fix: ensure stable bounds on Windows when toggling setResizable for frameless windows (#51427)

* fix: use bundled devtools frontend URL for remote debugging (#51236)

fix: add ShouldUseBundledFrontendResources delegate for remote debugging

Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>

Co-authored-by: Om Ghante <mr.omghante1@gmail.com>

* chore: e patches all (trivial only)

---------

Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Om Ghante <mr.omghante1@gmail.com>
Co-authored-by: Charles Kerr <charles@charleskerr.com>

.claude/skills/chrome-release-cls/SKILL.md

@@ -1,106 +0,0 @@
----
-name: chrome-release-cls
-description: Given a Chrome Releases blog post URL (chromereleases.googleblog.com), extract every CVE/bug and find the underlying Gerrit CL that fixed it by searching the local Chromium checkout and sub-repos. Use when asked to map Chrome security release notes to fixing CLs, or to find which commits correspond to CVEs in a Chrome stable update.
----
-
-# Chrome Release → Fixing CL Mapper
-
-Maps every security fix in a Chrome Releases blog post to the Gerrit CL(s) that fixed it.
-
-## Input
-
-`$ARGUMENTS` — a `https://chromereleases.googleblog.com/...` URL. If empty, ask the user for one.
-
-## Procedure
-
-### 1. Extract CVE → bug ID pairs from the blog post
-
-The blog HTML buries bug IDs inside `<a>` tags, so strip tags first. Run:
-
-```bash
-curl -sL "$URL" | python3 -c '
-import sys, re, html
-t = re.sub(r"<[^>]+>", " ", sys.stdin.read())
-t = re.sub(r"\s+", " ", html.unescape(t))
-seen = set()
-for m in re.finditer(r"\[\s*(\d{6,})\s*\]\s*(Critical|High|Medium|Low)\s*(CVE-\d{4}-\d+):\s*([^.]+?)\.", t):
-    if m.group(3) in seen: continue
-    seen.add(m.group(3))
-    print(f"{m.group(3)}|{m.group(1)}|{m.group(2)}|{m.group(4).strip()}")
-' > /tmp/cve_bugs.txt
-cat /tmp/cve_bugs.txt
-```
-
-If this yields nothing, the page may have changed format — fall back to `grep -oE 'CVE-[0-9]{4}-[0-9]+'` and `grep -oE 'crbug\.com/[0-9]+'` and pair them by order.
-
-### 2. Find the fixing CL for each bug
-
-Search git history in the Chromium checkout and relevant sub-repos for commits whose `Bug:` or `Fixed:` footer references the bug ID, then extract the `Reviewed-on:` Gerrit URL.
-
-Repo selection by component keyword:
-- ANGLE → `third_party/angle`
-- Skia, Graphite → `third_party/skia`
-- PDFium → `third_party/pdfium`
-- Dawn → `third_party/dawn`
-- V8, Turbofan, Maglev, Turboshaft → `v8`
-- everything else → `.` (chromium/src)
-
-Always also fall back to `.` if the hinted repo has no match.
-
-```bash
-cd /root/src/electron/src   # chromium root (parent of electron/)
-
-lookup() {
-  local bug="$1" repos="$2"
-  for repo in $repos . v8 third_party/skia third_party/angle third_party/pdfium third_party/dawn; do
-    local hits
-    hits=$(git -C "$repo" log --all --since='6 months ago' -E \
-           --grep="(Bug|Fixed):.*\\b${bug}\\b" --format='%H' 2>/dev/null | sort -u)
-    [[ -z "$hits" ]] && continue
-    while read -r h; do
-      git -C "$repo" log -1 --format='%B' "$h" | grep '^Reviewed-on:' | sed 's/^/    /'
-      echo "      ↳ $(git -C "$repo" log -1 --format='%s' "$h")"
-    done <<<"$hits"
-    return 0
-  done
-  echo "    (not found locally)"
-}
-```
-
-Drive it from `/tmp/cve_bugs.txt`. Prefer the **non-`[M1xx]`-prefixed** commit subject as the canonical main CL; the `[M1xx]` ones are branch cherry-picks.
-
-### 3. Handle misses
-
-For any bug with no local hit:
-- `git -C <repo> fetch origin` then re-search `--remotes` (fix may be newer than the checkout).
-- Query Gerrit directly: `curl -s "https://chromium-review.googlesource.com/changes/?q=bug:${BUG}&n=10" | tail -n +2 | python3 -m json.tool` (also try `skia-review`, `pdfium-review`, `dawn-review`, `aomedia-review`).
-- **`b/` bug format (Skia, Graphite, Dawn):** These repos reference bugs as `b/<id>` in commit messages rather than `Bug: <id>` footers. The Gerrit `bug:` query will return nothing. Use `message:<id>` search instead:
-  ```bash
-  curl -s "https://skia-review.googlesource.com/changes/?q=message:${BUG}&n=5" | tail -n +2
-  ```
-  Apply the same pattern for `dawn-review.googlesource.com` when the component is Dawn.
-- **Tracing main CLs from merges:** When only `[M1xx]` merge CLs are found, query the CL detail for `cherry_pick_of_change` to find the original main CL number:
-  ```bash
-  curl -s "https://chromium-review.googlesource.com/changes/${CL_NUM}?o=CURRENT_REVISION" | tail -n +2 | python3 -c "
-  import sys, json
-  d = json.load(sys.stdin)
-  print(d.get('cherry_pick_of_change', 'none'))
-  "
-  ```
-- If still nothing and the bug was reported very recently (especially by "Google Threat Intelligence" or marked in-the-wild), the CL is likely still access-restricted — report it as such rather than guessing.
-
-### 4. Special cases
-
-- **Roll CLs — skip and find the upstream fix:** For components whose fixes land in upstream repos (PDFium, Dawn, Skia, Graphite, libaom, libvpx, ffmpeg), the chromium-review hit will be a `Roll src/third_party/...` commit. Do not report the roll CL as the fix. Instead, query the component's own Gerrit instance directly for the actual fixing CL:
-  - PDFium → `pdfium-review.googlesource.com` (use `bug:` or `message:` query)
-  - Dawn → `dawn-review.googlesource.com` (use `message:` query — uses `b/` format)
-  - Skia / Graphite → `skia-review.googlesource.com` (use `message:` query — uses `b/` format)
-  - libaom → `aomedia-review.googlesource.com`
-  
-  Only if the upstream Gerrit instance returns no results should you fall back to reporting the roll CL — in that case, include the roll CL and note that the actual fix is upstream but the specific CL could not be identified.
-- Multiple `Reviewed-on:` lines in one commit body: cherry-picks keep the original line plus a new one. The **first** `Reviewed-on:` is the original CL.
-- A bug may have multiple distinct fix CLs (fix + follow-up hardening) — list all of them.
-
-### 5. Output
-
-Produce a markdown table per severity level: `CVE | Bug | Component | Fix CL (main)`. Link bugs as `https://crbug.com/<id>`. Save raw output (including all branch merges) to `/tmp/cve_cls.txt` and mention the path.

.claude/skills/chrome-release-verify/SKILL.md

@@ -1,123 +0,0 @@
----
-name: chrome-release-verify
-description: End-to-end Chrome security backport for an Electron release branch. Given a Chrome Releases blog URL and a branch (e.g. 41-x-y), determines which CVE fixes are missing from the *actual synced source*, writes the cherry-pick patches locally, validates them with `e sync --3` + `lint --patches`, then pushes a single PR. Use when asked to backport a Chrome security release to N-x-y, "is CVE-X already in N-x-y?", or to produce/validate the cherry-pick set for a release branch.
----
-
-# Chrome Release → Validated Backport PR
-
-Input: `$ARGUMENTS` = `<release-branch> <chrome-releases-blog-url>` (e.g. `41-x-y https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html`). Ask if either is missing.
-
-The flow is **local-first**: nothing is pushed until every patch applies via `e sync --3` and passes `lint --patches`.
-
-## 1. Map CVE → bug → fix CL
-
-Run `/chrome-release-cls <blog-url>` (or its inline procedure) to produce `/tmp/cve_bugs.txt` (`CVE|bug|severity|desc`) and a per-bug canonical fix CL. For each CL also note `repo` (path under `src/`: `.`, `v8`, `third_party/{skia,angle,pdfium,dawn}`, `third_party/libaom/source/libaom`) and `gerrit-host`.
-
-**Prefer the target-milestone merge CL** if one exists (e.g. on `41-x-y` ≈ M146, prefer the `[M146]` cherry-pick over the main CL) — it's already rebased and far less likely to conflict. Find it via `git log --all --grep` on the Change-Id, or Gerrit `?q=bug:<n>`. If Chrome did *not* merge a fix to the target milestone, that's a strong signal the vulnerable code doesn't exist there — flag it for skip rather than forcing a port.
-
-## 2. Prepare a synced worktree
-
-Reuse `bp-<NN>` from `e show configs` if present, else `e worktree add bp-<NN> ~/src/electron-bp-<NN> --source <current> --no-sync`.
-
-```bash
-cd <root>/src/electron
-git fetch origin <branch>
-git checkout -B security-backport/<branch>/<short-date> origin/<branch>
-e use bp-<NN>
-e sync 2>&1 | tee /tmp/bp_sync.log
-```
-
-If sync fails with `NotADirectoryError: '<root>/src/.git/objects/info/alternates'`, remove `GIT_CACHE_PATH` from the bp config's `env` and retry.
-
-## 3. Verify IN-TREE vs NEEDS-BACKPORT
-
-For each bug, three checks against the **synced** repo:
-
-1. `git -C "$repo" log HEAD --since='1 year ago' -E --grep="\b${bug}\b" --format='%h %s'`
-2. Fetch Change-Id from Gerrit, then `git log HEAD --grep="^Change-Id: ${cid}$"`
-3. `grep -rlE "(\b${bug}\b|${cid})" <root>/src/electron/patches/`
-
-Any hit ⇒ IN-TREE. All empty ⇒ NEEDS-BACKPORT.
-
-For each NEEDS-BACKPORT CL, also fetch its file list (`/changes/<proj>~<cl>/revisions/current/files`) and **skip** if every file is under `chrome/browser/`, `chrome/android/`, `ios/`, or `components/**/android/` — Electron doesn't compile those.
-
-Report the table now (`CVE | Sev | Bug | Component | Verdict | CL`) and the proposed backport set; get user sign-off before continuing.
-
-## 4. Write patches locally (no push yet)
-
-For each backport CL, fetch the raw patch and write it into `patches/<dir>/`:
-
-```bash
-curl -s "https://${host}.googlesource.com/changes/${proj//\//%2F}~${cl}/revisions/current/patch" \
-  | base64 -d > "patches/${dir}/cherry-pick-${short}.patch"
-echo "cherry-pick-${short}.patch" >> "patches/${dir}/.patches"
-```
-
-For repos with no Gerrit host `e cherry-pick` supports (e.g. **libaom** on aomedia), instead `git cherry-pick` the upstream commits onto the synced sub-repo HEAD and `git format-patch` the result.
-
-For any newly-created `patches/<dir>/`, append to `patches/config.json` **preserving the compact one-line-per-entry style**:
-
-```json
-  { "patch_dir": "src/electron/patches/<dir>", "repo": "src/third_party/<dir-or-nested-path>" }
-```
-
-## 5. Validate with `e sync --3`
-
-```bash
-e sync --3 2>&1 | tee /tmp/bp_sync3.log
-```
-
-On `Patch failed at NNNN <subject>`:
-
-- `cd` into the failing repo, inspect `git diff` for conflict markers.
-- **Test-only files** (e.g. `web_tests/VirtualTestSuites`, `*_unittest.cc` context drift): take ours (`git checkout --ours -- <file>`) if the security-relevant hunks merged cleanly.
-- **Substantive code conflicts**: check whether a target-milestone merge CL exists and swap to it. If none exists upstream and the surrounding code is structurally different, **drop the patch** (delete the file, remove from `.patches` and `config.json`) and note it for a separate manual-port PR — do not improvise security-fix semantics.
-- After resolving: `git add <files> && git -c commit.gpgsign=false am --continue`, then `e patches <repo>` to export the resolved patch, then re-run `e sync --3`. Repeat until clean.
-
-## 6. Export → lint → re-apply loop
-
-```bash
-e patches all
-node script/lint.js --patches   # must exit 0
-```
-
-If lint reports findings (typically trailing whitespace on `+` content lines), fixing them **changes the bytes the patch writes**, which invalidates the `index <old>..<new>` blob hashes that `e patches` baked in. Hand-editing a `.patch` and pushing it as-is will pass lint locally but fail CI's Apply Patches re-export check with a one-line `index` hash diff.
-
-So whenever lint (or you) modifies any `.patch` file after export, round-trip once more:
-
-```bash
-# fix the lint findings in patches/**/*.patch, then:
-e sync            # re-apply the edited patches (no --3 needed; they applied cleanly last time)
-e patches all     # re-export so index blob hashes match the edited content
-node script/lint.js --patches      # must now exit 0
-git diff --quiet -- patches/ || { echo "patches changed again — repeat the loop"; }
-```
-
-Repeat until `lint --patches` exits 0 **and** `git diff -- patches/` is empty after the final `e patches all`. Only then is the patch set CI-stable.
-
-## 7. Commit, push, PR
-
-```bash
-git add patches/
-git commit -m "chore: cherry-pick <N> changes from <dirs>"
-git push origin HEAD
-gh pr create --repo electron/electron --base <branch> --head <this-branch> \
-  --title "chore: cherry-pick <N> changes from <dirs>" \
-  --label "<branch>" --label backport-check-skip --label semver/patch --label "security 🔒" \
-  --body-file /tmp/pr_body.md
-```
-
-PR body format:
-
-```markdown
-Backports the following changes:
-
-* [`<shortCommit>`](<gerrit-CL-url>) from <patchDir> — <subject> ([<bug>](https://crbug.com/<bug>), CVE-YYYY-NNNN)
-* ...
-
-Notes: Security: backported fixes for CVE-YYYY-NNNN, CVE-YYYY-NNNN, ....
-```
-
-Short commit links to the **Gerrit CL**; bug links to `crbug.com`; CVE comes from the blog mapping (the patch's own `Bug:` footer may differ); `Notes:` is the last line. Mention any dropped patches (with reason) above the `Notes:` line.
-
-Restore `e use <previous>` when done.

.claude/skills/electron-chromium-upgrade/SKILL.md

@@ -7,20 +7,19 @@ description: Guide for performing Chromium version upgrades in the Electron proj
 
 ## Summary
 
-Run `e sync --3` repeatedly, fixing patch conflicts as they arise, until it succeeds. Then export patches and commit changes atomically.
+Run `e sync --3` repeatedly, fixing patch conflicts as they arise, until it succeeds. Then run `e patches all` and commit changes atomically.
 
 ## Success Criteria
 
 Phase One is complete when:
 - `e sync --3` exits with code 0 (no patch failures)
-- All changes are committed per the commit guidelines
+- `e patches all` has been run to export all changes
+- All changes are committed per the commit guidelines below
 
 Do not stop until these criteria are met.
 
 **CRITICAL** Do not delete or skip patches unless 100% certain the patch is no longer needed. Complicated conflicts or hard to resolve issues should be presented to the user after you have exhausted all other options. Do not delete the patch just because you can't solve it.
 
-**CRITICAL** Never use `git am --skip` and then manually recreate a patch by making a new commit. This destroys the original patch's authorship, commit message, and position in the series. If `git am --continue` reports "No changes", investigate why — the changes were likely absorbed by a prior conflict resolution's 3-way merge. Present this situation to the user rather than skipping and recreating.
-
 ## Context
 
 The `roller/chromium/main` branch is created by automation to update Electron's Chromium dependency SHA. No work has been done to handle breaking changes between the old and new versions.
@@ -31,18 +30,12 @@ The `roller/chromium/main` branch is created by automation to update Electron's
 - `patches/`: Patch files organized by target
 - `docs/development/patches.md`: Patch system documentation
 
-## Pre-flight Checks
-
-Run these once at the start of each upgrade session:
-
-1. **Clear rerere cache** (if enabled): `git rerere clear` in both the electron and `..` repos. Stale recorded resolutions from a prior attempt can silently apply wrong merges.
-2. **Ensure pre-commit hooks are installed**: Check that `.git/hooks/pre-commit` exists. If not, run `yarn husky` to install it. The hook runs `lint-staged` which handles clang-format for C++ files.
-
 ## Workflow
 
-1. Run `e sync --3` (the `--3` flag enables 3-way merge, always required)
-2. If succeeds → skip to step 5
-3. If patch fails:
+1. Delete the `.git/rr-cache` in both the `electron` and `..` folder to ensure no accidental rerere replays occur from before this upgrade phase attempt started
+2. Run `e sync --3` (the `--3` flag enables 3-way merge, always required)
+3. If succeeds → skip to step 6
+4. If patch fails:
    - Identify target repo and patch from error output
    - Analyze failure (see references/patch-analysis.md)
    - Fix conflict in target repo's working directory
@@ -50,8 +43,10 @@ Run these once at the start of each upgrade session:
    - Repeat until all patches for that repo apply
    - IMPORTANT: Once `git am --continue` succeeds you MUST run `e patches {target}` to export fixes
    - Return to step 1
-4. When `e sync --3` succeeds, run `e patches all`
-5. **Read `references/phase-one-commit-guidelines.md` NOW**, then commit changes following those instructions exactly.
+5. When `e sync --3` succeeds, run `e patches all`
+6. **Read `references/phase-one-commit-guidelines.md` NOW**, then commit changes following those instructions exactly.
+
+Before committing any Phase One changes, you MUST read `references/phase-one-commit-guidelines.md` and follow its instructions exactly.
 
 ## Commands Reference
 
@@ -61,7 +56,6 @@ Run these once at the start of each upgrade session:
 | `git am --continue` | Continue after resolving conflict (run in target repo) |
 | `e patches {target}` | Export commits from target repo to patch files |
 | `e patches all` | Export all patches from all targets |
-| `e patches {target} --commit-updates` | Export patches and auto-commit trivial changes |
 | `e patches --list-targets` | List targets and config paths |
 
 ## Patch System Mental Model
@@ -86,22 +80,25 @@ Fix existing patches 99% of the time rather than creating new ones.
 1. **Preserve authorship**: Keep original author in TODO comments (from patch `From:` field)
 2. **Never change TODO assignees**: `TODO(name)` must retain original name
 3. **Update descriptions**: If upstream changed (e.g., `DCHECK` → `CHECK_IS_TEST`), update patch commit message to reflect current state
-4. **Never skip-and-recreate a patch**: If `git am --continue` says "No changes — did you forget to use 'git add'?", do NOT run `git am --skip` and create a replacement commit. The patch's changes were already absorbed by a prior 3-way merge resolution. This means an earlier conflict resolution pulled in too many changes. Present the situation to the user for guidance — the correct fix may require re-doing an earlier resolution more carefully to keep each patch's changes separate.
+
+## Final Deliverable
+
+After Phase One, write a summary of every change: what was fixed, why, reasoning, and Chromium CL links.
 
 # Electron Chromium Upgrade: Phase Two
 
 ## Summary
 
-Run `e build -k 999 -- --quiet` repeatedly, fixing build issues as they arise, until it succeeds. Then run `e start --version` to validate Electron launches and commit changes atomically.
+Run `e build -k 999` repeatedly, fixing build issues as they arise, until it succeeds. Then run `e start --version` to validate Electron launches and commit changes atomically.
 
 Run Phase Two immediately after Phase One is complete.
 
 ## Success Criteria
 
 Phase Two is complete when:
-- `e build -k 999 -- --quiet` exits with code 0 (no build failures)
+- `e build -k 999` exits with code 0 (no build failures)
 - `e start --version` has been run to check Electron launches
-- All changes are committed per the commit guidelines
+- All changes are committed per the commit guidelines below
 
 Do not stop until these criteria are met. Do not delete code or features, never comment out code in order to take short cut. Make all existing code, logic and intention work.
 
