- 
-+// Drain the Mach service port registered via MachServices in the launchd
-+// job dictionary before exit(0) so launchd sees no outstanding demand and
-+// does not immediately respawn the job. bootstrap_check_in transfers the
-+// receive right into this task, but that alone is not sufficient: launchd
-+// tracks demand independently of the port's lifetime, so the queued
-+// trigger message must be explicitly dequeued. On failure exits the
-+// message is intentionally left queued so the KeepAlive respawn is
-+// demand-backed while the launchd domain is in on-demand-only mode.
-+static void drainMachServicePort(const char *serviceName) {
-+	mach_port_t port = MACH_PORT_NULL;
-+	if (bootstrap_check_in(bootstrap_port, serviceName, &port) != KERN_SUCCESS) return;
-+
-+	struct {
-+		mach_msg_header_t header;
-+		uint8_t body[4096];
-+	} msg;
-+	while (mach_msg(&msg.header, MACH_RCV_MSG | MACH_RCV_TIMEOUT,
-+	                0, sizeof(msg), port, 0, MACH_PORT_NULL) == KERN_SUCCESS) {
-+		mach_msg_destroy(&msg.header);
-+	}
-+}
-+
- // Waits for all instances of the target application (as described in the
- // `request`) to exit, then sends completed.
- static RACSignal *waitForTerminationIfNecessary(SQRLShipItRequest *request) {
-@@ -206,12 +230,14 @@ static void installRequest(RACSignal *readRequestSignal, NSString *applicationId
- 			if ([[error domain] isEqual:SQRLInstallerErrorDomain] && [error code] == SQRLInstallerErrorAppStillRunning) {
- 				NSLog(@"Installation cancelled: %@", error);
- 				clearInstallationAttempts(applicationIdentifier);
-+				drainMachServicePort(applicationIdentifier.UTF8String);
- 				exit(EXIT_SUCCESS);
- 			} else {
- 				NSLog(@"Installation error: %@", error);
- 				exit(EXIT_FAILURE);
- 			}
- 		} completed:^{
-+			drainMachServicePort(applicationIdentifier.UTF8String);
- 			exit(EXIT_SUCCESS);
- 		}];
- }

script/get-git-ref-paths.py

@@ -1,35 +0,0 @@
-#!/usr/bin/env python3
-
-import os
-import subprocess
-import sys
-
-# Resolve the on-disk locations of HEAD and packed-refs for this checkout so
-# that BUILD.gn can register them as build graph inputs. In a plain clone both
-# live under electron/.git/, but in a `git worktree` checkout .git is a file
-# pointing at <common>/.git/worktrees/<name>; HEAD lives there while
-# packed-refs is shared in the common dir. GN's read_file() does not follow
-# that indirection, so we ask git to do it for us.
-
-ELECTRON_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__), '..'))
-
-
-def rev_parse(flag):
-  out = subprocess.check_output(['git', 'rev-parse', flag],
-                                cwd=ELECTRON_DIR,
-                                stderr=subprocess.PIPE,
-                                universal_newlines=True).strip()
-  return out if os.path.isabs(out) else os.path.join(ELECTRON_DIR, out)
-
-
-try:
-  git_dir = rev_parse('--git-dir')
-  common_dir = rev_parse('--git-common-dir')
-except (subprocess.CalledProcessError, OSError) as e:
-  sys.stderr.write(f'get-git-ref-paths.py: not a git checkout '
-                   f'(set override_electron_version): {e}\n')
-  sys.exit(1)
-
-for p in (os.path.join(common_dir, 'packed-refs'),
-          os.path.join(git_dir, 'HEAD')):
-  print(os.path.normpath(p).replace('\\', '/'))

script/run-clang-tidy.ts

@@ -68,18 +68,6 @@ async function runClangTidy(
   if (fix) args.push('--fix');
   if (checks) args.push(`--checks=${checks}`);
 
