build: add ensure_bootstrap command to depot_tools install

2026-02-19 03:14:51 -05:00 · 2025-05-19 21:11:36 -07:00
1045 changed files with 25468 additions and 48122 deletions
--- a/.devcontainer/docker-compose.yml
+++ b/.devcontainer/docker-compose.yml
@@ -2,7 +2,7 @@ version: '3'

 services:
  buildtools:
-    image: ghcr.io/electron/devcontainer:933c7d6ff6802706875270bec2e3c891cf8add3f
+    image: ghcr.io/electron/devcontainer:424eedbf277ad9749ffa9219068aa72ed4a5e373

    volumes:
      - ..:/workspaces/gclient/src/electron:cached
--- a/.devcontainer/on-create-command.sh
+++ b/.devcontainer/on-create-command.sh
@@ -58,13 +58,13 @@ if [ ! -f $buildtools/configs/evm.testing.json ]; then
            },
            \"\$schema\": \"file:///home/builduser/.electron_build_tools/evm-config.schema.json\",
            \"configValidationLevel\": \"strict\",
-            \"remoteBuild\": \"reclient\",
-            \"preserveSDK\": 5
+            \"reclient\": \"$1\",
+            \"preserveXcode\": 5
        }
    " >$buildtools/configs/evm.testing.json
  }

-  write_config
+  write_config remote_exec

  e use testing 
 else
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -58,16 +58,6 @@ body:
    label: Last Known Working Electron version
    description: What is the last version of Electron this worked in, if applicable?
    placeholder: 16.0.0
- type: dropdown
-  attributes:
-    label: Does the issue also appear in Chromium / Google Chrome?
-    description: If it does, please report the issue in the [Chromium issue tracker](https://issues.chromium.org/issues), not against Electron. Electron will inherit the fix once Chromium resolves the issue.
-    options:
-      - I don't know how to test
-      - "Yes"
-      - "No"
-  validations:
-    required: true
 - type: textarea
  attributes:
    label: Expected Behavior
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,6 +1,3 @@
-> [!IMPORTANT]
-> Please note that code reviews and merges will be delayed during our [quiet period in December](https://www.electronjs.org/blog/dec-quiet-period-25) and might not happen until January.
-
 #### Description of Change

 <!--
--- a/.github/actions/build-electron/action.yml
+++ b/.github/actions/build-electron/action.yml
@@ -17,6 +17,9 @@ inputs:
  is-release:
    description: 'Is release build'
    required: true
+  strip-binaries:
+    description: 'Strip binaries (Linux only)'
+    required: false
  generate-symbols:
    description: 'Generate symbols'
    required: true
@@ -35,15 +38,6 @@ runs:
      run: |
        GN_APPENDED_ARGS="$GN_EXTRA_ARGS target_cpu=\"x64\" v8_snapshot_toolchain=\"//build/toolchain/mac:clang_x64\""
        echo "GN_EXTRA_ARGS=$GN_APPENDED_ARGS" >> $GITHUB_ENV
-    - name: Set GN_EXTRA_ARGS for Windows
-      shell: bash
-      if: ${{inputs.target-arch != 'x64' && inputs.target-platform == 'win' }}
-      run: |
-        GN_APPENDED_ARGS="$GN_EXTRA_ARGS target_cpu=\"${{ inputs.target-arch }}\""
-        echo "GN_EXTRA_ARGS=$GN_APPENDED_ARGS" >> $GITHUB_ENV
-    - name: Add Clang problem matcher
-      shell: bash
-      run: echo "::add-matcher::src/electron/.github/problem-matchers/clang.json"
    - name: Build Electron ${{ inputs.step-suffix }}
      shell: bash
      run: |
@@ -60,28 +54,22 @@ runs:
          sudo launchctl limit maxfiles 65536 200000
        fi

-        if [ "${{ inputs.is-release }}" = "true" ]; then
-          NINJA_SUMMARIZE_BUILD=1 e build --target electron:release_build
-        else
-          NINJA_SUMMARIZE_BUILD=1 e build --target electron:testing_build
-        fi
+        NINJA_SUMMARIZE_BUILD=1 e build -j $NUMBER_OF_NINJA_PROCESSES
        cp out/Default/.ninja_log out/electron_ninja_log
        node electron/script/check-symlinks.js
-
-        # Upload build stats to Datadog
-        if ! [ -z $DD_API_KEY ]; then
-          if [ "$TARGET_PLATFORM" = "win" ]; then
-            npx node electron/script/build-stats.mjs out/Default/siso.exe.INFO --upload-stats || true
-          else
-            npx node electron/script/build-stats.mjs out/Default/siso.INFO --upload-stats || true
-          fi
-        else
-          echo "Skipping build-stats.mjs upload because DD_API_KEY is not set"
-        fi
-    - name: Verify dist.zip ${{ inputs.step-suffix }}
+    - name: Strip Electron Binaries ${{ inputs.step-suffix }}
+      shell: bash
+      if: ${{ inputs.strip-binaries == 'true' }}
+      run: |
+        cd src
+        electron/script/copy-debug-symbols.py --target-cpu="${{ inputs.target-arch }}" --out-dir=out/Default/debug --compress
+        electron/script/strip-binaries.py --target-cpu="${{ inputs.target-arch }}" --verbose
+        electron/script/add-debug-link.py --target-cpu="${{ inputs.target-arch }}" --debug-dir=out/Default/debug
+    - name: Build Electron dist.zip ${{ inputs.step-suffix }}
      shell: bash
      run: |
-        cd src        
+        cd src
+        e build --target electron:electron_dist_zip -j $NUMBER_OF_NINJA_PROCESSES -d explain
        if [ "${{ inputs.is-asan }}" != "true" ]; then
          target_os=${{ inputs.target-platform == 'macos' && 'mac' || inputs.target-platform }}
          if [ "${{ inputs.artifact-platform }}" = "mas" ]; then
@@ -89,10 +77,11 @@ runs:
          fi
          electron/script/zip_manifests/check-zip-manifest.py out/Default/dist.zip electron/script/zip_manifests/dist_zip.$target_os.${{ inputs.target-arch }}.manifest
        fi
-    - name: Fixup Mksnapshot ${{ inputs.step-suffix }}
+    - name: Build Mksnapshot ${{ inputs.step-suffix }}
      shell: bash
      run: |
        cd src
+        e build --target electron:electron_mksnapshot -j $NUMBER_OF_NINJA_PROCESSES
        ELECTRON_DEPOT_TOOLS_DISABLE_LOG=1 e d gn desc out/Default v8:run_mksnapshot_default args > out/Default/mksnapshot_args
        # Remove unused args from mksnapshot_args
        SEDOPTION="-i"
@@ -102,6 +91,20 @@ runs:
        sed $SEDOPTION '/.*builtins-pgo/d' out/Default/mksnapshot_args
        sed $SEDOPTION '/--turbo-profiling-input/d' out/Default/mksnapshot_args

+        if [ "${{ inputs.target-platform }}" = "linux" ]; then
+          if [ "${{ inputs.target-arch }}" = "arm" ]; then
+            electron/script/strip-binaries.py --file $PWD/out/Default/clang_x86_v8_arm/mksnapshot
+            electron/script/strip-binaries.py --file $PWD/out/Default/clang_x86_v8_arm/v8_context_snapshot_generator
+          elif [ "${{ inputs.target-arch }}" = "arm64" ]; then
+            electron/script/strip-binaries.py --file $PWD/out/Default/clang_x64_v8_arm64/mksnapshot
+            electron/script/strip-binaries.py --file $PWD/out/Default/clang_x64_v8_arm64/v8_context_snapshot_generator
+          else
+            electron/script/strip-binaries.py --file $PWD/out/Default/mksnapshot
+            electron/script/strip-binaries.py --file $PWD/out/Default/v8_context_snapshot_generator
+          fi
+        fi
+
+        e build --target electron:electron_mksnapshot_zip -j $NUMBER_OF_NINJA_PROCESSES
        if [ "${{ inputs.target-platform }}" = "win" ]; then
          cd out/Default
          powershell Compress-Archive -update mksnapshot_args mksnapshot.zip
@@ -135,15 +138,13 @@ runs:
      shell: bash
      run: |
        cd src
+        e build --target electron:electron_chromedriver -j $NUMBER_OF_NINJA_PROCESSES
        e build --target electron:electron_chromedriver_zip
-
-        if [ "${{ inputs.is-asan }}" != "true" ]; then
-          target_os=${{ inputs.target-platform == 'macos' && 'mac' || inputs.target-platform }}
-          if [ "${{ inputs.artifact-platform }}" = "mas" ]; then
-            target_os="${target_os}_mas"
-          fi
-          electron/script/zip_manifests/check-zip-manifest.py out/Default/chromedriver.zip electron/script/zip_manifests/chromedriver_zip.$target_os.${{ inputs.target-arch }}.manifest
-        fi
+    - name: Build Node.js headers ${{ inputs.step-suffix }}
+      shell: bash
+      run: |
+        cd src
+        e build --target electron:node_headers
    - name: Create installed_software.json ${{ inputs.step-suffix }}
      shell: powershell
      if: ${{ inputs.is-release == 'true' && inputs.target-platform == 'win' }}
@@ -163,11 +164,17 @@ runs:
        # Needed for msdia140.dll on 64-bit windows
        cd src
        export PATH="$PATH:$(pwd)/third_party/llvm-build/Release+Asserts/bin"
-    - name: Zip Symbols ${{ inputs.step-suffix }}
+    - name: Generate & Zip Symbols ${{ inputs.step-suffix }}
      shell: bash
      run: |
+        # Generate breakpad symbols on release builds
+        if [ "${{ inputs.generate-symbols }}" = "true" ]; then
+          e build --target electron:electron_symbols
+        fi
        cd src
        export BUILD_PATH="$(pwd)/out/Default"
+        e build --target electron:licenses
+        e build --target electron:electron_version_file
        if [ "${{ inputs.is-release }}" = "true" ]; then
          DELETE_DSYMS_AFTER_ZIP=1 electron/script/zip-symbols.py -b $BUILD_PATH
        else
@@ -178,17 +185,26 @@ runs:
      if: ${{ inputs.is-release == 'true' }}
      run: |
        cd src
-        gn gen out/ffmpeg --args="import(\"//electron/build/args/ffmpeg.gn\") use_remoteexec=true use_siso=true $GN_EXTRA_ARGS"
-        e build --target electron:electron_ffmpeg_zip -C ../../out/ffmpeg
-    - name: Remove Clang problem matcher
+        gn gen out/ffmpeg --args="import(\"//electron/build/args/ffmpeg.gn\") use_remoteexec=true $GN_EXTRA_ARGS"
+        e build --target electron:electron_ffmpeg_zip -C ../../out/ffmpeg -j $NUMBER_OF_NINJA_PROCESSES
+    - name: Generate Hunspell Dictionaries ${{ inputs.step-suffix }}
      shell: bash
-      run: echo "::remove-matcher owner=clang::"
+      if: ${{ inputs.is-release == 'true' && inputs.target-platform == 'linux' }}
+      run: |
+        e build --target electron:hunspell_dictionaries_zip -j $NUMBER_OF_NINJA_PROCESSES
+    - name: Generate Libcxx ${{ inputs.step-suffix }}
+      shell: bash
+      if: ${{ inputs.is-release == 'true' && inputs.target-platform == 'linux' }}
+      run: |
+        e build --target electron:libcxx_headers_zip -j $NUMBER_OF_NINJA_PROCESSES
+        e build --target electron:libcxxabi_headers_zip -j $NUMBER_OF_NINJA_PROCESSES
+        e build --target electron:libcxx_objects_zip -j $NUMBER_OF_NINJA_PROCESSES
    - name: Generate TypeScript Definitions ${{ inputs.step-suffix }}
      if: ${{ inputs.is-release == 'true' }}
      shell: bash
      run: |
        cd src/electron
-        node script/yarn.js create-typescript-definitions
+        node script/yarn create-typescript-definitions
    - name: Publish Electron Dist ${{ inputs.step-suffix }}
      if: ${{ inputs.is-release == 'true' }}
      shell: bash
@@ -202,29 +218,7 @@ runs:
          echo 'Uploading Electron release distribution to GitHub releases'
          script/release/uploaders/upload.py --verbose
        fi
-    - name: Generate siso report
-      if: ${{ inputs.target-platform != 'win' && !cancelled() }}
-      shell: bash
-      run: |
-        cd src
-        e d siso report -C out/Default > siso_report.txt
-        SISO_REPORT_PATH=$(grep -o '/.*siso-report-[^ ]*' siso_report.txt)
-        echo "SISO_REPORT_PATH=$SISO_REPORT_PATH" >> $GITHUB_ENV
-        cat siso_report.txt
-        echo "SISO REPORT AT $SISO_REPORT_PATH"
-    - name: Generate siso report (Windows)
-      if: ${{ inputs.target-platform == 'win' && !cancelled() }}
-      shell: powershell
-      run: |
-        cd src
-        e d siso report -C out\Default > siso_report.txt
-        $SISO_REPORT_PATH = Get-Content "siso_report.txt" | Select-String "report file:\s*(.+)" | ForEach-Object { 
-          $_.Matches.Groups[1].Value.Trim() 
-        }
-        echo "SISO_REPORT_PATH=$SISO_REPORT_PATH"
-        echo "SISO_REPORT_PATH=$SISO_REPORT_PATH" >> $env:GITHUB_ENV
    - name: Generate Artifact Key
-      if: always() && !cancelled()
      shell: bash
      run: |
        if [ "${{ inputs.is-asan }}" = "true" ]; then 
@@ -236,11 +230,9 @@ runs:
    # The current generated_artifacts_<< artifact.key >> name was taken from CircleCI
    # to ensure we don't break anything, but we may be able to improve that.
    - name: Move all Generated Artifacts to Upload Folder ${{ inputs.step-suffix }}
-      if: always() && !cancelled()
      shell: bash
      run: ./src/electron/script/actions/move-artifacts.sh
    - name: Upload Generated Artifacts ${{ inputs.step-suffix }}
-      if: always() && !cancelled()
      uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
      with:
        name: generated_artifacts_${{ env.ARTIFACT_KEY }}
--- a/.github/actions/build-git-cache/action.yml
+++ b/.github/actions/build-git-cache/action.yml
@@ -1,83 +0,0 @@
-name: 'Build Git Cache'
-description: 'Runs a gclient sync to build the git cache for Electron'
-inputs:
-  target-platform:
-    description: 'Target platform, should be linux, win, macos'    
-runs:
-  using: "composite"
-  steps:
-  - name: Set GIT_CACHE_PATH to make gclient to use the cache
-    shell: bash
-    run: |
-      echo "GIT_CACHE_PATH=$(pwd)/git-cache" >> $GITHUB_ENV
-  - name: Set Chromium Git Cookie
-    uses: ./src/electron/.github/actions/set-chromium-cookie
-  - name: Install Build Tools
-    uses: ./src/electron/.github/actions/install-build-tools
-  - name: Set up cache drive
-    shell: bash
-    run: |
-      if [ "${{ inputs.target-platform }}" = "win" ]; then
-        echo "CACHE_DRIVE=/mnt/win-cache" >> $GITHUB_ENV
-      else
-        echo "CACHE_DRIVE=/mnt/cross-instance-cache" >> $GITHUB_ENV
-      fi
-  - name: Check cross instance cache disk space
-    shell: bash
-    run: |    
-      # if there is less than 35 GB free space then creating the cache might fail so exit early
-      freespace=`df -m $CACHE_DRIVE | grep -w $CACHE_DRIVE | awk '{print $4}'`
-      freespace_human=`df -h $CACHE_DRIVE | grep -w $CACHE_DRIVE | awk '{print $4}'`
-      if [ $freespace -le 35000 ]; then
-        echo "The cross mount cache has $freespace_human free space which is not enough - exiting"
-        exit 1
-      else
-        echo "The cross mount cache has $freespace_human free space - continuing"
-      fi
-  - name: Restore gitcache
-    shell: bash
-    run: |
-      GIT_CACHE_TAR="$CACHE_DRIVE/gitcache.tar"
-      if [ ! -f "$GIT_CACHE_TAR" ]; then
-        echo "Git cache tar file does not exist, skipping restore"
-        exit 0
-      fi
-      echo "Restoring git cache from $GIT_CACHE_TAR to $GIT_CACHE_PATH"
-      mkdir -p $GIT_CACHE_PATH
-      tar -xf $GIT_CACHE_TAR -C $GIT_CACHE_PATH
-  - name: Gclient Sync
-    shell: bash
-    run: |
-      e d gclient config \
-        --name "src/electron" \
-        --unmanaged \
-        ${GCLIENT_EXTRA_ARGS} \
-        "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY"
-
-      if [ "$TARGET_OS" != "" ]; then
-        echo "target_os=['$TARGET_OS']" >> ./.gclient
-      fi
-
-      ELECTRON_USE_THREE_WAY_MERGE_FOR_PATCHES=1 e d gclient sync --with_branch_heads --with_tags --nohooks -vv 
-  - name: Compress Git Cache Directory
-    shell: bash
-    run: |
-      echo "Uncompressed gitcache size: $(du -sh $GIT_CACHE_PATH | cut -f1 -d' ')"
-      cd $GIT_CACHE_PATH
-      tar -cf ../gitcache.tar .
-      cd ..
-      echo "Compressed gitcache to $(du -sh gitcache.tar | cut -f1 -d' ')"
-      # remove the old cache file if it exists 
-      if [ -f $CACHE_DRIVE/gitcache.tar ]; then
-        echo "Removing old gitcache.tar from $CACHE_DRIVE"
-        rm $CACHE_DRIVE/gitcache.tar
-      fi      
-      cp ./gitcache.tar $CACHE_DRIVE/
-  - name: Wait for active SSH sessions
-    shell: bash
-    if: always() && !cancelled()
-    run: |
-      while [ -f /var/.ssh-lock ]
-      do
-        sleep 60
-      done
--- a/.github/actions/checkout/action.yml
+++ b/.github/actions/checkout/action.yml
@@ -40,10 +40,10 @@ runs:
    if: ${{ inputs.generate-sas-token == 'true' }}
    shell: bash
    run: |
-      curl --unix-socket /var/run/sas/sas.sock --fail "http://foo/$CACHE_FILE?platform=${{ inputs.target-platform }}&getAccountName=true" > sas-token
+      curl --unix-socket /var/run/sas/sas.sock --fail "http://foo/$CACHE_FILE?platform=${{ inputs.target-platform }}" > sas-token
  - name: Save SAS Key
    if: ${{ inputs.generate-sas-token == 'true' }}
-    uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+    uses: actions/cache/save@d4323d4df104b026a6aa633fdb11d772146be0bf
    with:
      path: sas-token
      key: sas-key-${{ inputs.target-platform }}-${{ github.run_number }}-${{ github.run_attempt }}
@@ -80,21 +80,6 @@ runs:
      else
        echo "The cross mount cache has $freespace_human free space - continuing"
      fi
-  - name: Add patch conflict problem matcher
-    shell: bash
-    run: echo "::add-matcher::src/electron/.github/problem-matchers/patch-conflict.json"
-  - name: Restore gitcache
-    if: steps.check-cache.outputs.cache_exists == 'false'
-    shell: bash
-    run: |
-      GIT_CACHE_TAR="$CACHE_DRIVE/gitcache.tar"
-      if [ ! -f "$GIT_CACHE_TAR" ]; then
-        echo "Git cache tar file does not exist, skipping restore"
-        exit 0
-      fi
-      echo "Restoring git cache from $GIT_CACHE_TAR to $GIT_CACHE_PATH"
-      mkdir -p $GIT_CACHE_PATH
-      tar -xf $GIT_CACHE_TAR -C $GIT_CACHE_PATH
  - name: Gclient Sync
    if: steps.check-cache.outputs.cache_exists == 'false'
    shell: bash
@@ -117,7 +102,12 @@ runs:
        git update-index --refresh || true
        if ! git diff-index --quiet HEAD --; then
          # There are changes to the patches. Make a git commit with the updated patches
-          if node ./script/patch-up.js; then
+          git add patches
+          GIT_COMMITTER_NAME="PatchUp" GIT_COMMITTER_EMAIL="73610968+patchup[bot]@users.noreply.github.com" git commit -m "chore: update patches" --author="PatchUp <73610968+patchup[bot]@users.noreply.github.com>"
+          # Export it
+          mkdir -p ../../patches
+          git format-patch -1 --stdout --keep-subject --no-stat --full-index > ../../patches/update-patches.patch
+          if node ./script/push-patch.js; then
            echo
            echo "======================================================================"
            echo "Changes to the patches when applying, we have auto-pushed the diff to the current branch"
@@ -125,11 +115,6 @@ runs:
            echo "======================================================================"
            exit 1
          else
-            git add patches
-            GIT_COMMITTER_NAME="PatchUp" GIT_COMMITTER_EMAIL="73610968+patchup[bot]@users.noreply.github.com" git commit -m "chore: update patches" --author="PatchUp <73610968+patchup[bot]@users.noreply.github.com>"
-            # Export it
-            mkdir -p ../../patches
-            git format-patch -1 --stdout --keep-subject --no-stat --full-index > ../../patches/update-patches.patch
            echo
            echo "======================================================================"
            echo "There were changes to the patches when applying."
@@ -143,16 +128,7 @@ runs:
          echo "No changes to patches detected"
        fi
      fi
-  - name: Remove patch conflict problem matcher
-    shell: bash
-    run: |
-      echo "::remove-matcher owner=merge-conflict::"
-      echo "::remove-matcher owner=patch-conflict::"
-  - name: Upload patches stats
-    if: ${{ inputs.target-platform == 'linux' && github.ref == 'refs/heads/main' }}
-    shell: bash
-    run: |
-      node src/electron/script/patches-stats.mjs --upload-stats || true
+
  # delete all .git directories under src/ except for
  # third_party/angle/ and third_party/dawn/ because of build time generation of files
  # gen/angle/commit.h depends on third_party/angle/.git/HEAD
@@ -172,6 +148,7 @@ runs:
    run: |
      rm -rf src/android_webview
      rm -rf src/ios/chrome
+      rm -rf src/third_party/blink/web_tests
      rm -rf src/third_party/blink/perf_tests
      rm -rf src/chrome/test/data/xr/webvr_info
      rm -rf src/third_party/angle/third_party/VK-GL-CTS/src
--- a/.github/actions/cipd-install/action.yml
+++ b/.github/actions/cipd-install/action.yml
@@ -14,9 +14,6 @@ inputs:
    description: 'Target platform, should be linux, win, macos'
  package:
    description: 'Package to install'
-  dependency-version:
-    description: 'Version of the dependency to install'
-    default: ''
 runs:
  using: "composite"
  steps:
@@ -25,23 +22,15 @@ runs:
      run : |
        rm -rf ${{ inputs.cipd-root-prefix-path }}${{ inputs.installation-dir }}
    - name: Create ensure file for ${{ inputs.dependency }}
-      if: ${{ inputs.dependency-version == '' }}
      shell: bash
      run: |
        echo '${{ inputs.package }}' `e d gclient getdep --deps-file=${{ inputs.deps-file }} -r '${{ inputs.installation-dir }}:${{ inputs.package }}'` > ${{ inputs.dependency }}_ensure_file
        cat ${{ inputs.dependency }}_ensure_file
-
-    - name: Create ensure file for ${{ inputs.dependency }} from dependency-version
-      if: ${{ inputs.dependency-version != '' }}
-      shell: bash
-      run: |
-        echo '${{ inputs.package }} ${{ inputs.dependency-version }}'  > ${{ inputs.dependency }}_ensure_file
-        cat ${{ inputs.dependency }}_ensure_file
    - name: CIPD installation of ${{ inputs.dependency }} (macOS)
-      if: ${{ inputs.target-platform != 'win' }}
+      if: ${{ inputs.target-platform == 'macos' }}
      shell: bash
      run: |
-        echo "ensuring ${{ inputs.dependency }}"
+        echo "ensuring ${{ inputs.dependency }} on macOS"
        e d cipd ensure --root ${{ inputs.cipd-root-prefix-path }}${{ inputs.installation-dir }} -ensure-file ${{ inputs.dependency }}_ensure_file
    - name: CIPD installation of ${{ inputs.dependency }} (Windows)
      if: ${{ inputs.target-platform == 'win' }}
--- a/.github/actions/fix-sync/action.yml
+++ b/.github/actions/fix-sync/action.yml
@@ -19,16 +19,12 @@ inputs:
 runs:
  using: "composite"
  steps:
-    - name: Fix llvm toolchain
-      if: ${{ inputs.target-platform != 'linux' }}
+    - name: Fix clang
      shell: bash
      run : |
        rm -rf src/third_party/llvm-build
        python3 src/tools/clang/scripts/update.py
-        # Refs https://chromium-review.googlesource.com/c/chromium/src/+/6667681
-        python3 src/tools/clang/scripts/update.py --package objdump
    - name: Fix esbuild
-      if: ${{ inputs.target-platform != 'linux' }}
      uses: ./src/electron/.github/actions/cipd-install
      with:
        cipd-root-prefix-path: src/third_party/devtools-frontend/src/
@@ -38,7 +34,6 @@ runs:
        target-platform: ${{ inputs.target-platform }}
        package: infra/3pp/tools/esbuild/${platform}
    - name: Fix rustc
-      if: ${{ inputs.target-platform != 'linux' }}
      shell: bash
      run : |
        rm -rf src/third_party/rust-toolchain
@@ -62,7 +57,6 @@ runs:
        target-platform: ${{ inputs.target-platform }}
        package: gn/gn/windows-amd64
    - name: Fix reclient
-      if: ${{ inputs.target-platform != 'linux' }}
      uses: ./src/electron/.github/actions/cipd-install
      with:
        dependency: reclient
@@ -71,7 +65,6 @@ runs:
        target-platform: ${{ inputs.target-platform }}
        package: infra/rbe/client/${platform}
    - name: Configure reclient configs
-      if: ${{ inputs.target-platform != 'linux' }}
      shell: bash
      run : |
        python3 src/buildtools/reclient_cfgs/configure_reclient_cfgs.py --rbe_instance "projects/rbe-chrome-untrusted/instances/default_instance" --reproxy_cfg_template reproxy.cfg.template --rewrapper_cfg_project "" --skip_remoteexec_cfg_fetch
@@ -89,7 +82,6 @@ runs:
          python3 src/third_party/depot_tools/download_from_google_storage.py --no_resume --no_auth --bucket chromium-browser-clang -s $DSYM_SHA_FILE -o src/tools/clang/dsymutil/bin/dsymutil
        fi
    - name: Fix ninja
-      if: ${{ inputs.target-platform != 'linux' }}
      uses: ./src/electron/.github/actions/cipd-install
      with:
        dependency: ninja
@@ -98,20 +90,10 @@ runs:
        target-platform: ${{ inputs.target-platform }}
        package: infra/3pp/tools/ninja/${platform}
    - name: Set ninja in path
-      if: ${{ inputs.target-platform != 'linux' }}
      shell: bash
      run : |
        echo "$(pwd)/src/third_party/ninja" >> $GITHUB_PATH
-    - name: Fix siso
-      uses: ./src/electron/.github/actions/cipd-install
-      with:
-        dependency: siso
-        deps-file: src/DEPS
-        installation-dir: src/third_party/siso/cipd
-        target-platform: ${{ inputs.target-platform }}
-        package: build/siso/${platform}
    - name: Fixup angle git
-      if: ${{ inputs.target-platform != 'linux' }}
      shell: bash
      run : |
        cd src/third_party/angle
--- a/.github/actions/free-space-macos/action.yml
+++ b/.github/actions/free-space-macos/action.yml
@@ -6,8 +6,6 @@ runs:
    - name: Free Space on MacOS
      shell: bash
      run: |
-        echo "Disk usage before cleanup:"
-        df -h
        sudo mkdir -p $TMPDIR/del-target