@@ -115,7 +112,8 @@ The `roller/chromium/main` branch is created by automation to update Electron's
 
 ## Workflow
 
-1. Run `e build -k 999 -- --quiet` (the `--quiet` flag suppresses per-target status lines, showing only errors and the final result)
+1. Run `e build -k 999` (the `-k 999` flag is a flag to ninja to say "do not stop until you find that many errors" it is an attempt to get as much error
+  context as possible for each time we run build)
 2. If succeeds → skip to step 6
 3. If build fails:
     - Identify underlying file in "electron" from the compilation error message
@@ -128,17 +126,27 @@ The `roller/chromium/main` branch is created by automation to update Electron's
 4. **CRITICAL**: After ANY commit (especially patch commits), immediately run `git status` in the electron repo
     - Look for other modified `.patch` files that only have index/hunk header changes
     - These are dependent patches affected by your fix
-    - Commit them immediately with: `git commit -am "chore: update patches (trivial only)"`
+    - Commit them immediately with: `git commit -am "chore: update patch hunk headers"`
+    - This prevents losing track of necessary updates
 5. Return to step 1
 6. When `e build` succeeds, run `e start --version`
 7. Check if you have any pending changes in the Chromium repo by running `git status`
     - If you have changes follow the instructions below in "A. Patch Fixes" to correctly commit those modifications into the appropriate patch file
 
+Before committing any Phase Two changes, you MUST read `references/phase-two-commit-guidelines.md` and follow its instructions exactly.
+
+## Build Error Detection
+
+When monitoring `e build -k 999` output, filter for errors using this regex pattern:
+error:|FAILED:|fatal:|subcommand failed|build finished
+
+The build output is extremely verbose. Filtering is essential to catch errors quickly.
+
 ## Commands Reference
 
 | Command | Purpose |
 |---------|---------|
-| `e build -k 999 -- --quiet` | Build Electron, continue on errors, suppress status lines |
+| `e build -k 999` | Builds Electron and won't stop until either all targets attempted or 999 errors found |
 | `e build -t {target}.o` | Build just one specific target to verify a fix |
 | `e start --version` | Validate Electron launches after successful build |
 
@@ -155,21 +163,28 @@ When the error is in a file that Electron patches (check with `grep -l "filename
     git add <modified-file>
     git commit --fixup=<original-patch-commit-hash>
     GIT_SEQUENCE_EDITOR=: git rebase --autosquash --autostash -i <commit>^
-    ```
-3. Export the updated patch: `e patches chromium`
-4. Commit the updated patch file following `references/phase-one-commit-guidelines.md`.
+3. Export the updated patch: e patches chromium
+4. Commit the updated patch file in the electron repo following the `references/phase-one-commit-guidelines.md`, then commit changes following those instructions exactly. **READ THESE GUIDELINES BEFORE COMMITTING THESE CHANGES**
 
 To find the original patch commit to fixup: `git log --oneline | grep -i "keyword from patch name"`
 
 The base commit for rebase is the Chromium commit before patches were applied. Find it by checking the `refs/patches/upstream-head` ref.
 
-### B. Electron Code Fixes (for files in shell/, electron/, etc.)
+B. Electron Code Fixes (for files in shell/, electron/, etc.)
 
 When the error is in Electron's own source code:
 
 1. Edit files directly in the electron repo
 2. Commit directly (no patch export needed)
 
+Dependent Patch Updates
+
+IMPORTANT: When you modify a patch, other patches that apply to the same file may have their hunk headers invalidated. After committing a patch fix:
+
+1. Run git status in the electron repo
+2. Look for other modified .patch files with just index/hunk header changes
+3. Commit these with: git commit -m "chore: update patch hunk headers"
+
 # Critical: Read Before Committing
 
 - Before ANY Phase One commits: Read `references/phase-one-commit-guidelines.md`
@@ -181,4 +196,4 @@ This skill has additional reference files in `references/`:
 - phase-one-commit-guidelines.md - Commit format for Phase One
 - phase-two-commit-guidelines.md - Commit format for Phase Two
 
-Read these when referenced in the workflow steps.
+Read these when referenced in the workflow steps.

.claude/skills/electron-chromium-upgrade/references/patch-analysis.md

@@ -17,56 +17,6 @@
    Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/{CL_NUMBER}
    ```
 
-## Critical: Resolve by Intent, Not by Mechanical Merge
-
-When resolving a patch conflict, do NOT blindly preserve the patch's old code. Instead:
-
-1. **Understand the upstream CL's full scope** — not just the conflicting hunk.
-   Run `git show <commit> --stat` and read diffs for all affected files.
-   Upstream may have removed structs, members, or methods that the patch
-   references in other hunks or files.
-
-2. **Re-read the patch commit message** to understand its *intent* — what
-   behavior does it need to preserve or add?
-
-3. **Implement the intent against the new upstream code.** If the patch's
-   purpose is "add a feature flag guard", add only the guard — don't also
-   restore old code inside the guard that upstream separately removed.
-
-### Lesson: Upstream Removals Break Patch References
-
-- **Trigger:** Patch conflict involves an upstream refactor (not just context drift)
-- **Strategy:** After identifying the upstream CL, check its full diff for
-  removed types, members, and methods. If the patch's old code references
-  something removed, the resolution must use the new upstream mechanism.
-- **Evidence:** An upstream CL removed a `HeadlessModeWindow` struct from a
-  header, but the conflict was only in a `.mm` file. Mechanically keeping the
-  patch's old line (`headless_mode_window_ = ...`) produced code referencing
-  a nonexistent type — caught only on review, not at patch-apply time.
-
-### Lesson: Separate Patch Purpose from Patch Implementation
-
-- **Trigger:** Conflict between "upstream simplified code" vs "patch has older code"
-- **Strategy:** Identify the *minimal* change the patch needs. If the patch
-  wraps code in a conditional, only add the conditional — don't restore old
-  code that was inside the conditional but was separately cleaned up upstream.
-- **Evidence:** An occlusion patch needed only a feature flag check, but the
-  old patch also contained a version check that upstream intentionally removed.
-  Mechanically preserving the old patch code re-added the removed check.
-
-### Lesson: Finish the Adaptation at Conflict Time
-
-- **Trigger:** A patch conflict involves an upstream API removal or replacement
-- **Strategy:** When resolving the conflict, fully adapt the patch to use the
-  new API in the same commit. Don't remove the old code and leave behind stale
-  references that will "be fixed in Phase Two." Each patch fix commit should be
-  a complete resolution.
-- **Evidence:** A safestorage patch conflicted because Chromium removed Keychain V1.
-  The conflict was resolved by removing V1 hunks, but the remaining code still
-  called V1 methods (`FindGenericPassword` with 3 args, `ItemDelete` with
-  `SecKeychainItemRef`). These should have been adapted to V2 APIs in the same
-  commit, not deferred.
-
 ## Common Failure Patterns
 
 | Pattern | Cause | Solution |

.claude/skills/electron-chromium-upgrade/references/phase-one-commit-guidelines.md

@@ -4,65 +4,19 @@ Only follow these instructions if there are uncommitted changes to `patches/` af
 
 Ignore other instructions about making commit messages, our guidelines are CRITICALLY IMPORTANT and must be followed.
 
-## Each Commit Must Be Complete
-
-When resolving a patch conflict, fully adapt the patch to the new upstream code in the same commit. If the upstream change removes an API the patch uses, update the patch to use the replacement API now — don't leave stale references knowing they'll need fixing later. The goal is that each commit represents a finished resolution, not a partial one that defers known work to a future phase.
-
-## Commit Message Style
-
-**Titles** follow the 60/80-character guideline: simple changes fit within 60 characters, otherwise the limit is 80 characters.
-
-Always include a `Co-Authored-By` trailer identifying the AI model that assisted (e.g., `Co-Authored-By: <AI model attribution>`).
-
-### Patch conflict fixes
-
-Use `fix(patch):` prefix. The title should name the upstream change, not your response to it:
-
-```
-fix(patch): {topic headline}
-
-Ref: {Chromium CL link}
-
-Co-Authored-By: <AI model attribution>
-```
-
-Only add a description body if it provides clarity beyond the title. For straightforward context drift or simple API renames, the title + Ref is sufficient.
-
-Examples:
-- `fix(patch): constant moved to header`
-- `fix(patch): headless mode refactor upstream`
-- `fix(patch): V1 Keychain removal`
-
-### Upstreamed patch removal
-
-When patches are no longer needed (applied cleanly with "already applied" or confirmed upstreamed), group ALL removals into a single commit:
-
-```
-chore: remove upstreamed patch
-```
-
-or (if multiple):
-
-```
-chore: remove upstreamed patches
-```
-
-If the patch file did NOT contain a `Reviewed-on: https://chromium-review.googlesource.com/c/chromium/...` link, add a `Ref:` in the commit. If it did (i.e. cherry-picks), no `Ref:` is needed.
-
-### Trivial patch updates
-
-After all fix commits, stage remaining trivial changes (index, line numbers, context only):
-
-```bash
-git add patches
-git commit -m "chore: update patches (trivial only)"
-```
-
-**Conflict resolution can produce trivial results.** A `git am` conflict doesn't always mean the patch content changed — context drift alone can cause a conflict. After resolving and exporting, inspect the patch diff: if only index hashes, line numbers, and context lines changed (not the patch's own `+`/`-` lines), it's trivial and belongs here, not in a `fix(patch):` commit.
-
 ## Atomic Commits
 
-Each patch conflict fix gets its own commit with its own Ref.
+For each fix made to a patch, create a separate commit:
+
+```
+fix(patch-conflict): {concise title}
+
+{Brief explanation, 1-2 paragraphs max}
+
+Ref: {Chromium CL link}
+```
+
+IMPORTANT: Ensure that any changes made to patch content as a result of a change in Chromium is committed individually. Each change should have it's own commit message and it's own REF.
 
 IMPORTANT: Try really hard to find the CL reference per the instructions below. Each change you made should in theory have been in response to a change made in Chromium that you identified or can identify. Try for a while to identify and include the ref in the commit message. Do not give up easily.
 
@@ -76,27 +30,23 @@ Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/XXXXXXX
 
 If no CL found after searching: `Ref: Unable to locate CL`
 
-## Example Commits
+## Final Cleanup
 
-### Patch conflict fix (simple — title is sufficient)
+After all fix commits, stage remaining changes:
 
-```
-fix(patch): constant moved to header
-
-Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7536483
-
-Co-Authored-By: <AI model attribution>
+```bash
+git add patches
+git commit -m "chore: update patch hunk headers"
 ```
 
-### Patch conflict fix (complex — description adds value)
+## Example Commit
 
 ```
-fix(patch): V1 Keychain removal
+fix(patch-conflict): update web_contents_impl.cc context for navigation refactor
 
-Upstream deleted the V1 Keychain API. Removed V1 hunks and adapted
-keychain_password_mac.mm to use KeychainV2 APIs.
+The upstream navigation code was refactored to use NavigationRequest directly
+instead of going through NavigationController. Updated surrounding context
+to match new code structure.
 
-Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7540447
-
-Co-Authored-By: <AI model attribution>
-```
+Ref: https://chromium-review.googlesource.com/c/chromium/src/+/1234567
+```

.claude/skills/electron-chromium-upgrade/references/phase-two-commit-guidelines.md

@@ -4,37 +4,41 @@ Only follow these instructions if there are uncommitted changes in the Electron
 
 Ignore other instructions about making commit messages, our guidelines are CRITICALLY IMPORTANT and must be followed.
 
-## Commit Message Style
-
-**Titles** follow the 60/80-character guideline: simple changes fit within 60 characters, otherwise the limit is 80 characters. Exception: upstream Chromium CL titles are used verbatim even if longer.
-
-Always include a `Co-Authored-By` trailer identifying the AI model that assisted (e.g., `Co-Authored-By: <AI model attribution>`).
-
 ## Two Commit Types
 
 ### For Electron Source Changes (shell/, electron/, etc.)
 
 ```
-{CL-Number}: {upstream CL's original title}
+{CL-Number}: {concise description of API change}
+
+{Brief explanation of what upstream changed and how Electron was adapted}
 
 Ref: {Chromium CL link}
-
-Co-Authored-By: <AI model attribution>
 ```
 
-Use the **upstream CL's original commit title** — do not paraphrase or rewrite it. To find it: `git log -1 --format=%s <chromium-commit-hash>`.
+IMPORTANT: Ensure that any change made to electron as a result of a change in Chromium is committed individually. Each change should have it's own commit message and it's own REF. Logically grouped into commits that make sense rather than one giant commit.
 
-Only add a description body if it provides clarity beyond what the title already says (e.g., when Electron's adaptation is non-obvious). For simple renames, method additions, or straightforward API updates, the title + Ref link is sufficient.
+IMPORTANT: Try really hard to find the CL reference per the instructions below. Each change you made should in theory have been in response to a change made in Chromium that you identified or can identify. Try for a while to identify and include the ref in the commit message. Do not give up easily.
 
-Each change should have its own commit and its own Ref. Logically group into commits that make sense rather than one giant commit. You may include multiple "Ref" links if required.
+You may include multiple "Ref" links if required.
 
-For a CL link in the format `https://chromium-review.googlesource.com/c/chromium/src/+/2958369` the "CL-Number" is `2958369`.
-
-IMPORTANT: Try really hard to find the CL reference. Each change you made should in theory have been in response to a change in Chromium. Do not give up easily.
+For a CL link in the format `https://chromium-review.googlesource.com/c/chromium/src/+/2958369` the "CL-Number" is `2958369`
 
 ### For Patch Updates (patches/chromium/*.patch)
 
-Use the same fixup workflow as Phase One and follow `references/phase-one-commit-guidelines.md` for the commit message format (`fix(patch):` prefix, topic style).
+Use the same fixup workflow as Phase One:
+1. Fix in Chromium source tree
+2. Fixup commit + rebase
+3. Export with `e patches chromium`
+4. Commit the patch file:
+
+```
+fix(patch-update): {concise description}
+
+{Brief explanation}
+
+Ref: {Chromium CL link}
+```
 
 ## Dependent Patch Header Updates
 
@@ -42,43 +46,37 @@ After any patch modification, check for other affected patches:
 