-  // On Windows the compilation database has compile commands
-  // that can trip up clang-tidy and produce warnings that
-  // then cause the exit code here to be non-zero since we
-  // check for clean output. These extra args prevent those
-  // warnings and let us get a clean run.
-  // NOTE: `--driver-mode=cl` may not be having much effect,
-  // see https://github.com/llvm/llvm-project/pull/66553
-  if (process.env.TARGET_PLATFORM === 'win' || process.platform === 'win32') {
-    args.push('--extra-arg-before=--driver-mode=cl');
-    args.push('--extra-arg=-Wno-unused-command-line-argument');
-  }
-
   // Remove any files that aren't in the compilation database to prevent
   // errors from cluttering up the output. Since the compilation DB is hundreds
   // of megabytes, this is done with streaming to not hold it all in memory.
@@ -229,15 +217,9 @@ async function main(): Promise<boolean> {
     filenames.push(...opts._.map((filename) => path.resolve(filename)));
   } else {
     filenames.push(
-      ...(await findMatchingFiles(path.resolve(SOURCE_ROOT, 'shell'), (filename: string) => {
-        // TODO(dsanders11): This file has clang-tidy compilation errors in CI that don't
-        //                   appear locally, so exclude it for now until that's resolved
-        if (process.env.CI && filename.endsWith('/electron_smooth_round_rect.cc')) {
-          return false;
-        }
-
-        return /.*\.(?:cc|mm)$/.test(filename);
-      }))
+      ...(await findMatchingFiles(path.resolve(SOURCE_ROOT, 'shell'), (filename: string) =>
+        /.*\.(?:cc|mm)$/.test(filename)
+      ))
     );
   }
 

script/run-gn-format.py

@@ -0,0 +1,25 @@
+import os
+import subprocess
+import sys
+
+from lib.util import get_depot_tools_env
+
+SOURCE_ROOT = os.path.dirname(os.path.dirname(__file__))
+
+# Helper to run gn format on multiple files
+# (gn only formats a single file at a time)
+def main():
+  new_env = get_depot_tools_env()
+  new_env['DEPOT_TOOLS_WIN_TOOLCHAIN'] = '0'
+  new_env['CHROMIUM_BUILDTOOLS_PATH'] = os.path.realpath(
+    os.path.join(SOURCE_ROOT, '..', 'buildtools')
+  )
+
+  for gn_file in sys.argv[1:]:
+    subprocess.check_call(
+      ['gn', 'format', gn_file],
+      env=new_env
+    )
+
+if __name__ == '__main__':
+  sys.exit(main())

shell/app/electron_content_client.cc

@@ -11,14 +11,11 @@
 #include "base/command_line.h"
 #include "base/containers/extend.h"
 #include "base/files/file_util.h"
-#include "base/no_destructor.h"
 #include "base/strings/string_split.h"
-#include "components/services/heap_profiling/public/cpp/profiling_client.h"
 #include "content/public/common/buildflags.h"
 #include "electron/buildflags/buildflags.h"
 #include "electron/fuses.h"
 #include "extensions/common/constants.h"
-#include "mojo/public/cpp/bindings/binder_map.h"
 #include "pdf/buildflags.h"
 #include "shell/common/options_switches.h"
 #include "shell/common/process_util.h"
@@ -230,18 +227,4 @@ bool ElectronContentClient::IsFilePickerAllowedForCrossOriginSubframe(
 #endif
 }
 
-void ElectronContentClient::ExposeInterfacesToBrowser(
-    scoped_refptr<base::SequencedTaskRunner> io_task_runner,
-    mojo::BinderMap* binders) {
-  // Sets up the client side of the multi-process heap profiler service.
-  binders->Add<heap_profiling::mojom::ProfilingClient>(
-      [](mojo::PendingReceiver<heap_profiling::mojom::ProfilingClient>
-             receiver) {
-        static base::NoDestructor<heap_profiling::ProfilingClient>
-            profiling_client;
-        profiling_client->BindToInterface(std::move(receiver));
-      },
-      io_task_runner);
-}
-
 }  // namespace electron