        tmpify() {
@@ -17,30 +15,28 @@ runs:
        }

        strip_universal_deep() {
-          if [ -d "$1" ]; then
-            opwd=$(pwd)
-            cd $1
-            f=$(find . -perm +111 -type f)
-            for fp in $f
-            do
-              if [[ $(file "$fp") == *"universal binary"* ]]; then
-                if [ "`arch`" == "arm64" ]; then
-                  if [[ $(file "$fp") == *"x86_64"* ]]; then
-                    sudo lipo -remove x86_64 "$fp" -o "$fp" || true
-                  fi
-                else
-                  if [[ $(file "$fp") == *"arm64e)"* ]]; then
-                    sudo lipo -remove arm64e "$fp" -o "$fp" || true
-                  fi
-                  if [[ $(file "$fp") == *"arm64)"* ]]; then
-                    sudo lipo -remove arm64 "$fp" -o "$fp" || true
-                  fi
+          opwd=$(pwd)
+          cd $1
+          f=$(find . -perm +111 -type f)
+          for fp in $f
+          do
+            if [[ $(file "$fp") == *"universal binary"* ]]; then
+              if [ "`arch`" == "arm64" ]; then
+                if [[ $(file "$fp") == *"x86_64"* ]]; then
+                  sudo lipo -remove x86_64 "$fp" -o "$fp" || true
+                fi
+              else
+                if [[ $(file "$fp") == *"arm64e)"* ]]; then
+                  sudo lipo -remove arm64e "$fp" -o "$fp" || true
+                fi
+                if [[ $(file "$fp") == *"arm64)"* ]]; then
+                  sudo lipo -remove arm64 "$fp" -o "$fp" || true
                fi
              fi
-            done
+            fi
+          done

-            cd $opwd
-          fi
+          cd $opwd
        }

        tmpify /Library/Developer/CoreSimulator
@@ -61,31 +57,9 @@ runs:
        sudo rm -rf $TMPDIR/del-target

        sudo rm -rf /Applications/Safari.app
-        sudo rm -rf /Applications/Xcode_16.1.app
-        sudo rm -rf /Applications/Xcode_16.2.app
-        sudo rm -rf /Applications/Xcode_16.3.app
-        sudo rm -rf /Applications/Xcode_26*
-        sudo rm -rf /Applications/Google Chrome.app
-        sudo rm -rf /Applications/Google Chrome for Testing.app
-        sudo rm -rf /Applications/Firefox.app
-        sudo rm -rf /Applications/Microsoft Edge.app
        sudo rm -rf ~/project/src/third_party/catapult/tracing/test_data
        sudo rm -rf ~/project/src/third_party/angle/third_party/VK-GL-CTS
-        sudo rm -rf /Users/runner/Library/Android
-        sudo rm -rf $JAVA_HOME_11_arm64
-        sudo rm -rf $JAVA_HOME_17_arm64
-        sudo rm -rf $JAVA_HOME_21_arm64
-        sudo rm -rf $JAVA_HOME_25_arm64
-        sudo rm -rf /Users/runner/.dotnet/
-        sudo rm -rf /Users/runner/.rustup
-
-        # remove homebrew packages we don't need
-        if command -v brew &> /dev/null; then
-          brew uninstall -f --zap aws-sam-cli session-manager-plugin gcc gcc@13 gcc@14 llvm@18 gradle maven ant azure-cli
-          brew autoremove
-        fi

        # lipo off some huge binaries arm64 versions to save space
        strip_universal_deep $(xcode-select -p)/../SharedFrameworks
-        # strip_arm_deep /System/Volumes/Data/Library/Developer/CommandLineTools/usr
-        sudo mdutil -a -i off
+        # strip_arm_deep /System/Volumes/Data/Library/Developer/CommandLineTools/usr
--- a/.github/actions/generate-types/action.yml
+++ b/.github/actions/generate-types/action.yml
@@ -13,16 +13,12 @@ runs:
  - name: Generating Types for SHA in ${{ inputs.sha-file }}
    shell: bash
    run: |
-      export ELECTRON_DIR=$(pwd)
-      if [ "${{ inputs.sha-file }}" == ".dig-old" ]; then
-        cd /tmp
-        git clone https://github.com/electron/electron.git
-        cd electron
-      fi
-      git checkout $(cat $ELECTRON_DIR/${{ inputs.sha-file }})
-      node script/yarn.js install --immutable
+      git checkout $(cat ${{ inputs.sha-file }})
+      rm -rf node_modules
+      yarn install --frozen-lockfile --ignore-scripts
      echo "#!/usr/bin/env node\nglobal.x=1" > node_modules/typescript/bin/tsc
      node node_modules/.bin/electron-docs-parser --dir=./ --outDir=./ --moduleVersion=0.0.0-development
      node node_modules/.bin/electron-typescript-definitions --api=electron-api.json --outDir=artifacts
-      mv artifacts/electron.d.ts $ELECTRON_DIR/artifacts/${{ inputs.filename }}
+      mv artifacts/electron.d.ts artifacts/${{ inputs.filename }}
+      git checkout .
    working-directory: ./electron
--- a/.github/actions/install-build-tools/action.yml
+++ b/.github/actions/install-build-tools/action.yml
@@ -11,22 +11,16 @@ runs:
        git config --global core.autocrlf false
        git config --global branch.autosetuprebase always
        git config --global core.fscache true
-        git config --global core.longpaths true
        git config --global core.preloadindex true
-        git config --global core.longpaths true
      fi
-      export BUILD_TOOLS_SHA=a5d9f9052dcc36ee88bef5c8b13acbefd87b7d8d
+      export BUILD_TOOLS_SHA=6e8526315ea3b4828882497e532b8340e64e053c
      npm i -g @electron/build-tools
-      # Update depot_tools to ensure python
-      e d update_depot_tools
+      e d ensure_bootstrap
      e auto-update disable
-      # Disable further updates of depot_tools
      e d auto-update disable
      if [ "$(expr substr $(uname -s) 1 10)" == "MSYS_NT-10" ]; then
        e d cipd.bat --version
        cp "C:\Python311\python.exe" "C:\Python311\python3.exe"
-        echo "C:\Users\ContainerAdministrator\.electron_build_tools\third_party\depot_tools" >> $GITHUB_PATH
-      else
-        echo "$HOME/.electron_build_tools/third_party/depot_tools" >> $GITHUB_PATH
-        echo "$HOME/.electron_build_tools/third_party/depot_tools/python-bin" >> $GITHUB_PATH
-      fi
+      fi
+      echo "$HOME/.electron_build_tools/third_party/depot_tools" >> $GITHUB_PATH
+      echo "$HOME/.electron_build_tools/third_party/depot_tools/python-bin" >> $GITHUB_PATH
--- a/.github/actions/install-dependencies/action.yml
+++ b/.github/actions/install-dependencies/action.yml
@@ -6,8 +6,8 @@ runs:
  - name: Get yarn cache directory path
    shell: bash
    id: yarn-cache-dir-path
-    run: echo "dir=$(node src/electron/script/yarn.js config get cacheFolder)" >> $GITHUB_OUTPUT
-  - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+    run: echo "dir=$(node src/electron/script/yarn cache dir)" >> $GITHUB_OUTPUT
+  - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57
    id: yarn-cache
    with:
      path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
@@ -18,14 +18,4 @@ runs:
    shell: bash
    run: |
      cd src/electron
-      if [ "$TARGET_ARCH" = "x86" ]; then
-        export npm_config_arch="ia32"
-      fi
-      # if running on linux arm skip yarn Builds
-      ARCH=$(uname -m)
-      if [ "$ARCH" = "armv7l" ]; then
-        echo "Skipping yarn build on linux arm"
-        node script/yarn.js install --immutable --mode=skip-build
-      else
-        node script/yarn.js install --immutable
-      fi
+      node script/yarn install --frozen-lockfile --prefer-offline
--- a/.github/actions/restore-cache-azcopy/action.yml
+++ b/.github/actions/restore-cache-azcopy/action.yml
@@ -8,14 +8,14 @@ runs:
  steps:
  - name: Obtain SAS Key
    continue-on-error: true
-    uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+    uses: actions/cache/restore@d4323d4df104b026a6aa633fdb11d772146be0bf
    with:
      path: sas-token
      key: sas-key-${{ inputs.target-platform }}-${{ github.run_number }}-1
      enableCrossOsArchive: true
  - name: Obtain SAS Key
    continue-on-error: true
-    uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+    uses: actions/cache/restore@d4323d4df104b026a6aa633fdb11d772146be0bf
    with:
      path: sas-token
      key: sas-key-${{ inputs.target-platform }}-${{ github.run_number }}-${{ github.run_attempt }}
@@ -32,23 +32,22 @@ runs:
      shell: bash
      command: |
        sas_token=$(cat sas-token)
-        if [ -z "$sas_token" ]; then
+        if [ -z $sas-token ]; then
          echo "SAS Token not found; exiting src cache download early..."
          exit 1
        else
-          sas_token=$(jq -r '.sasToken' sas-token)
-          account_name=$(jq -r '.accountName' sas-token)
          if [ "${{ inputs.target-platform }}" = "win" ]; then
            azcopy copy --log-level=ERROR \
-            "https://$account_name.file.core.windows.net/${{ env.AZURE_AKS_WIN_CACHE_SHARE_NAME }}/${{ env.CACHE_PATH }}?$sas_token" $DEPSHASH.tar
+            "https://${{ env.AZURE_AKS_CACHE_STORAGE_ACCOUNT }}.file.core.windows.net/${{ env.AZURE_AKS_WIN_CACHE_SHARE_NAME }}/${{ env.CACHE_PATH }}?$sas_token" $DEPSHASH.tar
          else
            azcopy copy --log-level=ERROR \
-            "https://$account_name.file.core.windows.net/${{ env.AZURE_AKS_CACHE_SHARE_NAME }}/${{ env.CACHE_PATH }}?$sas_token" $DEPSHASH.tar
+            "https://${{ env.AZURE_AKS_CACHE_STORAGE_ACCOUNT }}.file.core.windows.net/${{ env.AZURE_AKS_CACHE_SHARE_NAME }}/${{ env.CACHE_PATH }}?$sas_token" $DEPSHASH.tar
          fi            
        fi
    env:
-      AZURE_AKS_CACHE_SHARE_NAME: linux-cache
-      AZURE_AKS_WIN_CACHE_SHARE_NAME: windows-cache
+      AZURE_AKS_CACHE_STORAGE_ACCOUNT: f723719aa87a34622b5f7f3
+      AZURE_AKS_CACHE_SHARE_NAME: pvc-f6a4089f-b082-4bee-a3f9-c3e1c0c02d8f
+      AZURE_AKS_WIN_CACHE_SHARE_NAME: pvc-71dec4f2-0d44-4fd1-a2c3-add049d70bdf
  - name: Clean SAS Key
    shell: bash
    run: rm -f sas-token
@@ -97,7 +96,7 @@ runs:

      $TEMP_DIR=New-Item -ItemType Directory -Path temp-cache
      $TEMP_DIR_PATH = $TEMP_DIR.FullName
-      C:\ProgramData\Chocolatey\bin\7z.exe -y -snld20 x $src_cache -o"$TEMP_DIR_PATH"
+      C:\ProgramData\Chocolatey\bin\7z.exe -y x $src_cache -o"$TEMP_DIR_PATH"

  - name: Move Src Cache (Windows)
    if: ${{ inputs.target-platform == 'win' }}
--- a/.github/actions/ssh-debug/action.yml
+++ b/.github/actions/ssh-debug/action.yml
@@ -1,20 +0,0 @@
-name: Debug via SSH
-description: Setup a SSH server with a tunnel to access it to debug via SSH.
-inputs:
-  tunnel:
-    description: 'Enable SSH tunneling via cloudflared'
-    required: true
-    default: 'false'
-  timeout:
-    description: 'SSH session timeout in seconds'
-    required: false
-    type: number
-    default: 3600
-runs:
-  using: composite
-  steps:
-    - run: $GITHUB_ACTION_PATH/setup-ssh.sh
-      shell: bash
-      env:
-        TUNNEL: ${{ inputs.tunnel }}
-        TIMEOUT: ${{ inputs.timeout }}
--- a/.github/actions/ssh-debug/bashrc
+++ b/.github/actions/ssh-debug/bashrc
@@ -1,4 +0,0 @@
-# If we're in an interactive SSH session and we're not already in tmux and there's no explicit SSH command, auto attach tmux
-if [ -n "$SSH_TTY" ] && [ -z "$TMUX" ] && [ -z "$SSH_ORIGINAL_COMMAND" ]; then
-    exec tmux attach || exec tmux
-fi
--- a/.github/actions/ssh-debug/setup-ssh.sh
+++ b/.github/actions/ssh-debug/setup-ssh.sh
@@ -1,146 +0,0 @@
-#!/bin/bash -e
-
-if [ "${TUNNEL}" != "true" ]; then
-    echo "SSH tunneling is disabled. Set enable-tunnel: true to enable remote access."
-    echo "Local SSH server would be available on localhost:2222 if this were a local environment."
-    exit 0
-fi
-
-echo ::group::Configuring Tunnel
-
-echo "SSH tunneling enabled. Setting up remote access..."
-
-EXTERNAL_DEPS="curl jq ssh-keygen"
-
-for dep in $EXTERNAL_DEPS; do
-    if ! command -v "${dep}" > /dev/null 2>&1; then
-       echo "Command ${dep} not installed on the system!" >&2
-       exit 1
-    fi
-done
-
-cd "$GITHUB_ACTION_PATH"
-
-bashrc_path=$(pwd)/bashrc
-
-# Source `bashrc` to auto start tmux on SSH login.
-if ! grep -q "${bashrc_path}" ~/.bash_profile; then
-    echo >> ~/.bash_profile # On macOS runner there's no newline at the end of the file
-    echo "source \"${bashrc_path}\"" >> ~/.bash_profile
-fi
-
-OS=$(uname -s | tr '[:upper:]' '[:lower:]')
-ARCH=$(uname -m)
-
-if [ "${ARCH}" = "x86_64" ]; then
-    ARCH="amd64"
-elif [ "${ARCH}" = "aarch64" ]; then
-    ARCH="arm64"
-fi
-
-if [ "${OS}" = "darwin" ] && ! command -v tmux > /dev/null 2>&1; then
-    echo "Installing tmux..."
-    brew install tmux
-fi
-
-if [ "$OS" = "darwin" ]; then
-    cloudflared_url="https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-${OS}-${ARCH}.tgz"
-    echo "Downloading \`cloudflared\` from <$cloudflared_url>..."
-    curl --location --silent --output cloudflared.tgz "${cloudflared_url}"
-    tar xf cloudflared.tgz
-    rm cloudflared.tgz
-fi
-
-chmod +x cloudflared
-
-echo 'Creating SSH server key...'
-ssh-keygen -q -f ssh_host_rsa_key -N ''
-
-echo 'Creating SSH server config...'
-sed "s,\$PWD,${PWD},;s,\$USER,${USER}," sshd_config.template > sshd_config
-
-echo 'Starting SSH server...'
-sudo /usr/sbin/sshd -f sshd_config -D &
-sshd_pid=$!
-
-echo "SSH server started successfully (PID: ${sshd_pid})"
-
-echo 'Starting tmux session...'
-(cd "${GITHUB_WORKSPACE}" && tmux new-session -d -s debug)
-
-mkdir ~/.cloudflared
-CLEAN_TUNNEL_CERT=$(printf '%s\n' "${CLOUDFLARE_TUNNEL_CERT}" | tr -d '\r' | sed '/^[[:space:]]*$/d')
-
-echo "${CLEAN_TUNNEL_CERT}" > ~/.cloudflared/cert.pem
-
-CLEAN_USER_CA_CERT=$(printf '%s\n' "${CLOUDFLARE_USER_CA_CERT}" | tr -d '\r' | sed '/^[[:space:]]*$/d')
-
-echo "${CLEAN_USER_CA_CERT}" | sudo tee /etc/ssh/ca.pub > /dev/null
-sudo chmod 644 /etc/ssh/ca.pub
-
-random_suffix=$(openssl rand -hex 5 | cut -c1-10)
-tunnel_name="${GITHUB_SHA}-${GITHUB_RUN_ID}-${random_suffix}"
-tunnel_url="${tunnel_name}.${CLOUDFLARE_TUNNEL_HOSTNAME}"
-
-if ./cloudflared tunnel list | grep -q "${tunnel_name}"; then
-    echo "Deleting existing tunnel: ${tunnel_name}"
-    ./cloudflared tunnel delete ${tunnel_name}
-fi
-
-echo "Creating new cloudflare tunnel: ${tunnel_name}"
-./cloudflared tunnel create ${tunnel_name}
-
-credentials_file=$(find ~/.cloudflared -name "*.json" | head -n 1)
-if [ -z "${credentials_file}" ]; then
-    echo "Error: Could not find tunnel credentials file"
-    exit 1
-fi
-
-echo "Found credentials file: ${credentials_file}"
-
-echo 'Creating tunnel configuration...'
-cat > tunnel_config.yml << EOF
-tunnel: ${tunnel_name}
-credentials-file: ${credentials_file}
-
-ingress:
-  - hostname: ${tunnel_url}
-    service: ssh://localhost:2222
-  - service: http_status:404
-EOF
-
-echo 'Setting up DNS routing for tunnel...'
-./cloudflared tunnel route dns ${tunnel_name} ${tunnel_url}
-
-echo 'Running cloudflare tunnel...'
-./cloudflared tunnel --no-autoupdate --config tunnel_config.yml run 2>&1 | tee cloudflared.log | sed -u 's/^/cloudflared: /' &
-cloudflared_pid=$!
-
-echo ::endgroup::
-
-echo ::notice title=SSH Debug Session Ready::ssh ${tunnel_url}
-
-
-(
-    echo '    '
-    echo '    '
-    echo '🔗 SSH Debug Session Ready!'
-    echo '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'
-    echo '    '
-    echo '📋 Infra WG can copy and run this command to connect:'
-    echo '    '
-    echo "ssh ${tunnel_url}"
-    echo '    '
-    echo "⏰ Session expires automatically in ${TIMEOUT} seconds"
-    echo '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'
-    echo '    '
-    echo '    '
-) | cat
-
-echo ::group::Starting Background Session
-echo 'Starting SSH session in background...'
-./ssh-session.sh "${sshd_pid}" "${cloudflared_pid}" "${TIMEOUT}" "${tunnel_name}" &
-
-echo 'SSH session is running in background. GitHub Action will continue.'
-echo 'Session will auto-cleanup after timeout or when processes end.'
-echo ::endgroup::
--- a/.github/actions/ssh-debug/ssh-session.sh
+++ b/.github/actions/ssh-debug/ssh-session.sh
@@ -1,52 +0,0 @@
-#!/bin/bash
-
-SSHD_PID=$1
-CLOUDFLARED_PID=$2
-SESSION_TIMEOUT=${3:-10000}
-TUNNEL_NAME=$4
-
-cleanup() {
-    # Kill processes.
-    for pid in "$SLEEP_PID" "$SSHD_PID" "$CLOUDFLARED_PID"; do
-        if [ -n "$pid" ] && kill -0 "$pid" 2>/dev/null; then
-            kill "$pid" 2>/dev/null || true
-        fi
-    done
-
-    # Clean up tunnel.
-    if [ -n "$TUNNEL_NAME" ]; then
-        cd "$GITHUB_ACTION_PATH"
-        ./cloudflared tunnel delete "$TUNNEL_NAME" 2>/dev/null || {
-            echo "Failed to delete tunnel"
-        }
-    fi
-
-    echo "Session ended at $(date)"
-    exit 0
-}
-
-# Trap signals to ensure cleanup.
-trap cleanup SIGTERM SIGINT SIGQUIT SIGHUP EXIT
-
-# Wait for timeout or until processes die.
-sleep "$SESSION_TIMEOUT" &
-SLEEP_PID=$!
-
-# Monitor processes
-while kill -0 "$SLEEP_PID" 2>/dev/null; do
-    # Check SSH daemon.
-    if ! kill -0 "$SSHD_PID" 2>/dev/null; then
-        echo "SSH daemon died at $(date)"
-        break
-    fi
-
-    # Check cloudflared,
-    if ! kill -0 "$CLOUDFLARED_PID" 2>/dev/null; then
-        echo "Cloudflared died at $(date)"
-        break
-    fi
-
-    sleep 10
-done
-
-cleanup
--- a/.github/actions/ssh-debug/sshd_config.template
+++ b/.github/actions/ssh-debug/sshd_config.template
@@ -1,25 +0,0 @@
-Port 2222
-HostKey $PWD/ssh_host_rsa_key
-PidFile $PWD/sshd.pid
-
-# Connection settings
-ClientAliveInterval 30
-ClientAliveCountMax 10
-MaxStartups 10
-LoginGraceTime 120
-
-# Allow TCP forwarding for tunneling
-AllowTcpForwarding yes
-
-# Try to prevent timeouts
-TCPKeepAlive yes
-
-# Security
-TrustedUserCAKeys /etc/ssh/ca.pub
-PubkeyAuthentication yes
-PasswordAuthentication no
-
-AuthorizedPrincipalsCommand /bin/bash -c "echo '%t %k' | ssh-keygen -L -f - | grep -A1 Principals"
-AuthorizedPrincipalsCommandUser nobody
-
-PubkeyAcceptedKeyTypes ssh-rsa,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com
--- a/.github/problem-matchers/clang.json
+++ b/.github/problem-matchers/clang.json
@@ -1,18 +0,0 @@
-{
-  "problemMatcher": [
-    {
-      "owner": "clang",
-      "fromPath": "src/out/Default/args.gn",
-      "pattern": [
-        {
-          "regexp": "^(.+)[(:](\\d+)[:,](\\d+)\\)?:\\s+(warning|error):\\s+(.*)$",
-          "file": 1,
-          "line": 2,
-          "column": 3,
-          "severity": 4,
-          "message": 5
-        }
-      ]
-    }
-  ]
-}
--- a/.github/problem-matchers/eslint-stylish.json
+++ b/.github/problem-matchers/eslint-stylish.json
@@ -1,22 +0,0 @@
-{
-  "problemMatcher": [
-    {
-      "owner": "eslint-stylish",
-      "pattern": [
-        {
-          "regexp": "^\\s*([^\\s].*)$",
-          "file": 1
-        },
-        {
-          "regexp": "^\\s+(\\d+):(\\d+)\\s+(error|warning|info)\\s+(.*)\\s\\s+(.*)$",
-          "line": 1,
-          "column": 2,
-          "severity": 3,
-          "message": 4,
-          "code": 5,
-          "loop": true
-        }
-      ]
-    }
-  ]
-}
--- a/.github/problem-matchers/patch-conflict.json
+++ b/.github/problem-matchers/patch-conflict.json
@@ -1,24 +0,0 @@
-{
-  "problemMatcher": [
-    {
-      "owner": "merge-conflict",
-      "pattern": [
-        {
-          "regexp": "^CONFLICT\\s\\(\\S+\\): (Merge conflict in \\S+)$",
-          "message": 1
-        }
-      ]
-    },
-    {
-      "owner": "patch-conflict",
-      "pattern": [
-        {
-          "regexp": "^error: (patch failed: (\\S+):(\\d+))$",
-          "message": 1,
-          "file": 2,
-          "line": 3
-        }
-      ]
-    }
-  ]
-}
--- a/.github/workflows/archaeologist-dig.yml
+++ b/.github/workflows/archaeologist-dig.yml
@@ -3,23 +3,19 @@ name: Archaeologist
 on:
  pull_request:

-permissions: {}
-
 jobs:
   archaeologist-dig:
    name: Archaeologist Dig
    runs-on: ubuntu-latest
-    permissions:
-      contents: read
    steps:
      - name: Checkout Electron
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.0.2
        with:
          fetch-depth: 0
      - name: Setup Node.js/npm
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
        with:
-          node-version: 22.21.x
+          node-version: 20.19.x
      - name: Setting Up Dig Site
        run: |
          echo "remote: ${{ github.event.pull_request.head.repo.clone_url }}"
@@ -45,7 +41,7 @@ jobs:
          sha-file: .dig-old
          filename: electron.old.d.ts
      - name: Upload artifacts
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 #v5.0.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2
        with:
          name: artifacts
          path: electron/artifacts
--- a/.github/workflows/audit-branch-ci.yml
+++ b/.github/workflows/audit-branch-ci.yml
@@ -1,161 +0,0 @@
-name: Audit CI on Branches
-
-on:
-  workflow_dispatch:
-  schedule:
-    # Run every 2 hours
-    - cron: '0 */2 * * *'
-
-permissions: {}
-
-jobs:
-  audit_branch_ci:
-    name: Audit CI on Branches
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    steps:
-      - name: Setup Node.js
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
-        with:
-          node-version: 22.17.x
-      - name: Sparse checkout repository
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
-        with:
-          sparse-checkout: |
-            .
-            .github
-            .yarn
-      - run: yarn workspaces focus @electron/gha-workflows
-      - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
-        id: audit-errors
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          script: |
-            const { chdir } = require('node:process');
-            chdir('${{ github.workspace }}/.github/workflows');
-
-            const cache = require('@actions/cache');
-            const { ElectronVersions } = require('@electron/fiddle-core');
-
-            const runsWithErrors = [];
-
-            // Only want the most recent workflow run that wasn't skipped or cancelled
-            const isValidWorkflowRun = (run) => !['skipped', 'cancelled'].includes(run.conclusion);
-
-            const versions = await ElectronVersions.create({ ignoreCache: true });
-            const branches = versions.supportedMajors.map((branch) => `${branch}-x-y`);
-
-            for (const branch of ["main", ...branches]) {
-              const latestCheckRuns = new Map();
-              const allCheckRuns = await github.paginate(github.rest.checks.listForRef, {
-                owner: "electron",
-                repo: "electron",
-                ref: branch,
-                status: 'completed',
-              });
-
-              // Sort the check runs by completed_at so that multiple check runs on the
-              // same ref (like a scheduled workflow) only looks at the most recent one
-              for (const checkRun of allCheckRuns.filter(
-                (run) => !['skipped', 'cancelled'].includes(run.conclusion),
-              ).sort((a, b) => new Date(b.completed_at) - new Date(a.completed_at))) {
-                if (!latestCheckRuns.has(checkRun.name)) {
-                  latestCheckRuns.set(checkRun.name, checkRun);
-                }
-              }
-
-              // Check for runs which had error annotations
-              for (const checkRun of Array.from(latestCheckRuns.values())) {
-                if (checkRun.name === "Audit CI on Branches") {
-                  continue; // Skip the audit workflow itself
-                }
-
-                const annotations = (await github.rest.checks.listAnnotations({
-                  owner: "electron",
-                  repo: "electron",
-                  check_run_id: checkRun.id,
-                })).data ?? [];
-
-                if (
-                  annotations.find(
-                    ({ annotation_level, message }) =>
-                      annotation_level === "failure" &&
-                      !message.startsWith("Process completed with exit code") &&
-                      !message.startsWith("Response status code does not indicate success") &&
-                      !message.startsWith("The hosted runner lost communication with the server") &&
-                      !message.startsWith("Dependabot encountered an error performing the update") &&
-                      !/Unable to make request/.test(message) &&
-                      !/The requested URL returned error/.test(message),
-                  )
-                ) {
-                  checkRun.hasErrorAnnotations = true;
-                } else {
-                  continue;
-                }
-
-                // Check if this is a known failure from a previous audit run
-                const cacheKey = `check-run-error-annotations-${checkRun.id}`;
-                const cacheHit =
-                  (await cache.restoreCache(['/dev/null'], cacheKey, undefined, {
-                    lookupOnly: true,
-                  })) !== undefined;
-
-                if (cacheHit) {
-                  checkRun.isStale = true;
-                }
-
-                checkRun.branch = branch;
-                runsWithErrors.push(checkRun);
-  
-                // Create a cache entry (only the name matters) to keep track of
-                // failures we've seen from previous runs to mark them as stale
-                if (!cacheHit) {
-                  await cache.saveCache(['/dev/null'], cacheKey);
-                }
-              }
-            }
-
-            if (runsWithErrors.length > 0) {
-              core.summary.addHeading('⚠️ Runs with Errors');
-              core.summary.addTable([
-                [
-                  { data: 'Branch', header: true },
-                  { data: 'Workflow Run', header: true },
-                  { data: 'Status', header: true },
-                ],
-                ...runsWithErrors
-                  .sort(
-                    (a, b) =>
-                      a.branch.localeCompare(b.branch) ||
-                      a.name.localeCompare(b.name),
-                  )
-                  .map((run) => [
-                    run.branch,
-                    `<a href="${run.html_url}">${run.name}</a>`,
-                    run.isStale
-                      ? '📅 Stale'
-                      : run.hasErrorAnnotations
-                      ? '⚠️ Errors'
-                      : '✅ Succeeded',
-                  ]),
-              ]);
-
-              // Set this as failed so it's easy to scan runs to find failures
-              if (runsWithErrors.find((run) => !run.isStale)) {
-                core.setOutput('errorsFound', true);
-                process.exitCode = 1;
-              }
-            } else {
-              core.summary.addRaw('🎉 No runs with errors');
-            }
-
-            await core.summary.write();
-      - name: Send Slack message if errors
-        if: ${{ always() && steps.audit-errors.outputs.errorsFound && github.ref == 'refs/heads/main' }}
-        uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
-        with:
-          payload: |
-            link: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
-          webhook: ${{ secrets.CI_ERRORS_SLACK_WEBHOOK_URL }}
-          webhook-type: webhook-trigger
--- a/.github/workflows/branch-created.yml
+++ b/.github/workflows/branch-created.yml
@@ -75,7 +75,7 @@ jobs:
          org: electron
      - name: Generate Release Project Board Metadata
        if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        id: generate-project-metadata
        with:
          script: |
--- a/.github/workflows/build-git-cache.yml
+++ b/.github/workflows/build-git-cache.yml
@@ -1,82 +0,0 @@
-name: Build Git Cache
-# This workflow updates git cache on the cross-instance cache volumes
-# It runs daily at midnight.
-
-on:  
-  schedule:
-    - cron: "0 0 * * *"
-
-permissions: {}
-
-jobs:
-  build-git-cache-linux:
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
-    container:
-      image: ghcr.io/electron/build:bc2f48b2415a670de18d13605b1cf0eb5fdbaae1
-      options: --user root
-      volumes:
-        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
-    env:
-      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}      
-      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True'
-    steps:
-    - name: Checkout Electron
-      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
-      with:
-        path: src/electron
-        fetch-depth: 0
-    - name: Build Git Cache
-      uses: ./src/electron/.github/actions/build-git-cache
-      with:
-        target-platform: linux
-
-  build-git-cache-windows:
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
-    container:
-      image: ghcr.io/electron/build:bc2f48b2415a670de18d13605b1cf0eb5fdbaae1
-      options: --user root --device /dev/fuse --cap-add SYS_ADMIN
-      volumes:
-        - /mnt/win-cache:/mnt/win-cache
-    env:
-      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
-      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_win=True'
-      TARGET_OS: 'win'
-    steps:
-    - name: Checkout Electron
-      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
-      with:
-        path: src/electron
-        fetch-depth: 0
-    - name: Build Git Cache
-      uses: ./src/electron/.github/actions/build-git-cache
-      with:
-        target-platform: win
-
-  build-git-cache-macos:
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
-    # This job updates the same git cache as linux, so it needs to run after the linux one.
-    needs: build-git-cache-linux
-    container:
-      image: ghcr.io/electron/build:bc2f48b2415a670de18d13605b1cf0eb5fdbaae1
-      options: --user root
-      volumes:
-        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
-    env:
-      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
-      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_mac=True --custom-var=host_os=mac'
-    steps:
-    - name: Checkout Electron
-      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
-      with:
-        path: src/electron
-        fetch-depth: 0
-    - name: Build Git Cache
-      uses: ./src/electron/.github/actions/build-git-cache
-      with:
-        target-platform: macos
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -6,7 +6,7 @@ on:
      build-image-sha:
        type: string
        description: 'SHA for electron/build image'
-        default: '933c7d6ff6802706875270bec2e3c891cf8add3f'
+        default: '424eedbf277ad9749ffa9219068aa72ed4a5e373'
        required: true
      skip-macos:
        type: boolean
@@ -28,11 +28,6 @@ on:
        description: 'Skip lint check'
        default: false
        required: false
-      enable-ssh:
-        description: 'Enable SSH debugging'
-        required: false
-        type: boolean
-        default: false
  push:
    branches:
      - main
@@ -43,13 +38,10 @@ defaults:
  run:
    shell: bash

-permissions: {}
-
 jobs:
  setup:
    runs-on: ubuntu-latest
    permissions:
-      contents: read
      pull-requests: read
    outputs:
        docs: ${{ steps.filter.outputs.docs }}
@@ -57,7 +49,7 @@ jobs:
        build-image-sha: ${{ steps.set-output.outputs.build-image-sha }}
        docs-only: ${{ steps.set-output.outputs.docs-only }}
    steps:
-    - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.0.2
      with:
        ref: ${{ github.event.pull_request.head.sha }}
    - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
@@ -66,17 +58,13 @@ jobs:
        filters: |
          docs:
            - 'docs/**'
-            - README.md
-            - SECURITY.md
-            - CONTRIBUTING.md
-            - CODE_OF_CONDUCT.md
          src:
            - '!docs/**'
    - name: Set Outputs for Build Image SHA & Docs Only
      id: set-output
      run: |
        if [ -z "${{ inputs.build-image-sha }}" ]; then
-          echo "build-image-sha=933c7d6ff6802706875270bec2e3c891cf8add3f" >> "$GITHUB_OUTPUT"
+          echo "build-image-sha=424eedbf277ad9749ffa9219068aa72ed4a5e373" >> "$GITHUB_OUTPUT"
        else
          echo "build-image-sha=${{ inputs.build-image-sha }}" >> "$GITHUB_OUTPUT"
        fi
@@ -87,30 +75,24 @@ jobs:
    needs: setup
    if: ${{ !inputs.skip-lint }}
    uses: ./.github/workflows/pipeline-electron-lint.yml
-    permissions:
-      contents: read
    with:
      container: '{"image":"ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}","options":"--user root"}'
    secrets: inherit

  # Docs Only Jobs
  docs-only:
-    needs: [setup, checkout-linux]
+    needs: setup
    if: ${{ needs.setup.outputs.docs-only == 'true' }}
    uses: ./.github/workflows/pipeline-electron-docs-only.yml
-    permissions:
-      contents: read
    with:
-      container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
+      container: '{"image":"ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}","options":"--user root"}'
    secrets: inherit

  # Checkout Jobs
  checkout-macos:
    needs: setup
    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-macos}}
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
+    runs-on: electron-arc-linux-amd64-32core
    container:
      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
      options: --user root
@@ -124,7 +106,7 @@ jobs:
      build-image-sha: ${{ needs.setup.outputs.build-image-sha }}
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
@@ -137,10 +119,8 @@ jobs:

  checkout-linux:
    needs: setup
-    if: ${{ !inputs.skip-linux}}
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
+    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-linux}}
+    runs-on: electron-arc-linux-amd64-32core
    container:
      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
      options: --user root
@@ -149,29 +129,24 @@ jobs:
        - /var/run/sas:/var/run/sas
    env:
      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
-      DD_API_KEY: ${{ secrets.DD_API_KEY }}
      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True'
      PATCH_UP_APP_CREDS: ${{ secrets.PATCH_UP_APP_CREDS }}
    outputs:
      build-image-sha: ${{ needs.setup.outputs.build-image-sha}}
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
        ref: ${{ github.event.pull_request.head.sha }}
    - name: Checkout & Sync & Save
      uses: ./src/electron/.github/actions/checkout
-      with:
-        target-platform: linux

  checkout-windows:
    needs: setup
    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
+    runs-on: electron-arc-linux-amd64-32core
    container:
      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
      options: --user root --device /dev/fuse --cap-add SYS_ADMIN
@@ -188,7 +163,7 @@ jobs:
      build-image-sha: ${{ needs.setup.outputs.build-image-sha}}
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
@@ -202,39 +177,32 @@ jobs:
  # GN Check Jobs
  macos-gn-check:
    uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
-    permissions:
-      contents: read
    needs: checkout-macos
    with:
      target-platform: macos
      target-archs: x64 arm64
-      check-runs-on: macos-15
+      check-runs-on: macos-14
      gn-build-type: testing
    secrets: inherit

  linux-gn-check:
    uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
-    permissions:
-      contents: read
    needs: checkout-linux
-    if: ${{ needs.setup.outputs.src == 'true' }}
    with:
      target-platform: linux
      target-archs: x64 arm arm64
-      check-runs-on: electron-arc-centralus-linux-amd64-8core
+      check-runs-on: electron-arc-linux-amd64-8core
      check-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
      gn-build-type: testing
    secrets: inherit

  windows-gn-check:
    uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
-    permissions:
-      contents: read
    needs: checkout-windows
    with:
      target-platform: win
      target-archs: x64 x86 arm64
-      check-runs-on: electron-arc-centralus-linux-amd64-8core
+      check-runs-on: electron-arc-linux-amd64-8core
      check-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-windows.outputs.build-image-sha }}","options":"--user root --device /dev/fuse --cap-add SYS_ADMIN","volumes":["/mnt/win-cache:/mnt/win-cache"]}'
      gn-build-type: testing
    secrets: inherit
@@ -248,15 +216,14 @@ jobs:
    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
    needs: checkout-macos
    with:
-      build-runs-on: macos-15-xlarge
-      test-runs-on: macos-15-large
+      build-runs-on: macos-14-xlarge
+      test-runs-on: macos-13
      target-platform: macos
      target-arch: x64
      is-release: false
      gn-build-type: testing
      generate-symbols: false
      upload-to-storage: '0'
-      enable-ssh: ${{ inputs.enable-ssh || false }}
    secrets: inherit
  
  macos-arm64:
@@ -267,15 +234,14 @@ jobs:
    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
    needs: checkout-macos
    with:
-      build-runs-on: macos-15-xlarge
-      test-runs-on: macos-15
+      build-runs-on: macos-14-xlarge
+      test-runs-on: macos-14
      target-platform: macos
      target-arch: arm64
      is-release: false
      gn-build-type: testing
      generate-symbols: false
      upload-to-storage: '0'
-      enable-ssh: ${{ inputs.enable-ssh || false }}
    secrets: inherit

  linux-x64:
@@ -285,10 +251,9 @@ jobs:
      pull-requests: read
    uses: ./.github/workflows/pipeline-electron-build-and-test-and-nan.yml
    needs: checkout-linux
-    if: ${{ needs.setup.outputs.src == 'true' }}
    with:
-      build-runs-on: electron-arc-centralus-linux-amd64-32core
-      test-runs-on: electron-arc-centralus-linux-amd64-4core
+      build-runs-on: electron-arc-linux-amd64-32core
+      test-runs-on: electron-arc-linux-amd64-4core
      build-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
      test-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init"}'
      target-platform: linux
@@ -306,10 +271,9 @@ jobs:
      pull-requests: read
    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
    needs: checkout-linux
-    if: ${{ needs.setup.outputs.src == 'true' }}
    with:
-      build-runs-on: electron-arc-centralus-linux-amd64-32core
-      test-runs-on: electron-arc-centralus-linux-amd64-4core
+      build-runs-on: electron-arc-linux-amd64-32core
+      test-runs-on: electron-arc-linux-amd64-4core
      build-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
      test-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init"}'
      target-platform: linux
@@ -328,12 +292,11 @@ jobs:
      pull-requests: read
    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
    needs: checkout-linux
-    if: ${{ needs.setup.outputs.src == 'true' }}
    with:
-      build-runs-on: electron-arc-centralus-linux-amd64-32core
-      test-runs-on: electron-arc-centralus-linux-arm64-4core
+      build-runs-on: electron-arc-linux-amd64-32core
+      test-runs-on: electron-arc-linux-arm64-4core
      build-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
-      test-container: '{"image":"ghcr.io/electron/test:arm32v7-${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init --memory=12g","volumes":["/home/runner/externals:/mnt/runner-externals"]}'
+      test-container: '{"image":"ghcr.io/electron/test:arm32v7-${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init","volumes":["/home/runner/externals:/mnt/runner-externals"]}'
      target-platform: linux
      target-arch: arm
      is-release: false
@@ -349,10 +312,9 @@ jobs:
      pull-requests: read
    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
    needs: checkout-linux
-    if: ${{ needs.setup.outputs.src == 'true' }}
    with:
-      build-runs-on: electron-arc-centralus-linux-amd64-32core
-      test-runs-on: ubuntu-22.04-arm
+      build-runs-on: electron-arc-linux-amd64-32core
+      test-runs-on: electron-arc-linux-arm64-4core
      build-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
      test-container: '{"image":"ghcr.io/electron/test:arm64v8-${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init"}'
      target-platform: linux
@@ -372,7 +334,7 @@ jobs:
    needs: checkout-windows
    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
    with:
-      build-runs-on: electron-arc-centralus-windows-amd64-16core
+      build-runs-on: electron-arc-windows-amd64-16core
      test-runs-on: windows-latest
      target-platform: win
      target-arch: x64
@@ -391,7 +353,7 @@ jobs:
    needs: checkout-windows
    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
    with:
-      build-runs-on: electron-arc-centralus-windows-amd64-16core
+      build-runs-on: electron-arc-windows-amd64-16core
      test-runs-on: windows-latest
      target-platform: win
      target-arch: x86
@@ -410,8 +372,8 @@ jobs:
    needs: checkout-windows
    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
    with:
-      build-runs-on: electron-arc-centralus-windows-amd64-16core
-      test-runs-on: windows-11-arm
+      build-runs-on: electron-arc-windows-amd64-16core
+      test-runs-on: electron-hosted-windows-arm64-4core
      target-platform: win
      target-arch: arm64
      is-release: false
@@ -423,8 +385,6 @@ jobs:
  gha-done:
    name: GitHub Actions Completed
    runs-on: ubuntu-latest
-    permissions:
-      contents: read
    needs: [docs-only, macos-x64, macos-arm64, linux-x64, linux-x64-asan, linux-arm, linux-arm64, windows-x64, windows-x86, windows-arm64]
    if: always() && !contains(needs.*.result, 'failure')
    steps: 
--- a/.github/workflows/clean-src-cache.yml
+++ b/.github/workflows/clean-src-cache.yml
@@ -1,20 +1,16 @@
 name: Clean Source Cache

-# Description:
-# This workflow cleans up the source cache on the cross-instance cache volume
-# to free up space. It runs daily at midnight and clears files older than 15 days.
+description: |
+  This workflow cleans up the source cache on the cross-instance cache volume
+  to free up space. It runs daily at midnight and clears files older than 15 days.

 on:
  schedule:
    - cron: "0 0 * * *"

-permissions: {}
-
 jobs:
  clean-src-cache:
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
+    runs-on: electron-arc-linux-amd64-32core
    container:
      image: ghcr.io/electron/build:bc2f48b2415a670de18d13605b1cf0eb5fdbaae1
      options: --user root
--- a/.github/workflows/issue-commented.yml
+++ b/.github/workflows/issue-commented.yml
@@ -10,24 +10,15 @@ permissions: {}
 jobs:
  issue-commented:
    name: Remove blocked/{need-info,need-repro} on comment
-    if: ${{ (contains(github.event.issue.labels.*.name, 'blocked/need-repro') || contains(github.event.issue.labels.*.name, 'blocked/need-info ❌')) && github.event.comment.user.type != 'Bot' }}
+    if: ${{ (contains(github.event.issue.labels.*.name, 'blocked/need-repro') || contains(github.event.issue.labels.*.name, 'blocked/need-info ❌')) && !contains(fromJSON('["MEMBER", "OWNER", "COLLABORATOR"]'), github.event.comment.author_association) && github.event.comment.user.type != 'Bot' }}
    runs-on: ubuntu-latest
    steps:
-      - name: Get author association
-        id: get-author-association
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          AUTHOR_ASSOCIATION=$(gh api /repos/electron/electron/issues/comments/${{ github.event.comment.id }} --jq '.author_association')
-          echo "author_association=$AUTHOR_ASSOCIATION" >> "$GITHUB_OUTPUT"
      - name: Generate GitHub App token
        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
-        if: ${{ !contains(fromJSON('["MEMBER", "OWNER", "COLLABORATOR"]'), steps.get-author-association.outputs.author_association) }}
        id: generate-token
        with:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
      - name: Remove label
-        if: ${{ !contains(fromJSON('["MEMBER", "OWNER", "COLLABORATOR"]'), steps.get-author-association.outputs.author_association) }}
        env:
          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
          ISSUE_URL: ${{ github.event.issue.html_url }}
--- a/.github/workflows/issue-labeled.yml
+++ b/.github/workflows/issue-labeled.yml
@@ -4,15 +4,14 @@ on:
  issues:
    types: [labeled]