 ```bash
 git status
-# If other .patch files show as modified with only index, line number, and context changes:
+# If other .patch files show as modified with only hunk header changes:
 git add patches/
-git commit -m "chore: update patches (trivial only)"
+git commit -m "chore: update patch hunk headers"
 ```
 
 ## Finding CL References
 
 Use git log or git blame on Chromium source files. Look for:
 
-```
 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/XXXXXXX
-```
 
-If no CL found after searching: `Ref: Unable to locate CL`
+If no CL found after searching: Ref: Unable to locate CL
 
 ## Example Commits
 
-### Electron Source Fix (simple — title is self-explanatory)
+### Electron Source Fix
 
-```
-7535923: Rename ozone buildflags
+fix: update GetPlugins to GetPluginsAsync for API change
 
-Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7535923
+The upstream Chromium API changed:
+- Old: GetPlugins(callback) - took a callback
+- New: GetPluginsAsync(callback) - async version takes a callback
 
-Co-Authored-By: <AI model attribution>
-```
+Ref: https://chromium-review.googlesource.com/c/chromium/src/+/1234567
 
-### Electron Source Fix (complex — description adds value)
+### Patch Fix
 
-```
-7534194: Convert some functions in ui::Clipboard to async
+fix(patch-conflict): update picture-in-picture for gesture handling refactor
 
-Adapted ExtractCustomPlatformNames calls to use RunLoop pattern
-consistent with existing ReadImage implementation, since upstream
-converted the API from synchronous return to callback-based.
+Upstream added new gesture handling code that accesses live caption dialog.
+The live caption functionality is disabled in Electron's patch, so wrapped
+the new code in #if 0 guards to match existing pattern.
 
-Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7534194
-
-Co-Authored-By: <AI model attribution>
-```
+Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7654321

.devcontainer/devcontainer.json

@@ -35,7 +35,7 @@
 				"ms-vscode.cpptools",
 				"mutantdino.resourcemonitor",
 				"dsanders11.vscode-electron-build-tools",
-				"oxc.oxc-vscode",
+				"dbaeumer.vscode-eslint",
 				"shakram02.bash-beautify",
 				"marshallofsound.gnls-electron"
 			],

.devcontainer/docker-compose.yml

@@ -2,7 +2,7 @@ version: '3'
 
 services:
   buildtools:
-    image: ghcr.io/electron/devcontainer:eac3529546ea8f3aa356d31e345715eef342233b
+    image: ghcr.io/electron/devcontainer:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
 
     volumes:
       - ..:/workspaces/gclient/src/electron:cached

.eslintrc.json

@@ -0,0 +1,79 @@
+{
+  "root": true,
+  "extends": "standard",
+  "parser": "@typescript-eslint/parser",
+  "plugins": ["@typescript-eslint"],
+  "env": {
+    "browser": true
+  },
+  "rules": {
+    "semi": ["error", "always"],
+    "no-var": "error",
+    "no-unused-vars": "off",
+    "guard-for-in": "error",
+    "@typescript-eslint/no-unused-vars": ["error", {
+      "vars": "all",
+      "args": "after-used",
+      "ignoreRestSiblings": true
+    }],
+    "prefer-const": ["error", {
+      "destructuring": "all"
+    }],
+    "n/no-callback-literal": "off",
+    "import/newline-after-import": "error",
+    "import/order": ["error", {
+      "alphabetize": {
+        "order": "asc"
+      },
+      "newlines-between": "always",
+      "pathGroups": [
+        {
+          "pattern": "@electron/internal/**",
+          "group": "external",
+          "position": "before"
+        },
+        {
+          "pattern": "@electron/**",
+          "group": "external",
+          "position": "before"
+        },
+        {
+          "pattern": "{electron,electron/**}",
+          "group": "external",
+          "position": "before"
+        }
+      ],
+      "pathGroupsExcludedImportTypes": [],
+      "distinctGroup": true,
+      "groups": [
+        "external",
+        "builtin",
+        ["sibling", "parent"],
+        "index",
+        "type"
+      ]
+    }]
+  },
+  "parserOptions": {
+    "ecmaVersion": 6,
+    "sourceType": "module"
+  },
+  "overrides": [
+    {
+      "files": "*.ts",
+      "rules": {
+        "no-undef": "off",
+        "no-redeclare": "off",
+        "@typescript-eslint/no-redeclare": ["error"],
+        "no-use-before-define": "off"
+      }
+    },
+    {
+      "files": "*.d.ts",
+      "rules": {
+        "no-useless-constructor": "off",
+        "@typescript-eslint/no-unused-vars": "off"
+      }
+    }
+  ]
+}

.github/CODEOWNERS

@@ -19,7 +19,6 @@ DEPS                                    @electron/wg-upgrades
 /lib/renderer/security-warnings.ts      @electron/wg-security
 
 # Infra WG
-/.claude/                               @electron/wg-infra
 /.github/actions/                       @electron/wg-infra
 /.github/workflows/*-publish.yml        @electron/wg-infra
 /.github/workflows/build.yml            @electron/wg-infra

.github/ISSUE_TEMPLATE/maintainer_issue.yml

@@ -0,0 +1,14 @@
+name: Maintainer Issue (not for public use)
+description: Only to be created by Electron maintainers
+body:
+- type: checkboxes
+  attributes:
+    label: Confirmation
+    options:
+      - label: I am a [maintainer](https://github.com/orgs/electron/people) of the Electron project. (If not, please create a [different issue type](https://github.com/electron/electron/issues/new/).)
+        required: true
+- type: textarea
+  attributes:
+    label: Description
+  validations:
+    required: true

.github/PULL_REQUEST_TEMPLATE.md

@@ -5,18 +5,12 @@ Thank you for your Pull Request. Please provide a description above and review
 the requirements below.
 
 Contributors guide: https://github.com/electron/electron/blob/main/CONTRIBUTING.md
-
-Using a coding agent / AI? Read the policy: https://github.com/electron/governance/blob/main/policy/ai.md
-
-NOTE: PRs submitted that do not follow this template will be automatically closed.
 -->
 
 #### Checklist
 <!-- Remove items that do not apply. For completed items, change [ ] to [x]. -->
 
-- [ ] I have built and tested this change
-- [ ] I have filled out the PR description
-- [ ] [I have reviewed and verified the changes](https://github.com/electron/governance/blob/main/policy/ai.md)
+- [ ] PR description included
 - [ ] `npm test` passes
 - [ ] tests are [changed or added](https://github.com/electron/electron/blob/main/docs/development/testing.md)
 - [ ] relevant API documentation, tutorials, and examples are updated and follow the [documentation style guide](https://github.com/electron/electron/blob/main/docs/development/style-guide.md)

.github/actions/build-electron/action.yml

@@ -26,9 +26,6 @@ inputs:
   is-asan:
     description: 'The ASan Linux build'
     required: false
-  upload-out-gen-artifacts:
-    description: 'Whether to upload the out/${dir}/gen artifacts'
-    required: false
 runs:
   using: "composite"
   steps:
@@ -40,29 +37,13 @@ runs:
         echo "GN_EXTRA_ARGS=$GN_APPENDED_ARGS" >> $GITHUB_ENV
     - name: Set GN_EXTRA_ARGS for Windows
       shell: bash
-      if: ${{ inputs.target-platform == 'win' }}
+      if: ${{inputs.target-arch != 'x64' && inputs.target-platform == 'win' }}
       run: |
-        # Resolve .obj paths to absolute in linker response files to work
-        # around BindFlt concurrency bug in Windows containers.
-        # https://github.com/microsoft/Windows-Containers/issues/635
-        GN_APPENDED_ARGS="$GN_EXTRA_ARGS win_abs_link_wrapper=\"//electron/build/win/abs_link_wrapper.py\""
-        if [ "${{ inputs.target-arch }}" != "x64" ]; then
-          GN_APPENDED_ARGS="$GN_APPENDED_ARGS target_cpu=\"${{ inputs.target-arch }}\""
-        fi
+        GN_APPENDED_ARGS="$GN_EXTRA_ARGS target_cpu=\"${{ inputs.target-arch }}\""
         echo "GN_EXTRA_ARGS=$GN_APPENDED_ARGS" >> $GITHUB_ENV
     - name: Add Clang problem matcher
       shell: bash
       run: echo "::add-matcher::src/electron/.github/problem-matchers/clang.json"
-    - name: Download previous object checksums
-      shell: bash
-      if: ${{ (github.event_name == 'push' || github.event_name == 'pull_request') && inputs.is-asan != 'true' }}
-      env:
-        GITHUB_TOKEN: ${{ github.token }}
-        ARTIFACT_NAME: object-checksums.${{ inputs.artifact-platform }}_${{ inputs.target-arch }}.json
-        SEARCH_BRANCH: ${{ case(github.event_name == 'push', github.ref_name, github.event.pull_request.base.ref) }}
-        REPO: ${{ github.repository }}
-        OUTPUT_PATH: src/previous-object-checksums.json
-      run: node src/electron/.github/actions/build-electron/download-previous-object-checksums.mjs
     - name: Build Electron ${{ inputs.step-suffix }}
       if: ${{ inputs.target-platform != 'win' }}
       shell: bash
@@ -88,17 +69,12 @@ runs:
         cp out/Default/.ninja_log out/electron_ninja_log
         node electron/script/check-symlinks.js
 
-        # Build stats and object checksums
-        BUILD_STATS_ARGS="out/Default/siso.INFO --out-dir out/Default --output-object-checksums object-checksums.${{ inputs.artifact-platform }}_${{ inputs.target-arch }}.json"
-        if [ -f previous-object-checksums.json ]; then
-          BUILD_STATS_ARGS="$BUILD_STATS_ARGS --input-object-checksums previous-object-checksums.json"
-        fi
-        if ! [ -z "$DD_API_KEY" ]; then
-          BUILD_STATS_ARGS="$BUILD_STATS_ARGS --upload-stats"
+        # Upload build stats to Datadog
+        if ! [ -z $DD_API_KEY ]; then
+          npx node electron/script/build-stats.mjs out/Default/siso.INFO --upload-stats || true          
         else
           echo "Skipping build-stats.mjs upload because DD_API_KEY is not set"
         fi
-        node electron/script/build-stats.mjs $BUILD_STATS_ARGS || true
     - name: Build Electron (Windows) ${{ inputs.step-suffix }}
       if: ${{ inputs.target-platform == 'win' }}
       shell: powershell
@@ -120,21 +96,16 @@ runs:
         Copy-Item out\Default\.ninja_log out\electron_ninja_log
         node electron\script\check-symlinks.js
 
-        # Build stats and object checksums
-        $statsArgs = @("out\Default\siso.exe.INFO", "--out-dir", "out\Default", "--output-object-checksums", "object-checksums.${{ inputs.artifact-platform }}_${{ inputs.target-arch }}.json")
-        if (Test-Path previous-object-checksums.json) {
-          $statsArgs += @("--input-object-checksums", "previous-object-checksums.json")
-        }
+        # Upload build stats to Datadog
         if ($env:DD_API_KEY) {
-          $statsArgs += "--upload-stats"
+          try {
+            npx node electron\script\build-stats.mjs out\Default\siso.exe.INFO --upload-stats ; $LASTEXITCODE = 0
+          } catch {
+            Write-Host "Build stats upload failed, continuing..."
+          }
         } else {
           Write-Host "Skipping build-stats.mjs upload because DD_API_KEY is not set"
         }
-        try {
-          & node electron\script\build-stats.mjs @statsArgs ; $LASTEXITCODE = 0
-        } catch {
-          Write-Host "Build stats failed, continuing..."
-        }
     - name: Verify dist.zip ${{ inputs.step-suffix }}
       shell: bash
       run: |
@@ -326,16 +297,3 @@ runs:
       with:
         name: src_artifacts_${{ env.ARTIFACT_KEY }}
         path: ./src_artifacts_${{ inputs.artifact-platform }}_${{ inputs.target-arch }}
-    - name: Upload Out Gen Artifacts ${{ inputs.step-suffix }}
-      if: ${{ inputs.upload-out-gen-artifacts == 'true' }}
-      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f #v7.0.0
-      with:
-        name: out_gen_artifacts_${{ env.ARTIFACT_KEY }}
-        path: ./src/out/Default/gen
-    - name: Upload Object Checksums ${{ inputs.step-suffix }}
-      if: ${{ always() && !cancelled() && inputs.is-asan != 'true' }}
-      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
-      with:
-        name: object_checksums_${{ inputs.artifact-platform }}_${{ inputs.target-arch }}
-        path: ./src/object-checksums.${{ inputs.artifact-platform }}_${{ inputs.target-arch }}.json
-        archive: false

.github/actions/build-electron/download-previous-object-checksums.mjs

@@ -1,82 +0,0 @@
-import { Octokit } from '@octokit/rest';
-
-import { writeFileSync } from 'node:fs';
-
-const token = process.env.GITHUB_TOKEN;
-const repo = process.env.REPO;
-const artifactName = process.env.ARTIFACT_NAME;
-const branch = process.env.SEARCH_BRANCH;
-const outputPath = process.env.OUTPUT_PATH;
-
-const required = { GITHUB_TOKEN: token, REPO: repo, ARTIFACT_NAME: artifactName, SEARCH_BRANCH: branch, OUTPUT_PATH: outputPath };
-const missing = Object.entries(required).filter(([, v]) => !v).map(([k]) => k);
-if (missing.length > 0) {
-  console.error(`Missing required environment variables: ${missing.join(', ')}`);
-  process.exit(1);
-}
-
-const [owner, repoName] = repo.split('/');
-const octokit = new Octokit({ auth: token });
-
-async function main () {
-  console.log(`Searching for artifact '${artifactName}' on branch '${branch}'...`);
-
-  // Resolve the "Build" workflow name to an ID, mirroring how `gh run list --workflow` works
-  // under the hood (it uses /repos/{owner}/{repo}/actions/workflows/{id}/runs).
-  const { data: workflows } = await octokit.actions.listRepoWorkflows({ owner, repo: repoName });
-  const buildWorkflow = workflows.workflows.find((w) => w.name === 'Build');
-  if (!buildWorkflow) {
-    console.log('Could not find "Build" workflow, continuing without previous checksums');
-    return;
-  }
-
-  const { data: runs } = await octokit.actions.listWorkflowRuns({
-    owner,
-    repo: repoName,
-    workflow_id: buildWorkflow.id,
-    branch,
-    status: 'completed',
-    event: 'push',
-    per_page: 20,
-    exclude_pull_requests: true
-  });
-
-  for (const run of runs.workflow_runs) {
-    const { data: artifacts } = await octokit.actions.listWorkflowRunArtifacts({
-      owner,
-      repo: repoName,
-      run_id: run.id,
-      name: artifactName
-    });
-
-    if (artifacts.artifacts.length > 0) {
-      const artifact = artifacts.artifacts[0];
-      console.log(`Found artifact in run ${run.id} (artifact ID: ${artifact.id}), downloading...`);
-
-      // Non-archived artifacts are still downloaded from the /zip endpoint
-      const response = await octokit.actions.downloadArtifact({
-        owner,
-        repo: repoName,
-        artifact_id: artifact.id,
-        archive_format: 'zip'
-      });
-
-      if (response.headers['content-type'] !== 'application/json') {
-        console.error(`Unexpected content type for artifact download: ${response.headers['content-type']}`);
-        console.error('Expected application/json, continuing without previous checksums');
-        return;
-      }
-
-      writeFileSync(outputPath, JSON.stringify(response.data));
-      console.log('Downloaded previous object checksums successfully');
-      return;
-    }
-  }
-
-  console.log(`No previous object checksums found in last ${runs.workflow_runs.length} runs, continuing without them`);
-}
-
-main().catch((err) => {
-  console.error('Failed to download previous object checksums, continuing without them:', err.message);
-  process.exit(0);
-});

.github/problem-matchers/eslint-stylish.json

@@ -0,0 +1,22 @@
+{
+  "problemMatcher": [
+    {
+      "owner": "eslint-stylish",
+      "pattern": [
+        {
+          "regexp": "^\\s*([^\\s].*)$",
+          "file": 1
+        },
+        {
+          "regexp": "^\\s+(\\d+):(\\d+)\\s+(error|warning|info)\\s+(.*)\\s\\s+(.*)$",
+          "line": 1,
+          "column": 2,
+          "severity": 3,
+          "message": 4,
+          "code": 5,
+          "loop": true
+        }
+      ]
+    }
+  ]
+}

.github/siso-patches/0001-siso-reuse-the-outer-os.File-for-chunked-ReadAt-in-f.patch

@@ -1,4 +1,4 @@
-From aab86e682d6f40e110700f36c9c37f6655fb14f1 Mon Sep 17 00:00:00 2001
+From 85b561ea4dbc76ba98af020b970f3aa6b20fdb9e Mon Sep 17 00:00:00 2001
 From: Samuel Attard <sam@electronjs.org>
 Date: Wed, 8 Apr 2026 23:24:15 -0700
 Subject: [PATCH] siso: reuse the outer *os.File for chunked ReadAt in
@@ -25,10 +25,10 @@ it; see microsoft/Windows-Containers#<tbd>.
  1 file changed, 7 deletions(-)
 
 diff --git a/siso/toolsupport/ninjautil/file_parser.go b/siso/toolsupport/ninjautil/file_parser.go
-index f8c7eff..75b1d6e 100644
+index 8c18d084..63116662 100644
 --- a/siso/toolsupport/ninjautil/file_parser.go
 +++ b/siso/toolsupport/ninjautil/file_parser.go
-@@ -128,13 +128,6 @@ func (p *fileParser) readFile(ctx context.Context, fname string) ([]byte, error)
+@@ -111,13 +111,6 @@ func (p *fileParser) readFile(ctx context.Context, fname string) ([]byte, error)
  		eg.Go(func() error {
  			p.sema <- struct{}{}
  			defer func() { <-p.sema }()
@@ -43,5 +43,5 @@ index f8c7eff..75b1d6e 100644
  				n, err := f.ReadAt(chunkBuf, pos)
  				if err != nil {
 -- 
-2.52.0
+2.53.0
 

.github/siso-patches/0002-siso-retry-transient-ERROR_INVALID_PARAMETER-when-op.patch

@@ -1,4 +1,4 @@
-From 1786f2266cba6a66343e5af2b724214930c8292f Mon Sep 17 00:00:00 2001
+From a8afee1089ec2ae9ab5837b438d07338aefb3bc4 Mon Sep 17 00:00:00 2001
 From: Samuel Attard <sam@electronjs.org>
 Date: Wed, 22 Apr 2026 16:27:51 -0700
 Subject: [PATCH] siso: retry transient ERROR_INVALID_PARAMETER when opening
@@ -27,7 +27,7 @@ Other platforms keep the direct os.Open path.
  create mode 100644 siso/toolsupport/ninjautil/openfile_windows.go
 
 diff --git a/siso/toolsupport/ninjautil/file_parser.go b/siso/toolsupport/ninjautil/file_parser.go
-index 75b1d6e..4a3e639 100644
+index 6311666..324528d 100644
 --- a/siso/toolsupport/ninjautil/file_parser.go
 +++ b/siso/toolsupport/ninjautil/file_parser.go
 @@ -7,7 +7,6 @@ package ninjautil
@@ -35,10 +35,10 @@ index 75b1d6e..4a3e639 100644
  	"context"
  	"fmt"
 -	"os"
- 	"path/filepath"
  	"runtime/trace"
  	"sync"
-@@ -108,7 +107,7 @@ func (p *fileParser) parseFile(ctx context.Context, fname string) error {
+ 	"time"
+@@ -91,7 +90,7 @@ func (p *fileParser) parseFile(ctx context.Context, fname string) error {
  // readFile reads a file of fname in parallel.
  func (p *fileParser) readFile(ctx context.Context, fname string) ([]byte, error) {
  	defer trace.StartRegion(ctx, "ninja.read").End()
@@ -128,5 +128,5 @@ index 0000000..f9d8e9d
 +	}
 +}
 -- 
-2.52.0
+2.53.0
 

.github/workflows/apply-patches.yml

@@ -18,7 +18,6 @@ jobs:
       pull-requests: read
     outputs:
       has-patches: ${{ steps.filter.outputs.patches }}
-      has-siso-patches: ${{ steps.filter.outputs.siso-patches }}
       build-image-sha: ${{ steps.build-image-sha.outputs.build-image-sha }}
     steps:
     - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
@@ -35,9 +34,6 @@ jobs:
           patches:
             - DEPS
             - 'patches/**'
-          siso-patches:
-            - DEPS
-            - '.github/siso-patches/**'
     - name: Set Build Image SHA
       id: build-image-sha
       uses: ./.github/actions/build-image-sha
@@ -81,16 +77,9 @@ jobs:
         target-platform: linux
     - name: Upload Patch Conflict Fix
       if: ${{ failure() }}
-      uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
       with:
         name: update-patches
         path: patches/update-patches.patch
         if-no-files-found: ignore
         archive: false
-
-  build-siso:
-    needs: setup
-    if: ${{ needs.setup.outputs.has-siso-patches == 'true' }}
-    uses: ./.github/workflows/pipeline-segment-build-siso-windows.yml
-    permissions:
-      contents: read

.github/workflows/archaeologist-dig.yml

@@ -13,11 +13,11 @@ jobs:
       contents: read
     steps:
       - name: Checkout Electron
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
         with:
           fetch-depth: 0
       - name: Setup Node.js/npm
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f
         with:
           node-version: 24.12.x
       - name: Setting Up Dig Site
@@ -49,7 +49,7 @@ jobs:
           sha-file: .dig-old
           filename: electron.old.d.ts
       - name: Upload artifacts
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a #v7.0.1
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f #v6.0.0
         with:
           name: artifacts
           path: electron/artifacts

.github/workflows/audit-branch-ci.yml

@@ -11,24 +11,23 @@ permissions: {}
 jobs:
   audit_branch_ci:
     name: Audit CI on Branches
-    if: github.repository == 'electron/electron'
     runs-on: ubuntu-latest
     permissions:
       contents: read
     steps:
       - name: Setup Node.js
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version: 22.17.x
       - name: Sparse checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           sparse-checkout: |
             .
             .github
             .yarn
       - run: yarn workspaces focus @electron/gha-workflows
-      - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+      - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         id: audit-errors
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -86,9 +85,6 @@ jobs:
                       !message.startsWith("Response status code does not indicate success") &&
                       !message.startsWith("The hosted runner lost communication with the server") &&
                       !message.startsWith("Dependabot encountered an error performing the update") &&
-                      !message.startsWith("The action 'Run Electron Tests' has timed out") &&
-                      !message.startsWith("The operation was canceled") &&
-                      !message.startsWith("Canceling since") &&
                       !/Unable to make request/.test(message) &&
                       !/The requested URL returned error/.test(message),
                   )
@@ -157,7 +153,7 @@ jobs:
             await core.summary.write();
       - name: Send Slack message if errors
         if: ${{ always() && steps.audit-errors.outputs.errorsFound && github.ref == 'refs/heads/main' }}
-        uses: slackapi/slack-github-action@03ea5433c137af7c0495bc0cad1af10403fc800c # v3.0.2
+        uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
         with:
           payload: |
             link: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"

.github/workflows/branch-created.yml

@@ -14,7 +14,7 @@ permissions: {}
 jobs:
   release-branch-created:
     name: Release Branch Created
-    if: ${{ github.repository == 'electron/electron' && (github.event_name == 'workflow_dispatch' || (github.event.ref_type == 'branch' && endsWith(github.event.ref, '-x-y') && !startsWith(github.event.ref, 'roller'))) }}
+    if: ${{ github.event_name == 'workflow_dispatch' || (github.event.ref_type == 'branch' && endsWith(github.event.ref, '-x-y') && !startsWith(github.event.ref, 'roller')) }}
     permissions:
       contents: read
       pull-requests: write
@@ -31,46 +31,16 @@ jobs:
           else
             echo "Not a release branch: $BRANCH_NAME"
           fi
-      - name: Determine Next Unsupported Major Version
-        id: determine-next-unsupported-major
-        if: ${{ steps.check-major-version.outputs.MAJOR }}
-        env:
-          MAJOR: ${{ steps.check-major-version.outputs.MAJOR }}
-        run: |
-          # Fetch the release schedule
-          SCHEDULE=$(curl -s https://releases.electronjs.org/schedule.json)
-
-          # Get the stableDate for the current major version
-          STABLE_DATE=$(echo "$SCHEDULE" | jq -r --arg major "${MAJOR}.0.0" '.[] | select(.version == $major) | .stableDate')
-
-          if [[ -z "$STABLE_DATE" || "$STABLE_DATE" == "null" ]]; then
-            echo "Could not find stableDate for version $MAJOR"
-            exit 1
-          fi
-
-          # Find the oldest version where eolDate >= stableDate of the new major
-          # This gives us the oldest supported version when the new major goes stable
-          NEXT_UNSUPPORTED_MAJOR=$(echo "$SCHEDULE" | jq -r --arg stableDate "$STABLE_DATE" '
-            [.[] | select(.eolDate != null and .eolDate >= $stableDate)] | sort_by(.version | split(".")[0] | tonumber) | first | .version | split(".")[0]
-          ')
-
-          if [[ -z "$NEXT_UNSUPPORTED_MAJOR" || "$NEXT_UNSUPPORTED_MAJOR" == "null" ]]; then
-            echo "Could not determine oldest supported version"
-            exit 1
-          fi
-
-          echo "SCHEDULE=$SCHEDULE" >> "$GITHUB_OUTPUT"
-          echo "NEXT_UNSUPPORTED_MAJOR=$NEXT_UNSUPPORTED_MAJOR" >> "$GITHUB_OUTPUT"
       - name: New Release Branch Tasks
         if: ${{ steps.check-major-version.outputs.MAJOR }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GH_REPO: electron/electron
           MAJOR: ${{ steps.check-major-version.outputs.MAJOR }}
-          NEXT_UNSUPPORTED_MAJOR: ${{ steps.determine-next-unsupported-major.outputs.NEXT_UNSUPPORTED_MAJOR }}
+          NUM_SUPPORTED_VERSIONS: 3
         run: |
           PREVIOUS_MAJOR=$((MAJOR - 1))
-          UNSUPPORTED_MAJOR=$((NEXT_UNSUPPORTED_MAJOR - 1))
+          UNSUPPORTED_MAJOR=$((MAJOR - NUM_SUPPORTED_VERSIONS - 1))
 
           # Create new labels
           gh label create $MAJOR-x-y --color 8d9ee8 || true
@@ -98,45 +68,21 @@ jobs:
           done
       - name: Generate GitHub App token
         if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: electron/github-app-auth-action@5f70a3726af01b612f29aac96d05aa524389c9e9 # v2.1.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.RELEASE_BOARD_GH_APP_CREDS }}
           org: electron
       - name: Generate Release Project Board Metadata
         if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         id: generate-project-metadata
-        env:
-          MAJOR: ${{ steps.check-major-version.outputs.MAJOR }}
-          NEXT_UNSUPPORTED_MAJOR: ${{ steps.determine-next-unsupported-major.outputs.NEXT_UNSUPPORTED_MAJOR }}
-          SCHEDULE: ${{ steps.determine-next-unsupported-major.outputs.SCHEDULE }}
         with:
           script: |
-            const schedule = JSON.parse(process.env.SCHEDULE)
-
-            const major = parseInt(process.env.MAJOR)
+            const major = ${{ steps.check-major-version.outputs.MAJOR }}
             const nextMajor = major + 1
             const prevMajor = major - 1
 
-            const { betaDate, stableDate } = schedule.find(v => v.version === `${major}.0.0`)
-
-            const betaPrepWeek = new Date(betaDate)
-            betaPrepWeek.setDate(betaPrepWeek.getDate() - 8)
-            const betaPrepWeekEnd = new Date(betaPrepWeek)
-            betaPrepWeekEnd.setDate(betaPrepWeekEnd.getDate() + 4)
-
-            const stablePrepWeek = new Date(stableDate)
-            stablePrepWeek.setDate(stablePrepWeek.getDate() - 8)
-            const stablePrepWeekEnd = new Date(stablePrepWeek)
-            stablePrepWeekEnd.setDate(stablePrepWeekEnd.getDate() + 4)
-
-            const stableWeek = new Date(stableDate)
-            stableWeek.setDate(stableWeek.getDate() - 1)
-
-            const nextAlphaDate = new Date(stableDate)
-            nextAlphaDate.setDate(nextAlphaDate.getDate() + 2)
-
             core.setOutput("major", major)
             core.setOutput("next-major", nextMajor)
             core.setOutput("prev-major", prevMajor)
@@ -145,19 +91,10 @@ jobs:
                 major,
                 "next-major": nextMajor,
                 "prev-major": prevMajor,
-                "ending-support-major": parseInt(process.env.NEXT_UNSUPPORTED_MAJOR),
-                "beta-date": betaDate,
-                "beta-prep-week": betaPrepWeek.toISOString().split('T')[0],
-                "beta-prep-week-end": betaPrepWeekEnd.toISOString().split('T')[0],
-                "stable-week": stableWeek.toISOString().split('T')[0],
-                "stable-prep-week": stablePrepWeek.toISOString().split('T')[0],
-                "stable-prep-week-end": stablePrepWeekEnd.toISOString().split('T')[0],
-                "stable-date": stableDate,
-                "next-alpha-date": nextAlphaDate.toISOString().split('T')[0],
             }))
       - name: Create Release Project Board
         if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: dsanders11/project-actions/copy-project@4b06452b0128cf601dac14399aa668a8eed2d684 # v2.0.1
+        uses: dsanders11/project-actions/copy-project@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
         id: create-release-board
         with:
           drafts: true
@@ -170,60 +107,6 @@ jobs:
           template-view: ${{ steps.generate-project-metadata.outputs.template-view }}
           title: ${{ steps.generate-project-metadata.outputs.major }}-x-y
           token: ${{ steps.generate-token.outputs.token }}
-      - name: Randomly Assign Draft Issues to Release WG Members
-        if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: dsanders11/project-actions/github-script@4b06452b0128cf601dac14399aa668a8eed2d684 # v2.0.1
-        env:
-          PROJECT_ID: ${{ steps.create-release-board.outputs.id }}
-        with:
-          token: ${{ steps.generate-token.outputs.token }}
-          script: |
-            const { data: members } = await github.rest.teams.listMembersInOrg({
-              org: 'electron',
-              team_slug: 'wg-releases',
-            });
-
-            const excludedLogins = ['nikwen'];
-            const memberLogins = new Set(members.map(m => m.login));
-            for (const login of excludedLogins) {
-              if (!memberLogins.has(login)) {
-                core.warning(`Excluded member "${login}" is not in @electron/wg-releases`);
-              }
-            }
-
-            const eligible = members.filter(m => !excludedLogins.includes(m.login));
-
-            if (eligible.length === 0) {
-              core.warning('No eligible members found in @electron/wg-releases team');
-              return;
-            }
-
-            const projectId = process.env.PROJECT_ID;
-            const draftIssues = await actions.getDraftIssues(projectId);
-
-            if (draftIssues.length === 0) {
-              core.info('No draft issues found in the project');
-              return;
-            }
-
-            // Fisher-Yates shuffle for uniform random assignment
-            const shuffled = [...eligible];
-            for (let i = shuffled.length - 1; i > 0; i--) {
-              const j = Math.floor(Math.random() * (i + 1));
-              [shuffled[i], shuffled[j]] = [shuffled[j], shuffled[i]];
-            }
-
-            // Assign draft issues round-robin across team members
-            for (let i = 0; i < draftIssues.length; i++) {
-              const member = shuffled[i % shuffled.length];
-              const draftIssue = draftIssues[i];
-              core.info(`Assigning "${draftIssue.content.title}" to ${member.login}`);
-              await actions.editItem(projectId, draftIssue.content.id, {
-                assignees: [member.login],
-              });
-            }
-
-            core.info(`Assigned ${draftIssues.length} draft issues to ${eligible.length} team members`);
       - name: Dump Release Project Board Contents
         if: ${{ steps.check-major-version.outputs.MAJOR }}
         run: gh project item-list ${{ steps.create-release-board.outputs.number }} --owner electron --format json | jq
@@ -231,7 +114,7 @@ jobs:
           GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
       - name: Find Previous Release Project Board
         if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: dsanders11/project-actions/find-project@4b06452b0128cf601dac14399aa668a8eed2d684 # v2.0.1
+        uses: dsanders11/project-actions/find-project@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
         id: find-prev-release-board
         with:
           fail-if-project-not-found: false
@@ -239,7 +122,7 @@ jobs:
           token: ${{ steps.generate-token.outputs.token }}
       - name: Close Previous Release Project Board
         if: ${{ steps.find-prev-release-board.outputs.number }}
-        uses: dsanders11/project-actions/close-project@4b06452b0128cf601dac14399aa668a8eed2d684 # v2.0.1
+        uses: dsanders11/project-actions/close-project@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
         with:
           project-number: ${{ steps.find-prev-release-board.outputs.number }}
           token: ${{ steps.generate-token.outputs.token }}

.github/workflows/build-git-cache.yml

@@ -2,42 +2,28 @@ name: Build Git Cache
 # This workflow updates git cache on the cross-instance cache volumes
 # It runs daily at midnight.
 
-on:
+on:  
   schedule:
     - cron: "0 0 * * *"
 
 permissions: {}
 
 jobs:
-  setup:
-    if: github.repository == 'electron/electron'
-    runs-on: ubuntu-slim
-    permissions:
-      contents: read
-    outputs:
-      build-image-sha: ${{ steps.build-image-sha.outputs.build-image-sha }}
-    steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-    - name: Set Build Image SHA
-      id: build-image-sha
-      uses: ./.github/actions/build-image-sha
-
   build-git-cache-linux:
-    needs: setup
     runs-on: electron-arc-centralus-linux-amd64-32core
     permissions:
       contents: read
     container:
-      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
+      image: ghcr.io/electron/build:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
       options: --user root
       volumes:
         - /mnt/cross-instance-cache:/mnt/cross-instance-cache
     env:
-      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
+      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}      
       GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True'
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0
@@ -47,12 +33,11 @@ jobs:
         target-platform: linux
 
   build-git-cache-windows:
-    needs: setup
     runs-on: electron-arc-centralus-linux-amd64-32core
     permissions:
       contents: read
     container:
-      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
+      image: ghcr.io/electron/build:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
       options: --user root --device /dev/fuse --cap-add SYS_ADMIN
       volumes:
         - /mnt/win-cache:/mnt/win-cache
@@ -62,7 +47,7 @@ jobs:
       TARGET_OS: 'win'
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0
@@ -72,13 +57,13 @@ jobs:
         target-platform: win
 
   build-git-cache-macos:
-    # This job updates the same git cache as linux, so it needs to run after the linux one.
-    needs: [setup, build-git-cache-linux]
     runs-on: electron-arc-centralus-linux-amd64-32core
     permissions:
       contents: read
+    # This job updates the same git cache as linux, so it needs to run after the linux one.
+    needs: build-git-cache-linux
     container:
-      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
+      image: ghcr.io/electron/build:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
       options: --user root
       volumes:
         - /mnt/cross-instance-cache:/mnt/cross-instance-cache
@@ -87,11 +72,11 @@ jobs:
       GCLIENT_EXTRA_ARGS: '--custom-var=checkout_mac=True --custom-var=host_os=mac'
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0
     - name: Build Git Cache
       uses: ./src/electron/.github/actions/build-git-cache
       with:
-        target-platform: macos
+        target-platform: macos

.github/workflows/build.yml

@@ -58,7 +58,7 @@ jobs:
         build-image-sha: ${{ steps.build-image-sha.outputs.build-image-sha }}
         docs-only: ${{ steps.set-output.outputs.docs-only }}
     steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         ref: ${{ github.event.pull_request.head.sha }}
     - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
@@ -67,13 +67,12 @@ jobs:
         filters: |
           docs:
             - 'docs/**'
-            - '.claude/**'
             - README.md
             - SECURITY.md
             - CONTRIBUTING.md
             - CODE_OF_CONDUCT.md
           src:
-            - '!{docs,.claude}/**'
+            - '!docs/**'
     - name: Set Build Image SHA
       id: build-image-sha
       uses: ./.github/actions/build-image-sha
@@ -126,7 +125,7 @@ jobs:
       build-image-sha: ${{ needs.setup.outputs.build-image-sha }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0
@@ -158,7 +157,7 @@ jobs:
       build-image-sha: ${{ needs.setup.outputs.build-image-sha}}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0
@@ -190,7 +189,7 @@ jobs:
       build-image-sha: ${{ needs.setup.outputs.build-image-sha}}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0
@@ -275,11 +274,10 @@ jobs:
       contents: read
       issues: read
       pull-requests: read
-    uses: ./.github/workflows/pipeline-electron-build-and-tidy-and-test.yml
+    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: checkout-macos
     with:
       build-runs-on: macos-15-xlarge
-      clang-tidy-runs-on: macos-15-large
       test-runs-on: macos-15
       target-platform: macos
       target-arch: arm64
@@ -295,15 +293,13 @@ jobs:
       contents: read
       issues: read
       pull-requests: read
-    uses: ./.github/workflows/pipeline-electron-build-and-tidy-and-test-and-nan.yml
+    uses: ./.github/workflows/pipeline-electron-build-and-test-and-nan.yml
     needs: checkout-linux
     if: ${{ needs.setup.outputs.src == 'true' }}
     with:
       build-runs-on: electron-arc-centralus-linux-amd64-32core
-      clang-tidy-runs-on: electron-arc-centralus-linux-amd64-8core
       test-runs-on: electron-arc-centralus-linux-amd64-4core
       build-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
-      clang-tidy-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
       test-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init"}'
       target-platform: linux
       target-arch: x64
@@ -376,32 +372,18 @@ jobs:
       generate-symbols: false
       upload-to-storage: '0'
     secrets: inherit
-    
-  test-linux-arm64-64k:
-    uses: ./.github/workflows/pipeline-segment-electron-test-64k.yml
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
-    needs: [checkout-linux, linux-arm64]
-    with:
-      test-runs-on: ubuntu-22.04-arm
-      test-container: '{"image":"ghcr.io/electron/test:arm64v8-${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init"}'
-    secrets: inherit
 
   windows-x64:
     permissions:
       contents: read
       issues: read
       pull-requests: read
-    uses: ./.github/workflows/pipeline-electron-build-and-tidy-and-test.yml
+    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: [checkout-windows, build-siso-windows]
     if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
     with:
       build-runs-on: electron-arc-centralus-windows-amd64-16core
-      clang-tidy-runs-on: electron-arc-centralus-linux-amd64-8core
       test-runs-on: windows-latest
-      clang-tidy-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-windows.outputs.build-image-sha }}","options":"--user root --device /dev/fuse --cap-add SYS_ADMIN","volumes":["/mnt/win-cache:/mnt/win-cache"]}'
       target-platform: win
       target-arch: x64
       is-release: false
@@ -454,11 +436,35 @@ jobs:
     permissions:
       contents: read
     needs: [docs-only, macos-x64, macos-arm64, linux-x64, linux-x64-asan, linux-arm, linux-arm64, build-siso-windows, windows-x64, windows-x86, windows-arm64]
-    if: always() && github.repository == 'electron/electron'
+    if: always() && !contains(needs.*.result, 'failure')
     steps:
-    - name: Fail if any needed job failed or was cancelled
-      if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')
-      run: exit 1
     - name: GitHub Actions Jobs Done
       run: |
         echo "All GitHub Actions Jobs are done"
+
+  check-signed-commits:
+    name: Check signed commits in green PR
+    needs: gha-done
+    if: ${{ contains(github.event.pull_request.labels.*.name, 'needs-signed-commits')}}
+    runs-on: ubuntu-slim
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - name: Check signed commits in PR
+        uses: 1Password/check-signed-commits-action@ed2885f3ed2577a4f5d3c3fe895432a557d23d52 # v1
+        with:
+          comment: |
+            ⚠️ This PR contains unsigned commits. This repository enforces [commit signatures](https://docs.github.com/en/authentication/managing-commit-signature-verification) 
+            for all incoming PRs. To get your PR merged, please sign those commits 
+            (`git rebase --exec 'git commit -S --amend --no-edit -n' @{upstream}`) and force push them to this branch 
+            (`git push --force-with-lease`)
+
+            For more information on signing commits, see GitHub's documentation on [Telling Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key).
+
+      - name: Remove needs-signed-commits label
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_URL: ${{ github.event.pull_request.html_url }}
+        run: |
+          gh pr edit $PR_URL --remove-label needs-signed-commits

.github/workflows/clean-orphaned-cache-uploads.yml

@@ -13,26 +13,13 @@ on:
 permissions: {}
 
 jobs:
-  setup:
-    if: github.repository == 'electron/electron'
-    runs-on: ubuntu-slim
-    permissions:
-      contents: read
-    outputs:
-      build-image-sha: ${{ steps.build-image-sha.outputs.build-image-sha }}
-    steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-    - name: Set Build Image SHA
-      id: build-image-sha
-      uses: ./.github/actions/build-image-sha
-
   clean-orphaned-uploads:
-    needs: setup
+    if: github.repository == 'electron/electron'
     runs-on: electron-arc-centralus-linux-amd64-32core
     permissions:
       contents: read
     container:
-      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
+      image: ghcr.io/electron/build:bc2f48b2415a670de18d13605b1cf0eb5fdbaae1
       options: --user root
       volumes:
         - /mnt/cross-instance-cache:/mnt/cross-instance-cache

.github/workflows/clean-src-cache.yml

@@ -7,162 +7,27 @@ name: Clean Source Cache
 on:
   schedule:
     - cron: "0 0 * * *"
-  workflow_dispatch:
 
 permissions: {}
 
 jobs:
-  setup:
-    if: github.repository == 'electron/electron'
-    runs-on: ubuntu-slim
-    permissions:
-      contents: read
-    outputs:
-      build-image-sha: ${{ steps.build-image-sha.outputs.build-image-sha }}
-    steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-    - name: Set Build Image SHA
-      id: build-image-sha
-      uses: ./.github/actions/build-image-sha
-
   clean-src-cache:
-    needs: setup
     runs-on: electron-arc-centralus-linux-amd64-32core
     permissions:
       contents: read
-    env:
-      DD_API_KEY: ${{ secrets.DD_API_KEY }}
     container:
-      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
+      image: ghcr.io/electron/build:bc2f48b2415a670de18d13605b1cf0eb5fdbaae1
       options: --user root
       volumes:
         - /mnt/cross-instance-cache:/mnt/cross-instance-cache
         - /mnt/win-cache:/mnt/win-cache
     steps:
-    - name: Get Disk Space Before Cleanup
-      id: disk-before
-      shell: bash
-      run: |
-        echo "Disk space before cleanup:"
-        df -h /mnt/cross-instance-cache
-        df -h /mnt/win-cache
-        CROSS_FREE_BEFORE=$(df -k /mnt/cross-instance-cache | tail -1 | awk '{print $4}')
-        CROSS_TOTAL=$(df -k /mnt/cross-instance-cache | tail -1 | awk '{print $2}')
-        WIN_FREE_BEFORE=$(df -k /mnt/win-cache | tail -1 | awk '{print $4}')
-        WIN_TOTAL=$(df -k /mnt/win-cache | tail -1 | awk '{print $2}')
-        echo "cross_free_kb=$CROSS_FREE_BEFORE" >> $GITHUB_OUTPUT
-        echo "cross_total_kb=$CROSS_TOTAL" >> $GITHUB_OUTPUT
-        echo "win_free_kb=$WIN_FREE_BEFORE" >> $GITHUB_OUTPUT
-        echo "win_total_kb=$WIN_TOTAL" >> $GITHUB_OUTPUT
-
     - name: Cleanup Source Cache
       shell: bash
       run: |
+        df -h /mnt/cross-instance-cache
         find /mnt/cross-instance-cache -type f -mtime +15 -delete
-        find /mnt/win-cache -type f -mtime +15 -delete
-
-    - name: Get Disk Space After Cleanup
-      id: disk-after
-      shell: bash
-      run: |
-        echo "Disk space after cleanup:"
         df -h /mnt/cross-instance-cache
         df -h /mnt/win-cache
-        CROSS_FREE_AFTER=$(df -k /mnt/cross-instance-cache | tail -1 | awk '{print $4}')
-        WIN_FREE_AFTER=$(df -k /mnt/win-cache | tail -1 | awk '{print $4}')
-        echo "cross_free_kb=$CROSS_FREE_AFTER" >> $GITHUB_OUTPUT
-        echo "win_free_kb=$WIN_FREE_AFTER" >> $GITHUB_OUTPUT
-
-    - name: Log Disk Space to Datadog
-      if: ${{ env.DD_API_KEY != '' }}
-      shell: bash
-      env:
-        CROSS_FREE_BEFORE: ${{ steps.disk-before.outputs.cross_free_kb }}
-        CROSS_FREE_AFTER: ${{ steps.disk-after.outputs.cross_free_kb }}
-        CROSS_TOTAL: ${{ steps.disk-before.outputs.cross_total_kb }}
-        WIN_FREE_BEFORE: ${{ steps.disk-before.outputs.win_free_kb }}
-        WIN_FREE_AFTER: ${{ steps.disk-after.outputs.win_free_kb }}
-        WIN_TOTAL: ${{ steps.disk-before.outputs.win_total_kb }}
-      run: |
-        TIMESTAMP=$(date +%s)
-
-        CROSS_FREE_BEFORE_GB=$(awk "BEGIN {printf \"%.2f\", $CROSS_FREE_BEFORE / 1024 / 1024}")
-        CROSS_FREE_AFTER_GB=$(awk "BEGIN {printf \"%.2f\", $CROSS_FREE_AFTER / 1024 / 1024}")
-        CROSS_FREED_GB=$(awk "BEGIN {printf \"%.2f\", ($CROSS_FREE_AFTER - $CROSS_FREE_BEFORE) / 1024 / 1024}")
-        CROSS_TOTAL_GB=$(awk "BEGIN {printf \"%.2f\", $CROSS_TOTAL / 1024 / 1024}")
-
-        WIN_FREE_BEFORE_GB=$(awk "BEGIN {printf \"%.2f\", $WIN_FREE_BEFORE / 1024 / 1024}")
-        WIN_FREE_AFTER_GB=$(awk "BEGIN {printf \"%.2f\", $WIN_FREE_AFTER / 1024 / 1024}")
-        WIN_FREED_GB=$(awk "BEGIN {printf \"%.2f\", ($WIN_FREE_AFTER - $WIN_FREE_BEFORE) / 1024 / 1024}")
-        WIN_TOTAL_GB=$(awk "BEGIN {printf \"%.2f\", $WIN_TOTAL / 1024 / 1024}")
-
-        echo "cross-instance-cache: free before=${CROSS_FREE_BEFORE_GB}GB, after=${CROSS_FREE_AFTER_GB}GB, freed=${CROSS_FREED_GB}GB, total=${CROSS_TOTAL_GB}GB"
-        echo "win-cache: free before=${WIN_FREE_BEFORE_GB}GB, after=${WIN_FREE_AFTER_GB}GB, freed=${WIN_FREED_GB}GB, total=${WIN_TOTAL_GB}GB"
-
-        curl -s -X POST "https://api.datadoghq.com/api/v2/series" \
-          -H "Content-Type: application/json" \
-          -H "DD-API-KEY: ${DD_API_KEY}" \
-          -d @- << EOF
-        {
-          "series": [
-            {
-              "metric": "electron.src_cache.disk.free_space_before_cleanup_gb",
-              "points": [{"timestamp": ${TIMESTAMP}, "value": ${CROSS_FREE_BEFORE_GB}}],
-              "type": 3,
-              "unit": "gigabyte",
-              "tags": ["volume:cross-instance-cache", "platform:linux"]
-            },
-            {
-              "metric": "electron.src_cache.disk.free_space_after_cleanup_gb",
-              "points": [{"timestamp": ${TIMESTAMP}, "value": ${CROSS_FREE_AFTER_GB}}],
-              "type": 3,
-              "unit": "gigabyte",
-              "tags": ["volume:cross-instance-cache", "platform:linux"]
-            },
-            {
-              "metric": "electron.src_cache.disk.space_freed_gb",
-              "points": [{"timestamp": ${TIMESTAMP}, "value": ${CROSS_FREED_GB}}],
-              "type": 3,
-              "unit": "gigabyte",
-              "tags": ["volume:cross-instance-cache", "platform:linux"]
-            },
-            {
-              "metric": "electron.src_cache.disk.total_space_gb",
-              "points": [{"timestamp": ${TIMESTAMP}, "value": ${CROSS_TOTAL_GB}}],
-              "type": 3,
-              "unit": "gigabyte",
-              "tags": ["volume:cross-instance-cache", "platform:linux"]
-            },
-            {
-              "metric": "electron.src_cache.disk.free_space_before_cleanup_gb",
-              "points": [{"timestamp": ${TIMESTAMP}, "value": ${WIN_FREE_BEFORE_GB}}],
-              "type": 3,
-              "unit": "gigabyte",
-              "tags": ["volume:win-cache", "platform:linux"]
-            },
-            {
-              "metric": "electron.src_cache.disk.free_space_after_cleanup_gb",
-              "points": [{"timestamp": ${TIMESTAMP}, "value": ${WIN_FREE_AFTER_GB}}],
-              "type": 3,
-              "unit": "gigabyte",
-              "tags": ["volume:win-cache", "platform:linux"]
-            },
-            {
-              "metric": "electron.src_cache.disk.space_freed_gb",
-              "points": [{"timestamp": ${TIMESTAMP}, "value": ${WIN_FREED_GB}}],
-              "type": 3,
-              "unit": "gigabyte",
-              "tags": ["volume:win-cache", "platform:linux"]
-            },
-            {
-              "metric": "electron.src_cache.disk.total_space_gb",
-              "points": [{"timestamp": ${TIMESTAMP}, "value": ${WIN_TOTAL_GB}}],
-              "type": 3,
-              "unit": "gigabyte",
-              "tags": ["volume:win-cache", "platform:linux"]
-            }
-          ]
-        }
-        EOF
-
-        echo "Disk space metrics logged to Datadog"
+        find /mnt/win-cache -type f -mtime +15 -delete
+        df -h /mnt/win-cache

.github/workflows/issue-commented.yml

@@ -1,4 +1,4 @@
-name: Issue / Pull Request Commented