-permissions: {}
+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read

 jobs:
  issue-labeled-with-status:
    name: status/{confirmed,reviewed} label added
    if: github.event.label.name == 'status/confirmed' || github.event.label.name == 'status/reviewed'
    runs-on: ubuntu-latest
-    permissions:
-      contents: read
    steps:
      - name: Generate GitHub App token
        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
@@ -32,8 +31,6 @@ jobs:
    name: blocked/* label added
    if: startsWith(github.event.label.name, 'blocked/')
    runs-on: ubuntu-latest
-    permissions:
-      contents: read
    steps:
      - name: Generate GitHub App token
        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
@@ -75,7 +72,7 @@ jobs:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
      - name: Create comment
        if: ${{ steps.check-for-comment.outputs.SHOULD_COMMENT }}
-        uses: actions-cool/issues-helper@9861779a695cf1898bd984c727f685f351cfc372 # v3.7.2
+        uses: actions-cool/issues-helper@a610082f8ac0cf03e357eb8dd0d5e2ba075e017e # v3.6.0
        with:
          actions: 'create-comment'
          token: ${{ steps.generate-token.outputs.token }}
--- a/.github/workflows/issue-opened.yml
+++ b/.github/workflows/issue-opened.yml
@@ -11,7 +11,6 @@ jobs:
  add-to-issue-triage:
    if: ${{ contains(github.event.issue.labels.*.name, 'bug :beetle:') }}
    runs-on: ubuntu-latest
-    permissions: {}
    steps:
      - name: Generate GitHub App token
        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
@@ -29,7 +28,6 @@ jobs:
  set-labels:
    if: ${{ contains(github.event.issue.labels.*.name, 'bug :beetle:') }}
    runs-on: ubuntu-latest
-    permissions: {}
    steps:
      - name: Generate GitHub App token
        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
@@ -37,29 +35,18 @@ jobs:
        with:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
          org: electron
-      - name: Sparse checkout repository
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
-        with:
-          sparse-checkout: |
-            .
-            .github
-            .yarn
-      - run: yarn workspaces focus @electron/gha-workflows
+      - run: npm install @electron/fiddle-core@1.3.3 mdast-util-from-markdown@2.0.0 unist-util-select@5.1.0 semver@7.6.0
      - name: Add labels
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        id: add-labels
        env:
          ISSUE_BODY: ${{ github.event.issue.body }}
        with:
          github-token: ${{ steps.generate-token.outputs.token }}
          script: |
-            const { chdir } = require('node:process');
-            chdir('${{ github.workspace }}/.github/workflows');
-
-            const { ElectronVersions } = require('@electron/fiddle-core');
-            const { fromMarkdown } = require('mdast-util-from-markdown');
-            const { select } = require('unist-util-select');
-            const semver = require('semver');
+            const { fromMarkdown } = await import('${{ github.workspace }}/node_modules/mdast-util-from-markdown/index.js');
+            const { select } = await import('${{ github.workspace }}/node_modules/unist-util-select/index.js');
+            const semver = await import('${{ github.workspace }}/node_modules/semver/index.js');

            const [ owner, repo ] = '${{ github.repository }}'.split('/');
            const issue_number = ${{ github.event.issue.number }};
@@ -73,8 +60,6 @@ jobs:
              // It's possible for multiple versions to be listed -
              // for now check for comma or space separated version.
              const versions = electronVersion.split(/, | /);
-              let hasSupportedVersion = false;
-
              for (const version of versions) {
                const major = semver.coerce(version, { loose: true })?.major;
                if (major) {
@@ -90,19 +75,19 @@ jobs:
                    labelExists = true;
                  } catch {}

-                  const electronVersions = await ElectronVersions.create(undefined, { ignoreCache: true });
-                  const validVersions = [...electronVersions.supportedMajors, ...electronVersions.prereleaseMajors];
+                  if (labelExists) {
+                    // Check if it's an unsupported major
+                    const { ElectronVersions } = await import('${{ github.workspace }}/node_modules/@electron/fiddle-core/dist/index.js');
+                    const versions = await ElectronVersions.create(undefined, { ignoreCache: true });

-                  if (validVersions.includes(major)) {
-                    hasSupportedVersion = true;
-                    if (labelExists) {
+                    const validVersions = [...versions.supportedMajors, ...versions.prereleaseMajors];
+                    if (validVersions.includes(major)) {
                      labels.push(versionLabel);
                    }
                  }
                }
              }
-
-              if (!hasSupportedVersion) {
+              if (labels.length === 0) {
                core.setOutput('unsupportedMajor', true);
                labels.push('blocked/need-info ❌');
              }
@@ -146,7 +131,7 @@ jobs:
            }
      - name: Create unsupported major comment
        if: ${{ steps.add-labels.outputs.unsupportedMajor }}
-        uses: actions-cool/issues-helper@9861779a695cf1898bd984c727f685f351cfc372 # v3.7.2
+        uses: actions-cool/issues-helper@a610082f8ac0cf03e357eb8dd0d5e2ba075e017e # v3.6.0
        with:
          actions: 'create-comment'
          token: ${{ steps.generate-token.outputs.token }}
--- a/.github/workflows/issue-transferred.yml
+++ b/.github/workflows/issue-transferred.yml
@@ -10,7 +10,6 @@ jobs:
  issue-transferred:
    name: Issue Transferred
    runs-on: ubuntu-latest
-    permissions: {}
    if: ${{ !github.event.changes.new_repository.private }}
    steps:
      - name: Generate GitHub App token
--- a/.github/workflows/issue-unlabeled.yml
+++ b/.github/workflows/issue-unlabeled.yml
@@ -4,15 +4,14 @@ on:
  issues:
    types: [unlabeled]

-permissions: {}
+permissions:
+  contents: read

 jobs:
  issue-unlabeled-blocked:
    name: All blocked/* labels removed
    if: startsWith(github.event.label.name, 'blocked/') && github.event.issue.state == 'open'
    runs-on: ubuntu-latest
-    permissions:
-      contents: read
    steps:
      - name: Check for any blocked labels
        id: check-for-blocked-labels
--- a/.github/workflows/linux-publish.yml
+++ b/.github/workflows/linux-publish.yml
@@ -6,7 +6,7 @@ on:
      build-image-sha:
        type: string
        description: 'SHA for electron/build image'
-        default: '933c7d6ff6802706875270bec2e3c891cf8add3f'
+        default: '424eedbf277ad9749ffa9219068aa72ed4a5e373'
      upload-to-storage:
        description: 'Uploads to Azure storage'
        required: false
@@ -17,13 +17,9 @@ on:
        type: boolean
        default: false

-permissions: {}
-
 jobs:
  checkout-linux:
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
+    runs-on: electron-arc-linux-amd64-32core
    container:
      image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
      options: --user root
@@ -35,7 +31,7 @@ jobs:
      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True'
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
@@ -44,51 +40,48 @@ jobs:

  publish-x64:
    uses: ./.github/workflows/pipeline-segment-electron-build.yml
-    permissions:
-      contents: read
    needs: checkout-linux
    with:
      environment: production-release
-      build-runs-on: electron-arc-centralus-linux-amd64-32core
+      build-runs-on: electron-arc-linux-amd64-32core
      build-container: '{"image":"ghcr.io/electron/build:${{ inputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
      target-platform: linux
      target-arch: x64
      is-release: true
      gn-build-type: release
      generate-symbols: true
+      strip-binaries: true
      upload-to-storage: ${{ inputs.upload-to-storage }}
    secrets: inherit

  publish-arm:
    uses: ./.github/workflows/pipeline-segment-electron-build.yml
-    permissions:
-      contents: read
    needs: checkout-linux
    with:
      environment: production-release
-      build-runs-on: electron-arc-centralus-linux-amd64-32core
+      build-runs-on: electron-arc-linux-amd64-32core
      build-container: '{"image":"ghcr.io/electron/build:${{ inputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
      target-platform: linux
      target-arch: arm
      is-release: true
      gn-build-type: release
      generate-symbols: true
+      strip-binaries: true
      upload-to-storage: ${{ inputs.upload-to-storage }}
    secrets: inherit

  publish-arm64:
    uses: ./.github/workflows/pipeline-segment-electron-build.yml
-    permissions:
-      contents: read
    needs: checkout-linux
    with:
      environment: production-release
-      build-runs-on: electron-arc-centralus-linux-amd64-32core
+      build-runs-on: electron-arc-linux-amd64-32core
      build-container: '{"image":"ghcr.io/electron/build:${{ inputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
      target-platform: linux
      target-arch: arm64
      is-release: true
      gn-build-type: release
      generate-symbols: true
+      strip-binaries: true
      upload-to-storage: ${{ inputs.upload-to-storage }}
    secrets: inherit
--- a/.github/workflows/macos-disk-cleanup.yml
+++ b/.github/workflows/macos-disk-cleanup.yml
@@ -1,104 +0,0 @@
-name: macOS Disk Space Cleanup
-
-# Description:
-# This workflow runs the disk space reclaimer on macOS runners every night
-# and logs disk space metrics to Datadog for monitoring.
-
-on:
-  schedule:
-    - cron: "0 0 * * *"
-  workflow_dispatch:
-
-permissions: {}
-
-jobs:
-  macos-disk-cleanup:
-    strategy:
-      fail-fast: false
-      matrix:
-        runner:
-          - macos-15
-          - macos-15-large
-          - macos-15-xlarge
-    runs-on: ${{ matrix.runner }}
-    permissions:
-      contents: read
-    steps:
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          sparse-checkout: |
-            .github/actions/free-space-macos
-          sparse-checkout-cone-mode: false
-
-      - name: Get Disk Space Before Cleanup
-        id: disk-before
-        shell: bash
-        run: |
-          echo "Disk space before cleanup:"
-          df -h /
-          FREE_SPACE_BEFORE=$(df -k / | tail -1 | awk '{print $4}')
-          echo "free_kb=$FREE_SPACE_BEFORE" >> $GITHUB_OUTPUT
-
-      - name: Free Space on macOS
-        uses: ./.github/actions/free-space-macos
-
-      - name: Get Disk Space After Cleanup
-        id: disk-after
-        shell: bash
-        run: |
-          echo "Disk space after cleanup:"
-          df -h /
-          FREE_SPACE_AFTER=$(df -k / | tail -1 | awk '{print $4}')
-          echo "free_kb=$FREE_SPACE_AFTER" >> $GITHUB_OUTPUT
-
-      - name: Log Disk Space to Datadog
-        if: ${{ env.DD_API_KEY != '' }}
-        shell: bash
-        env:
-          DD_API_KEY: ${{ secrets.DD_API_KEY }}
-          FREE_BEFORE: ${{ steps.disk-before.outputs.free_kb }}
-          FREE_AFTER: ${{ steps.disk-after.outputs.free_kb }}
-          MATRIX_RUNNER: ${{ matrix.runner }}
-        run: |
-          TIMESTAMP=$(date +%s)
-          FREE_BEFORE_GB=$(echo "scale=2; $FREE_BEFORE / 1024 / 1024" | bc)
-          FREE_AFTER_GB=$(echo "scale=2; $FREE_AFTER / 1024 / 1024" | bc)
-          SPACE_FREED_GB=$(echo "scale=2; ($FREE_AFTER - $FREE_BEFORE) / 1024 / 1024" | bc)
-
-          echo "Free space before: ${FREE_BEFORE_GB}GB"
-          echo "Free space after: ${FREE_AFTER_GB}GB"
-          echo "Space freed: ${SPACE_FREED_GB}GB"
-
-          curl -s -X POST "https://api.datadoghq.com/api/v2/series" \
-            -H "Content-Type: application/json" \
-            -H "DD-API-KEY: ${DD_API_KEY}" \
-            -d @- << EOF
-          {
-            "series": [
-              {
-                "metric": "electron.macos.disk.free_space_before_cleanup_gb",
-                "points": [{"timestamp": ${TIMESTAMP}, "value": ${FREE_BEFORE_GB}}],
-                "type": 3,
-                "unit": "gigabyte",
-                "tags": ["runner:${MATRIX_RUNNER}", "platform:macos"]
-              },
-              {
-                "metric": "electron.macos.disk.free_space_after_cleanup_gb",
-                "points": [{"timestamp": ${TIMESTAMP}, "value": ${FREE_AFTER_GB}}],
-                "type": 3,
-                "unit": "gigabyte",
-                "tags": ["runner:${MATRIX_RUNNER}", "platform:macos"]
-              },
-              {
-                "metric": "electron.macos.disk.space_freed_gb",
-                "points": [{"timestamp": ${TIMESTAMP}, "value": ${SPACE_FREED_GB}}],
-                "type": 3,
-                "unit": "gigabyte",
-                "tags": ["runner:${MATRIX_RUNNER}", "platform:macos"]
-              }
-            ]
-          }
-          EOF
-
-          echo "Disk space metrics logged to Datadog"
--- a/.github/workflows/macos-publish.yml
+++ b/.github/workflows/macos-publish.yml
@@ -6,7 +6,7 @@ on:
      build-image-sha:
        type: string
        description: 'SHA for electron/build image'
-        default: '933c7d6ff6802706875270bec2e3c891cf8add3f'
+        default: '424eedbf277ad9749ffa9219068aa72ed4a5e373'
        required: true
      upload-to-storage:
        description: 'Uploads to Azure storage'
@@ -18,13 +18,9 @@ on:
        type: boolean
        default: false

-permissions: {}
-
 jobs:
  checkout-macos:
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
+    runs-on: electron-arc-linux-amd64-32core
    container:
      image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
      options: --user root
@@ -36,7 +32,7 @@ jobs:
      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_mac=True --custom-var=host_os=mac'
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
@@ -48,12 +44,10 @@ jobs:

  publish-x64-darwin:
    uses: ./.github/workflows/pipeline-segment-electron-build.yml
-    permissions:
-      contents: read
    needs: checkout-macos
    with:
      environment: production-release
-      build-runs-on: macos-15-xlarge
+      build-runs-on: macos-14-xlarge
      target-platform: macos
      target-arch: x64
      target-variant: darwin
@@ -65,12 +59,10 @@ jobs:

  publish-x64-mas:
    uses: ./.github/workflows/pipeline-segment-electron-build.yml
-    permissions:
-      contents: read
    needs: checkout-macos
    with:
      environment: production-release
-      build-runs-on: macos-15-xlarge
+      build-runs-on: macos-14-xlarge
      target-platform: macos
      target-arch: x64
      target-variant: mas
@@ -82,12 +74,10 @@ jobs:

  publish-arm64-darwin:
    uses: ./.github/workflows/pipeline-segment-electron-build.yml
-    permissions:
-      contents: read
    needs: checkout-macos
    with:
      environment: production-release
-      build-runs-on: macos-15-xlarge
+      build-runs-on: macos-14-xlarge
      target-platform: macos
      target-arch: arm64
      target-variant: darwin
@@ -99,12 +89,10 @@ jobs:

  publish-arm64-mas:
    uses: ./.github/workflows/pipeline-segment-electron-build.yml
-    permissions:
-      contents: read
    needs: checkout-macos
    with:
      environment: production-release
-      build-runs-on: macos-15-xlarge
+      build-runs-on: macos-14-xlarge
      target-platform: macos
      target-arch: arm64
      target-variant: mas
--- a/.github/workflows/non-maintainer-dependency-change.yml
+++ b/.github/workflows/non-maintainer-dependency-change.yml
@@ -1,40 +1,30 @@
-name: Check for Disallowed Non-Maintainer Change
+name: Check for Non-Maintainer Dependency Change

 on:
  pull_request_target:
    paths:
      - 'yarn.lock'
      - 'spec/yarn.lock'
-      - '.github/workflows/**'
-      - '.github/actions/**'

 permissions: {}

 jobs:
  check-for-non-maintainer-dependency-change:
-    name: Check for disallowed non-maintainer change
-    if: ${{ github.event.pull_request.user.type != 'Bot' && !github.event.pull_request.draft }}
+    name: Check for non-maintainer dependency change
+    if: ${{ !contains(fromJSON('["MEMBER", "OWNER"]'), github.event.pull_request.author_association) && github.event.pull_request.user.type != 'Bot' && !github.event.pull_request.draft }}
    permissions:
      contents: read
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
-      - name: Get author association
-        id: get-author-association
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          AUTHOR_ASSOCIATION=$(gh api /repos/electron/electron/pulls/${{ github.event.pull_request.number }} --jq '.author_association')
-          echo "author_association=$AUTHOR_ASSOCIATION" >> "$GITHUB_OUTPUT"
      - name: Check for existing review
        id: check-for-review
-        if: ${{ !contains(fromJSON('["MEMBER", "OWNER"]'), steps.get-author-association.outputs.author_association) }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          PR_URL: ${{ github.event.pull_request.html_url }}
        run: |
          set -eo pipefail
-          REVIEW_COUNT=$(gh pr view $PR_URL --json reviews | jq '[ .reviews[] | select(.author.login == "github-actions") | select(.body | startswith("<!-- disallowed-non-maintainer-change -->")) ] | length')
+          REVIEW_COUNT=$(gh pr view $PR_URL --json reviews | jq '[ .reviews[] | select(.author.login == "github-actions") | select(.body | startswith("<!-- no-dependency-change -->")) ] | length')
          if [[ $REVIEW_COUNT -eq 0 ]]; then
            echo "SHOULD_REVIEW=1" >> "$GITHUB_OUTPUT"
          fi
@@ -44,4 +34,4 @@ jobs:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          PR_URL: ${{ github.event.pull_request.html_url }}
        run: |
-          printf "<!-- disallowed-non-maintainer-change -->\n\nHello @${{ github.event.pull_request.user.login }}! It looks like this pull request touches one of our dependency or CI files, and per [our contribution policy](https://github.com/electron/electron/blob/main/CONTRIBUTING.md#dependencies-upgrades-policy) we do not accept these types of changes in PRs." | gh pr review $PR_URL -r --body-file=-
+          printf "<!-- no-dependency-change -->\n\nHello @${{ github.event.pull_request.user.login }}! It looks like this pull request touches one of our dependency files, and per [our contribution policy](https://github.com/electron/electron/blob/main/CONTRIBUTING.md#dependencies-upgrades-policy) we do not accept these types of changes in PRs." | gh pr review $PR_URL -r --body-file=-
--- a/.github/workflows/package.json
+++ b/.github/workflows/package.json
@@ -1,13 +0,0 @@
-{
-  "name": "@electron/gha-workflows",
-  "version": "0.0.0-development",
-  "private": true,
-  "type": "module",
-  "dependencies": {
-    "@actions/cache": "^4.0.3",
-    "@electron/fiddle-core": "^2.0.1",
-    "mdast-util-from-markdown": "^2.0.0",
-    "semver": "^7.7.2",
-    "unist-util-select": "^5.1.0"
-  }
-}
--- a/.github/workflows/pipeline-electron-build-and-test-and-nan.yml
+++ b/.github/workflows/pipeline-electron-build-and-test-and-nan.yml
@@ -55,8 +55,6 @@ on:
        type: boolean
        default: false

-permissions: {}
-
 concurrency:
  group: electron-build-and-test-and-nan-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
  cancel-in-progress: ${{ github.ref_protected != true }}
@@ -64,8 +62,6 @@ concurrency:
 jobs:
  build:
    uses: ./.github/workflows/pipeline-segment-electron-build.yml
-    permissions:
-      contents: read
    with:
      build-runs-on: ${{ inputs.build-runs-on }}
      build-container: ${{ inputs.build-container }}
@@ -78,10 +74,6 @@ jobs:
    secrets: inherit
  test:
    uses: ./.github/workflows/pipeline-segment-electron-test.yml
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
    needs: build
    with:
      target-arch: ${{ inputs.target-arch }}
@@ -91,8 +83,6 @@ jobs:
    secrets: inherit
  nn-test:
    uses: ./.github/workflows/pipeline-segment-node-nan-test.yml
-    permissions:
-      contents: read
    needs: build
    with:
      target-arch: ${{ inputs.target-arch }}
--- a/.github/workflows/pipeline-electron-build-and-test.yml
+++ b/.github/workflows/pipeline-electron-build-and-test.yml
@@ -54,23 +54,19 @@ on:
        required: false
        type: boolean
        default: false
-      enable-ssh:
-        description: 'Enable SSH debugging'
-        required: false
-        type: boolean
-        default: false

 concurrency:
  group: electron-build-and-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
  cancel-in-progress: ${{ github.ref_protected != true }}

-permissions: {}
+permissions:
+  contents: read
+  issues: read
+  pull-requests: read  

 jobs:
  build:
    uses: ./.github/workflows/pipeline-segment-electron-build.yml
-    permissions:
-      contents: read
    with:
      build-runs-on: ${{ inputs.build-runs-on }}
      build-container: ${{ inputs.build-container }}
@@ -80,21 +76,15 @@ jobs:
      gn-build-type: ${{ inputs.gn-build-type }}
      generate-symbols: ${{ inputs.generate-symbols }}
      upload-to-storage: ${{ inputs.upload-to-storage }}
-      is-asan: ${{ inputs.is-asan }}
-      enable-ssh: ${{ inputs.enable-ssh }}
+      is-asan: ${{ inputs.is-asan}}
    secrets: inherit
  test:
    uses: ./.github/workflows/pipeline-segment-electron-test.yml
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
    needs: build
    with:
      target-arch: ${{ inputs.target-arch }}
      target-platform: ${{ inputs.target-platform }}
      test-runs-on: ${{ inputs.test-runs-on }}
      test-container: ${{ inputs.test-container }}
-      is-asan: ${{ inputs.is-asan }}
-      enable-ssh: ${{ inputs.enable-ssh }}
+      is-asan: ${{ inputs.is-asan}}
    secrets: inherit
--- a/.github/workflows/pipeline-electron-docs-only.yml
+++ b/.github/workflows/pipeline-electron-docs-only.yml
@@ -8,42 +8,19 @@ on:
        description: 'Container to run the docs-only ts compile in'
        type: string

-permissions: {}
-
 concurrency:
  group: electron-docs-only-${{ github.ref }}
  cancel-in-progress: true

-env:  
-  GCLIENT_EXTRA_ARGS: --custom-var=checkout_arm=True --custom-var=checkout_arm64=True
-
 jobs:
  docs-only:
    name: Docs Only Compile
-    runs-on: electron-arc-centralus-linux-amd64-4core
-    permissions:
-      contents: read
+    runs-on: electron-arc-linux-amd64-4core
    timeout-minutes: 20
    container: ${{ fromJSON(inputs.container) }}
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
-      with:
-        path: src/electron
-        fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Generate DEPS Hash
-      run: |
-        node src/electron/script/generate-deps-hash.js
-        DEPSHASH=v1-src-cache-$(cat src/electron/.depshash)
-        echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
-        echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
-    - name: Restore src cache via AKS
-      uses: ./src/electron/.github/actions/restore-cache-aks
-      with:
-        target-platform: linux
-    - name: Checkout Electron
-      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
@@ -54,12 +31,12 @@ jobs:
      shell: bash
      run: |
        cd src/electron
-        node script/yarn.js create-typescript-definitions
-        node script/yarn.js tsc -p tsconfig.default_app.json --noEmit
+        node script/yarn create-typescript-definitions
+        node script/yarn tsc -p tsconfig.default_app.json --noEmit
        for f in build/webpack/*.js
        do
            out="${f:29}"
            if [ "$out" != "base.js" ]; then
-            node script/yarn.js webpack --config $f --output-filename=$out --output-path=./.tmp --env mode=development
+            node script/yarn webpack --config $f --output-filename=$out --output-path=./.tmp --env mode=development
            fi
        done
--- a/.github/workflows/pipeline-electron-lint.yml
+++ b/.github/workflows/pipeline-electron-lint.yml
@@ -8,8 +8,6 @@ on:
        description: 'Container to run lint in'
        type: string