+name: Issue Commented
 
 on:
   issue_comment:
@@ -8,20 +8,20 @@ on:
 permissions: {}
 
 jobs:
-  blocked-issue-commented:
+  issue-commented:
     name: Remove blocked/{need-info,need-repro} on comment
-    if: ${{ !github.event.issue.pull_request && (contains(github.event.issue.labels.*.name, 'blocked/need-repro') || contains(github.event.issue.labels.*.name, 'blocked/need-info ❌')) && github.event.comment.user.type != 'Bot' }}
-    runs-on: ubuntu-slim
+    if: ${{ (contains(github.event.issue.labels.*.name, 'blocked/need-repro') || contains(github.event.issue.labels.*.name, 'blocked/need-info ❌')) && github.event.comment.user.type != 'Bot' }}
+    runs-on: ubuntu-latest
     steps:
       - name: Get author association
         id: get-author-association
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: &get-author-association |
+        run: |
           AUTHOR_ASSOCIATION=$(gh api /repos/electron/electron/issues/comments/${{ github.event.comment.id }} --jq '.author_association')
           echo "author_association=$AUTHOR_ASSOCIATION" >> "$GITHUB_OUTPUT"
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@5f70a3726af01b612f29aac96d05aa524389c9e9 # v2.1.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         if: ${{ !contains(fromJSON('["MEMBER", "OWNER", "COLLABORATOR"]'), steps.get-author-association.outputs.author_association) }}
         id: generate-token
         with:
@@ -33,56 +33,3 @@ jobs:
           ISSUE_URL: ${{ github.event.issue.html_url }}
         run: |
           gh issue edit $ISSUE_URL --remove-label 'blocked/need-repro','blocked/need-info ❌'
-  
-  pr-reviewer-requested:
-    name: Maintainer requested reviewer on PR
-    if: ${{ github.event.issue.pull_request && startsWith(github.event.comment.body, '/request-review') && github.event.comment.user.type != 'Bot' }}
-    runs-on: ubuntu-slim
-    steps:
-      - name: Get author association
-        id: get-author-association
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: *get-author-association
-      - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@5f70a3726af01b612f29aac96d05aa524389c9e9 # v2.1.0
-        if: ${{ contains(fromJSON('["MEMBER", "OWNER"]'), steps.get-author-association.outputs.author_association) }}
-        id: generate-token
-        with:
-          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
-      - name: Request reviewer
-        if: ${{ contains(fromJSON('["MEMBER", "OWNER"]'), steps.get-author-association.outputs.author_association) }}
-        env:
-          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
-          PR_URL: ${{ github.event.issue.html_url }}
-          COMMENT_BODY: ${{ github.event.comment.body }}
-        run: |
-          RAW=$(echo "$COMMENT_BODY" | head -n 1 | sed 's|/request-review\s*||' | xargs)
-
-          if [ -z "$RAW" ]; then
-            echo "::warning::No username provided. Usage: /request-review <username>[,<username>,...]"
-            exit 0
-          fi
-
-          IFS=',' read -ra USERS <<< "$RAW"
-          for USER in "${USERS[@]}"; do
-            NAME=$(echo "$USER" | sed 's/@//g' | xargs)
-            if [ -z "$NAME" ]; then
-              continue
-            fi
-
-            # Strip "electron/" prefix if present to get the bare name
-            BARE_NAME=$(echo "$NAME" | sed 's|^electron/||')
-
-            # If the original name contained "electron/" or looks like a team slug, treat as team
-            if [ "$NAME" != "$BARE_NAME" ]; then
-              gh pr edit $PR_URL --add-reviewer "electron/$BARE_NAME"
-            else
-              if ! gh api /orgs/electron/public_members/$BARE_NAME --silent > /dev/null 2>&1; then
-                echo "::warning::$BARE_NAME is not a public member of the electron organization."
-                continue
-              fi
-
-              gh pr edit $PR_URL --add-reviewer "$BARE_NAME"
-            fi
-          done

.github/workflows/issue-labeled.yml

@@ -15,13 +15,13 @@ jobs:
       contents: read
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@5f70a3726af01b612f29aac96d05aa524389c9e9 # v2.1.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
           org: electron
       - name: Set status
-        uses: dsanders11/project-actions/edit-item@4b06452b0128cf601dac14399aa668a8eed2d684 # v2.0.1
+        uses: dsanders11/project-actions/edit-item@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
         with:
           token: ${{ steps.generate-token.outputs.token }}
           project-number: 90
@@ -36,13 +36,13 @@ jobs:
       contents: read
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@5f70a3726af01b612f29aac96d05aa524389c9e9 # v2.1.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
           org: electron
       - name: Set status
-        uses: dsanders11/project-actions/edit-item@4b06452b0128cf601dac14399aa668a8eed2d684 # v2.0.1
+        uses: dsanders11/project-actions/edit-item@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
         with:
           token: ${{ steps.generate-token.outputs.token }}
           project-number: 90
@@ -70,13 +70,13 @@ jobs:
           fi
       - name: Generate GitHub App token
         if: ${{ steps.check-for-comment.outputs.SHOULD_COMMENT }}
-        uses: electron/github-app-auth-action@5f70a3726af01b612f29aac96d05aa524389c9e9 # v2.1.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
       - name: Create comment
         if: ${{ steps.check-for-comment.outputs.SHOULD_COMMENT }}
-        uses: actions-cool/issues-helper@200c78641dbf33838311e5a1e0c31bbdb92d7cf0 # v3.8.0
+        uses: actions-cool/issues-helper@e2ff99831a4f13625d35064e2b3dfe65c07a0396 # v3.7.5
         with:
           actions: 'create-comment'
           token: ${{ steps.generate-token.outputs.token }}

.github/workflows/issue-opened.yml

@@ -14,13 +14,13 @@ jobs:
     permissions: {}
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@5f70a3726af01b612f29aac96d05aa524389c9e9 # v2.1.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
           org: electron
       - name: Add to Issue Triage
-        uses: dsanders11/project-actions/add-item@4b06452b0128cf601dac14399aa668a8eed2d684 # v2.0.1
+        uses: dsanders11/project-actions/add-item@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
         with:
           field: Reporter
           field-value: ${{ github.event.issue.user.login }}
@@ -32,13 +32,13 @@ jobs:
     permissions: {}
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@5f70a3726af01b612f29aac96d05aa524389c9e9 # v2.1.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
           org: electron
       - name: Sparse checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           sparse-checkout: |
             .
@@ -46,7 +46,7 @@ jobs:
             .yarn
       - run: yarn workspaces focus @electron/gha-workflows
       - name: Add labels
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         id: add-labels
         env:
           ISSUE_BODY: ${{ github.event.issue.body }}
@@ -146,7 +146,7 @@ jobs:
             }
       - name: Create unsupported major comment
         if: ${{ steps.add-labels.outputs.unsupportedMajor }}
-        uses: actions-cool/issues-helper@200c78641dbf33838311e5a1e0c31bbdb92d7cf0 # v3.8.0
+        uses: actions-cool/issues-helper@e2ff99831a4f13625d35064e2b3dfe65c07a0396 # v3.7.5
         with:
           actions: 'create-comment'
           token: ${{ steps.generate-token.outputs.token }}

.github/workflows/issue-transferred.yml

@@ -14,13 +14,13 @@ jobs:
     if: ${{ !github.event.changes.new_repository.private }}
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@5f70a3726af01b612f29aac96d05aa524389c9e9 # v2.1.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
           org: electron
       - name: Remove from issue triage
-        uses: dsanders11/project-actions/delete-item@4b06452b0128cf601dac14399aa668a8eed2d684 # v2.0.1
+        uses: dsanders11/project-actions/delete-item@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
         with:
           token: ${{ steps.generate-token.outputs.token }}
           project-number: 90

.github/workflows/issue-unlabeled.yml

@@ -26,14 +26,14 @@ jobs:
           fi
       - name: Generate GitHub App token
         if: ${{ steps.check-for-blocked-labels.outputs.NOT_BLOCKED }}
-        uses: electron/github-app-auth-action@5f70a3726af01b612f29aac96d05aa524389c9e9 # v2.1.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
           org: electron
       - name: Set status
         if: ${{ steps.check-for-blocked-labels.outputs.NOT_BLOCKED }}
-        uses: dsanders11/project-actions/edit-item@4b06452b0128cf601dac14399aa668a8eed2d684 # v2.0.1
+        uses: dsanders11/project-actions/edit-item@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
         with:
           token: ${{ steps.generate-token.outputs.token }}
           project-number: 90

.github/workflows/linux-publish.yml

@@ -52,7 +52,7 @@ jobs:
       GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True'
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0

.github/workflows/macos-disk-cleanup.yml

@@ -13,7 +13,6 @@ permissions: {}
 
 jobs:
   macos-disk-cleanup:
-    if: github.repository == 'electron/electron'
     strategy:
       fail-fast: false
       matrix:
@@ -26,7 +25,7 @@ jobs:
       contents: read
     steps:
       - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           sparse-checkout: |
             .github/actions/free-space-macos

.github/workflows/macos-publish.yml

@@ -52,7 +52,7 @@ jobs:
       GCLIENT_EXTRA_ARGS: '--custom-var=checkout_mac=True --custom-var=host_os=mac'
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0

.github/workflows/non-maintainer-dependency-change.yml

@@ -51,21 +51,4 @@ jobs:
           PR_URL: ${{ github.event.pull_request.html_url }}
           PR_AUTHOR: ${{ github.event.pull_request.user.login }}
         run: |
-          cat <<'REVIEW_EOF' | sed "s/%AUTHOR%/$PR_AUTHOR/g" | gh pr review $PR_URL -r --body-file=-
-          <!-- disallowed-non-maintainer-change -->
-
-          Hello @%AUTHOR%! It looks like this pull request touches one of our dependency or CI files, and per [our contribution policy](https://github.com/electron/electron/blob/main/CONTRIBUTING.md#dependencies-upgrades-policy) we do not accept these types of changes in PRs.
-
-          To move this PR forward, please:
-
-          1. Revert the dependency/CI file changes from your branch. (e.g. `yarn.lock`, `.yarn/`, `.yarnrc.yml`, `.github/workflows/`, `.github/actions/`)
-          2. Ensure your branch [allows maintainer commits](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork) so a maintainer can push the necessary dependency changes on your behalf.
-          3. Leave a comment letting reviewers know the dependency change is still needed.
-
-          <details>
-          <summary>For maintainers</summary>
-
-          To land this PR, push a verified commit to the contributor's branch with the required dependency/CI changes, then dismiss this review.
-
-          </details>
-          REVIEW_EOF
+          printf "<!-- disallowed-non-maintainer-change -->\n\nHello @${PR_AUTHOR}! It looks like this pull request touches one of our dependency or CI files, and per [our contribution policy](https://github.com/electron/electron/blob/main/CONTRIBUTING.md#dependencies-upgrades-policy) we do not accept these types of changes in PRs." | gh pr review $PR_URL -r --body-file=-

.github/workflows/pipeline-electron-build-and-tidy-and-test-and-nan.yml

@@ -1,139 +0,0 @@
-name: Electron Build & Clang Tidy & Test (+ Node + NaN) Pipeline
-
-on:
-  workflow_call:
-    inputs:
-      target-platform:
-        type: string
-        description: 'Platform to run on, can be macos, win or linux.'
-        required: true
-      target-arch:
-        type: string
-        description: 'Arch to build for, can be x64, arm64 or arm'
-        required: true
-      build-runs-on:
-        type: string
-        description: 'What host to run the build'
-        required: true
-      clang-tidy-runs-on:
-        type: string
-        description: 'What host to run clang-tidy on'
-        required: true
-      test-runs-on:
-        type: string
-        description: 'What host to run the tests on'
-        required: true
-      build-container:
-        type: string
-        description: 'JSON container information for aks runs-on'
-        required: false
-        default: '{"image":null}'
-      clang-tidy-container:
-        type: string
-        description: 'JSON container information to run clang-tidy on'
-        required: false
-        default: '{"image":null}'
-      test-container:
-        type: string
-        description: 'JSON container information for testing'
-        required: false
-        default: '{"image":null}'
-      is-release:
-        description: 'Whether this build job is a release job'
-        required: true
-        type: boolean
-        default: false
-      gn-build-type:
-        description: 'The gn build type - testing or release'
-        required: true
-        type: string
-        default: testing
-      generate-symbols: 
-        description: 'Whether or not to generate symbols'
-        required: true
-        type: boolean
-        default: false
-      upload-to-storage: 
-        description: 'Whether or not to upload build artifacts to external storage'
-        required: true
-        type: string
-        default: '0'
-      is-asan: 
-        description: 'Building the Address Sanitizer (ASan) Linux build'
-        required: false
-        type: boolean
-        default: false
-
-permissions: {}
-
-concurrency:
-  group: electron-build-and-test-and-nan-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
-  cancel-in-progress: ${{ github.ref_protected != true }}
-
-jobs:
-  build:
-    uses: ./.github/workflows/pipeline-segment-electron-build.yml
-    permissions:
-      contents: read
-    with:
-      build-runs-on: ${{ inputs.build-runs-on }}
-      build-container: ${{ inputs.build-container }}
-      target-platform: ${{ inputs.target-platform }}
-      target-arch: ${{ inputs.target-arch }}
-      is-release: ${{ inputs.is-release }}
-      gn-build-type: ${{ inputs.gn-build-type }}
-      generate-symbols: ${{ inputs.generate-symbols }}
-      upload-to-storage: ${{ inputs.upload-to-storage }}
-      upload-out-gen-artifacts: true
-    secrets: inherit
-  clang-tidy:
-    uses: ./.github/workflows/pipeline-segment-electron-clang-tidy.yml
-    permissions:
-      contents: read
-    needs: build
-    with:
-      clang-tidy-runs-on: ${{ inputs.clang-tidy-runs-on }}
-      clang-tidy-container: ${{ inputs.clang-tidy-container }}
-      target-platform: ${{ inputs.target-platform }}
-      target-arch: ${{ inputs.target-arch }}
-    secrets: inherit
-  test:
-    uses: ./.github/workflows/pipeline-segment-electron-test.yml
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
-    needs: build
-    with:
-      target-arch: ${{ inputs.target-arch }}
-      target-platform: ${{ inputs.target-platform }}
-      test-runs-on: ${{ inputs.test-runs-on }}
-      test-container: ${{ inputs.test-container }}
-    secrets: inherit
-  test-wayland:
-    uses: ./.github/workflows/pipeline-segment-electron-test.yml
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
-    needs: build
-    if: ${{ inputs.target-platform == 'linux' && inputs.target-arch == 'x64' && !inputs.is-asan }}
-    with:
-      target-arch: ${{ inputs.target-arch }}
-      target-platform: ${{ inputs.target-platform }}
-      test-runs-on: ${{ inputs.test-runs-on }}
-      test-container: ${{ inputs.test-container }}
-      display-server: wayland
-    secrets: inherit
-  nn-test:
-    uses: ./.github/workflows/pipeline-segment-node-nan-test.yml
-    permissions:
-      contents: read
-    needs: build
-    with:
-      target-arch: ${{ inputs.target-arch }}
-      target-platform: ${{ inputs.target-platform }}
-      test-runs-on: ${{ inputs.test-runs-on }}
-      test-container: ${{ inputs.test-container }}
-      gn-build-type: ${{ inputs.gn-build-type }}
-    secrets: inherit

.github/workflows/pipeline-electron-build-and-tidy-and-test.yml

@@ -1,121 +0,0 @@
-name: Electron Build & Clang Tidy & Test Pipeline
-
-on:
-  workflow_call:
-    inputs:
-      target-platform:
-        type: string
-        description: 'Platform to run on, can be macos, win or linux'
-        required: true
-      target-arch:
-        type: string
-        description: 'Arch to build for, can be x64, arm64 or arm'
-        required: true
-      build-runs-on:
-        type: string
-        description: 'What host to run the build'
-        required: true
-      clang-tidy-runs-on:
-        type: string
-        description: 'What host to run clang-tidy on'
-        required: true
-      test-runs-on:
-        type: string
-        description: 'What host to run the tests on'
-        required: true
-      build-container:
-        type: string
-        description: 'JSON container information for aks runs-on'
-        required: false
-        default: '{"image":null}'
-      clang-tidy-container:
-        type: string
-        description: 'JSON container information to run clang-tidy on'
-        required: false
-        default: '{"image":null}'
-      test-container:
-        type: string
-        description: 'JSON container information for testing'
-        required: false
-        default: '{"image":null}'
-      is-release:
-        description: 'Whether this build job is a release job'
-        required: true
-        type: boolean
-        default: false
-      gn-build-type:
-        description: 'The gn build type - testing or release'
-        required: true
-        type: string
-        default: testing
-      generate-symbols: 
-        description: 'Whether or not to generate symbols'
-        required: true
-        type: boolean
-        default: false
-      upload-to-storage: 
-        description: 'Whether or not to upload build artifacts to external storage'
-        required: true
-        type: string
-        default: '0'
-      is-asan: 
-        description: 'Building the Address Sanitizer (ASan) Linux build'
-        required: false
-        type: boolean
-        default: false
-      enable-ssh:
-        description: 'Enable SSH debugging'
-        required: false
-        type: boolean
-        default: false
-
-concurrency:
-  group: electron-build-and-tidy-and-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
-  cancel-in-progress: ${{ github.ref_protected != true }}
-
-permissions: {}
-
-jobs:
-  build:
-    uses: ./.github/workflows/pipeline-segment-electron-build.yml
-    permissions:
-      contents: read
-    with:
-      build-runs-on: ${{ inputs.build-runs-on }}
-      build-container: ${{ inputs.build-container }}
-      target-platform: ${{ inputs.target-platform }}
-      target-arch: ${{ inputs.target-arch }}
-      is-release: ${{ inputs.is-release }}
-      gn-build-type: ${{ inputs.gn-build-type }}
-      generate-symbols: ${{ inputs.generate-symbols }}
-      upload-to-storage: ${{ inputs.upload-to-storage }}
-      is-asan: ${{ inputs.is-asan }}
-      enable-ssh: ${{ inputs.enable-ssh }}
-      upload-out-gen-artifacts: true
-    secrets: inherit
-  clang-tidy:
-    uses: ./.github/workflows/pipeline-segment-electron-clang-tidy.yml
-    permissions:
-      contents: read
-    needs: build
-    with:
-      clang-tidy-runs-on: ${{ inputs.clang-tidy-runs-on }}
-      clang-tidy-container: ${{ inputs.clang-tidy-container }}
-      target-platform: ${{ inputs.target-platform }}
-      target-arch: ${{ inputs.target-arch }}
-    secrets: inherit
-  test:
-    uses: ./.github/workflows/pipeline-segment-electron-test.yml
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
-    needs: build
-    with:
-      target-arch: ${{ inputs.target-arch }}
-      target-platform: ${{ inputs.target-platform }}
-      test-runs-on: ${{ inputs.test-runs-on }}
-      test-container: ${{ inputs.test-container }}
-      is-asan: ${{ inputs.is-asan }}
-      enable-ssh: ${{ inputs.enable-ssh }}
-    secrets: inherit

.github/workflows/pipeline-electron-docs-only.yml

@@ -27,7 +27,7 @@ jobs:
     container: ${{ fromJSON(inputs.container) }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0
@@ -43,7 +43,7 @@ jobs:
       with:
         target-platform: linux
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0

.github/workflows/pipeline-electron-lint.yml

@@ -27,7 +27,7 @@ jobs:
     container: ${{ fromJSON(inputs.container) }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0
@@ -76,6 +76,7 @@ jobs:
     - name: Add problem matchers
       shell: bash
       run: |
+        echo "::add-matcher::src/electron/.github/problem-matchers/eslint-stylish.json"
         echo "::add-matcher::src/electron/.github/problem-matchers/markdownlint.json"
     - name: Run Lint
       shell: bash

.github/workflows/pipeline-segment-electron-build.yml

@@ -53,11 +53,6 @@ on:
         required: false
         type: boolean
         default: false
-      upload-out-gen-artifacts:
-        description: 'Whether to upload the src/gen artifacts'
-        required: false
-        type: boolean
-        default: false
       enable-ssh:
         description: 'Enable SSH debugging'
         required: false
@@ -99,7 +94,7 @@ jobs:
       run: |
         mkdir src
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0
@@ -123,7 +118,7 @@ jobs:
       run: df -h
     - name: Setup Node.js/npm
       if: ${{ inputs.target-platform == 'macos' }}
-      uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
+      uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f
       with:
         node-version: 22.21.x
         cache: yarn
@@ -167,7 +162,7 @@ jobs:
       if: ${{ inputs.target-platform == 'linux' }}
       uses: ./src/electron/.github/actions/restore-cache-aks
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0
@@ -221,7 +216,6 @@ jobs:
         generate-symbols: '${{ inputs.generate-symbols }}'
         upload-to-storage: '${{ inputs.upload-to-storage }}'
         is-asan: '${{ inputs.is-asan }}'
-        upload-out-gen-artifacts: '${{ inputs.upload-out-gen-artifacts }}'
     - name: Set GN_EXTRA_ARGS for MAS Build
       if: ${{ inputs.target-platform == 'macos' && (inputs.target-variant == 'all' || inputs.target-variant == 'mas') }}
       run: |

.github/workflows/pipeline-segment-electron-clang-tidy.yml

@@ -1,178 +0,0 @@
-name: Pipeline Segment - Electron Clang-Tidy
-
-on:
-  workflow_call:
-    inputs:
-      target-platform:
-        type: string
-        description: 'Platform to run on, can be macos, win or linux'
-        required: true
-      target-arch:
-        type: string
-        description: 'Arch to build for, can be x64, arm64 or arm'
-        required: true
-      clang-tidy-runs-on:
-        type: string
-        description: 'What host to run clang-tidy on'
-        required: true
-      clang-tidy-container:
-        type: string
-        description: 'JSON container information for aks runs-on'
-        required: false
-        default: '{"image":null}'
-
-permissions: {}
-
-concurrency:
-  group: electron-clang-tidy-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' && '--custom-var=checkout_mac=True --custom-var=host_os=mac' || (inputs.target-platform == 'linux' && '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' || '--custom-var=checkout_win=True') }}
-  ELECTRON_OUT_DIR: Default
-
-jobs:
-  clang-tidy:
-    defaults:
-      run:
-        shell: bash
-    runs-on: ${{ inputs.clang-tidy-runs-on }}
-    permissions:
-      contents: read
-    container: ${{ fromJSON(inputs.clang-tidy-container) }}
-    env:
-      BUILD_TYPE: ${{ inputs.target-platform == 'macos' && 'darwin' || inputs.target-platform }}
-      TARGET_ARCH: ${{ inputs.target-arch }}
-      TARGET_PLATFORM: ${{ inputs.target-platform }}
-      ARTIFACT_KEY: ${{ inputs.target-platform == 'macos' && 'darwin' || inputs.target-platform }}_${{ inputs.target-arch }}
-    steps:
-    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-      with:
-        path: src/electron
-        fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Cleanup disk space on macOS
-      if: ${{ inputs.target-platform == 'macos' }}
-      shell: bash
-      run: |   
-        sudo mkdir -p $TMPDIR/del-target
-
-        tmpify() {
-          if [ -d "$1" ]; then
-            sudo mv "$1" $TMPDIR/del-target/$(echo $1|shasum -a 256|head -n1|cut -d " " -f1)
-          fi
-        }   
-        tmpify /Library/Developer/CoreSimulator
-        tmpify ~/Library/Developer/CoreSimulator
-        sudo rm -rf $TMPDIR/del-target
-    - name: Check disk space after freeing up space
-      if: ${{ inputs.target-platform == 'macos' }}
-      run: df -h
-    - name: Set Chromium Git Cookie
-      uses: ./src/electron/.github/actions/set-chromium-cookie
-    - name: Install Build Tools
-      uses: ./src/electron/.github/actions/install-build-tools
-    - name: Enable windows toolchain
-      if: ${{ inputs.target-platform == 'win' }}
-      run: |
-        echo "ELECTRON_DEPOT_TOOLS_WIN_TOOLCHAIN=1" >> $GITHUB_ENV
-    - name: Generate DEPS Hash
-      run: |
-        node src/electron/script/generate-deps-hash.js
-        DEPSHASH=v2-src-cache-$(cat src/electron/.depshash)
-        echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
-        echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
-    - name: Restore src cache via AZCopy
-      if: ${{ inputs.target-platform == 'macos' }}
-      uses: ./src/electron/.github/actions/restore-cache-azcopy
-      with:
-        target-platform: ${{ inputs.target-platform }}      
-    - name: Restore src cache via AKS
-      if: ${{ inputs.target-platform == 'linux' || inputs.target-platform == 'win' }}
-      uses: ./src/electron/.github/actions/restore-cache-aks
-      with:
-        target-platform: ${{ inputs.target-platform }}
-    - name: Run Electron Only Hooks
-      run: |
-        echo "solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False},'managed':False}]" > tmpgclient
-        if [ "${{ inputs.target-platform }}" = "win" ]; then
-          echo "solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False,'install_sysroot':False,'checkout_win':True},'managed':False}]" > tmpgclient
-          echo "target_os=['win']" >> tmpgclient
-        fi
-        e d gclient runhooks --gclientfile=tmpgclient
-
-        # Fix VS Toolchain
-        if [ "${{ inputs.target-platform }}" = "win" ]; then
-          rm -rf src/third_party/depot_tools/win_toolchain/vs_files
-          e d python3 src/build/vs_toolchain.py update --force
-        fi
-    - name: Regenerate DEPS Hash
-      run: |
-        (cd src/electron && git checkout .) && node src/electron/script/generate-deps-hash.js
-        echo "DEPSHASH=$(cat src/electron/.depshash)" >> $GITHUB_ENV
-    - name: Add CHROMIUM_BUILDTOOLS_PATH to env
-      run: echo "CHROMIUM_BUILDTOOLS_PATH=$(pwd)/src/buildtools" >> $GITHUB_ENV
-    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-      with:
-        path: src/electron
-        fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Install Dependencies
-      uses: ./src/electron/.github/actions/install-dependencies
-    - name: Default GN gen
-      run: |
-        cd src/electron
-        git pack-refs
-    - name: Download Out Gen Artifacts
-      uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
-      with:
-        name: out_gen_artifacts_${{ env.ARTIFACT_KEY }}
-        path: ./src/out/${{ env.ELECTRON_OUT_DIR }}/gen
-    - name: Add Clang problem matcher
-      shell: bash
-      run: echo "::add-matcher::src/electron/.github/problem-matchers/clang.json"
-    - name: Run Clang-Tidy
-      run: |
-        e init -f --root=$(pwd) --out=${ELECTRON_OUT_DIR} testing --target-cpu ${TARGET_ARCH} --remote-build none
-
-        # For macOS use_remoteexec=false will cause GN errors, so even though we're doing no remote build, set it
-        export GN_EXTRA_ARGS="use_remoteexec=true target_cpu=\"${TARGET_ARCH}\""
-        if [ "${{ inputs.target-platform }}" = "win" ]; then
-          export GN_EXTRA_ARGS="$GN_EXTRA_ARGS use_v8_context_snapshot=true target_os=\"win\""
-        fi
-
-        e build --only-gen
-
-        # Copy macOS framework headers so clang-tidy can find them via -F.
-        # This must happen after e build --only-gen since e init -f may
-        # recreate the output directory.
-        if [ "${{ inputs.target-platform }}" = "macos" ]; then
-          OUT=src/out/${ELECTRON_OUT_DIR}
-          SQRL=src/third_party/squirrel.mac
-
-          mkdir -p ${OUT}/{ReactiveObjC,Squirrel,Mantle}.framework/Headers
-
-          cp ${SQRL}/vendor/ReactiveObjC/ReactiveObjC/*.h ${OUT}/ReactiveObjC.framework/Headers/
-          cp ${SQRL}/vendor/ReactiveObjC/ReactiveObjC/extobjc/*.h ${OUT}/ReactiveObjC.framework/Headers/
-
-          cp ${SQRL}/Squirrel/*.h ${OUT}/Squirrel.framework/Headers/
-
-          cp ${SQRL}/vendor/Mantle/Mantle/include/*.h ${OUT}/Mantle.framework/Headers/
-          cp ${SQRL}/vendor/Mantle/Mantle/extobjc/include/*.h ${OUT}/Mantle.framework/Headers/
-        fi
-
-        cd src/electron
-        node script/yarn.js lint:clang-tidy --jobs 8 --out-dir ../out/${ELECTRON_OUT_DIR}
-    - name: Remove Clang problem matcher
-      shell: bash
-      run: echo "::remove-matcher owner=clang::"
-    - name: Wait for active SSH sessions
-      if: always() && !cancelled()
-      shell: bash
-      run: |
-        while [ -f /var/.ssh-lock ]
-        do
-          sleep 60
-        done

.github/workflows/pipeline-segment-electron-gn-check.yml

@@ -48,7 +48,7 @@ jobs:
     container: ${{ fromJSON(inputs.check-container) }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0
@@ -115,7 +115,7 @@ jobs:
     - name: Add CHROMIUM_BUILDTOOLS_PATH to env
       run: echo "CHROMIUM_BUILDTOOLS_PATH=$(pwd)/src/buildtools" >> $GITHUB_ENV
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0
@@ -130,7 +130,7 @@ jobs:
       run: |
         for target_cpu in ${{ inputs.target-archs }}
         do
-          e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }} --import ${{ inputs.gn-build-type }} --target-cpu $target_cpu --remote-build none
+          e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }} --import ${{ inputs.gn-build-type }} --target-cpu $target_cpu
           cd src
           export GN_EXTRA_ARGS="target_cpu=\"$target_cpu\""
           if [ "${{ inputs.target-platform }}" = "linux" ]; then

.github/workflows/pipeline-segment-electron-publish.yml

@@ -56,11 +56,6 @@ on:
         required: false
         type: boolean
         default: false
-      upload-out-gen-artifacts:
-        description: Whether to upload the src/gen artifacts
-        required: false
-        type: boolean
-        default: false
       enable-ssh:
         description: Enable SSH debugging
         required: false
@@ -106,7 +101,7 @@ jobs:
         run: |
           mkdir src
       - name: Checkout Electron
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
         with:
           path: src/electron
           fetch-depth: 0
@@ -131,7 +126,7 @@ jobs:
         run: df -h
       - name: Setup Node.js/npm
         if: ${{ inputs.target-platform == 'macos' }}
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f
         with:
           node-version: 22.21.x
           cache: yarn
@@ -176,7 +171,7 @@ jobs:
         if: ${{ inputs.target-platform == 'linux' }}
         uses: ./src/electron/.github/actions/restore-cache-aks
       - name: Checkout Electron
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
         with:
           path: src/electron
           fetch-depth: 0
@@ -236,7 +231,6 @@ jobs:
           generate-symbols: ${{ inputs.generate-symbols }}
           upload-to-storage: ${{ inputs.upload-to-storage }}
           is-asan: ${{ inputs.is-asan }}
-          upload-out-gen-artifacts: ${{ inputs.upload-out-gen-artifacts }}
       - name: Set GN_EXTRA_ARGS for MAS Build
         if: ${{ inputs.target-platform == 'macos' && (inputs.target-variant == 'all' ||
           inputs.target-variant == 'mas') }}

.github/workflows/pipeline-segment-electron-test-64k.yml

@@ -1,67 +0,0 @@
-name: Pipeline Segment - Electron Test on Linux ARM64 64k
-
-on:
-  workflow_call:
-    inputs:
-      test-runs-on:
-        type: string
-        description: 'What host to run the tests on'
-        required: true
-      test-container:
-        type: string
-        description: 'JSON container information for aks runs-on'
-        required: false
-        default: '{"image":null}'
-
-concurrency:
-  group: electron-test-linux-64k-${{ github.ref_protected == true && github.run_id || github.ref }}
-  cancel-in-progress: ${{ github.ref_protected != true }}
-
-permissions: {}
-
-env:
-  ELECTRON_OUT_DIR: Default
-
-jobs:
-  test-linux-arm64-64k:
-    env:
-      BUILD_TYPE: linux
-      TARGET_ARCH: arm64      
-    defaults:
-      run:
-        shell: bash
-    runs-on: ${{ inputs.test-runs-on }}
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
-    steps:
-    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-      with:
-        path: src/electron
-        fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Download Generated Artifacts
-      uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
-      with:
-        name: generated_artifacts_linux_arm64
-        path: ./generated_artifacts_linux_arm64
-    - name: Restore Generated Artifacts
-      run: ./src/electron/script/actions/restore-artifacts.sh
-    - name: Unzip Dist
-      run: |
-        cd src/out/Default
-        unzip -:o dist.zip
-
-    - name: Run Electron Tests in QEMU 64k Container
-      shell: bash
-      env:
-        MOCHA_REPORTER: mocha-multi-reporters
-        MOCHA_MULTI_REPORTERS: mocha-junit-reporter, tap
-        ELECTRON_DISABLE_SECURITY_WARNINGS: 1
-        DISPLAY: ':99.0'
-      run: |
-        container=$(echo '${{ inputs.test-container }}' | jq -r '.image')
-        src/electron/script/run-qemu-64k.sh --container $container --testfiles "`pwd`/src"
-        

.github/workflows/pipeline-segment-electron-test.yml

@@ -30,14 +30,9 @@ on:
         required: false
         type: boolean
         default: false
-      display-server:
-        description: 'Display backend for Linux tests: x11 or wayland'
-        required: false
-        type: string
-        default: x11
 
 concurrency:
-  group: electron-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ inputs.is-asan }}-${{ inputs.display-server }}-${{ github.ref_protected == true && github.run_id || github.ref }}
+  group: electron-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ inputs.is-asan }}-${{ github.ref_protected == true && github.run_id || github.ref }}
   cancel-in-progress: ${{ github.ref_protected != true }}
 
 permissions: {}
@@ -66,7 +61,7 @@ jobs:
       fail-fast: false
       matrix:
         build-type: ${{ inputs.target-platform == 'macos' && fromJSON('["darwin","mas"]') || (inputs.target-platform == 'win' && fromJSON('["win"]') || fromJSON('["linux"]')) }}
-        shard: ${{ case(inputs.display-server == 'wayland', fromJSON('[1]'), inputs.target-platform == 'linux', fromJSON('[1, 2, 3]'), inputs.target-platform == 'macos' && inputs.target-arch == 'x64', fromJSON('[1, 2, 3]'), fromJSON('[1, 2]')) }}
+        shard: ${{ case(inputs.target-platform == 'linux', fromJSON('[1, 2, 3]'), inputs.target-platform == 'macos' && inputs.target-arch == 'x64', fromJSON('[1, 2, 3]'), fromJSON('[1, 2]')) }}
     env:
       BUILD_TYPE: ${{ matrix.build-type }}
       TARGET_ARCH: ${{ inputs.target-arch }}
@@ -79,7 +74,7 @@ jobs:
         cp $(which node) /mnt/runner-externals/node24/bin/
     - name: Setup Node.js/npm
       if: ${{ inputs.target-platform == 'win' }}
-      uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e
+      uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f
       with:
         node-version: 22.21.x
     - name: Add TCC permissions on macOS
@@ -126,7 +121,7 @@ jobs:
       if: ${{ inputs.target-platform == 'macos' }}
       run: sudo xcode-select --switch /Applications/Xcode_16.4.app
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0
@@ -175,12 +170,12 @@ jobs:
         echo "DISABLE_CRASH_REPORTER_TESTS=true" >> $GITHUB_ENV
         echo "IS_ASAN=true" >> $GITHUB_ENV
     - name: Download Generated Artifacts
-      uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
+      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
       with:
         name: generated_artifacts_${{ env.ARTIFACT_KEY }}
         path: ./generated_artifacts_${{ matrix.build-type }}_${{ inputs.target-arch }}
     - name: Download Src Artifacts
-      uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
+      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
       with:
         name: src_artifacts_${{ env.ARTIFACT_KEY }}
         path: ./src_artifacts_${{ matrix.build-type }}_${{ inputs.target-arch }}
@@ -203,11 +198,11 @@ jobs:
       run: |
         cd src/electron
         ./script/codesign/generate-identity.sh
-    # Sign with our self-signed cert so that macOS system integrations
-    # (UNNotifications, dock bounce, etc.) work in tests on both architectures.
+    # Only sign on x64 — arm64 builds are already ad-hoc signed, and re-signing
+    # with an untrusted cert breaks macOS system integrations (e.g. dock bounce).
     # Autoupdater tests sign their own fixture copies via signApp().
     - name: Sign Electron.app for macOS tests
-      if: ${{ inputs.target-platform == 'macos' }}
+      if: ${{ inputs.target-platform == 'macos' && inputs.target-arch == 'x64' }}
       run: |
         identity=$(src/electron/script/codesign/get-trusted-identity.sh)
         if [ -n "$identity" ]; then
@@ -216,7 +211,7 @@ jobs:
 
     - name: Run Electron Tests
       shell: bash
-      timeout-minutes: 60
+      timeout-minutes: 40
       env:
         MOCHA_REPORTER: mocha-multi-reporters
         MOCHA_MULTI_REPORTERS: mocha-junit-reporter, tap
@@ -227,22 +222,7 @@ jobs:
         cd src/electron
         export ELECTRON_TEST_RESULTS_DIR=`pwd`/junit
         # Get which tests are on this shard
-        tests_files=$(node script/split-tests ${{ matrix.shard }} ${{ case(inputs.display-server == 'wayland', 1, inputs.target-platform == 'linux', 3, inputs.target-platform == 'macos' && inputs.target-arch == 'x64', 3, 2) }})
-        if [ "${{ inputs.display-server }}" = "wayland" ]; then
-          allowlist_file=script/wayland-test-allowlist.txt
-          filtered_tests=""
-          for test_file in $tests_files; do
-            if grep -Fxq "$test_file" "$allowlist_file"; then
-              filtered_tests="$filtered_tests $test_file"
-            fi
-          done
-          tests_files="${filtered_tests# }"
-
-          if [ -z "$tests_files" ]; then
-            echo "No tests matched Wayland filter, skipping."
-            exit 0
-          fi
-        fi
+        tests_files=$(node script/split-tests ${{ matrix.shard }} ${{ case(inputs.target-platform == 'linux', 3, inputs.target-platform == 'macos' && inputs.target-arch == 'x64', 3, 2) }})
 
         # Run tests
         if [ "${{ inputs.target-platform }}" != "linux" ]; then
@@ -277,11 +257,7 @@ jobs:
             if [ "${{ inputs.target-arch }}" = "arm" ]; then
               runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn.js test --skipYarnInstall --runners=main --enableRerun=3 --trace-uncaught --enable-logging --files $tests_files
             else 
-              if [ "${{ inputs.display-server }}" = "wayland" ]; then
-                runuser -u builduser -- script/actions/run-tests-wayland.sh script/yarn.js test --runners=main --enableRerun=3 --trace-uncaught --enable-logging --files $tests_files
-              else
-                runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn.js test --runners=main --enableRerun=3 --trace-uncaught --enable-logging --files $tests_files
-              fi
+              runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn.js test --runners=main --enableRerun=3 --trace-uncaught --enable-logging --files $tests_files
             fi
             
           fi
@@ -315,9 +291,9 @@ jobs:
       if: always() && !cancelled()
     - name: Upload Test Artifacts
       if: always()
-      uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a #v7.0.1
+      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f #v7.0.0
       with:
-        name: ${{ inputs.target-platform == 'linux' && format('test_artifacts_{0}_{1}_{2}', env.ARTIFACT_KEY, inputs.display-server, matrix.shard) || format('test_artifacts_{0}_{1}', env.ARTIFACT_KEY, matrix.shard) }}
+        name: test_artifacts_${{ env.ARTIFACT_KEY }}_${{ matrix.shard }}
         path: src/electron/spec/artifacts
         if-no-files-found: ignore
     - name: Wait for active SSH sessions

.github/workflows/pipeline-segment-node-nan-test.yml

@@ -52,7 +52,7 @@ jobs:
     container: ${{ fromJSON(inputs.test-container) }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0
@@ -67,12 +67,12 @@ jobs:
     - name: Install Dependencies
       uses: ./src/electron/.github/actions/install-dependencies
     - name: Download Generated Artifacts
-      uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
+      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
       with:
         name: generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
         path: ./generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
     - name: Download Src Artifacts
-      uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
+      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
       with:
         name: src_artifacts_linux_${{ env.TARGET_ARCH }}
         path: ./src_artifacts_linux_${{ env.TARGET_ARCH }}
@@ -108,7 +108,7 @@ jobs:
     container: ${{ fromJSON(inputs.test-container) }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0
@@ -123,12 +123,12 @@ jobs:
     - name: Install Dependencies
       uses: ./src/electron/.github/actions/install-dependencies
     - name: Download Generated Artifacts
-      uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
+      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
       with:
         name: generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
         path: ./generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
     - name: Download Src Artifacts
-      uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
+      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
       with:
         name: src_artifacts_linux_${{ env.TARGET_ARCH }}
         path: ./src_artifacts_linux_${{ env.TARGET_ARCH }}

.github/workflows/pr-template-check.yml

@@ -1,64 +0,0 @@
-name: PR Template Check
-
-on:
-  pull_request_target:
-    types: [opened, ready_for_review]
-
-# SECURITY: This workflow uses pull_request_target and has access to secrets.
-# Do NOT checkout or run code from the PR head. All code execution must use
-# the base branch only. Adding a ref to PR head would expose secrets to
-# untrusted code.
-permissions: {}
-
-jobs:
-  check-pr-template:
-    if: ${{ github.event.pull_request.head.repo.fork && !github.event.pull_request.draft && !startsWith(github.head_ref, 'roller/') }}
-    name: Check PR Template
-    runs-on: ubuntu-slim
-    permissions:
-      contents: read
-      pull-requests: write
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-        with:
-          sparse-checkout: .github/PULL_REQUEST_TEMPLATE.md
-          sparse-checkout-cone-mode: false
-      - name: Check for required sections
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
-        with:
-          script: |
-            const fs = require('fs');
-            const template = fs.readFileSync('.github/PULL_REQUEST_TEMPLATE.md', 'utf8');
-            const requiredSections = [...template.matchAll(/^(#{1,4} .+)$/gm)].map(
-              (m) => m[1],
-            );
-            if (requiredSections.length === 0) {
-              console.log('No heading sections found in PR template');
-              return;
-            }
-            const body = context.payload.pull_request.body || '';
-            // Allow through if body contains a valid backport line
-            const backportRegex = /Backport of (?:#|https:\/\/github.com\/electron\/electron\/pull\/)\d+/i;
-            if (backportRegex.test(body)) {
-              console.log('Backport PR detected, skipping required section check.');
-              return;
-            }
-            const missingSections = requiredSections.filter(
-              (section) => !body.includes(section),
-            );
-            if (missingSections.length > 0) {
-              const list = missingSections.map((s) => `- \`${s}\``).join('\n');
-              await github.rest.issues.createComment({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                issue_number: context.payload.pull_request.number,
-                body: `This PR was automatically closed because the PR template was not properly filled out. The following required sections are missing:\n\n${list}\n\nPlease update your PR description to include all required sections and reopen the PR.`,
-              });
-              await github.rest.pulls.update({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                pull_number: context.payload.pull_request.number,
-                state: 'closed',
-              });
-            }

.github/workflows/pr-triage-automation.yml

@@ -1,56 +0,0 @@
-name: PR Triage Automation
-
-on:
-  pull_request_target:
-    types: [synchronize, review_requested]
-  issue_comment:
-    types: [created]
-
-# SECURITY: This workflow uses pull_request_target and has access to secrets.
-# Do NOT checkout or run code from the PR head. All code execution must use
-# the base branch only. Adding a ref to PR head would expose secrets to
-# untrusted code.
-permissions: {}
-
-jobs:
-  set-needs-review:
-    name: Set status to Needs Review
-    if: >-
-      (github.event_name == 'pull_request_target'
-        && github.event.pull_request.state == 'open'
-        && github.event.pull_request.draft != true
-        && !contains(github.event.pull_request.labels.*.name, 'wip ⚒')
-        && (github.event.action == 'synchronize' || github.event.action == 'review_requested'))
-      || (github.event_name == 'issue_comment'
-          && github.event.issue.pull_request
-          && github.event.issue.state == 'open'
-          && !contains(github.event.issue.labels.*.name, 'wip ⚒')
-          && github.event.comment.user.login == github.event.issue.user.login)
-    runs-on: ubuntu-slim
-    permissions:
-      contents: read
-    steps:
-      - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@5f70a3726af01b612f29aac96d05aa524389c9e9 # v2.1.0
-        id: generate-token
-        with:
-          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
-          org: electron
-      - name: Get project item status
-        uses: dsanders11/project-actions/get-item@4b06452b0128cf601dac14399aa668a8eed2d684 # v2.0.1
-        id: get-item
-        with:
-          token: ${{ steps.generate-token.outputs.token }}
-          project-number: 118
-          fail-if-item-not-found: false
-      - name: Set status to Needs Review
-        if: >-
-          (steps.get-item.outputs.field-status == '🛑 Needs Submitter Response'
-          || steps.get-item.outputs.field-status == '🟡 WIP')
-        uses: dsanders11/project-actions/edit-item@4b06452b0128cf601dac14399aa668a8eed2d684 # v2.0.1
-        with:
-          token: ${{ steps.generate-token.outputs.token }}
-          project-number: 118
-          field: Status
-          field-value: 🌀 Needs Review
-          fail-if-item-not-found: false

.github/workflows/pull-request-labeled.yml

@@ -18,7 +18,7 @@ jobs:
     permissions: {}
     steps:
       - name: Trigger Slack workflow
-        uses: slackapi/slack-github-action@03ea5433c137af7c0495bc0cad1af10403fc800c # v3.0.2
+        uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
         with:
           webhook: ${{ secrets.BACKPORT_REQUESTED_SLACK_WEBHOOK_URL }} 
           webhook-type: webhook-trigger
@@ -36,47 +36,15 @@ jobs:
     permissions: {}
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@5f70a3726af01b612f29aac96d05aa524389c9e9 # v2.1.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.RELEASE_BOARD_GH_APP_CREDS }}
           org: electron
       - name: Set status
-        uses: dsanders11/project-actions/edit-item@4b06452b0128cf601dac14399aa668a8eed2d684 # v2.0.1
+        uses: dsanders11/project-actions/edit-item@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
         with:
           token: ${{ steps.generate-token.outputs.token }}
           project-number: 94
           field: Status
           field-value: ✅ Reviewed
-  pull-request-labeled-ai-pr:
-    name: ai-pr label added
-    if: github.event.label.name == 'ai-pr' && github.event.pull_request.state != 'closed'
-    runs-on: ubuntu-latest
-    permissions: {}
-    steps:
-    - name: Generate GitHub App token
-      uses: electron/github-app-auth-action@5f70a3726af01b612f29aac96d05aa524389c9e9 # v2.1.0
-      id: generate-token
-      with:
-        creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
-    - name: Create comment
-      uses: actions-cool/issues-helper@200c78641dbf33838311e5a1e0c31bbdb92d7cf0 # v3.8.0
-      with:
-        actions: 'create-comment'
-        token: ${{ steps.generate-token.outputs.token }}
-        issue-number: ${{ github.event.pull_request.number }}
-        body: |
-          <!-- ai-pr -->
-
-          *AI PR Detected*
-
-          Hello @${{ github.event.pull_request.user.login }}. Due to the high amount of AI spam PRs we receive, if a PR is detected to be majority AI-generated without disclosure and untested, we will automatically close the PR.
-
-          We welcome the use of AI tools, as long as the PR meets our quality standards and has clearly been built and tested. If you believe your PR was closed in error, we welcome you to resubmit. However, please read our [CONTRIBUTING.md](https://github.com/electron/electron/blob/main/CONTRIBUTING.md) and [AI Tool Policy](https://github.com/electron/governance/blob/main/policy/ai.md) carefully before reopening. Thanks for your contribution.
-    - name: Close the pull request
-      env:
-        GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
-        GH_REPO: electron/electron
-        PR_NUMBER: ${{ github.event.pull_request.number }}
-      run: |
-        gh pr close "$PR_NUMBER"

.github/workflows/pull-request-opened-synchronized.yml

@@ -13,6 +13,7 @@ permissions: {}
 jobs:
   check-signed-commits:
     name: Check signed commits in PR
+    if: ${{ !contains(github.event.pull_request.labels.*.name, 'needs-signed-commits')}}
     runs-on: ubuntu-slim
     permissions:
       contents: read
@@ -22,9 +23,9 @@ jobs:
         uses: 1Password/check-signed-commits-action@ed2885f3ed2577a4f5d3c3fe895432a557d23d52 # v1
         with:
           comment: |
-            ⚠️ This PR contains unsigned commits. This repository enforces [commit signatures](https://docs.github.com/en/authentication/managing-commit-signature-verification)
-            for all incoming PRs. To get your PR merged, please sign those commits
-            (`git rebase --exec 'git commit -S --amend --no-edit -n' @{upstream}`) and force push them to this branch
+            ⚠️ This PR contains unsigned commits. This repository enforces [commit signatures](https://docs.github.com/en/authentication/managing-commit-signature-verification) 
+            for all incoming PRs. To get your PR merged, please sign those commits 
+            (`git rebase --exec 'git commit -S --amend --no-edit -n' @{upstream}`) and force push them to this branch 
             (`git push --force-with-lease`)
 
             For more information on signing commits, see GitHub's documentation on [Telling Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key).
@@ -36,11 +37,3 @@ jobs:
           PR_URL: ${{ github.event.pull_request.html_url }}
         run: |
           gh pr edit $PR_URL --add-label needs-signed-commits
-
-      - name: Remove needs-signed-commits label
-        if: ${{ success() && contains(github.event.pull_request.labels.*.name, 'needs-signed-commits') }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PR_URL: ${{ github.event.pull_request.html_url }}
-        run: |
-          gh pr edit $PR_URL --remove-label needs-signed-commits

.github/workflows/rerun-apply-patches.yml

@@ -8,7 +8,6 @@ on:
     paths:
       - 'DEPS'
       - 'patches/**'
-      - '.github/siso-patches/**'
 
 permissions: {}
 

.github/workflows/scorecards.yml

@@ -13,7 +13,6 @@ permissions: read-all
 jobs:
   analysis:
     name: Scorecards analysis
-    if: github.repository == 'electron/electron'
     runs-on: ubuntu-latest
     permissions:
       # Needed to upload the results to code-scanning dashboard.
@@ -23,7 +22,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
 
@@ -43,7 +42,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: SARIF file
           path: results.sarif
@@ -51,6 +50,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v3.29.5
+        uses: github/codeql-action/upload-sarif@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v3.29.5
         with:
           sarif_file: results.sarif

.github/workflows/stable-prep-items.yml

@@ -10,12 +10,11 @@ permissions: {}
 jobs:
   check-stable-prep-items:
     name: Check Stable Prep Items
-    if: github.repository == 'electron/electron'
     runs-on: ubuntu-latest
     permissions: {}
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@5f70a3726af01b612f29aac96d05aa524389c9e9 # v2.1.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.RELEASE_BOARD_GH_APP_CREDS }}
@@ -29,7 +28,7 @@ jobs:
           PROJECT_NUMBER=$(gh project list --owner electron --format json | jq -r '.projects | map(select(.title | test("^[0-9]+-x-y$"))) | max_by(.number) | .number')
           echo "PROJECT_NUMBER=$PROJECT_NUMBER" >> "$GITHUB_OUTPUT"
       - name: Update Completed Stable Prep Items
-        uses: dsanders11/project-actions/completed-by@4b06452b0128cf601dac14399aa668a8eed2d684 # v2.0.1
+        uses: dsanders11/project-actions/completed-by@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
         with:
           field: Prep Status
           field-value: ✅ Complete

.github/workflows/stale.yml

@@ -9,16 +9,15 @@ permissions: {}
 
 jobs:
   stale:
-    if: github.repository == 'electron/electron'
     runs-on: ubuntu-latest
     permissions: {}
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@5f70a3726af01b612f29aac96d05aa524389c9e9 # v2.1.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
-      - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # tag: v10.2.0
+      - uses: actions/stale@997185467fa4f803885201cee163a9f38240193d # tag: v10.1.1
         with:
           repo-token: ${{ steps.generate-token.outputs.token }}
           days-before-stale: 90
@@ -34,15 +33,15 @@ jobs:
   pending-repro:
     runs-on: ubuntu-latest
     permissions: {}
-    if: ${{ always() && github.repository == 'electron/electron' }}
+    if: ${{ always() }}
     needs: stale
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@5f70a3726af01b612f29aac96d05aa524389c9e9 # v2.1.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
-      - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # tag: v10.2.0
+      - uses: actions/stale@997185467fa4f803885201cee163a9f38240193d # tag: v10.1.1
         with:
           repo-token: ${{ steps.generate-token.outputs.token }}
           days-before-stale: -1

.github/workflows/windows-publish.yml

@@ -54,7 +54,7 @@ jobs:
       ELECTRON_DEPOT_TOOLS_WIN_TOOLCHAIN: '1'
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0

.oxfmtrc.json

@@ -1,47 +0,0 @@
-{
-  "$schema": "./node_modules/oxfmt/configuration_schema.json",
-  "printWidth": 120,
-  "tabWidth": 2,
-  "singleQuote": true,
-  "trailingComma": "none",
-  "sortImports": {
-    "newlinesBetween": true,
-    "groups": [
-      "electron-internal",
-      "electron-scoped",
-      "electron",
-      "external",
-      "builtin",
-      ["sibling", "parent"],
-      "index",
-      "type",
-      "unknown"
-    ],
-    "customGroups": [
-      {
-        "groupName": "electron-internal",
-        "elementNamePattern": ["@electron/internal", "@electron/internal/**"]
-      },
-      {
-        "groupName": "electron-scoped",
-        "elementNamePattern": ["@electron/**"]
-      },
-      {
-        "groupName": "electron",
-        "elementNamePattern": ["electron", "electron/**"]
-      }
-    ]
-  },
-  "ignorePatterns": [
-    "node_modules",
-    "out",
-    "ts-gen",
-    "spec/node_modules",
-    "spec/fixtures/native-addon",
-    ".github/workflows/node_modules",
-    "docs/fiddles",
-    "shell/browser/resources/win/resource.h",
-    "shell/common/node_includes.h",
-    "spec/fixtures/pages/jquery-3.6.0.min.js"
-  ]
-}

.oxlintrc.json

@@ -1,329 +0,0 @@
-{
-  "$schema": "./node_modules/oxlint/configuration_schema.json",
-  "plugins": [
-    "typescript",
-    "import",
-    "node",
-    "promise",
-    "unicorn"
-  ],
-  "jsPlugins": [
-    {
-      "name": "no-only-tests",
-      "specifier": "./script/lint-plugins/no-only-tests.mjs"
-    }
-  ],
-  "categories": {
-    "correctness": "off"
-  },
-  "options": {
-    "typeAware": false
-  },
-  "env": {
-    "builtin": true,
-    "browser": true
-  },
-  "ignorePatterns": [
-    ".github/workflows/node_modules",
-    "spec/node_modules",
-    "spec/fixtures/native-addon",
-    "shell/browser/resources/win/resource.h",
-    "shell/common/node_includes.h",
-    "spec/fixtures/pages/jquery-3.6.0.min.js"
-  ],
-  "rules": {
-    "no-var": "error",
-    "accessor-pairs": [
-      "error",
-      {
-        "setWithoutGet": true,
-        "enforceForClassMembers": true
-      }
-    ],
-    "array-callback-return": [
-      "error",
-      {
-        "allowImplicit": false,
-        "checkForEach": false
-      }
-    ],
-    "constructor-super": "error",
-    "curly": [
-      "error",
-      "multi-line"
-    ],
-    "default-case-last": "error",
-    "eqeqeq": [
-      "error",
-      "always",
-      {
-        "null": "ignore"
-      }
-    ],
-    "new-cap": [
-      "error",
-      {
-        "newIsCap": true,
-        "capIsNew": false,
-        "properties": true
-      }
-    ],
-    "no-array-constructor": "error",
-    "no-async-promise-executor": "error",
-    "no-caller": "error",
-    "no-case-declarations": "error",
-    "no-class-assign": "error",
-    "no-compare-neg-zero": "error",
-    "no-cond-assign": "error",
-    "no-const-assign": "error",
-    "no-constant-condition": [
-      "error",
-      {
-        "checkLoops": false
-      }
-    ],
-    "no-control-regex": "error",
-    "no-debugger": "error",
-    "no-delete-var": "error",
-    "no-dupe-class-members": "error",
-    "no-dupe-keys": "error",
-    "no-duplicate-case": "error",
-    "no-useless-backreference": "error",
-    "no-empty": [
-      "error",
-      {
-        "allowEmptyCatch": true
-      }
-    ],
-    "no-empty-character-class": "error",
-    "no-empty-pattern": "error",
-    "no-eval": "error",
-    "no-ex-assign": "error",
-    "no-extend-native": "error",
-    "no-extra-bind": "error",
-    "no-extra-boolean-cast": "error",
-    "no-fallthrough": "error",
-    "no-func-assign": "error",
-    "no-global-assign": "error",
-    "no-import-assign": "error",
-    "no-invalid-regexp": "error",
-    "no-irregular-whitespace": "error",
-    "no-iterator": "error",
-    "no-labels": [
-      "error",
-      {
-        "allowLoop": false,
-        "allowSwitch": false
-      }
-    ],
-    "no-lone-blocks": "error",
-    "no-loss-of-precision": "error",
-    "no-misleading-character-class": "error",
-    "no-prototype-builtins": "error",
-    "no-useless-catch": "error",
-    "no-useless-constructor": "error",
-    "no-use-before-define": [
-      "error",
-      {
-        "functions": false,
-        "classes": false,
-        "variables": false
-      }
-    ],
-    "no-multi-str": "error",
-    "no-new": "error",
-    "no-new-func": "error",
-    "no-new-wrappers": "error",
-    "no-obj-calls": "error",
-    "no-proto": "error",
-    "no-redeclare": [
-      "error"
-    ],
-    "no-regex-spaces": "error",
-    "no-return-assign": [
-      "error",
-      "except-parens"
-    ],
-    "no-self-assign": [
-      "error",
-      {
-        "props": true
-      }
-    ],
-    "no-self-compare": "error",
-    "no-sequences": "error",
-    "no-shadow-restricted-names": "error",
-    "no-sparse-arrays": "error",
-    "no-template-curly-in-string": "error",
-    "no-this-before-super": "error",
-    "no-throw-literal": "error",
-    "no-unexpected-multiline": "error",
-    "no-unmodified-loop-condition": "error",
-    "no-unneeded-ternary": [
-      "error",
-      {
-        "defaultAssignment": false
-      }
-    ],
-    "no-unreachable": "error",
-    "no-unsafe-finally": "error",
-    "no-unsafe-negation": "error",
-    "no-unused-vars": [
-      "error",
-      {
-        "vars": "all",
-        "args": "after-used",
-        "argsIgnorePattern": "^_",
-        "ignoreRestSiblings": true
-      }
-    ],
-    "no-useless-call": "error",
-    "no-useless-computed-key": "error",
-    "no-useless-escape": "error",
-    "no-useless-rename": "error",
-    "no-useless-return": "error",
-    "no-void": "error",
-    "no-with": "error",
-    "prefer-const": [
-      "error",
-      {
-        "destructuring": "all"
-      }
-    ],
-    "prefer-promise-reject-errors": "error",
-    "symbol-description": "error",
-    "unicode-bom": [
-      "error",
-      "never"
-    ],
-    "use-isnan": [
-      "error",
-      {
-        "enforceForSwitchCase": true,
-        "enforceForIndexOf": true
-      }
-    ],
-    "valid-typeof": [
-      "error",
-      {
-        "requireStringLiterals": true
-      }
-    ],
-    "yoda": [
-      "error",
-      "never"
-    ],
-    "import/export": "error",
-    "import/first": "error",
-    "import/no-absolute-path": [
-      "error",
-      {
-        "esmodule": true,
-        "commonjs": true,
-        "amd": false
-      }
-    ],
-    "import/no-duplicates": "error",
-    "import/no-named-default": "error",
-    "import/no-webpack-loader-syntax": "error",
-    "promise/param-names": "error",
-    "guard-for-in": "error",
-    "node/handle-callback-err": [
-      "error",
-      "^(err|error)$"
-    ],
-    "node/no-exports-assign": "error",
-    "node/no-new-require": "error",
-    "node/no-path-concat": "error"
-  },
-  "overrides": [
-    {
-      "files": ["**/*.ts", "**/*.tsx", "**/*.mts", "**/*.cts"],
-      "rules": {
-        "no-use-before-define": "off"
-      }
-    },
-    {
-      "files": ["lib/browser/**", "lib/utility/**"],
-      "rules": {
-        "no-restricted-imports": [
-          "error",
-          {
-            "paths": ["electron", "electron/renderer"],
-            "patterns": [
-              "./*",
-              "../*",
-              "@electron/internal/isolated_renderer/*",
-              "@electron/internal/renderer/*",
-              "@electron/internal/sandboxed_worker/*",
-              "@electron/internal/worker/*"
-            ]
-          }
-        ]
-      }
-    },
-    {
-      "files": [
-        "lib/renderer/**",
-        "lib/worker/**",
-        "lib/preload_realm/**",
-        "lib/sandboxed_renderer/**",
-        "lib/isolated_renderer/**"
-      ],
-      "rules": {
-        "no-restricted-imports": [
-          "error",
-          {
-            "paths": ["electron", "electron/main"],
-            "patterns": ["./*", "../*", "@electron/internal/browser/*"]
-          }
-        ]
-      }
-    },
-    {
-      "files": ["lib/common/**"],
-      "rules": {
-        "no-restricted-imports": [
-          "error",
-          {
-            "paths": ["electron", "electron/main", "electron/renderer"],
-            "patterns": [
-              "./*",
-              "../*",
-              "@electron/internal/browser/*",
-              "@electron/internal/isolated_renderer/*",
-              "@electron/internal/renderer/*",
-              "@electron/internal/sandboxed_worker/*",
-              "@electron/internal/worker/*"
-            ]
-          }
-        ]
-      }
-    },
-    {
-      "files": [
-        "build/**",
-        "script/**",
-        "docs/**",
-        "default_app/**",
-        "spec/**"
-      ],
-      "rules": {
-        "unicorn/prefer-node-protocol": "error"
-      }
-    },
-    {
-      "files": ["spec/**/*.ts", "spec/**/*.js", "spec/**/*.mjs"],
-      "rules": {
-        "no-only-tests/no-only-tests": "error"
-      }
-    },
-    {
-      "files": ["**/*.d.ts"],
-      "rules": {
-        "no-useless-constructor": "off",
-        "no-unused-vars": "off"
-      }
-    }
-  ]
-}

.remarkrc

@@ -0,0 +1,6 @@
+{
+  "plugins": [
+    ["remark-lint-code-block-style", "fenced"],
+    ["remark-lint-fenced-code-flag"]
+  ]
+}

BUILD.gn

@@ -151,25 +151,6 @@ config("branding") {
 
 config("electron_lib_config") {
   include_dirs = [ "." ]
-  cflags = []
-  if (is_clang && clang_use_chrome_plugins) {
-    # The plugin is built directly into clang, so there's no need to load it
-    # dynamically.
-    cflags += [
-      "-Xclang",
-      "-add-plugin",
-      "-Xclang",
-      "blink-gc-plugin",
-      "-Xclang",
-      "-plugin-arg-blink-gc-plugin",
-      "-Xclang",
-      "check-directory=electron/shell/",
-      "-Xclang",
-      "-plugin-arg-blink-gc-plugin",
-      "-Xclang",
-      "check-directory=gin/",
-    ]
-  }
 }
 
 # We generate the definitions twice here, once in //electron/electron.d.ts
@@ -344,33 +325,12 @@ grit("resources") {
     "grit/electron_resources.h",
     "electron_resources.pak",
   ]
-  if (translate_genders) {
-    outputs += [
-      "electron_resources_MASCULINE.pak",
-      "electron_resources_FEMININE.pak",
-      "electron_resources_NEUTER.pak",
-    ]
-  }
-
-  foreach(locale, all_chrome_locales) {
-    outputs += [ "electron_strings_$locale.pak" ]
-    if (translate_genders) {
-      outputs += [
-        "electron_strings_${locale}_MASCULINE.pak",
-        "electron_strings_${locale}_FEMININE.pak",
-        "electron_strings_${locale}_NEUTER.pak",
-      ]
-    }
-  }
 
   # Mojo manifest overlays are generated.
   grit_flags = [
     "-E",
     "target_gen_dir=" + rebase_path(target_gen_dir, root_build_dir),
   ]
-  if (translate_genders) {
-    grit_flags += [ "--translate-genders" ]
-  }
 
   deps = [ ":copy_shell_devtools_discovery_page" ]
 
@@ -494,7 +454,6 @@ source_set("electron_lib") {
     "//chrome:strings",
     "//chrome/app:command_ids",
     "//chrome/app/resources:platform_locale_settings",
-    "//chrome/common/notifications",
     "//components/autofill/core/common:features",
     "//components/certificate_transparency",
     "//components/compose:buildflags",
@@ -645,7 +604,6 @@ source_set("electron_lib") {
     use_libcxx_modules = false
 
     deps += [
-      "//components/os_crypt/async/browser:keychain_key_provider",
       "//components/os_crypt/common:keychain_password_mac",
       "//components/remote_cocoa/app_shim",
       "//components/remote_cocoa/browser",
@@ -668,7 +626,6 @@ source_set("electron_lib") {
       "SecurityInterface.framework",
       "ServiceManagement.framework",
       "StoreKit.framework",
-      "UserNotifications.framework",
     ]
 
     weak_frameworks = [ "QuickLookThumbnailing.framework" ]
@@ -709,9 +666,6 @@ source_set("electron_lib") {
       ":libnotify_loader",
       "//build/config/linux/gtk",
       "//components/crash/content/browser",
-      "//components/os_crypt/async/browser:freedesktop_secret_key_provider",
-      "//components/os_crypt/async/browser:posix_key_provider",
-      "//components/os_crypt/async/browser:secret_portal_key_provider",
       "//dbus",
       "//device/bluetooth",
       "//third_party/crashpad/crashpad/client",
@@ -752,7 +706,6 @@ source_set("electron_lib") {
     deps += [
       "//components/app_launch_prefetch",
       "//components/crash/core/app:crash_export_thunks",
-      "//components/os_crypt/async/browser:dpapi_key_provider",
       "//third_party/libxml:xml_writer",
       "//ui/wm",
       "//ui/wm/public",
@@ -802,7 +755,6 @@ source_set("electron_lib") {
       "//components/zoom",
       "//extensions/browser",
       "//extensions/browser/api:api_provider",
-      "//extensions/browser/mime_handler",
       "//extensions/browser/updater",
       "//extensions/common",
       "//extensions/common:core_api_provider",
@@ -1045,17 +997,7 @@ if (is_mac) {
     }
   }
 
-  # Electron defines its own plugin helper (using CHILD_EMBEDDER_FIRST + 1) to
-  # allow loading of unsigned or third-party-signed libraries.
-  _electron_plugin_helper_params = [
-    "plugin",
-    ".plugin",
-    " (Plugin)",
-  ]
-  electron_mac_helpers =
-      content_mac_helpers + [ _electron_plugin_helper_params ]
-
-  foreach(helper_params, electron_mac_helpers) {
+  foreach(helper_params, content_mac_helpers) {
     _helper_target = helper_params[0]
     _helper_bundle_id = helper_params[1]
     _helper_suffix = helper_params[2]
@@ -1108,7 +1050,7 @@ if (is_mac) {
       ":stripped_squirrel_framework",
     ]
 
-    foreach(helper_params, electron_mac_helpers) {
+    foreach(helper_params, content_mac_helpers) {
       sources +=
           [ "$root_out_dir/${electron_helper_name}${helper_params[2]}.app" ]
       public_deps += [ ":electron_helper_app_${helper_params[0]}" ]
@@ -1212,7 +1154,7 @@ if (is_mac) {
       deps = [ ":electron_framework" ]
     }
 
-    foreach(helper_params, electron_mac_helpers) {
+    foreach(helper_params, content_mac_helpers) {
       _helper_target = helper_params[0]
       _helper_bundle_id = helper_params[1]
       _helper_suffix = helper_params[2]
@@ -1264,7 +1206,7 @@ if (is_mac) {
         deps += [ ":crashpad_handler_syms" ]
       }
 
-      foreach(helper_params, electron_mac_helpers) {
+      foreach(helper_params, content_mac_helpers) {
         _helper_target = helper_params[0]
         deps += [ ":electron_helper_syms_${_helper_target}" ]
       }
@@ -1671,9 +1613,8 @@ action("node_version_header") {
 action("generate_node_headers") {
   deps = [ ":generate_config_gypi" ]
   script = "script/node/generate_node_headers.py"
-  inputs = auto_filenames.node_header_sources
-  outputs = [ "$root_gen_dir/node_headers.json" ]
   args = [ rebase_path("$root_gen_dir") ]
+  outputs = [ "$root_gen_dir/node_headers.json" ]
 }
 
 action("tar_node_headers") {

CLAUDE.md

@@ -1,14 +1,5 @@
 # Electron Development Guide
 
-## Running node_modules binaries
-
-**Never use `npx`.** It is considered dangerous because it can silently fetch and execute arbitrary packages from the registry. Always run binaries through one of these safer mechanisms instead:
-
-1. **Preferred** — spawn the executable directly from `node_modules/.bin/<tool>` (or the platform equivalent on Windows). This is what `script/lint.js` does for `oxlint`.
-2. **Acceptable** — invoke via `yarn <tool>` or `yarn run <tool>`, which resolves to the locally installed version without the registry fallback that `npx` performs.
-
-This rule applies to shell commands you run yourself and to any scripts you author or modify in this repo.
-
 ## Project Overview
 
 Electron is a framework for building cross-platform desktop applications using web technologies. It embeds Chromium for rendering and Node.js for backend functionality.
@@ -188,41 +179,16 @@ When working on the `roller/node/main` branch to upgrade Node.js activate the "E
 
 PR bodies must always include a `Notes:` section as the **last line** of the body. This is a consumer-facing release note for Electron app developers — describe the user-visible fix or change, not internal implementation details. Use `Notes: none` if there is no user-facing change.
 
-### PR Labeling (write-access only)
-
-When the user has write access to `electron/electron`, add these labels when creating PRs:
-
-**Semver label** — one of:
-
-- `semver/none` — build changes, refactors, CI, or anything with no end-user impact
-- `semver/patch` — backwards-compatible bug fixes
-- `semver/minor` — backwards-compatible new functionality
-- `semver/major` — incompatible API changes
-
-**Backport target labels** — add `target/{N}-x-y` for each supported release branch the change should land on. Default policy:
-
-- **Bug fixes** — backport to all active release lines _except the oldest_
-- **Security fixes** — backport to all active release lines _including the oldest_
-- **Features (semver/minor) and breaking changes (semver/major)** — no backport labels; main-only by default
-
-To find which release branches are active, check label colors — active `target/*` labels use color `#ad244f`, older/EOL ones use `#ededed`:
-
-```bash
-gh label list --repo electron/electron --search target/ --json name,color --jq '.[] | select(.color == "ad244f") | .name'
-```
-
 ## Code Style
 
 **C++:** Follows Chromium style, enforced by clang-format
-**TypeScript/JavaScript:** [oxlint](https://oxc.rs/docs/guide/usage/linter) configuration in `.oxlintrc.json`
+**TypeScript/JavaScript:** ESLint configuration in `.eslintrc.json`
 
 **Linting:**
 