-permissions: {}
-
 concurrency:
  group: electron-lint-${{ github.ref_protected == true && github.run_id || github.ref }}
  cancel-in-progress: ${{ github.ref_protected != true }}
@@ -20,14 +18,12 @@ env:
 jobs:
  lint:
    name: Lint
-    runs-on: electron-arc-centralus-linux-amd64-4core
-    permissions:
-      contents: read
+    runs-on: electron-arc-linux-amd64-4core
    timeout-minutes: 20
    container: ${{ fromJSON(inputs.container) }}
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
@@ -65,9 +61,6 @@ jobs:
        curl -sL "https://chromium.googlesource.com/chromium/src/+/${chromium_revision}/buildtools/DEPS?format=TEXT" | base64 -d > src/buildtools/DEPS

        gclient sync --spec="solutions=[{'name':'src/buildtools','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':True},'managed':False}]"
-    - name: Add ESLint problem matcher
-      shell: bash
-      run: echo "::add-matcher::src/electron/.github/problem-matchers/eslint-stylish.json"
    - name: Run Lint
      shell: bash
      run: |
@@ -78,11 +71,11 @@ jobs:
        # but then we would lint its contents (at least gn format), and it doesn't pass it.

        cd src/electron
-        node script/yarn.js install --immutable
-        node script/yarn.js lint
+        node script/yarn install --frozen-lockfile
+        node script/yarn lint
    - name: Run Script Typechecker
      shell: bash
      run: |
        cd src/electron
-        node script/yarn.js tsc -p tsconfig.script.json
+        node script/yarn tsc -p tsconfig.script.json
    
--- a/.github/workflows/pipeline-segment-electron-build.yml
+++ b/.github/workflows/pipeline-segment-electron-build.yml
@@ -48,18 +48,17 @@ on:
        required: true
        type: string
        default: '0'
+      strip-binaries: 
+        description: 'Strip the binaries before release (Linux only)'
+        required: false
+        type: boolean
+        default: false
      is-asan: 
        description: 'Building the Address Sanitizer (ASan) Linux build'
        required: false
        type: boolean
        default: false
-      enable-ssh:
-        description: 'Enable SSH debugging'
-        required: false
-        type: boolean
-        default: false

-permissions: {}

 concurrency:
  group: electron-build-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ inputs.target-variant }}-${{ inputs.is-asan }}-${{ github.ref_protected == true && github.run_id || github.ref }}
@@ -68,14 +67,12 @@ concurrency:
 env:
  CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
  CHROMIUM_GIT_COOKIE_WINDOWS_STRING: ${{ secrets.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }}
-  DD_API_KEY: ${{ secrets.DD_API_KEY }}
  ELECTRON_ARTIFACTS_BLOB_STORAGE: ${{ secrets.ELECTRON_ARTIFACTS_BLOB_STORAGE }}
  ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
  SUDOWOODO_EXCHANGE_URL: ${{ secrets.SUDOWOODO_EXCHANGE_URL }}
  SUDOWOODO_EXCHANGE_TOKEN: ${{ secrets.SUDOWOODO_EXCHANGE_TOKEN }}
  GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' && '--custom-var=checkout_mac=True --custom-var=host_os=mac' || inputs.target-platform == 'win' && '--custom-var=checkout_win=True' || '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' }}
  ELECTRON_OUT_DIR: Default
-  ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }}

 jobs:
  build:
@@ -83,34 +80,20 @@ jobs:
      run:
        shell: bash
    runs-on: ${{ inputs.build-runs-on }}
-    permissions:
-      contents: read
    container: ${{ fromJSON(inputs.build-container) }}
    environment: ${{ inputs.environment }}
    env:
      TARGET_ARCH: ${{ inputs.target-arch }}
-      TARGET_PLATFORM: ${{ inputs.target-platform }}
    steps:
    - name: Create src dir
      run: |
        mkdir src
    - name: Checkout Electron
-      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Setup SSH Debugging
-      if: ${{ inputs.target-platform == 'macos' && (inputs.enable-ssh || env.ACTIONS_STEP_DEBUG == 'true') }}
-      uses: ./src/electron/.github/actions/ssh-debug
-      with:
-        tunnel: 'true'
-      env:
-        CLOUDFLARE_TUNNEL_CERT: ${{ secrets.CLOUDFLARE_TUNNEL_CERT }}
-        CLOUDFLARE_TUNNEL_HOSTNAME: ${{ vars.CLOUDFLARE_TUNNEL_HOSTNAME }}
-        CLOUDFLARE_USER_CA_CERT: ${{ secrets.CLOUDFLARE_USER_CA_CERT }}
-        AUTHORIZED_USERS: ${{ secrets.SSH_DEBUG_AUTHORIZED_USERS }}
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    - name: Free up space (macOS)
      if: ${{ inputs.target-platform == 'macos' }}
      uses: ./src/electron/.github/actions/free-space-macos
@@ -119,9 +102,9 @@ jobs:
      run: df -h
    - name: Setup Node.js/npm
      if: ${{ inputs.target-platform == 'macos' }}
-      uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
+      uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
      with:
-        node-version: 22.21.x
+        node-version: 20.19.x
        cache: yarn
        cache-dependency-path: src/electron/yarn.lock
    - name: Install Dependencies
@@ -163,7 +146,7 @@ jobs:
      if: ${{ inputs.target-platform == 'linux' }}
      uses: ./src/electron/.github/actions/restore-cache-aks
    - name: Checkout Electron
-      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
@@ -177,7 +160,7 @@ jobs:
        ELECTRON_DEPOT_TOOLS_DISABLE_LOG: true
    - name: Init Build Tools
      run: |
-        e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }} --import ${{ inputs.gn-build-type }} --target-cpu ${{ inputs.target-arch }} --remote-build siso
+        e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }} --import ${{ inputs.gn-build-type }} --target-cpu ${{ inputs.target-arch }}
    - name: Run Electron Only Hooks
      run: |
        e d gclient runhooks --spec="solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False},'managed':False}]"
@@ -187,6 +170,9 @@ jobs:
        echo "DEPSHASH=$(cat src/electron/.depshash)" >> $GITHUB_ENV
    - name: Add CHROMIUM_BUILDTOOLS_PATH to env
      run: echo "CHROMIUM_BUILDTOOLS_PATH=$(pwd)/src/buildtools" >> $GITHUB_ENV
+    - name: Setup Number of Ninja Processes
+      run: |
+        echo "NUMBER_OF_NINJA_PROCESSES=${{ inputs.target-platform != 'macos' && '300' || '200' }}" >> $GITHUB_ENV
    - name: Free up space (macOS)
      if: ${{ inputs.target-platform == 'macos' }}
      uses: ./src/electron/.github/actions/free-space-macos
@@ -199,6 +185,7 @@ jobs:
        artifact-platform: ${{ inputs.target-platform == 'macos' && 'darwin' || inputs.target-platform }}
        is-release: '${{ inputs.is-release }}'
        generate-symbols: '${{ inputs.generate-symbols }}'
+        strip-binaries: '${{ inputs.strip-binaries }}'
        upload-to-storage: '${{ inputs.upload-to-storage }}'
        is-asan: '${{ inputs.is-asan }}'
    - name: Set GN_EXTRA_ARGS for MAS Build
--- a/.github/workflows/pipeline-segment-electron-gn-check.yml
+++ b/.github/workflows/pipeline-segment-electron-gn-check.yml
@@ -26,8 +26,6 @@ on:
        type: string
        default: testing

-permissions: {}
-
 concurrency:
  group: electron-gn-check-${{ inputs.target-platform }}-${{ github.ref }}
  cancel-in-progress: true
@@ -43,12 +41,10 @@ jobs:
      run:
        shell: bash
    runs-on: ${{ inputs.check-runs-on }}
-    permissions:
-      contents: read
    container: ${{ fromJSON(inputs.check-container) }}
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
@@ -115,7 +111,7 @@ jobs:
    - name: Add CHROMIUM_BUILDTOOLS_PATH to env
      run: echo "CHROMIUM_BUILDTOOLS_PATH=$(pwd)/src/buildtools" >> $GITHUB_ENV
    - name: Checkout Electron
-      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
--- a/.github/workflows/pipeline-segment-electron-test.yml
+++ b/.github/workflows/pipeline-segment-electron-test.yml
@@ -25,24 +25,21 @@ on:
        required: false
        type: boolean
        default: false
-      enable-ssh:
-        description: 'Enable SSH debugging'
-        required: false
-        type: boolean
-        default: false

 concurrency:
  group: electron-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ inputs.is-asan }}-${{ github.ref_protected == true && github.run_id || github.ref }}
  cancel-in-progress: ${{ github.ref_protected != true }}

-permissions: {}
+permissions:
+  contents: read
+  issues: read
+  pull-requests: read

 env:
  CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
  CHROMIUM_GIT_COOKIE_WINDOWS_STRING: ${{ secrets.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }}
  ELECTRON_OUT_DIR: Default
  ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
-  ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }}

 jobs:
  test:
@@ -50,10 +47,6 @@ jobs:
      run:
        shell: bash
    runs-on: ${{ inputs.test-runs-on }}
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
    container: ${{ fromJSON(inputs.test-container) }}
    strategy:
      fail-fast: false
@@ -69,16 +62,29 @@ jobs:
      if: ${{ inputs.target-arch == 'arm' && inputs.target-platform == 'linux' }}
      run: |
        cp $(which node) /mnt/runner-externals/node20/bin/
-        cp $(which node) /mnt/runner-externals/node24/bin/
+    - name: Install Git on Windows arm64 runners
+      if: ${{ inputs.target-arch == 'arm64' && inputs.target-platform == 'win' }}
+      shell: powershell
+      run: |
+        Set-ExecutionPolicy Bypass -Scope Process -Force
+        [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
+        iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
+        choco install -y --no-progress git.install --params "'/GitAndUnixToolsOnPath'"
+        choco install -y --no-progress git
+        choco install -y --no-progress python --version 3.11.9
+        choco install -y --no-progress visualstudio2022-workload-vctools --package-parameters "--add Microsoft.VisualStudio.Component.VC.Tools.ARM64"
+        echo "C:\Program Files\Git\cmd" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
+        echo "C:\Program Files\Git\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
+        echo "C:\Python311" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
+        cp "C:\Python311\python.exe" "C:\Python311\python3.exe"
    - name: Setup Node.js/npm
      if: ${{ inputs.target-platform == 'win' }}
-      uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
+      uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
      with:
-        node-version: 22.21.x
+        node-version: 20.19.x
    - name: Add TCC permissions on macOS
      if: ${{ inputs.target-platform == 'macos' }}
      run: |
-        epochdate=$(($(date +'%s * 1000 + %-N / 1000000')))
        configure_user_tccdb () {
          local values=$1
          local dbPath="$HOME/Library/Application Support/com.apple.TCC/TCC.db"
@@ -94,17 +100,14 @@ jobs:
        }

        userValuesArray=(
+            "'kTCCServiceMicrophone','/usr/local/opt/runner/provisioner/provisioner',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159"
            "'kTCCServiceCamera','/usr/local/opt/runner/provisioner/provisioner',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159"
            "'kTCCServiceBluetoothAlways','/usr/local/opt/runner/provisioner/provisioner',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159"
-            "'kTCCServiceAppleEvents','/usr/local/opt/runner/provisioner/provisioner',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159"
-            "'kTCCServiceCamera','/opt/hca/hosted-compute-agent',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159"
-            "'kTCCServiceBluetoothAlways','/opt/hca/hosted-compute-agent',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159"
-            "'kTCCServiceScreenCapture','/bin/bash',1,2,3,1,NULL,NULL,NULL,'UNUSED',NULL,0,$epochdate"
        )
        for values in "${userValuesArray[@]}"; do
          # Sonoma and higher have a few extra values
          # Ref: https://github.com/actions/runner-images/blob/main/images/macos/scripts/build/configure-tccdb-macos.sh
-          if [ "$OSTYPE" = "darwin23" ] || [ "$OSTYPE" = "darwin24" ]; then
+          if [ "$OSTYPE" = "darwin23" ]; then
            configure_user_tccdb "$values,NULL,NULL,'UNUSED',${values##*,}"
            configure_sys_tccdb "$values,NULL,NULL,'UNUSED',${values##*,}"
          else
@@ -115,32 +118,12 @@ jobs:
    - name: Turn off the unexpectedly quit dialog on macOS
      if: ${{ inputs.target-platform == 'macos' }}
      run: defaults write com.apple.CrashReporter DialogType server
-    - name: Set xcode to 16.4
-      if: ${{ inputs.target-platform == 'macos' }}
-      run: sudo xcode-select --switch /Applications/Xcode_16.4.app
    - name: Checkout Electron
-      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Turn off screenshot nag on macOS
-      if: ${{ inputs.target-platform == 'macos' }}
-      run: |
-        defaults write ~/Library/Group\ Containers/group.com.apple.replayd/ScreenCaptureApprovals.plist "/bin/bash" -date "3024-09-23 12:00:00 +0000"
-        src/electron/script/actions/screencapture-nag-remover.sh -a $(which bash)
-        src/electron/script/actions/screencapture-nag-remover.sh -a /opt/hca/hosted-compute-agent
-    - name: Setup SSH Debugging
-      if: ${{ inputs.target-platform == 'macos' && (inputs.enable-ssh || env.ACTIONS_STEP_DEBUG == 'true') }}
-      uses: ./src/electron/.github/actions/ssh-debug
-      with:
-        tunnel: 'true'
-      env:
-        CLOUDFLARE_TUNNEL_CERT: ${{ secrets.CLOUDFLARE_TUNNEL_CERT }}
-        CLOUDFLARE_TUNNEL_HOSTNAME: ${{ vars.CLOUDFLARE_TUNNEL_HOSTNAME }}
-        CLOUDFLARE_USER_CA_CERT: ${{ secrets.CLOUDFLARE_USER_CA_CERT }}
-        AUTHORIZED_USERS: ${{ secrets.SSH_DEBUG_AUTHORIZED_USERS }}
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    - name: Install Dependencies
      uses: ./src/electron/.github/actions/install-dependencies
    - name: Set Chromium Git Cookie
@@ -152,9 +135,7 @@ jobs:
        git config --global core.autocrlf false
        git config --global branch.autosetuprebase always
        git config --global core.fscache true
-        git config --global core.longpaths true
        git config --global core.preloadindex true
-        git config --global core.longpaths true
        git clone --filter=tree:0 https://chromium.googlesource.com/chromium/tools/depot_tools.git
        # Ensure depot_tools does not update.
        test -d depot_tools && cd depot_tools
@@ -168,42 +149,50 @@ jobs:
        echo "DISABLE_CRASH_REPORTER_TESTS=true" >> $GITHUB_ENV
        echo "IS_ASAN=true" >> $GITHUB_ENV
    - name: Download Generated Artifacts
-      uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53
+      uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
      with:
        name: generated_artifacts_${{ env.ARTIFACT_KEY }}
        path: ./generated_artifacts_${{ matrix.build-type }}_${{ inputs.target-arch }}
    - name: Download Src Artifacts
-      uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53
+      uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
      with:
        name: src_artifacts_${{ env.ARTIFACT_KEY }}
        path: ./src_artifacts_${{ matrix.build-type }}_${{ inputs.target-arch }}
    - name: Restore Generated Artifacts
      run: ./src/electron/script/actions/restore-artifacts.sh
-    - name: Unzip Dist (win)
+    - name: Unzip Dist, Mksnapshot & Chromedriver (win)
      if: ${{ inputs.target-platform == 'win' }}
      shell: powershell
      run: |
        Set-ExecutionPolicy Bypass -Scope Process -Force
        cd src/out/Default
        Expand-Archive -Force dist.zip -DestinationPath ./
-    - name: Unzip Dist (unix)
+        Expand-Archive -Force chromedriver.zip -DestinationPath ./
+        Expand-Archive -Force mksnapshot.zip -DestinationPath ./
+    - name: Unzip Dist, Mksnapshot & Chromedriver (unix)
      if: ${{ inputs.target-platform != 'win' }}
      run: |
        cd src/out/Default
        unzip -:o dist.zip
-    #- name: Import & Trust Self-Signed Codesigning Cert on MacOS
-    #  if: ${{ inputs.target-platform == 'macos' && inputs.target-arch == 'x64' }}
-    #  run: |
-    #    sudo security authorizationdb write com.apple.trust-settings.admin allow
-    #    cd src/electron
-    #    ./script/codesign/generate-identity.sh
-
+        unzip -:o chromedriver.zip
+        unzip -:o mksnapshot.zip
+    - name: Import & Trust Self-Signed Codesigning Cert on MacOS
+      if: ${{ inputs.target-platform == 'macos' && inputs.target-arch == 'x64' }}
+      run: |
+        sudo security authorizationdb write com.apple.trust-settings.admin allow
+        cd src/electron
+        ./script/codesign/generate-identity.sh
+    - name: Install Datadog CLI
+      run: |
+        cd src/electron
+        node script/yarn global add @datadog/datadog-ci
    - name: Run Electron Tests
      shell: bash
      env:
        MOCHA_REPORTER: mocha-multi-reporters
        MOCHA_MULTI_REPORTERS: mocha-junit-reporter, tap
        ELECTRON_DISABLE_SECURITY_WARNINGS: 1
+        ELECTRON_SKIP_NATIVE_MODULE_TESTS: true
        DISPLAY: ':99.0'
        NPM_CONFIG_MSVS_VERSION: '2022'
      run: |
@@ -223,7 +212,7 @@ jobs:
              export ELECTRON_FORCE_TEST_SUITE_EXIT="true"
            fi
          fi
-          node script/yarn.js test --runners=main --enableRerun=3 --trace-uncaught --enable-logging --files $tests_files
+          node script/yarn test --runners=main --trace-uncaught --enable-logging --files $tests_files
        else
          chown :builduser .. && chmod g+w ..
          chown -R :builduser . && chmod -R g+w .
@@ -240,14 +229,9 @@ jobs:
            export MOCHA_TIMEOUT=180000
            echo "Piping output to ASAN_SYMBOLIZE ($ASAN_SYMBOLIZE)"
            cd electron
-            runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn.js test --runners=main --trace-uncaught --enable-logging --files $tests_files | $ASAN_SYMBOLIZE
+            runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn test --runners=main --trace-uncaught --enable-logging --files $tests_files | $ASAN_SYMBOLIZE
          else
-            if [ "${{ inputs.target-arch }}" = "arm" ]; then
-              runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn.js test --skipYarnInstall --runners=main --enableRerun=3 --trace-uncaught --enable-logging --files $tests_files
-            else 
-              runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn.js test --runners=main --enableRerun=3 --trace-uncaught --enable-logging --files $tests_files
-            fi
-            
+            runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn test --runners=main --trace-uncaught --enable-logging --files $tests_files
          fi
        fi
    - name: Upload Test results to Datadog
@@ -259,14 +243,13 @@ jobs:
        DD_TAGS: "os.architecture:${{ inputs.target-arch }},os.family:${{ inputs.target-platform }},os.platform:${{ inputs.target-platform }},asan:${{ inputs.is-asan }}"
      run: |
        if ! [ -z $DD_API_KEY ] && [ -f src/electron/junit/test-results-main.xml ]; then
-          cd src/electron
-          export DATADOG_PATH=`node script/yarn.js bin datadog-ci`
-          $DATADOG_PATH junit upload junit/test-results-main.xml
-        fi
+          export DATADOG_PATH=`node src/electron/script/yarn global bin`
+          $DATADOG_PATH/datadog-ci junit upload src/electron/junit/test-results-main.xml
+        fi          
      if: always() && !cancelled()
    - name: Upload Test Artifacts
      if: always() && !cancelled()
-      uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
      with:
        name: test_artifacts_${{ env.ARTIFACT_KEY }}_${{ matrix.shard }}
        path: src/electron/spec/artifacts
--- a/.github/workflows/pipeline-segment-node-nan-test.yml
+++ b/.github/workflows/pipeline-segment-node-nan-test.yml
@@ -26,8 +26,6 @@ on:
        type: string
        default: testing

-permissions: {}
-
 concurrency:
  group: electron-node-nan-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
  cancel-in-progress: ${{ github.ref_protected != true }}
@@ -40,9 +38,7 @@ env:
 jobs:
  node-tests:
    name: Run Node.js Tests
-    runs-on: electron-arc-centralus-linux-amd64-8core
-    permissions:
-      contents: read
+    runs-on: electron-arc-linux-amd64-8core
    timeout-minutes: 30
    env: 
      TARGET_ARCH: ${{ inputs.target-arch }}
@@ -50,7 +46,7 @@ jobs:
    container: ${{ fromJSON(inputs.test-container) }}
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
@@ -65,12 +61,12 @@ jobs:
    - name: Install Dependencies
      uses: ./src/electron/.github/actions/install-dependencies
    - name: Download Generated Artifacts
-      uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53
+      uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
      with:
        name: generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
        path: ./generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
    - name: Download Src Artifacts
-      uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53
+      uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
      with:
        name: src_artifacts_linux_${{ env.TARGET_ARCH }}
        path: ./src_artifacts_linux_${{ env.TARGET_ARCH }}
@@ -96,9 +92,7 @@ jobs:
        done
  nan-tests:
    name: Run Nan Tests
-    runs-on: electron-arc-centralus-linux-amd64-4core
-    permissions:
-      contents: read
+    runs-on: electron-arc-linux-amd64-4core
    timeout-minutes: 30
    env: 
      TARGET_ARCH: ${{ inputs.target-arch }}
@@ -106,7 +100,7 @@ jobs:
    container: ${{ fromJSON(inputs.test-container) }}
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
@@ -121,12 +115,12 @@ jobs:
    - name: Install Dependencies
      uses: ./src/electron/.github/actions/install-dependencies
    - name: Download Generated Artifacts
-      uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53
+      uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
      with:
        name: generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
        path: ./generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
    - name: Download Src Artifacts
-      uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53
+      uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
      with:
        name: src_artifacts_linux_${{ env.TARGET_ARCH }}
        path: ./src_artifacts_linux_${{ env.TARGET_ARCH }}
@@ -138,16 +132,10 @@ jobs:
        unzip -:o dist.zip
    - name: Setup Linux for Headless Testing
      run: sh -e /etc/init.d/xvfb start
-    - name: Add Clang problem matcher
-      shell: bash
-      run: echo "::add-matcher::src/electron/.github/problem-matchers/clang.json"
    - name: Run Nan Tests
      run: |
        cd src
        node electron/script/nan-spec-runner.js
-    - name: Remove Clang problem matcher
-      shell: bash
-      run: echo "::remove-matcher owner=clang::"
    - name: Wait for active SSH sessions
      shell: bash
      if: always() && !cancelled()
--- a/.github/workflows/pull-request-labeled.yml
+++ b/.github/workflows/pull-request-labeled.yml
@@ -11,25 +11,20 @@ jobs:
    name: backport/requested label added
    if: github.event.label.name == 'backport/requested 🗳'
    runs-on: ubuntu-latest
-    permissions: {}
    steps:
      - name: Trigger Slack workflow
-        uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
+        uses: slackapi/slack-github-action@b0fa283ad8fea605de13dc3f449259339835fc52 # v2.1.0
        with:
          webhook: ${{ secrets.BACKPORT_REQUESTED_SLACK_WEBHOOK_URL }} 
          webhook-type: webhook-trigger
          payload: |
            {
-              "base_ref": ${{ toJSON(github.event.pull_request.base.ref) }},
-              "title": ${{ toJSON(github.event.pull_request.title) }},
-              "url": ${{ toJSON(github.event.pull_request.html_url) }},
-              "user": ${{ toJSON(github.event.pull_request.user.login) }}
+              "url": "${{ github.event.pull_request.html_url }}"
            }
  pull-request-labeled-deprecation-review-complete:
    name: deprecation-review/complete label added
    if: github.event.label.name == 'deprecation-review/complete ✅'
    runs-on: ubuntu-latest
-    permissions: {}
    steps:
      - name: Generate GitHub App token
        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -22,13 +22,13 @@ jobs:

    steps:
      - name: "Checkout code"
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false