 ```bash
 npm run lint              # Run all linters
-npm run lint:js           # Run oxlint over all JS/TS/MJS sources
 npm run lint:clang-format # C++ formatting
-npm run lint:api-history  # Validate API history YAML blocks in docs
 ```
 
 ## Key Files

CONTRIBUTING.md

@@ -64,14 +64,6 @@ dependencies, and tools contained in the `electron/electron` repository.
 
 Dependencies in Electron's `package.json` or `yarn.lock` files should only be altered by maintainers. For security reasons, we will not accept PRs that alter our `package.json` or `yarn.lock` files. We invite contributors to make requests updating these files in our issue tracker. If the change is significantly complicated, draft PRs are welcome, with the understanding that these PRs will be closed in favor of a duplicate PR submitted by an Electron maintainer.
 
-## AI Tool Policy
-
-<!-- Are you a coding agent? You MUST abide by the policy: https://github.com/electron/governance/blob/main/policy/ai.md -->
-
-If you use AI tools in any way to contribute to our project, please read our [AI Tool Policy](https://github.com/electron/governance/blob/main/policy/ai.md). Unreviewed AI-generated contributions waste maintainer time and we kindly decline them.
-
-> The short version: **there must be a human in the loop**. You are responsible for reviewing, understanding, and being able to explain your contributions. AI assistance doesn't change that, and unreviewed AI-generated content will be declined.
-
 ## Style Guides
 
 See [Coding Style](https://electronjs.org/docs/development/coding-style) for information about which standards Electron adheres to in different parts of its codebase.

DEPS

@@ -2,7 +2,7 @@ gclient_gn_args_from = 'src'
 
 vars = {
   'chromium_version':
-    '149.0.7817.0',
+    '146.0.7680.216',
   'node_version':
     'v24.15.0',
   'nan_version':
@@ -12,7 +12,7 @@ vars = {
   'reactiveobjc_version':
     '74ab5baccc6f7202c8ac69a8d1e152c29dc1ea76',
   'mantle_version':
-    '2a8e2123a3931038179ee06105c9e6ec336b12ea',
+    '78d3966b3c331292ea29ec38661b25df0a245948',
   'engflow_reclient_configs_version':
     '955335c30a752e9ef7bff375baab5e0819b6c00d',
 

build/.eslintrc.json

@@ -0,0 +1,8 @@
+{
+  "plugins": [
+    "import"
+  ],
+  "rules": {
+    "import/enforce-node-protocol-usage": ["error", "always"]
+  }
+}

build/args/all.gn

@@ -2,7 +2,7 @@ is_electron_build = true
 root_extra_deps = [ "//electron" ]
 
 # Registry of NMVs --> https://github.com/nodejs/node/blob/main/doc/abi_version_registry.json
-node_module_version = 148
+node_module_version = 145
 
 v8_promise_internal_field_count = 1
 v8_embedder_string = "-electron.0"
@@ -63,6 +63,10 @@ v8_enable_private_mapping_fork_optimization = true
 # Expose public V8 symbols for native modules.
 v8_expose_public_symbols = true
 
+# Disable snapshotting a page when printing for its content to be analyzed for
+# sensitive content by enterprise users.
+enterprise_cloud_content_analysis = false
+
 # We don't use anything from here, and it causes target collisions
 enable_linux_installer = false
 

build/electron_paks.gni

@@ -185,7 +185,6 @@ template("electron_paks") {
       "${root_gen_dir}/components/strings/components_locale_settings_",
       "${root_gen_dir}/components/strings/components_strings_",
       "${root_gen_dir}/device/bluetooth/strings/bluetooth_strings_",
-      "${root_gen_dir}/electron/electron_strings_",
       "${root_gen_dir}/extensions/strings/extensions_strings_",
       "${root_gen_dir}/services/strings/services_strings_",
       "${root_gen_dir}/third_party/blink/public/strings/blink_strings_",
@@ -203,7 +202,6 @@ template("electron_paks") {
       "//components/strings:components_locale_settings",
       "//components/strings:components_strings",
       "//device/bluetooth/strings",
-      "//electron:resources",
       "//extensions/strings",
       "//services/strings",
       "//third_party/blink/public/strings",

build/electron_resources.grd

@@ -9,189 +9,10 @@
       <emit emit_type='prepend'></emit>
     </output>
     <output filename="electron_resources.pak" type="data_package" />
-    <output filename="electron_strings_af.pak" type="data_package" lang="af" />
-    <output filename="electron_strings_am.pak" type="data_package" lang="am" />
-    <output filename="electron_strings_ar.pak" type="data_package" lang="ar" />
-    <output filename="electron_strings_as.pak" type="data_package" lang="as" />
-    <output filename="electron_strings_az.pak" type="data_package" lang="az" />
-    <output filename="electron_strings_be.pak" type="data_package" lang="be" />
-    <output filename="electron_strings_bg.pak" type="data_package" lang="bg" />
-    <output filename="electron_strings_bn.pak" type="data_package" lang="bn" />
-    <output filename="electron_strings_bs.pak" type="data_package" lang="bs" />
-    <output filename="electron_strings_ca.pak" type="data_package" lang="ca" />
-    <output filename="electron_strings_cs.pak" type="data_package" lang="cs" />
-    <output filename="electron_strings_cy.pak" type="data_package" lang="cy" />
-    <output filename="electron_strings_da.pak" type="data_package" lang="da" />
-    <output filename="electron_strings_de.pak" type="data_package" lang="de" />
-    <output filename="electron_strings_el.pak" type="data_package" lang="el" />
-    <output filename="electron_strings_en-GB.pak" type="data_package" lang="en-GB" />
-    <output filename="electron_strings_en-US.pak" type="data_package" lang="en" />
-    <output filename="electron_strings_es-419.pak" type="data_package" lang="es-419" />
-    <output filename="electron_strings_es.pak" type="data_package" lang="es" />
-    <output filename="electron_strings_et.pak" type="data_package" lang="et" />
-    <output filename="electron_strings_eu.pak" type="data_package" lang="eu" />
-    <output filename="electron_strings_fa.pak" type="data_package" lang="fa" />
-    <output filename="electron_strings_fi.pak" type="data_package" lang="fi" />
-    <output filename="electron_strings_fil.pak" type="data_package" lang="fil" />
-    <output filename="electron_strings_fr-CA.pak" type="data_package" lang="fr-CA" />
-    <output filename="electron_strings_fr.pak" type="data_package" lang="fr" />
-    <output filename="electron_strings_gl.pak" type="data_package" lang="gl" />
-    <output filename="electron_strings_gu.pak" type="data_package" lang="gu" />
-    <output filename="electron_strings_hi.pak" type="data_package" lang="hi" />
-    <output filename="electron_strings_hr.pak" type="data_package" lang="hr" />
-    <output filename="electron_strings_hu.pak" type="data_package" lang="hu" />
-    <output filename="electron_strings_hy.pak" type="data_package" lang="hy" />
-    <output filename="electron_strings_id.pak" type="data_package" lang="id" />
-    <output filename="electron_strings_is.pak" type="data_package" lang="is" />
-    <output filename="electron_strings_it.pak" type="data_package" lang="it" />
-    <output filename="electron_strings_he.pak" type="data_package" lang="he" />
-    <output filename="electron_strings_ja.pak" type="data_package" lang="ja" />
-    <output filename="electron_strings_ka.pak" type="data_package" lang="ka" />
-    <output filename="electron_strings_kk.pak" type="data_package" lang="kk" />
-    <output filename="electron_strings_km.pak" type="data_package" lang="km" />
-    <output filename="electron_strings_kn.pak" type="data_package" lang="kn" />
-    <output filename="electron_strings_ko.pak" type="data_package" lang="ko" />
-    <output filename="electron_strings_ky.pak" type="data_package" lang="ky" />
-    <output filename="electron_strings_lo.pak" type="data_package" lang="lo" />
-    <output filename="electron_strings_lt.pak" type="data_package" lang="lt" />
-    <output filename="electron_strings_lv.pak" type="data_package" lang="lv" />
-    <output filename="electron_strings_mk.pak" type="data_package" lang="mk" />
-    <output filename="electron_strings_ml.pak" type="data_package" lang="ml" />
-    <output filename="electron_strings_mn.pak" type="data_package" lang="mn" />
-    <output filename="electron_strings_mr.pak" type="data_package" lang="mr" />
-    <output filename="electron_strings_ms.pak" type="data_package" lang="ms" />
-    <output filename="electron_strings_my.pak" type="data_package" lang="my" />
-    <output filename="electron_strings_ne.pak" type="data_package" lang="ne" />
-    <output filename="electron_strings_nl.pak" type="data_package" lang="nl" />
-    <!-- The translation console uses 'no' for Norwegian Bokmål. It should
-         be 'nb'. -->
-    <output filename="electron_strings_nb.pak" type="data_package" lang="no" />
-    <output filename="electron_strings_or.pak" type="data_package" lang="or" />
-    <output filename="electron_strings_pa.pak" type="data_package" lang="pa" />
-    <output filename="electron_strings_pl.pak" type="data_package" lang="pl" />
-    <output filename="electron_strings_pt-BR.pak" type="data_package" lang="pt-BR" />
-    <output filename="electron_strings_pt-PT.pak" type="data_package" lang="pt-PT" />
-    <output filename="electron_strings_ro.pak" type="data_package" lang="ro" />
-    <output filename="electron_strings_ru.pak" type="data_package" lang="ru" />
-    <output filename="electron_strings_si.pak" type="data_package" lang="si" />
-    <output filename="electron_strings_sk.pak" type="data_package" lang="sk" />
-    <output filename="electron_strings_sl.pak" type="data_package" lang="sl" />
-    <output filename="electron_strings_sq.pak" type="data_package" lang="sq" />
-    <output filename="electron_strings_sr-Latn.pak" type="data_package" lang="sr-Latn" />
-    <output filename="electron_strings_sr.pak" type="data_package" lang="sr" />
-    <output filename="electron_strings_sv.pak" type="data_package" lang="sv" />
-    <output filename="electron_strings_sw.pak" type="data_package" lang="sw" />
-    <output filename="electron_strings_ta.pak" type="data_package" lang="ta" />
-    <output filename="electron_strings_te.pak" type="data_package" lang="te" />
-    <output filename="electron_strings_th.pak" type="data_package" lang="th" />
-    <output filename="electron_strings_tr.pak" type="data_package" lang="tr" />
-    <output filename="electron_strings_uk.pak" type="data_package" lang="uk" />
-    <output filename="electron_strings_ur.pak" type="data_package" lang="ur" />
-    <output filename="electron_strings_uz.pak" type="data_package" lang="uz" />
-    <output filename="electron_strings_vi.pak" type="data_package" lang="vi" />
-    <output filename="electron_strings_zh-CN.pak" type="data_package" lang="zh-CN" />
-    <output filename="electron_strings_zh-HK.pak" type="data_package" lang="zh-HK" />
-    <output filename="electron_strings_zh-TW.pak" type="data_package" lang="zh-TW" />
-    <output filename="electron_strings_zu.pak" type="data_package" lang="zu" />
-    <!-- CARO TODO: Pseudolocales? -->
-    <output filename="electron_strings_ar-XB.pak" type="data_package" lang="ar-XB" />
-    <output filename="electron_strings_en-XA.pak" type="data_package" lang="en-XA" />
   </outputs>
-  <translations>
-    <file path="translations/electron_strings_af.xtb" lang="af" />
-    <file path="translations/electron_strings_am.xtb" lang="am" />
-    <file path="translations/electron_strings_ar.xtb" lang="ar" />
-    <file path="translations/electron_strings_as.xtb" lang="as" />
-    <file path="translations/electron_strings_az.xtb" lang="az" />
-    <file path="translations/electron_strings_be.xtb" lang="be" />
-    <file path="translations/electron_strings_bg.xtb" lang="bg" />
-    <file path="translations/electron_strings_bn.xtb" lang="bn" />
-    <file path="translations/electron_strings_bs.xtb" lang="bs" />
-    <file path="translations/electron_strings_ca.xtb" lang="ca" />
-    <file path="translations/electron_strings_cs.xtb" lang="cs" />
-    <file path="translations/electron_strings_cy.xtb" lang="cy" />
-    <file path="translations/electron_strings_da.xtb" lang="da" />
-    <file path="translations/electron_strings_de.xtb" lang="de" />
-    <file path="translations/electron_strings_el.xtb" lang="el" />
-    <file path="translations/electron_strings_en-GB.xtb" lang="en-GB" />
-    <file path="translations/electron_strings_es-419.xtb" lang="es-419" />
-    <file path="translations/electron_strings_es.xtb" lang="es" />
-    <file path="translations/electron_strings_et.xtb" lang="et" />
-    <file path="translations/electron_strings_eu.xtb" lang="eu" />
-    <file path="translations/electron_strings_fa.xtb" lang="fa" />
-    <file path="translations/electron_strings_fi.xtb" lang="fi" />
-    <file path="translations/electron_strings_fil.xtb" lang="fil" />
-    <file path="translations/electron_strings_fr-CA.xtb" lang="fr-CA" />
-    <file path="translations/electron_strings_fr.xtb" lang="fr" />
-    <file path="translations/electron_strings_gl.xtb" lang="gl" />
-    <file path="translations/electron_strings_gu.xtb" lang="gu" />
-    <file path="translations/electron_strings_hi.xtb" lang="hi" />
-    <file path="translations/electron_strings_hr.xtb" lang="hr" />
-    <file path="translations/electron_strings_hu.xtb" lang="hu" />
-    <file path="translations/electron_strings_hy.xtb" lang="hy" />
-    <file path="translations/electron_strings_id.xtb" lang="id" />
-    <file path="translations/electron_strings_is.xtb" lang="is" />
-    <file path="translations/electron_strings_it.xtb" lang="it" />
-    <!-- The translation console uses 'iw' for Hebrew, but we use 'he'. -->
-    <file path="translations/electron_strings_iw.xtb" lang="he" />
-    <file path="translations/electron_strings_ja.xtb" lang="ja" />
-    <file path="translations/electron_strings_ka.xtb" lang="ka" />
-    <file path="translations/electron_strings_kk.xtb" lang="kk" />
-    <file path="translations/electron_strings_km.xtb" lang="km" />
-    <file path="translations/electron_strings_kn.xtb" lang="kn" />
-    <file path="translations/electron_strings_ko.xtb" lang="ko" />
-    <file path="translations/electron_strings_ky.xtb" lang="ky" />
-    <file path="translations/electron_strings_lo.xtb" lang="lo" />
-    <file path="translations/electron_strings_lt.xtb" lang="lt" />
-    <file path="translations/electron_strings_lv.xtb" lang="lv" />
-    <file path="translations/electron_strings_mk.xtb" lang="mk" />
-    <file path="translations/electron_strings_ml.xtb" lang="ml" />
-    <file path="translations/electron_strings_mn.xtb" lang="mn" />
-    <file path="translations/electron_strings_mr.xtb" lang="mr" />
-    <file path="translations/electron_strings_ms.xtb" lang="ms" />
-    <file path="translations/electron_strings_my.xtb" lang="my" />
-    <file path="translations/electron_strings_ne.xtb" lang="ne" />
-    <file path="translations/electron_strings_nl.xtb" lang="nl" />
-    <file path="translations/electron_strings_no.xtb" lang="no" />
-    <file path="translations/electron_strings_or.xtb" lang="or" />
-    <file path="translations/electron_strings_pa.xtb" lang="pa" />
-    <file path="translations/electron_strings_pl.xtb" lang="pl" />
-    <file path="translations/electron_strings_pt-BR.xtb" lang="pt-BR" />
-    <file path="translations/electron_strings_pt-PT.xtb" lang="pt-PT" />
-    <file path="translations/electron_strings_ro.xtb" lang="ro" />
-    <file path="translations/electron_strings_ru.xtb" lang="ru" />
-    <file path="translations/electron_strings_si.xtb" lang="si" />
-    <file path="translations/electron_strings_sk.xtb" lang="sk" />
-    <file path="translations/electron_strings_sl.xtb" lang="sl" />
-    <file path="translations/electron_strings_sq.xtb" lang="sq" />
-    <file path="translations/electron_strings_sr-Latn.xtb" lang="sr-Latn" />
-    <file path="translations/electron_strings_sr.xtb" lang="sr" />
-    <file path="translations/electron_strings_sv.xtb" lang="sv" />
-    <file path="translations/electron_strings_sw.xtb" lang="sw" />
-    <file path="translations/electron_strings_ta.xtb" lang="ta" />
-    <file path="translations/electron_strings_te.xtb" lang="te" />
-    <file path="translations/electron_strings_th.xtb" lang="th" />
-    <file path="translations/electron_strings_tr.xtb" lang="tr" />
-    <file path="translations/electron_strings_uk.xtb" lang="uk" />
-    <file path="translations/electron_strings_ur.xtb" lang="ur" />
-    <file path="translations/electron_strings_uz.xtb" lang="uz" />
-    <file path="translations/electron_strings_vi.xtb" lang="vi" />
-    <file path="translations/electron_strings_zh-CN.xtb" lang="zh-CN" />
-    <file path="translations/electron_strings_zh-HK.xtb" lang="zh-HK" />
-    <file path="translations/electron_strings_zh-TW.xtb" lang="zh-TW" />
-    <file path="translations/electron_strings_zu.xtb" lang="zu" />
-  </translations>
-  <release seq="1">
-    <messages fallback_to_english="true">
-      <message name="IDS_MAC_NOTIFICATION_INLINE_REPLY_BUTTON" desc="Label for the inline reply button inside a macOS notification.">
-        Reply
-      </message>
-      <message name="IDS_MAC_NOTIFICATION_SHOW_BUTTON" desc="Label for the default action button inside a macOS notification.">
-        Show
-      </message>
-    </messages>
+  <release seq="1" allow_pseudo="false">
     <includes>
       <include name="IDR_CONTENT_SHELL_DEVTOOLS_DISCOVERY_PAGE" file="${target_gen_dir}/shell_devtools_discovery_page.html" use_base_dir="false" type="BINDATA" />
     </includes>
   </release>
-</grit>
+</grit>

build/siso/backend.star

@@ -0,0 +1,21 @@
+# -*- bazel-starlark -*-
+
+load("@builtin//struct.star", "module")
+
+def __platform_properties(ctx):
+    container_image = "docker://gcr.io/chops-public-images-prod/rbe/siso-chromium/linux@sha256:d7cb1ab14a0f20aa669c23f22c15a9dead761dcac19f43985bf9dd5f41fbef3a"
+    return {
+        "default": {
+            "OSFamily": "Linux",
+            "container-image": container_image,
+        },
+        "large": {
+            "OSFamily": "Linux",
+            "container-image": container_image,
+        },
+    }
+
+backend = module(
+    "backend",
+    platform_properties = __platform_properties,
+)

build/siso/main.star

@@ -0,0 +1,66 @@
+load("@builtin//encoding.star", "json")
+load("@builtin//path.star", "path")
+load("@builtin//runtime.star", "runtime")
+load("@builtin//struct.star", "module")
+load("@config//main.star", upstream_init = "init")
+load("@config//win_sdk.star", "win_sdk")
+load("@config//gn_logs.star", "gn_logs")
+
+def init(ctx):
+    mod = upstream_init(ctx)
+    step_config = json.decode(mod.step_config)
+
+    # Buildbarn doesn't support input_root_absolute_path so disable that
+    for rule in step_config["rules"]:    
+      input_root_absolute_path = rule.get("input_root_absolute_path", False)
+      if input_root_absolute_path:
+        rule.pop("input_root_absolute_path", None)
+
+    # Only wrap clang rules with a remote wrapper if not on Linux. These are currently only
+    # needed for X-Compile builds, which run on Windows and Mac.
+    if runtime.os != "linux":
+      for rule in step_config["rules"]:
+        if rule["name"].startswith("clang/") or rule["name"].startswith("clang-cl/"):
+          rule["remote_wrapper"] = "../../buildtools/reclient_cfgs/chromium-browser-clang/clang_remote_wrapper"
+          if "inputs" not in rule:
+            rule["inputs"] = []
+          rule["inputs"].append("buildtools/reclient_cfgs/chromium-browser-clang/clang_remote_wrapper")
+          rule["inputs"].append("third_party/llvm-build/Release+Asserts_linux/bin/clang")
+
+      if "executables" not in step_config:
+        step_config["executables"] = []
+      step_config["executables"].append("buildtools/reclient_cfgs/chromium-browser-clang/clang_remote_wrapper")
+      step_config["executables"].append("third_party/llvm-build/Release+Asserts_linux/bin/clang")
+
+    if runtime.os == "darwin":
+      # Update platforms to match our default siso config instead of reclient configs.
+      step_config["platforms"].update({
+          "clang": step_config["platforms"]["default"],
+          "clang_large": step_config["platforms"]["default"],          
+      })      
+
+    if runtime.os == "windows":
+      # Add additional Windows SDK headers needed by Electron      
+      win_toolchain_dir = win_sdk.toolchain_dir(ctx)
+      if win_toolchain_dir:
+        sdk_version = gn_logs.read(ctx).get("windows_sdk_version")
+        step_config["input_deps"][win_toolchain_dir + ":headers"].extend([
+          # third_party/electron_node/deps/uv/include/uv/win.h includes mswsock.h
+          path.join(win_toolchain_dir, "Windows Kits/10/Include", sdk_version, "um/mswsock.h"),
+          # third_party/electron_node/src/debug_utils.cc includes lm.h
+          path.join(win_toolchain_dir, "Windows Kits/10/Include", sdk_version, "um/Lm.h"),          
+        ])
+      
+      # Update platforms to match our default siso config instead of reclient configs.
+      step_config["platforms"].update({
+          "clang-cl": step_config["platforms"]["default"],
+          "clang-cl_large": step_config["platforms"]["default"],
+          "lld-link": step_config["platforms"]["default"],
+      })
+
+    return module(
+      "config",
+      step_config = json.encode(step_config),
+      filegroups = mod.filegroups,
+      handlers = mod.handlers,
+    )

build/translations/electron_strings_af.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="af">
-  <translation id="2727175239389218057">Antwoord</translation>
-  <translation id="5300589172476337783">Wys</translation>
-</translationbundle>

build/translations/electron_strings_am.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="am">
-  <translation id="2727175239389218057">ምላሽ ስጥ</translation>
-  <translation id="5300589172476337783">አሳይ</translation>
-</translationbundle>

build/translations/electron_strings_ar.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="ar">
-  <translation id="2727175239389218057">الرّد</translation>
-  <translation id="5300589172476337783">عرض</translation>
-</translationbundle>

build/translations/electron_strings_as.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="as">
-  <translation id="2727175239389218057">প্ৰত্যুত্তৰ দিয়ক</translation>
-  <translation id="5300589172476337783">দেখুৱাওক</translation>
-</translationbundle>

build/translations/electron_strings_az.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="az">
-  <translation id="2727175239389218057">Cavablayın</translation>
-  <translation id="5300589172476337783">Göstərin</translation>
-</translationbundle>

build/translations/electron_strings_be.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="be">
-  <translation id="2727175239389218057">Адказаць</translation>
-  <translation id="5300589172476337783">Паказаць</translation>
-</translationbundle>

build/translations/electron_strings_bg.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="bg">
-  <translation id="2727175239389218057">Отговор</translation>
-  <translation id="5300589172476337783">Показване</translation>
-</translationbundle>

build/translations/electron_strings_bn.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="bn">
-  <translation id="2727175239389218057">উত্তর দিন</translation>
-  <translation id="5300589172476337783">দেখান</translation>
-</translationbundle>

build/translations/electron_strings_bs.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="bs">
-  <translation id="2727175239389218057">Odgovori</translation>
-  <translation id="5300589172476337783">Prikaži</translation>
-</translationbundle>

build/translations/electron_strings_ca.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="ca">
-  <translation id="2727175239389218057">Respon</translation>
-  <translation id="5300589172476337783">Mostra</translation>
-</translationbundle>

build/translations/electron_strings_cs.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="cs">
-  <translation id="2727175239389218057">Odpovědět</translation>
-  <translation id="5300589172476337783">Zobrazit</translation>
-</translationbundle>

build/translations/electron_strings_cy.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="cy">
-  <translation id="2727175239389218057">Ateb</translation>
-  <translation id="5300589172476337783">Arddangos</translation>
-</translationbundle>

build/translations/electron_strings_da.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="da">
-  <translation id="2727175239389218057">Svar</translation>
-  <translation id="5300589172476337783">Vis</translation>
-</translationbundle>

build/translations/electron_strings_de.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="de">
-  <translation id="2727175239389218057">Antworten</translation>
-  <translation id="5300589172476337783">Anzeigen</translation>
-</translationbundle>

build/translations/electron_strings_el.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="el">
-  <translation id="2727175239389218057">Απάντηση</translation>
-  <translation id="5300589172476337783">Εμφάνιση</translation>
-</translationbundle>

build/translations/electron_strings_en-GB.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="en-GB">
-  <translation id="2727175239389218057">Reply</translation>
-  <translation id="5300589172476337783">Show</translation>
-</translationbundle>

build/translations/electron_strings_es-419.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="es-419">
-  <translation id="2727175239389218057">Responder</translation>
-  <translation id="5300589172476337783">Mostrar</translation>
-</translationbundle>

build/translations/electron_strings_es.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="es">
-  <translation id="2727175239389218057">Responder</translation>
-  <translation id="5300589172476337783">Mostrar</translation>
-</translationbundle>

build/translations/electron_strings_et.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="et">
-  <translation id="2727175239389218057">Vasta</translation>
-  <translation id="5300589172476337783">Kuva</translation>
-</translationbundle>

build/translations/electron_strings_eu.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="eu">
-  <translation id="2727175239389218057">Erantzun</translation>
-  <translation id="5300589172476337783">Erakutsi</translation>
-</translationbundle>

build/translations/electron_strings_fa.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="fa">
-  <translation id="2727175239389218057">پاسخ دادن</translation>
-  <translation id="5300589172476337783">نمایش</translation>
-</translationbundle>

build/translations/electron_strings_fi.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="fi">
-  <translation id="2727175239389218057">Vastaa</translation>
-  <translation id="5300589172476337783">Näytä</translation>
-</translationbundle>

build/translations/electron_strings_fil.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="fil">
-  <translation id="2727175239389218057">Sumagot</translation>
-  <translation id="5300589172476337783">Ipakita</translation>
-</translationbundle>

build/translations/electron_strings_fr-CA.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="fr-CA">
-  <translation id="2727175239389218057">Répondre</translation>
-  <translation id="5300589172476337783">Afficher</translation>
-</translationbundle>

build/translations/electron_strings_fr.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="fr">
-  <translation id="2727175239389218057">Répondre</translation>
-  <translation id="5300589172476337783">Afficher</translation>
-</translationbundle>

build/translations/electron_strings_gl.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="gl">
-  <translation id="2727175239389218057">Responder</translation>
-  <translation id="5300589172476337783">Mostrar</translation>
-</translationbundle>

build/translations/electron_strings_gu.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="gu">
-  <translation id="2727175239389218057">જવાબ આપો</translation>
-  <translation id="5300589172476337783">બતાવો</translation>
-</translationbundle>

build/translations/electron_strings_hi.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="hi">
-  <translation id="2727175239389218057">जवाब दें</translation>
-  <translation id="5300589172476337783">दिखाएं</translation>
-</translationbundle>

build/translations/electron_strings_hr.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="hr">
-  <translation id="2727175239389218057">Odgovori</translation>
-  <translation id="5300589172476337783">Prikaži</translation>
-</translationbundle>

build/translations/electron_strings_hu.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="hu">
-  <translation id="2727175239389218057">Válasz</translation>
-  <translation id="5300589172476337783">Megjelenítés</translation>
-</translationbundle>

build/translations/electron_strings_hy.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="hy">
-  <translation id="2727175239389218057">Պատասխանել</translation>
-  <translation id="5300589172476337783">Ցույց տալ</translation>
-</translationbundle>

build/translations/electron_strings_id.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="id">
-  <translation id="2727175239389218057">Balas</translation>
-  <translation id="5300589172476337783">Tampilkan</translation>
-</translationbundle>

build/translations/electron_strings_is.xtb

@@ -1,6 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE translationbundle>
-<translationbundle lang="is">
-  <translation id="2727175239389218057">Svara</translation>
-  <translation id="5300589172476337783">Sýna</translation>
-</translationbundle>