      # This is a pre-submit / pre-release.
      - name: "Run analysis"
-        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
+        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
        with:
          results_file: results.sarif
          results_format: sarif
@@ -42,7 +42,7 @@ jobs:
      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
      # format to the repository Actions tab.
      - name: "Upload artifact"
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: SARIF file
          path: results.sarif
@@ -50,6 +50,6 @@ jobs:

      # Upload the results to GitHub's code scanning dashboard.
      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v3.29.5
+        uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
        with:
          sarif_file: results.sarif
--- a/.github/workflows/semantic.yml
+++ b/.github/workflows/semantic.yml
@@ -7,7 +7,8 @@ on:
      - edited
      - synchronize

-permissions: {}
+permissions:
+  contents: read

 jobs:
  main:
@@ -18,7 +19,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: semantic-pull-request
-        uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1
+        uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
--- a/.github/workflows/stable-prep-items.yml
+++ b/.github/workflows/stable-prep-items.yml
@@ -11,7 +11,6 @@ jobs:
  check-stable-prep-items:
    name: Check Stable Prep Items
    runs-on: ubuntu-latest
-    permissions: {}
    steps:
      - name: Generate GitHub App token
        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -10,14 +10,13 @@ permissions: {}
 jobs:
  stale:
    runs-on: ubuntu-latest
-    permissions: {}
    steps:
      - name: Generate GitHub App token
        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
        id: generate-token
        with:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
-      - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # tag: v10.1.0
+      - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # tag: v9.1.0
        with:
          repo-token: ${{ steps.generate-token.outputs.token }}
          days-before-stale: 90
@@ -28,11 +27,10 @@ jobs:
            This issue has been automatically marked as stale. **If this issue is still affecting you, please leave any comment** (for example, "bump"), and we'll keep it open. If you have any new additional information—in particular, if this is still reproducible in the [latest version of Electron](https://www.electronjs.org/releases/stable) or in the [beta](https://www.electronjs.org/releases/beta)—please include it with your comment!
          close-issue-message: >
            This issue has been closed due to inactivity, and will not be monitored.  If this is a bug and you can reproduce this issue on a [supported version of Electron](https://www.electronjs.org/docs/latest/tutorial/electron-timelines#timeline) please open a new issue and include instructions for reproducing the issue.
-          exempt-issue-labels: "discussion,security \U0001F512,enhancement :sparkles:,status/confirmed,stale-exempt,upgrade-follow-up,tracking-upstream"
+          exempt-issue-labels: "discussion,security \U0001F512,enhancement :sparkles:,status/confirmed,stale-exempt"
          only-pr-labels: not-a-real-label
  pending-repro:
    runs-on: ubuntu-latest
-    permissions: {}
    if: ${{ always() }}
    needs: stale
    steps:
@@ -41,7 +39,7 @@ jobs:
        id: generate-token
        with:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
-      - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # tag: v10.1.0
+      - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # tag: v9.1.0
        with:
          repo-token: ${{ steps.generate-token.outputs.token }}
          days-before-stale: -1
--- a/.github/workflows/windows-publish.yml
+++ b/.github/workflows/windows-publish.yml
@@ -6,7 +6,7 @@ on:
      build-image-sha:
        type: string
        description: 'SHA for electron/build image'
-        default: '933c7d6ff6802706875270bec2e3c891cf8add3f'
+        default: '424eedbf277ad9749ffa9219068aa72ed4a5e373'
        required: true
      upload-to-storage:
        description: 'Uploads to Azure storage'
@@ -18,13 +18,9 @@ on:
        type: boolean
        default: false

-permissions: {}
-
 jobs:
  checkout-windows:
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
+    runs-on: electron-arc-linux-amd64-32core
    container:
      image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
      options: --user root --device /dev/fuse --cap-add SYS_ADMIN
@@ -40,7 +36,7 @@ jobs:
      build-image-sha: ${{ inputs.build-image-sha }}
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
@@ -52,12 +48,10 @@ jobs:

  publish-x64-win:
    uses: ./.github/workflows/pipeline-segment-electron-build.yml
-    permissions:
-      contents: read
    needs: checkout-windows
    with:
      environment: production-release
-      build-runs-on: electron-arc-centralus-windows-amd64-16core
+      build-runs-on: electron-arc-windows-amd64-16core
      target-platform: win
      target-arch: x64
      is-release: true
@@ -68,12 +62,10 @@ jobs:

  publish-arm64-win:
    uses: ./.github/workflows/pipeline-segment-electron-build.yml
-    permissions:
-      contents: read
    needs: checkout-windows
    with:
      environment: production-release
-      build-runs-on: electron-arc-centralus-windows-amd64-16core
+      build-runs-on: electron-arc-windows-amd64-16core
      target-platform: win
      target-arch: arm64
      is-release: true
@@ -84,12 +76,10 @@ jobs:

  publish-x86-win:
    uses: ./.github/workflows/pipeline-segment-electron-build.yml
-    permissions:
-      contents: read
    needs: checkout-windows
    with:
      environment: production-release
-      build-runs-on: electron-arc-centralus-windows-amd64-16core
+      build-runs-on: electron-arc-windows-amd64-16core
      target-platform: win
      target-arch: x86
      is-release: true
--- a/.gitignore
+++ b/.gitignore
@@ -53,5 +53,3 @@ ts-gen
 patches/mtime-cache.json

 spec/fixtures/logo.png
-
-.yarn/install-state.gz
--- a/.husky/pre-commit
+++ b/.husky/pre-commit
@@ -1 +1,4 @@
+#!/bin/sh
+. "$(dirname "$0")/_/husky.sh"
+
 npm run precommit
--- a/.husky/pre-push
+++ b/.husky/pre-push
@@ -1 +1,4 @@
+#!/bin/sh
+. "$(dirname "$0")/_/husky.sh"
+
 npm run prepack
--- a/.markdownlint-cli2.jsonc
+++ b/.markdownlint-cli2.jsonc
@@ -21,9 +21,7 @@
        "ul",
        "unknown",
        "Tabs",
-        "TabItem",
-        "DocCardList",
-        "kbd"
+        "TabItem"
      ]
    },
    "no-newline-in-links": true
--- a/.nvmrc
+++ b/.nvmrc
@@ -1 +1 @@
-22
+20
--- a/.yarn/releases/yarn-4.11.0.cjs
+++ b/.yarn/releases/yarn-4.11.0.cjs
--- a/.yarnrc.yml
+++ b/.yarnrc.yml
@@ -1,12 +0,0 @@
-enableScripts: false
-
-nmHoistingLimits: workspaces
-
-nodeLinker: node-modules
-
-npmMinimalAgeGate: 10080
-
-npmPreapprovedPackages:
-  - "@electron/*"
-
-yarnPath: .yarn/releases/yarn-4.11.0.cjs
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -4,9 +4,9 @@ import("//build/config/win/manifest.gni")
 import("//components/os_crypt/sync/features.gni")
 import("//components/spellcheck/spellcheck_build_features.gni")
 import("//content/public/app/mac_helpers.gni")
-import("//content/public/common/features.gni")
 import("//extensions/buildflags/buildflags.gni")
 import("//pdf/features.gni")
+import("//ppapi/buildflags/buildflags.gni")
 import("//printing/buildflags/buildflags.gni")
 import("//testing/test.gni")
 import("//third_party/electron_node/node.gni")
@@ -38,13 +38,12 @@ if (is_mac) {
  import("build/rules.gni")

  assert(
-      mac_deployment_target == "12.0",
-      "Chromium has updated the mac_deployment_target, please update this assert and flag this as a breaking change (docs/breaking-changes.md)")
+      mac_deployment_target == "11.0",
+      "Chromium has updated the mac_deployment_target, please update this assert, update the supported versions documentation (docs/tutorial/support.md) and flag this as a breaking change")
 }

 if (is_linux) {
  import("//build/config/linux/pkg_config.gni")
-  import("//electron/build/linux/strip_binary.gni")
  import("//tools/generate_stubs/rules.gni")

  pkg_config("gio_unix") {
@@ -453,7 +452,7 @@ source_set("electron_lib") {
    "//components/certificate_transparency",
    "//components/compose:buildflags",
    "//components/embedder_support:user_agent",
-    "//components/input",
+    "//components/input:input",
    "//components/language/core/browser",
    "//components/net_log",
    "//components/network_hints/browser",
@@ -480,14 +479,13 @@ source_set("electron_lib") {
    "//device/bluetooth",
    "//device/bluetooth/public/cpp",
    "//gin",
-    "//gpu/ipc/client",
    "//media/capture/mojom:video_capture",
    "//media/mojo/mojom",
    "//media/mojo/mojom:web_speech_recognition",
    "//net:extras",
    "//net:net_resources",
    "//printing/buildflags",
-    "//services/device/public/cpp/bluetooth",
+    "//services/device/public/cpp/bluetooth:bluetooth",
    "//services/device/public/cpp/geolocation",
    "//services/device/public/cpp/hid",
    "//services/device/public/mojom",
@@ -520,10 +518,6 @@ source_set("electron_lib") {
    "//v8:v8_libplatform",
  ]

-  if (v8_use_external_startup_data && use_v8_context_snapshot) {
-    deps += [ ":mksnapshot_checksum_gen" ]
-  }
-
  public_deps = [
    "//base",
    "//base:i18n",
@@ -587,13 +581,7 @@ source_set("electron_lib") {
  }

  if (is_mac) {
-    # Disable C++ modules to resolve linking error when including MacOS SDK
-    # headers from third_party/electron_node/deps/uv/include/uv/darwin.h
-    # TODO(samuelmaddock): consider revisiting this in the future
-    use_libcxx_modules = false
-
    deps += [
-      "//components/os_crypt/common:keychain_password_mac",
      "//components/remote_cocoa/app_shim",
      "//components/remote_cocoa/browser",
      "//content/browser:mac_helpers",
@@ -662,7 +650,6 @@ source_set("electron_lib") {
      "//ui/events/devices/x11",
      "//ui/events/platform/x11",
      "//ui/gtk:gtk_config",
-      "//ui/linux:display_server_utils",
      "//ui/linux:linux_ui",
      "//ui/linux:linux_ui_factory",
      "//ui/wm",
@@ -695,7 +682,7 @@ source_set("electron_lib") {
    deps += [
      "//components/app_launch_prefetch",
      "//components/crash/core/app:crash_export_thunks",
-      "//third_party/libxml:xml_writer",
+      "//ui/native_theme:native_theme_browser",
      "//ui/wm",
      "//ui/wm/public",
    ]
@@ -740,7 +727,7 @@ source_set("electron_lib") {
      "shell/common/extensions/api:extensions_features",
      "//chrome/browser/resources:component_extension_resources",
      "//components/guest_view/common:mojom",
-      "//components/update_client",
+      "//components/update_client:update_client",
      "//components/zoom",
      "//extensions/browser",
      "//extensions/browser/api:api_provider",
@@ -762,13 +749,11 @@ source_set("electron_lib") {
  if (enable_pdf_viewer) {
    deps += [
      "//chrome/browser/resources/pdf:resources",
-      "//chrome/browser/ui:browser_element_identifiers",
      "//components/pdf/browser",
      "//components/pdf/browser:interceptors",
      "//components/pdf/common:constants",
      "//components/pdf/common:util",
      "//components/pdf/renderer",
-      "//components/user_education/webui",
      "//pdf",
      "//pdf:content_restriction",
    ]
@@ -787,18 +772,6 @@ source_set("electron_lib") {
  }
 }

-action("mksnapshot_checksum_gen") {
-  script = "build/checksum_header.py"
-
-  outputs = [ "$target_gen_dir/snapshot_checksum.h" ]
-  inputs = [ "$root_out_dir/$v8_context_snapshot_filename" ]
-  args = rebase_path(inputs)
-
-  args += rebase_path(outputs)
-
-  deps = [ "//tools/v8_context_snapshot" ]
-}
-
 electron_paks("packed_resources") {
  if (is_mac) {
    output_dir = "$root_gen_dir/electron_repack"
@@ -842,7 +815,7 @@ if (is_mac) {
      sources = []
      public_deps = []
      sources += [ "$root_out_dir/libffmpeg.dylib" ]
-      public_deps += [ "//third_party/ffmpeg" ]
+      public_deps += [ "//third_party/ffmpeg:ffmpeg" ]
      outputs = [ "{{bundle_contents_dir}}/Libraries/{{source_file_part}}" ]
    }
  } else {
@@ -1257,7 +1230,7 @@ if (is_mac) {
    }

    if (use_v8_context_snapshot) {
-      public_deps = [ "//tools/v8_context_snapshot" ]
+      public_deps = [ "//tools/v8_context_snapshot:v8_context_snapshot" ]
    }

    if (is_linux) {
@@ -1436,18 +1409,6 @@ dist_zip("electron_dist_zip") {
    ":licenses",
  ]
  if (is_linux) {
-    if (is_official_build) {
-      data_deps += [
-        ":strip_chrome_crashpad_handler",
-        ":strip_chrome_sandbox",
-        ":strip_electron_binary",
-        ":strip_libEGL_shlib",
-        ":strip_libGLESv2_shlib",
-        ":strip_libffmpeg_shlib",
-        ":strip_libvk_swiftshader_shlib",
-      ]
-    }
-
    data_deps += [ "//sandbox/linux:chrome_sandbox" ]
  }
  deps = data_deps
@@ -1493,16 +1454,6 @@ group("electron_mksnapshot") {

 dist_zip("electron_mksnapshot_zip") {
  data_deps = mksnapshot_deps
-  if (is_linux && is_official_build) {
-    data_deps += [
-      ":strip_libEGL_shlib",
-      ":strip_libGLESv2_shlib",
-      ":strip_libffmpeg_shlib",
-      ":strip_libvk_swiftshader_shlib",
-      ":strip_mksnapshot_binary",
-      ":strip_v8_context_snapshot_generator_binary",
-    ]
-  }
  deps = data_deps
  outputs = [ "$root_build_dir/mksnapshot.zip" ]
 }
@@ -1627,101 +1578,3 @@ group("copy_node_headers") {
 group("node_headers") {
  public_deps = [ ":tar_node_headers" ]
 }
-
-group("testing_build") {
-  public_deps = [
-    ":electron_dist_zip",
-    ":electron_mksnapshot_zip",
-    ":node_headers",
-  ]
-}
-
-group("release_build") {
-  public_deps = [ ":testing_build" ]
-  if (is_official_build) {
-    public_deps += [ ":electron_symbols" ]
-  }
-  if (is_linux) {
-    public_deps += [
-      ":hunspell_dictionaries_zip",
-      ":libcxx_headers_zip",
-      ":libcxx_objects_zip",
-      ":libcxxabi_headers_zip",
-    ]
-  }
-}
-
-if (is_linux && is_official_build) {
-  strip_binary("strip_electron_binary") {
-    binary_input = "$root_out_dir/$electron_project_name"
-    symbol_output = "$root_out_dir/debug/$electron_project_name.debug"
-    compress_debug_sections = true
-    deps = [ ":electron_app" ]
-  }
-
-  strip_binary("strip_chrome_crashpad_handler") {
-    binary_input = "$root_out_dir/chrome_crashpad_handler"
-    symbol_output = "$root_out_dir/debug/chrome_crashpad_handler.debug"
-    compress_debug_sections = true
-    deps = [ "//components/crash/core/app:chrome_crashpad_handler" ]
-  }
-
-  strip_binary("strip_chrome_sandbox") {
-    binary_input = "$root_out_dir/chrome_sandbox"
-    symbol_output = "$root_out_dir/debug/chrome-sandbox.debug"
-    compress_debug_sections = true
-    deps = [ "//sandbox/linux:chrome_sandbox" ]
-  }
-
-  strip_binary("strip_libEGL_shlib") {
-    binary_input = "$root_out_dir/libEGL.so"
-    symbol_output = "$root_out_dir/debug/libEGL.so.debug"
-    compress_debug_sections = true
-    deps = [ "//third_party/angle:libEGL" ]
-  }
-
-  strip_binary("strip_libGLESv2_shlib") {
-    binary_input = "$root_out_dir/libGLESv2.so"
-    symbol_output = "$root_out_dir/debug/libGLESv2.so.debug"
-    compress_debug_sections = true
-    deps = [ "//third_party/angle:libGLESv2" ]
-  }
-
-  strip_binary("strip_libffmpeg_shlib") {
-    binary_input = "$root_out_dir/libffmpeg.so"
-    symbol_output = "$root_out_dir/debug/libffmpeg.so.debug"
-    compress_debug_sections = true
-    deps = [ "//third_party/ffmpeg" ]
-  }
-
-  strip_binary("strip_libvk_swiftshader_shlib") {
-    binary_input = "$root_out_dir/libvk_swiftshader.so"
-    symbol_output = "$root_out_dir/debug/libvk_swiftshader.so.debug"
-    compress_debug_sections = true
-    deps = [ "//third_party/swiftshader/src/Vulkan:swiftshader_libvulkan" ]
-  }
-
-  strip_binary("strip_mksnapshot_binary") {
-    _binary_path = rebase_path(
-            get_label_info(
-                    ":v8_context_snapshot_generator($v8_snapshot_toolchain)",
-                    "root_out_dir") + "/mksnapshot",
-            root_build_dir)
-    binary_input = "$root_out_dir/$_binary_path"
-    symbol_output = "$root_out_dir/debug/${_binary_path}.debug"
-    compress_debug_sections = true
-    deps = mksnapshot_deps
-  }
-
-  strip_binary("strip_v8_context_snapshot_generator_binary") {
-    _binary_path = rebase_path(
-            get_label_info(
-                    ":v8_context_snapshot_generator($v8_snapshot_toolchain)",
-                    "root_out_dir") + "/v8_context_snapshot_generator",
-            root_build_dir)
-    binary_input = "$root_out_dir/$_binary_path"
-    symbol_output = "$root_out_dir/debug/${_binary_path}.debug"
-    compress_debug_sections = true
-    deps = mksnapshot_deps
-  }
-}
--- a/13
+++ b/13
@@ -2,17 +2,17 @@ gclient_gn_args_from = 'src'

 vars = {
  'chromium_version':
-    '144.0.7527.0',
+    '138.0.7178.0',
  'node_version':
-    'v24.11.1',
+    'v22.15.1',
  'nan_version':
-    '675cefebca42410733da8a454c8d9391fcebfbc2',
+    'e14bdcd1f72d62bca1d541b66da43130384ec213',
  'squirrel.mac_version':
    '0e5d146ba13101a1302d59ea6e6e0b3cace4ae38',
  'reactiveobjc_version':
    '74ab5baccc6f7202c8ac69a8d1e152c29dc1ea76',
  'mantle_version':
-    '2a8e2123a3931038179ee06105c9e6ec336b12ea',
+    '78d3966b3c331292ea29ec38661b25df0a245948',
  'engflow_reclient_configs_version':
    '955335c30a752e9ef7bff375baab5e0819b6c00d',

@@ -30,6 +30,9 @@ vars = {
  # The path of the sysroots.json file.
  'sysroots_json_path': 'electron/script/sysroots.json',

+  # KEEP IN SYNC WITH utils.js FILE
+  'yarn_version': '1.15.2',
+
  # To be able to build clean Chromium from sources.
  'apply_patches': True,

@@ -152,7 +155,7 @@ hooks = [
    'action': [
      'python3',
      '-c',
-      'import os, subprocess; os.chdir(os.path.join("src", "electron")); subprocess.check_call(["node", ".yarn/releases/yarn-4.11.0.cjs", "install", "--immutable"]);',
+      'import os, subprocess; os.chdir(os.path.join("src", "electron")); subprocess.check_call(["python3", "script/lib/npx.py", "yarn@' + (Var("yarn_version")) + '", "install", "--frozen-lockfile"]);',
    ],
  },
  {
--- a/README.md
+++ b/README.md
@@ -37,24 +37,36 @@ For more installation options and troubleshooting tips, see

 Each Electron release provides binaries for macOS, Windows, and Linux.

-* macOS (Monterey and up): Electron provides 64-bit Intel and Apple Silicon / ARM binaries for macOS.
+* macOS (Big Sur and up): Electron provides 64-bit Intel and Apple Silicon / ARM binaries for macOS.
 * Windows (Windows 10 and up): Electron provides `ia32` (`x86`), `x64` (`amd64`), and `arm64` binaries for Windows. Windows on ARM support was added in Electron 5.0.8. Support for Windows 7, 8 and 8.1 was [removed in Electron 23, in line with Chromium's Windows deprecation policy](https://www.electronjs.org/blog/windows-7-to-8-1-deprecation-notice).
-* Linux: The prebuilt binaries of Electron are built on Ubuntu 22.04. They have also been verified to work on:
+* Linux: The prebuilt binaries of Electron are built on Ubuntu 20.04. They have also been verified to work on:
  * Ubuntu 18.04 and newer
  * Fedora 32 and newer
  * Debian 10 and newer

-## Electron Fiddle
+## Quick start & Electron Fiddle

 Use [`Electron Fiddle`](https://github.com/electron/fiddle)
 to build, run, and package small Electron experiments, to see code examples for all of Electron's APIs, and
 to try out different versions of Electron. It's designed to make the start of your journey with
 Electron easier.

+Alternatively, clone and run the
+[electron/electron-quick-start](https://github.com/electron/electron-quick-start)
+repository to see a minimal Electron app in action:
+
+```sh
+git clone https://github.com/electron/electron-quick-start
+cd electron-quick-start
+npm install
+npm start
+```
+
 ## Resources for learning Electron

 * [electronjs.org/docs](https://electronjs.org/docs) - All of Electron's documentation
 * [electron/fiddle](https://github.com/electron/fiddle) - A tool to build, run, and package small Electron experiments
+* [electron/electron-quick-start](https://github.com/electron/electron-quick-start) - A very basic starter Electron app
 * [electronjs.org/community#boilerplates](https://electronjs.org/community#boilerplates) - Sample starter apps created by the community

 ## Programmatic usage
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -8,12 +8,6 @@ The Electron team will send a response indicating the next steps in handling you

 Report security bugs in third-party modules to the person or team maintaining the module. You can also report a vulnerability through the [npm contact form](https://www.npmjs.com/support) by selecting "I'm reporting a security vulnerability".

-## Escalation
-
-If you do not receive an acknowledgement of your report within 6 business days, or if you cannot find a private security contact for the project, you may escalate to the OpenJS Foundation CNA at `security@lists.openjsf.org`.
-
-If the project acknowledges your report but does not provide any further response or engagement within 14 days, escalation is also appropriate.
-
 ## The Electron Security Notification Process

 For context on Electron's security notification process, please see the [Notifications](https://github.com/electron/governance/blob/main/wg-security/membership-and-notifications.md#notifications) section of the Security WG's [Membership and Notifications](https://github.com/electron/governance/blob/main/wg-security/membership-and-notifications.md) Governance document.
--- a/build/.eslintrc.json
+++ b/build/.eslintrc.json
@@ -1,8 +1,8 @@
 {
  "plugins": [
-    "import"
+    "unicorn"
  ],
  "rules": {
-    "import/enforce-node-protocol-usage": ["error", "always"]
+    "unicorn/prefer-node-protocol": "error"
  }
 }
--- a/build/args/all.gn
+++ b/build/args/all.gn
@@ -2,7 +2,7 @@ is_electron_build = true
 root_extra_deps = [ "//electron" ]

 # Registry of NMVs --> https://github.com/nodejs/node/blob/main/doc/abi_version_registry.json
-node_module_version = 143
+node_module_version = 136

 v8_promise_internal_field_count = 1
 v8_embedder_string = "-electron.0"
@@ -19,15 +19,15 @@ proprietary_codecs = true

 enable_printing = true

-# Refs https://chromium-review.googlesource.com/c/chromium/src/+/6986517
-# CI is using MacOS 15.5 which doesn't have the required modulemaps.
-use_clang_modules = false
-
 # Removes DLLs from the build, which are only meant to be used for Chromium development.
 # See https://github.com/electron/electron/pull/17985
 angle_enable_vulkan_validation_layers = false
 dawn_enable_vulkan_validation_layers = false

+# Removes dxc dll's that are only used experimentally.
+# See https://bugs.chromium.org/p/chromium/issues/detail?id=1474897
+dawn_use_built_dxc = false
+
 # These are disabled because they cause the zip manifest to differ between
 # testing and release builds.
 # See https://chromium-review.googlesource.com/c/chromium/src/+/2774898.
@@ -70,8 +70,6 @@ v8_expose_public_symbols = true
 # sensitive content by enterprise users.
 enterprise_cloud_content_analysis = false

-# We don't use anything from here, and it causes target collisions
-enable_linux_installer = false
-
-# Disable "Save to Drive" feature in PDF viewer
-enable_pdf_save_to_drive = false
+# TODO: remove dependency on legacy ipc
+# https://issues.chromium.org/issues/40943039
+content_enable_legacy_ipc = true
--- a/build/checksum_header.py
+++ b/build/checksum_header.py
@@ -1,37 +0,0 @@
-#!/usr/bin/env python3
-
-import os
-import sys
-import hashlib
-
-dir_path = os.path.dirname(os.path.realpath(__file__))
-
-TEMPLATE_H = """
-#ifndef ELECTRON_SNAPSHOT_CHECKSUM_H_
-#define ELECTRON_SNAPSHOT_CHECKSUM_H_
-
-namespace electron::snapshot_checksum {
-
-inline constexpr std::string_view kChecksum = "{checksum}";
-
-}  // namespace electron::snapshot_checksum
-
-#endif  // ELECTRON_SNAPSHOT_CHECKSUM_H_
-"""
-
-def calculate_sha256(filepath):
-    sha256_hash = hashlib.sha256()
-    with open(filepath, "rb") as f:
-        for byte_block in iter(lambda: f.read(4096), b""):
-            sha256_hash.update(byte_block)
-    return sha256_hash.hexdigest()
-
-input_file = sys.argv[1]
-output_file = sys.argv[2]
-
-checksum = calculate_sha256(input_file)
-
-checksum_h = TEMPLATE_H.replace("{checksum}", checksum)
-
-with open(output_file, 'w') as f:
-    f.write(checksum_h)
--- a/build/linux/strip_binary.gni
+++ b/build/linux/strip_binary.gni
@@ -1,70 +0,0 @@
-# Copyright 2021 The Chromium Authors
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-# This has been adapted from https://source.chromium.org/chromium/chromium/src/+/main:build/linux/strip_binary.gni;drc=c220a41e0422d45f1657c28146d32e99cc53640b
-# The notable difference is it has an option to compress the debug sections
-
-import("//build/config/clang/clang.gni")
-import("//build/toolchain/toolchain.gni")
-
-# Extracts symbols from a binary into a symbol file.
-#
-# Args:
-#   binary_input: Path to the binary containing symbols to extract, e.g.:
-#       "$root_out_dir/chrome"
-#   symbol_output: Desired output file for symbols, e.g.:
-#       "$root_out_dir/chrome.debug"
-#   stripped_binary_output: Desired output file for stripped file, e.g.:
-#       "$root_out_dir/chrome.stripped"
-#   compress_debug_sections: If true, compress the extracted debug sections
-template("strip_binary") {
-  forward_variables_from(invoker,
-                         [
-                           "deps",
-                           "testonly",
-                         ])
-  action("${target_name}") {
-    llvm_strip_binary = "${clang_base_path}/bin/llvm-strip"
-    llvm_objcopy_binary = "${clang_base_path}/bin/llvm-objcopy"
-    script = "//electron/build/linux/strip_binary.py"
-
-    if (defined(invoker.stripped_binary_output)) {
-      stripped_binary_output = invoker.stripped_binary_output
-    } else {
-      stripped_binary_output = invoker.binary_input + ".stripped"
-    }
-    if (defined(invoker.symbol_output)) {
-      symbol_output = invoker.symbol_output
-    } else {
-      symbol_output = invoker.binary_input + ".debug"
-    }
-
-    inputs = [
-      invoker.binary_input,
-      llvm_strip_binary,
-      llvm_objcopy_binary,
-    ]
-    outputs = [
-      symbol_output,
-      stripped_binary_output,
-    ]
-    args = [
-      "--llvm-strip-binary-path",
-      rebase_path(llvm_strip_binary, root_build_dir),
-      "--llvm-objcopy-binary-path",
-      rebase_path(llvm_objcopy_binary, root_build_dir),
-      "--symbol-output",
-      rebase_path(symbol_output, root_build_dir),
-      "--stripped-binary-output",
-      rebase_path(stripped_binary_output, root_build_dir),
-      "--binary-input",
-      rebase_path(invoker.binary_input, root_build_dir),
-    ]
-
-    if (defined(invoker.compress_debug_sections) &&
-        invoker.compress_debug_sections) {
-      args += [ "--compress-debug-sections" ]
-    }
-  }
-}
--- a/build/linux/strip_binary.py
+++ b/build/linux/strip_binary.py
@@ -1,63 +0,0 @@
-#!/usr/bin/env python3
-#
-# Copyright 2021 The Chromium Authors
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-# This has been adapted from https://source.chromium.org/chromium/chromium/src/+/main:build/linux/strip_binary.py;drc=c220a41e0422d45f1657c28146d32e99cc53640b
-# The notable difference is it has an option to compress the debug sections
-
-import argparse
-import subprocess
-import sys
-
-
-def main() -> int:
-  parser = argparse.ArgumentParser(description="Strip binary using LLVM tools.")
-  parser.add_argument("--llvm-strip-binary-path",
-                      help="Path to llvm-strip executable.")
-  parser.add_argument("--llvm-objcopy-binary-path",
-                      required=True,
-                      help="Path to llvm-objcopy executable.")
-  parser.add_argument("--binary-input", help="Input ELF binary.")
-  parser.add_argument("--symbol-output",
-                      help="File to write extracted debug info (.debug).")
-  parser.add_argument("--compress-debug-sections",
-                      action="store_true",
-                      help="Compress extracted debug info.")
-  parser.add_argument("--stripped-binary-output",
-                      help="File to write stripped binary.")
-  args = parser.parse_args()
-
-  # Replicate the behavior of:
-  # eu-strip <binary_input> -o <stripped_binary_output> -f <symbol_output>
-
-  objcopy_args = [
-      "--only-keep-debug",
-      args.binary_input,
-      args.symbol_output,
-  ]
-
-  if args.compress_debug_sections:
-    objcopy_args.insert(0, "--compress-debug-sections")
-
-  subprocess.check_output([args.llvm_objcopy_binary_path] + objcopy_args)
-  subprocess.check_output([
-      args.llvm_strip_binary_path,
-      "--strip-debug",
-      "--strip-unneeded",
-      "-o",
-      args.stripped_binary_output,
-      args.binary_input,
-  ])
-  subprocess.check_output([
-      args.llvm_objcopy_binary_path,
-      f"--add-gnu-debuglink={args.symbol_output}",
-      args.stripped_binary_output,
-  ])
-
-  return 0
-
-
-if __name__ == "__main__":
-  sys.exit(main())
--- a/build/rules.gni
+++ b/build/rules.gni
@@ -67,6 +67,10 @@ template("mac_xib_bundle_data") {
    ibtool_flags = [
      "--minimum-deployment-target",
      mac_deployment_target,
+
+      # TODO(rsesek): Enable this once all the bots are on Xcode 7+.
+      # "--target-device",
+      # "mac",
    ]
  }

--- a/build/siso/backend.star
+++ b/build/siso/backend.star
@@ -1,21 +0,0 @@
-# -*- bazel-starlark -*-
-
-load("@builtin//struct.star", "module")
-
-def __platform_properties(ctx):
-    container_image = "docker://gcr.io/chops-public-images-prod/rbe/siso-chromium/linux@sha256:d7cb1ab14a0f20aa669c23f22c15a9dead761dcac19f43985bf9dd5f41fbef3a"
-    return {
-        "default": {
-            "OSFamily": "Linux",
-            "container-image": container_image,
-        },
-        "large": {
-            "OSFamily": "Linux",
-            "container-image": container_image,
-        },
-    }
-
-backend = module(
-    "backend",
-    platform_properties = __platform_properties,
-)
--- a/build/siso/main.star
+++ b/build/siso/main.star
@@ -1,66 +0,0 @@
-load("@builtin//encoding.star", "json")
-load("@builtin//path.star", "path")
-load("@builtin//runtime.star", "runtime")
-load("@builtin//struct.star", "module")
-load("@config//main.star", upstream_init = "init")
-load("@config//win_sdk.star", "win_sdk")
-load("@config//gn_logs.star", "gn_logs")
-
-def init(ctx):
-    mod = upstream_init(ctx)
-    step_config = json.decode(mod.step_config)
-
-    # Buildbarn doesn't support input_root_absolute_path so disable that
-    for rule in step_config["rules"]:    
-      input_root_absolute_path = rule.get("input_root_absolute_path", False)
-      if input_root_absolute_path:
-        rule.pop("input_root_absolute_path", None)
-
-    # Only wrap clang rules with a remote wrapper if not on Linux. These are currently only
-    # needed for X-Compile builds, which run on Windows and Mac.
-    if runtime.os != "linux":
-      for rule in step_config["rules"]:
-        if rule["name"].startswith("clang/") or rule["name"].startswith("clang-cl/"):
-          rule["remote_wrapper"] = "../../buildtools/reclient_cfgs/chromium-browser-clang/clang_remote_wrapper"
-          if "inputs" not in rule:
-            rule["inputs"] = []
-          rule["inputs"].append("buildtools/reclient_cfgs/chromium-browser-clang/clang_remote_wrapper")
-          rule["inputs"].append("third_party/llvm-build/Release+Asserts_linux/bin/clang")
-
-      if "executables" not in step_config:
-        step_config["executables"] = []
-      step_config["executables"].append("buildtools/reclient_cfgs/chromium-browser-clang/clang_remote_wrapper")
-      step_config["executables"].append("third_party/llvm-build/Release+Asserts_linux/bin/clang")
-
-    if runtime.os == "darwin":
-      # Update platforms to match our default siso config instead of reclient configs.
-      step_config["platforms"].update({
-          "clang": step_config["platforms"]["default"],
-          "clang_large": step_config["platforms"]["default"],          
-      })      
-
-    if runtime.os == "windows":
-      # Add additional Windows SDK headers needed by Electron      
-      win_toolchain_dir = win_sdk.toolchain_dir(ctx)
-      if win_toolchain_dir:
-        sdk_version = gn_logs.read(ctx).get("windows_sdk_version")
-        step_config["input_deps"][win_toolchain_dir + ":headers"].extend([
-          # third_party/electron_node/deps/uv/include/uv/win.h includes mswsock.h
-          path.join(win_toolchain_dir, "Windows Kits/10/Include", sdk_version, "um/mswsock.h"),
-          # third_party/electron_node/src/debug_utils.cc includes lm.h
-          path.join(win_toolchain_dir, "Windows Kits/10/Include", sdk_version, "um/Lm.h"),          
-        ])
-      
-      # Update platforms to match our default siso config instead of reclient configs.
-      step_config["platforms"].update({
-          "clang-cl": step_config["platforms"]["default"],
-          "clang-cl_large": step_config["platforms"]["default"],
-          "lld-link": step_config["platforms"]["default"],
-      })
-
-    return module(
-      "config",
-      step_config = json.encode(step_config),
-      filegroups = mod.filegroups,
-      handlers = mod.handlers,
-    )
--- a/build/webpack/webpack.config.base.js
+++ b/build/webpack/webpack.config.base.js
@@ -121,7 +121,6 @@ if ((globalThis.process || binding.process).argv.includes("--profile-electron-in
          'electron/main$': electronAPIFile,
          'electron/renderer$': electronAPIFile,
          'electron/common$': electronAPIFile,
-          'electron/utility$': electronAPIFile,
          // Force timers to resolve to our dependency that doesn't use window.postMessage
          timers: path.resolve(electronRoot, 'node_modules', 'timers-browserify', 'main.js')
        },
@@ -144,9 +143,7 @@ if ((globalThis.process || binding.process).argv.includes("--profile-electron-in
            transpileOnly: onlyPrintingGraph,
            ignoreDiagnostics: [
              // File '{0}' is not under 'rootDir' '{1}'.
-              6059,
-              // Private field '{0}' must be declared in an enclosing class.
-              1111
+              6059
            ]
          }
        }]
--- a/build/zip.py
+++ b/build/zip.py
@@ -41,8 +41,6 @@ PATHS_TO_SKIP = [
  'resources/inspector',
  'gen/third_party/devtools-frontend/src',
  'gen/ui/webui',
-  # Skip because these get zipped separately in script/zip-symbols.py
-  'debug',
 ]

 def skip_path(dep, dist_zip, target_cpu):
@@ -82,11 +80,6 @@ def main(argv):
      dep = dep.strip()
      if not skip_path(dep, dist_zip, target_cpu):
        dist_files.add(dep)
-  # On Linux, filter out any files which have a .stripped companion
-  if sys.platform == 'linux':
-    dist_files = {
-      dep for dep in dist_files if f"{dep.removeprefix('./')}.stripped" not in dist_files
-    }
  if sys.platform == 'darwin' and not should_flatten:
    execute(['zip', '-r', '-y', dist_zip] + list(dist_files))
  else:
@@ -103,13 +96,10 @@ def main(argv):
          dirname = os.path.dirname(dep)
          arcname = (
            os.path.join(dirname, 'chrome-sandbox')
-            if basename.removesuffix('.stripped') == 'chrome_sandbox'
+            if basename == 'chrome_sandbox'
            else dep
          )
          name_to_write = arcname
-          # On Linux, strip the .stripped suffix from the name before zipping
-          if sys.platform == 'linux':
-            name_to_write = name_to_write.removesuffix('.stripped')
          if should_flatten:
            if flatten_relative_to:
              if name_to_write.startswith(flatten_relative_to):
--- a/chromium_src/BUILD.gn
+++ b/chromium_src/BUILD.gn
@@ -23,8 +23,6 @@ static_library("chrome") {
    "//chrome/browser/browser_process.h",
    "//chrome/browser/devtools/devtools_contents_resizing_strategy.cc",
    "//chrome/browser/devtools/devtools_contents_resizing_strategy.h",
-    "//chrome/browser/devtools/devtools_dispatch_http_request_params.cc",
-    "//chrome/browser/devtools/devtools_dispatch_http_request_params.h",
    "//chrome/browser/devtools/devtools_embedder_message_dispatcher.cc",
    "//chrome/browser/devtools/devtools_embedder_message_dispatcher.h",
    "//chrome/browser/devtools/devtools_eye_dropper.cc",
@@ -68,8 +66,6 @@ static_library("chrome") {
    "//chrome/browser/picture_in_picture/picture_in_picture_occlusion_tracker.h",
    "//chrome/browser/picture_in_picture/picture_in_picture_occlusion_tracker_observer.cc",
    "//chrome/browser/picture_in_picture/picture_in_picture_occlusion_tracker_observer.h",
-    "//chrome/browser/picture_in_picture/picture_in_picture_widget_fade_animator.cc",
-    "//chrome/browser/picture_in_picture/picture_in_picture_widget_fade_animator.h",
    "//chrome/browser/picture_in_picture/picture_in_picture_window_manager.cc",
    "//chrome/browser/picture_in_picture/picture_in_picture_window_manager.h",
    "//chrome/browser/picture_in_picture/picture_in_picture_window_manager_uma_helper.cc",
@@ -78,8 +74,14 @@ static_library("chrome") {
    "//chrome/browser/picture_in_picture/scoped_picture_in_picture_occlusion_observation.h",
    "//chrome/browser/platform_util.cc",
    "//chrome/browser/platform_util.h",
+    "//chrome/browser/predictors/preconnect_manager.cc",
+    "//chrome/browser/predictors/preconnect_manager.h",
    "//chrome/browser/predictors/predictors_features.cc",
    "//chrome/browser/predictors/predictors_features.h",
+    "//chrome/browser/predictors/proxy_lookup_client_impl.cc",
+    "//chrome/browser/predictors/proxy_lookup_client_impl.h",
+    "//chrome/browser/predictors/resolve_host_client_impl.cc",
+    "//chrome/browser/predictors/resolve_host_client_impl.h",
    "//chrome/browser/process_singleton.h",
    "//chrome/browser/process_singleton_internal.cc",
    "//chrome/browser/process_singleton_internal.h",
@@ -126,12 +128,8 @@ static_library("chrome") {
    "//chrome/browser/ui/views/overlay/hang_up_button.h",
    "//chrome/browser/ui/views/overlay/minimize_button.cc",
    "//chrome/browser/ui/views/overlay/minimize_button.h",
-    "//chrome/browser/ui/views/overlay/overlay_controls_fade_animation.cc",
-    "//chrome/browser/ui/views/overlay/overlay_controls_fade_animation.h",
    "//chrome/browser/ui/views/overlay/overlay_window_image_button.cc",
    "//chrome/browser/ui/views/overlay/overlay_window_image_button.h",
-    "//chrome/browser/ui/views/overlay/overlay_window_live_caption_button.cc",
-    "//chrome/browser/ui/views/overlay/overlay_window_live_caption_button.h",
    "//chrome/browser/ui/views/overlay/playback_image_button.cc",
    "//chrome/browser/ui/views/overlay/playback_image_button.h",
    "//chrome/browser/ui/views/overlay/resize_handle_button.cc",
@@ -146,10 +144,6 @@ static_library("chrome") {
    "//chrome/browser/ui/views/overlay/toggle_microphone_button.h",
    "//chrome/browser/ui/views/overlay/video_overlay_window_views.cc",
    "//chrome/browser/ui/views/overlay/video_overlay_window_views.h",
-    "//chrome/browser/ui/views/picture_in_picture/picture_in_picture_bounds_change_animation.cc",
-    "//chrome/browser/ui/views/picture_in_picture/picture_in_picture_bounds_change_animation.h",
-    "//chrome/browser/ui/views/picture_in_picture/picture_in_picture_tucker.cc",
-    "//chrome/browser/ui/views/picture_in_picture/picture_in_picture_tucker.h",
    "//chrome/browser/ui/webui/accessibility/accessibility_ui.cc",
    "//chrome/browser/ui/webui/accessibility/accessibility_ui.h",
    "//chrome/browser/usb/usb_blocklist.cc",
@@ -213,7 +207,7 @@ static_library("chrome") {
    "//components/enterprise/common/proto:connectors_proto",
    "//components/enterprise/obfuscation/core:enterprise_obfuscation",
    "//components/safe_browsing/core/browser/db:safebrowsing_proto",
-    "//components/vector_icons",
+    "//components/vector_icons:vector_icons",
    "//ui/base/accelerators/global_accelerator_listener",
    "//ui/snapshot",
    "//ui/views/controls/webview",
@@ -223,8 +217,8 @@ static_library("chrome") {
    sources += [
      "//chrome/browser/platform_util_aura.cc",
      "//chrome/browser/ui/views/eye_dropper/eye_dropper_aura.cc",
-      "//ui/native_window_tracker/native_window_tracker_aura.cc",
-      "//ui/native_window_tracker/native_window_tracker_aura.h",
+      "//ui/views/native_window_tracker_aura.cc",
+      "//ui/views/native_window_tracker_aura.h",
    ]
    deps += [ "//components/eye_dropper" ]
  }
@@ -280,8 +274,6 @@ static_library("chrome") {
      "//chrome/browser/process_singleton_mac.mm",
      "//chrome/browser/ui/views/eye_dropper/eye_dropper_view_mac.h",
      "//chrome/browser/ui/views/eye_dropper/eye_dropper_view_mac.mm",
-      "//chrome/browser/ui/views/overlay/video_overlay_window_native_widget_mac.h",
-      "//chrome/browser/ui/views/overlay/video_overlay_window_native_widget_mac.mm",
    ]
    deps += [ ":system_media_capture_permissions_mac_conflict" ]
  }
@@ -383,8 +375,6 @@ static_library("chrome") {
        "//chrome/browser/pdf/chrome_pdf_stream_delegate.h",
        "//chrome/browser/pdf/pdf_extension_util.cc",
        "//chrome/browser/pdf/pdf_extension_util.h",
-        "//chrome/browser/pdf/pdf_help_bubble_handler_factory.cc",
-        "//chrome/browser/pdf/pdf_help_bubble_handler_factory.h",
        "//chrome/browser/pdf/pdf_viewer_stream_manager.cc",
        "//chrome/browser/pdf/pdf_viewer_stream_manager.h",
        "//chrome/browser/plugins/pdf_iframe_navigation_throttle.cc",
@@ -393,8 +383,6 @@ static_library("chrome") {
      deps += [
        "//components/pdf/browser",
        "//components/pdf/renderer",
-        "//ui/base/interaction",
-        "//ui/webui/resources/cr_components/help_bubble:mojo_bindings",
      ]
    }
  } else {
@@ -508,17 +496,15 @@ source_set("chrome_spellchecker") {
  ]
 }

-if (is_mac) {
-  # These sources create an object file conflict with one in |:chrome|, so they
-  # must live in a separate target.
-  # Conflicting sources:
-  #   //chrome/browser/media/webrtc/system_media_capture_permissions_stats_mac.mm
-  #   //chrome/browser/permissions/system/system_media_capture_permissions_mac.mm
-  source_set("system_media_capture_permissions_mac_conflict") {
-    sources = [
-      "//chrome/browser/permissions/system/system_media_capture_permissions_mac.h",
-      "//chrome/browser/permissions/system/system_media_capture_permissions_mac.mm",
-    ]
-    deps = [ "//chrome/common" ]
-  }
+# These sources create an object file conflict with one in |:chrome|, so they
+# must live in a separate target.
+# Conflicting sources:
+#   //chrome/browser/media/webrtc/system_media_capture_permissions_stats_mac.mm
+#   //chrome/browser/permissions/system/system_media_capture_permissions_mac.mm
+source_set("system_media_capture_permissions_mac_conflict") {
+  sources = [
+    "//chrome/browser/permissions/system/system_media_capture_permissions_mac.h",
+    "//chrome/browser/permissions/system/system_media_capture_permissions_mac.mm",
+  ]
+  deps = [ "//chrome/common" ]
 }
--- a/default_app/.eslintrc.json
+++ b/default_app/.eslintrc.json
@@ -1,8 +1,8 @@
 {
  "plugins": [
-    "import"
+    "unicorn"
  ],
  "rules": {
-    "import/enforce-node-protocol-usage": ["error", "always"]
+    "unicorn/prefer-node-protocol": "error"
  }
 }
--- a/docs/.eslintrc.json
+++ b/docs/.eslintrc.json
@@ -1,35 +0,0 @@
-{
-  "extends": "standard",
-  "plugins": [
-    "import",
-    "markdown"
-  ],
-  "overrides": [
-    {
-      "files": ["*.md", "**/*.md"],
-      "processor": "markdown/markdown"
-    }
-  ],
-  "rules": {
-    "@typescript-eslint/no-unused-vars": "off",
-    "import/order": ["error", {
-      "alphabetize": {
-        "order": "asc"
-      },
-      "newlines-between": "always",
-      "pathGroups": [
-        {
-          "pattern": "{electron,electron/**}",
-          "group": "builtin",
-          "position": "before"
-        }
-      ],
-      "pathGroupsExcludedImportTypes": []
-    }],
-    "n/no-callback-literal": "off",
-    "no-undef": "off",
-    "no-unused-expressions": "off",
-    "no-unused-vars": "off",
-    "import/enforce-node-protocol-usage": ["error", "always"]
-  }
-}
--- a/docs/README.md
+++ b/docs/README.md
@@ -113,7 +113,6 @@ These individual tutorials expand on topics discussed in the guide above.
 * [dialog](api/dialog.md)
 * [globalShortcut](api/global-shortcut.md)
 * [inAppPurchase](api/in-app-purchase.md)
-* [ImageView](api/image-view.md)
 * [ipcMain](api/ipc-main.md)
 * [Menu](api/menu.md)
 * [MenuItem](api/menu-item.md)
--- a/docs/api/accelerator.md
+++ b/docs/api/accelerator.md
@@ -0,0 +1,82 @@
+# Accelerator
+
+> Define keyboard shortcuts.
+
+Accelerators are strings that can contain multiple modifiers and a single key code,
+combined by the `+` character, and are used to define keyboard shortcuts
+throughout your application. Accelerators are case insensitive.
+
+Examples:
+
+* `CommandOrControl+A`
+* `CommandOrControl+Shift+Z`
+
+Shortcuts are registered with the [`globalShortcut`](global-shortcut.md) module
+using the [`register`](global-shortcut.md#globalshortcutregisteraccelerator-callback)
+method, i.e.
+
+```js
+const { app, globalShortcut } = require('electron')
+
+app.whenReady().then(() => {
+  // Register a 'CommandOrControl+Y' shortcut listener.
+  globalShortcut.register('CommandOrControl+Y', () => {
+    // Do stuff when Y and either Command/Control is pressed.
+  })
+})
+```
+
+## Platform notice
+
+On Linux and Windows, the `Command` key does not have any effect so
+use `CommandOrControl` which represents `Command` on macOS and `Control` on
+Linux and Windows to define some accelerators.
+
+Use `Alt` instead of `Option`. The `Option` key only exists on macOS, whereas
+the `Alt` key is available on all platforms.
+
+The `Super` (or `Meta`) key is mapped to the `Windows` key on Windows and Linux and
+`Cmd` on macOS.
+
+## Available modifiers
+
+* `Command` (or `Cmd` for short)
+* `Control` (or `Ctrl` for short)
+* `CommandOrControl` (or `CmdOrCtrl` for short)
+* `Alt`
+* `Option`
+* `AltGr`
+* `Shift`
+* `Super`
+* `Meta`
+
+## Available key codes
+
+* `0` to `9`
+* `A` to `Z`
+* `F1` to `F24`
+* Various Punctuation: `)`, `!`, `@`, `#`, `$`, `%`, `^`, `&`, `*`, `(`, `:`, `;`, `:`, `+`, `=`, `<`, `,`, `_`, `-`, `>`, `.`, `?`, `/`, `~`, `` ` ``, `{`, `]`, `[`, `|`, `\`, `}`, `"`
+* `Plus`
+* `Space`
+* `Tab`
+* `Capslock`
+* `Numlock`
+* `Scrolllock`
+* `Backspace`
+* `Delete`
+* `Insert`
+* `Return` (or `Enter` as alias)
+* `Up`, `Down`, `Left` and `Right`
+* `Home` and `End`
+* `PageUp` and `PageDown`
+* `Escape` (or `Esc` for short)
+* `VolumeUp`, `VolumeDown` and `VolumeMute`
+* `MediaNextTrack`, `MediaPreviousTrack`, `MediaStop` and `MediaPlayPause`
+* `PrintScreen`
+* NumPad Keys
+  * `num0` - `num9`
+  * `numdec` - decimal key
+  * `numadd` - numpad `+` key
+  * `numsub` - numpad `-` key
+  * `nummult` - numpad `*` key
+  * `numdiv` - numpad `÷` key
--- a/docs/api/app.md
+++ b/docs/api/app.md
@@ -9,7 +9,6 @@ closed:

 ```js
 const { app } = require('electron')
-
 app.on('window-all-closed', () => {
  app.quit()
 })
@@ -421,7 +420,6 @@ Returns:
    * `oom` - Process ran out of memory
    * `launch-failed` - Process never successfully launched
    * `integrity-failure` - Windows code integrity checks failed
-    * `memory-eviction` - Process proactively terminated to prevent a future out-of-memory (OOM) situation
  * `exitCode` number - The exit code for the process
      (e.g. status from waitpid if on POSIX, from GetExitCodeProcess on Windows).
  * `serviceName` string (optional) - The non-localized name of the process.
@@ -565,9 +563,8 @@ and subscribing to the `ready` event if the app is not ready yet.
  * `steal` boolean _macOS_ - Make the receiver the active app even if another app is
  currently active.

-On macOS, makes the application the active app. On Windows, focuses on the application's
-first window. On Linux, either focuses on the first visible window (X11) or requests
-focus but may instead show a notification or flash the app icon (Wayland).
+On Linux, focuses on the first visible window. On macOS, makes the application
+the active app. On Windows, focuses on the application's first window.

 You should seek to use the `steal` option as sparingly as possible.

@@ -604,7 +601,6 @@ Returns `string` - The current application directory.
    * `%APPDATA%` on Windows
    * `$XDG_CONFIG_HOME` or `~/.config` on Linux
    * `~/Library/Application Support` on macOS
-  * `assets` The directory where app assets such as `resources.pak` are stored. By default this is the same as the folder containing the `exe` path. Available on Windows and Linux only.
  * `userData` The directory for storing your app's configuration files, which
    by default is the `appData` directory appended with your app's name. By
    convention files storing user data should be written to this directory, and
@@ -619,7 +615,7 @@ Returns `string` - The current application directory.
    directory.
  * `temp` Temporary directory.
  * `exe` The current executable file.
-  * `module` The location of the Chromium module. By default this is synonymous with `exe`.
+  * `module` The `libchromiumcontent` library.
  * `desktop` The current user's Desktop directory.
  * `documents` Directory for a user's "My Documents".
  * `downloads` Directory for a user's downloads.
@@ -779,22 +775,6 @@ bar, and on macOS, you can visit it from dock menu.

 Clears the recent documents list.

-### `app.getRecentDocuments()` _macOS_ _Windows_
-
-Returns `string[]` - An array containing documents in the most recent documents list.
-
-```js
-const { app } = require('electron')
-
-const path = require('node:path')
-
-const file = path.join(app.getPath('desktop'), 'foo.txt')
-app.addRecentDocument(file)
-
-const recents = app.getRecentDocuments()
-console.log(recents) // ['/path/to/desktop/foo.txt'}
-```
-
 ### `app.setAsDefaultProtocolClient(protocol[, path, args])`

 * `protocol` string - The name of your protocol, without `://`. For example,
@@ -1043,7 +1023,6 @@ starts:

 ```js
 const { app, BrowserWindow } = require('electron')
-
 let myWindow = null

 const additionalData = { myKey: 'myValue' }
@@ -1216,13 +1195,6 @@ Disables hardware acceleration for current app.

 This method can only be called before app is ready.

-### `app.isHardwareAccelerationEnabled()`
-
-Returns `boolean` - whether hardware acceleration is currently enabled.
-
- > [!NOTE]
- > This information is only usable after the `gpu-info-update` event is emitted.
-
 ### `app.disableDomainBlockingFor3DAPIs()`

 By default, Chromium disables 3D APIs (e.g. WebGL) until restart on a per
@@ -1254,8 +1226,6 @@ For `infoType` equal to `complete`:
 For `infoType` equal to `basic`:
  Promise is fulfilled with `Object` containing fewer attributes than when requested with `complete`. Here's an example of basic response:

-<!-- eslint-skip -->
-
 ```js
 {
  auxAttributes:
@@ -1369,7 +1339,6 @@ latest version.

 ``` js
 const { app } = require('electron')
-
 const path = require('node:path')

 const appFolder = path.dirname(process.execPath)
@@ -1406,75 +1375,7 @@ details. Disabled by default.
 This API must be called after the `ready` event is emitted.

 > [!NOTE]
-> Rendering accessibility tree can significantly affect the performance of your app. It should not be enabled by default. Calling this method will enable the following accessibility support features: `nativeAPIs`, `webContents`, `inlineTextBoxes`, and `extendedProperties`.
-
-### `app.getAccessibilitySupportFeatures()` _macOS_ _Windows_
-
-Returns `string[]` - Array of strings naming currently enabled accessibility support components. Possible values:
-
-* `nativeAPIs` - Native OS accessibility APIs integration enabled.
-* `webContents` - Web contents accessibility tree exposure enabled.
-* `inlineTextBoxes` - Inline text boxes (character bounding boxes) enabled.
-* `extendedProperties` - Extended accessibility properties enabled.
-* `screenReader` - Screen reader specific mode enabled.
-* `html` - HTML accessibility tree construction enabled.
-* `labelImages` - Accessibility support for automatic image annotations.
-* `pdfPrinting` - Accessibility support for PDF printing enabled.
-
-Notes:
-
-* The array may be empty if no accessibility modes are active.
-* Use `app.isAccessibilitySupportEnabled()` for the legacy boolean check;
-  prefer this method for granular diagnostics or telemetry.
-
-Example:
-
-```js
-const { app } = require('electron')
-
-app.whenReady().then(() => {
-  if (app.getAccessibilitySupportFeatures().includes('screenReader')) {
-    // Change some app UI to better work with Screen Readers.
-  }
-})
-```
-
-### `app.setAccessibilitySupportFeatures(features)` _macOS_ _Windows_
-
-* `features` string[] - An array of the accessibility features to enable.
-
-Possible values are:
-
-* `nativeAPIs` - Native OS accessibility APIs integration enabled.
-* `webContents` - Web contents accessibility tree exposure enabled.
-* `inlineTextBoxes` - Inline text boxes (character bounding boxes) enabled.
-* `extendedProperties` - Extended accessibility properties enabled.
-* `screenReader` - Screen reader specific mode enabled.
-* `html` - HTML accessibility tree construction enabled.
-* `labelImages` - Accessibility support for automatic image annotations.
-* `pdfPrinting` - Accessibility support for PDF printing enabled.
-
-To disable all supported features, pass an empty array `[]`.
-
-Example:
-
-```js
-const { app } = require('electron')
-
-app.whenReady().then(() => {
-  // Enable a subset of features:
-  app.setAccessibilitySupportFeatures([
-    'screenReader',
-    'pdfPrinting',
-    'webContents'
-  ])
-
-  // Other logic
-
-  // Some time later, disable all features:
-  app.setAccessibilitySupportFeatures([])
-})
-```
+> Rendering accessibility tree can significantly affect the performance of your app. It should not be enabled by default.

 ### `app.showAboutPanel()`

@@ -1512,7 +1413,6 @@ Returns `Function` - This function **must** be called once you have finished acc

 ```js
 const { app, dialog } = require('electron')
-
 const fs = require('node:fs')

 let filepath
--- a/docs/api/base-window.md
+++ b/docs/api/base-window.md
@@ -99,10 +99,6 @@ Process: [Main](../glossary.md#main-process)

 It creates a new `BaseWindow` with native properties as set by the `options`.

-> [!WARNING]
-> Electron's built-in classes cannot be subclassed in user code.
-> For more information, see [the FAQ](../faq.md#class-inheritance-does-not-work-with-electron-built-in-modules).
-
 ### `new BaseWindow([options])`

 * `options` [BaseWindowConstructorOptions](structures/base-window-options.md?inline) (optional)
@@ -298,7 +294,6 @@ e.g. `APPCOMMAND_BROWSER_BACKWARD` is emitted as `browser-backward`.

 ```js
 const { BaseWindow } = require('electron')
-
 const win = new BaseWindow()
 win.on('app-command', (e, cmd) => {
  // Navigate the window back when the user hits their mouse back button
@@ -507,7 +502,6 @@ A `boolean` property that determines whether the window is excluded from the app

 ```js @ts-expect-error=[12]
 const { Menu, BaseWindow } = require('electron')
-
 const win = new BaseWindow({ height: 600, width: 600 })

 const template = [
@@ -733,7 +727,6 @@ Resizes and moves the window to the supplied bounds. Any properties that are not

 ```js
 const { BaseWindow } = require('electron')
-
 const win = new BaseWindow()

 // set all bounds properties
@@ -994,7 +987,6 @@ a HTML-rendered toolbar. For example:

 ```js
 const { BaseWindow } = require('electron')
-
 const win = new BaseWindow()

 const toolbarRect = document.getElementById('toolbar').getBoundingClientRect()
@@ -1260,47 +1252,6 @@ Sets the properties for the window's taskbar button.
 > `relaunchCommand` and `relaunchDisplayName` must always be set
 > together. If one of those properties is not set, then neither will be used.

-#### `win.setAccentColor(accentColor)` _Windows_
-
-* `accentColor` boolean | string | null - The accent color for the window. By default, follows user preference in System Settings. To reset to system default, pass `null`.
-
-Sets the system accent color and highlighting of active window border.
-
-The `accentColor` parameter accepts the following values:
-
-* **Color string** - Like `true`, but sets a custom accent color using standard CSS color formats (Hex, RGB, RGBA, HSL, HSLA, or named colors). Alpha values in RGBA/HSLA formats are ignored and the color is treated as fully opaque.
-* **`true`** - Enable accent color highlighting for the window with the system accent color regardless of whether accent colors are enabled for windows in System `Settings.`
-* **`false`** - Disable accent color highlighting for the window regardless of whether accent colors are currently enabled for windows in System Settings.
-* **`null`** - Reset window accent color behavior to follow behavior set in System Settings.
-
-Examples:
-
-```js
-const win = new BrowserWindow({ frame: false })
-
-// Set red accent color.
-win.setAccentColor('#ff0000')
-
-// RGB format (alpha ignored if present).
-win.setAccentColor('rgba(255,0,0,0.5)')
-
-// Enable accent color, using the color specified in System Settings.
-win.setAccentColor(true)
-
-// Disable accent color.
-win.setAccentColor(false)
-
-// Reset window accent color behavior to follow behavior set in System Settings.
-win.setAccentColor(null)
-```
-
-#### `win.getAccentColor()` _Windows_
-
-Returns `string | boolean` - the system accent color and highlighting of active window border in Hex RGB format.
-
-If a color has been set for the window that differs from the system accent color, the window accent color will
-be returned. Otherwise, a boolean will be returned, with `true` indicating that the window uses the global system accent color, and `false` indicating that accent color highlighting is disabled for this window.
-
 #### `win.setIcon(icon)` _Windows_ _Linux_

 * `icon` [NativeImage](native-image.md) | string
@@ -1395,10 +1346,6 @@ On Windows it calls SetWindowDisplayAffinity with `WDA_EXCLUDEFROMCAPTURE`.
 For Windows 10 version 2004 and up the window will be removed from capture entirely,
 older Windows versions behave as if `WDA_MONITOR` is applied capturing a black window.

-#### `win.isContentProtected()` _macOS_ _Windows_
-
-Returns `boolean` - whether or not content protection is currently enabled.
-
 #### `win.setFocusable(focusable)` _macOS_ _Windows_

 * `focusable` boolean
--- a/docs/api/browser-view.md
+++ b/docs/api/browser-view.md
@@ -38,10 +38,6 @@ Process: [Main](../glossary.md#main-process)
 This module cannot be used until the `ready` event of the `app`
 module is emitted.

-> [!WARNING]
-> Electron's built-in classes cannot be subclassed in user code.
-> For more information, see [the FAQ](../faq.md#class-inheritance-does-not-work-with-electron-built-in-modules).
-
 ### Example

 ```js
--- a/docs/api/browser-window.md
+++ b/docs/api/browser-window.md
@@ -40,7 +40,6 @@ the window after this event will have no visual flash:

 ```js
 const { BrowserWindow } = require('electron')
-
 const win = new BrowserWindow({ show: false })
 win.once('ready-to-show', () => {
  win.show()
@@ -140,10 +139,6 @@ state is `hidden` in order to minimize power consumption.
  move.
 * On Linux the type of modal windows will be changed to `dialog`.
 * On Linux many desktop environments do not support hiding a modal window.
-* On Wayland (Linux) it is generally not possible to programmatically resize windows
-  after creation, or to position, move, focus, or blur windows without user input.
-  If your app needs these capabilities, run it in Xwayland by appending the flag
-  `--ozone-platform=x11`.

 ## Class: BrowserWindow extends `BaseWindow`

@@ -155,10 +150,6 @@ Process: [Main](../glossary.md#main-process)

 It creates a new `BrowserWindow` with native properties as set by the `options`.

-> [!WARNING]
-> Electron's built-in classes cannot be subclassed in user code.
-> For more information, see [the FAQ](../faq.md#class-inheritance-does-not-work-with-electron-built-in-modules).
-
 ### `new BrowserWindow([options])`

 * `options` [BrowserWindowConstructorOptions](structures/browser-window-options.md?inline) (optional)
@@ -382,7 +373,6 @@ e.g. `APPCOMMAND_BROWSER_BACKWARD` is emitted as `browser-backward`.

 ```js
 const { BrowserWindow } = require('electron')
-
 const win = new BrowserWindow()
 win.on('app-command', (e, cmd) => {
  // Navigate the window back when the user hits their mouse back button
@@ -660,15 +650,10 @@ the [close event](#event-close).

 Focuses on the window.

-On Wayland (Linux), the desktop environment may show a notification or flash
-the app icon if the window or app is not already focused.
-
 #### `win.blur()`

 Removes focus from the window.

-Not supported on Wayland (Linux).
-
 #### `win.isFocused()`

 Returns `boolean` - Whether the window is focused.
@@ -685,8 +670,6 @@ Shows and gives focus to the window.

 Shows the window but doesn't focus on it.

-Not supported on Wayland (Linux).
-
 #### `win.hide()`

 Hides the window.
@@ -835,11 +818,8 @@ Closes the currently open [Quick Look][quick-look] panel.

 Resizes and moves the window to the supplied bounds. Any properties that are not supplied will default to their current values.

-On Wayland (Linux), has the same limitations as `setSize` and `setPosition`.
-
 ```js
 const { BrowserWindow } = require('electron')
-
 const win = new BrowserWindow()

 // set all bounds properties
@@ -879,8 +859,6 @@ See [Setting `backgroundColor`](#setting-the-backgroundcolor-property).
 Resizes and moves the window's client area (e.g. the web page) to
 the supplied bounds.

-On Wayland (Linux), has the same limitations as `setContentSize` and `setPosition`.
-
 #### `win.getContentBounds()`

 Returns [`Rectangle`](structures/rectangle.md) - The `bounds` of the window's client area as `Object`.
@@ -910,8 +888,6 @@ Returns `boolean` - whether the window is enabled.

 Resizes the window to `width` and `height`. If `width` or `height` are below any set minimum size constraints the window will snap to its minimum size.

-On Wayland (Linux), may not work as some window managers restrict programmatic window resizing.
-
 #### `win.getSize()`

 Returns `Integer[]` - Contains the window's width and height.
@@ -924,8 +900,6 @@ Returns `Integer[]` - Contains the window's width and height.

 Resizes the window's client area (e.g. the web page) to `width` and `height`.

-On Wayland (Linux), may not work as some window managers restrict programmatic window resizing.
-
 #### `win.getContentSize()`

 Returns `Integer[]` - Contains the window's client area's width and height.
@@ -1063,16 +1037,12 @@ this method throws an error.

 #### `win.moveTop()`

-Moves window to top(z-order) regardless of focus.
-
-Not supported on Wayland (Linux).
+Moves window to top(z-order) regardless of focus

 #### `win.center()`

 Moves window to the center of the screen.

-Not supported on Wayland (Linux).
-
 #### `win.setPosition(x, y[, animate])`

 * `x` Integer
@@ -1081,8 +1051,6 @@ Not supported on Wayland (Linux).

 Moves window to `x` and `y`.

-Not supported on Wayland (Linux).
-
 #### `win.getPosition()`

 Returns `Integer[]` - Contains the window's current position.
@@ -1112,7 +1080,6 @@ a HTML-rendered toolbar. For example:

 ```js
 const { BrowserWindow } = require('electron')
-
 const win = new BrowserWindow()

 const toolbarRect = document.getElementById('toolbar').getBoundingClientRect()
@@ -1252,8 +1219,7 @@ Captures a snapshot of the page within `rect`. Omitting `rect` will capture the

 Returns `Promise<void>` - the promise will resolve when the page has finished loading
 (see [`did-finish-load`](web-contents.md#event-did-finish-load)), and rejects
-if the page fails to load (see
-[`did-fail-load`](web-contents.md#event-did-fail-load)). A noop rejection handler is already attached, which avoids unhandled rejection errors. If the existing page has a beforeUnload handler, [`did-fail-load`](web-contents.md#event-did-fail-load) will be called unless [`will-prevent-unload`](web-contents.md#event-did-fail-load) is handled.
+if the page fails to load (see [`did-fail-load`](web-contents.md#event-did-fail-load)).

 Same as [`webContents.loadURL(url[, options])`](web-contents.md#contentsloadurlurl-options).

@@ -1266,10 +1232,9 @@ method:

 ```js
 const { BrowserWindow } = require('electron')
-
 const win = new BrowserWindow()

-const url = require('node:url').format({
+const url = require('url').format({
  protocol: 'file',
  slashes: true,
  pathname: require('node:path').join(__dirname, 'index.html')
@@ -1283,7 +1248,6 @@ the following:

 ```js
 const { BrowserWindow } = require('electron')
-
 const win = new BrowserWindow()

 win.loadURL('http://localhost:8000/post', {
@@ -1466,47 +1430,6 @@ Sets the properties for the window's taskbar button.
 > `relaunchCommand` and `relaunchDisplayName` must always be set
 > together. If one of those properties is not set, then neither will be used.

-#### `win.setAccentColor(accentColor)` _Windows_
-
-* `accentColor` boolean | string | null - The accent color for the window. By default, follows user preference in System Settings. To reset to system default, pass `null`.
-
-Sets the system accent color and highlighting of active window border.
-
-The `accentColor` parameter accepts the following values:
-
-* **Color string** - Like `true`, but sets a custom accent color using standard CSS color formats (Hex, RGB, RGBA, HSL, HSLA, or named colors). Alpha values in RGBA/HSLA formats are ignored and the color is treated as fully opaque.
-* **`true`** - Enable accent color highlighting for the window with the system accent color regardless of whether accent colors are enabled for windows in System `Settings.`
-* **`false`** - Disable accent color highlighting for the window regardless of whether accent colors are currently enabled for windows in System Settings.
-* **`null`** - Reset window accent color behavior to follow behavior set in System Settings.
-
-Examples:
-
-```js
-const win = new BrowserWindow({ frame: false })
-
-// Set red accent color.
-win.setAccentColor('#ff0000')
-
-// RGB format (alpha ignored if present).
-win.setAccentColor('rgba(255,0,0,0.5)')
-
-// Enable accent color, using the color specified in System Settings.
-win.setAccentColor(true)
-
-// Disable accent color.
-win.setAccentColor(false)
-
-// Reset window accent color behavior to follow behavior set in System Settings.
-win.setAccentColor(null)
-```
-
-#### `win.getAccentColor()` _Windows_
-
-Returns `string | boolean` - the system accent color and highlighting of active window border in Hex RGB format.
-
-If a color has been set for the window that differs from the system accent color, the window accent color will
-be returned. Otherwise, a boolean will be returned, with `true` indicating that the window uses the global system accent color, and `false` indicating that accent color highlighting is disabled for this window.
-
 #### `win.showDefinitionForSelection()` _macOS_

 Same as `webContents.showDefinitionForSelection()`.
@@ -1600,22 +1523,11 @@ events.

 Prevents the window contents from being captured by other apps.

-On Windows, it calls [`SetWindowDisplayAffinity`](https://learn.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-setwindowdisplayaffinity) with `WDA_EXCLUDEFROMCAPTURE`.
+On macOS it sets the NSWindow's sharingType to NSWindowSharingNone.
+On Windows it calls SetWindowDisplayAffinity with `WDA_EXCLUDEFROMCAPTURE`.
 For Windows 10 version 2004 and up the window will be removed from capture entirely,
 older Windows versions behave as if `WDA_MONITOR` is applied capturing a black window.

-On macOS, it sets the `NSWindow`'s
-[`sharingType`](https://developer.apple.com/documentation/appkit/nswindow/sharingtype-swift.property?language=objc)
-to
-[`NSWindowSharingNone`](https://developer.apple.com/documentation/appkit/nswindow/sharingtype-swift.enum/none?language=objc).
-Unfortunately, due to an intentional change in macOS, newer Mac applications that use
-`ScreenCaptureKit` will capture your window despite `win.setContentProtection(true)`.
-See [here](https://github.com/electron/electron/issues/48258#issuecomment-3269893618).
-
-#### `win.isContentProtected()` _macOS_ _Windows_
-
-Returns `boolean` - whether or not content protection is currently enabled.
-
 #### `win.setFocusable(focusable)` _macOS_ _Windows_

 * `focusable` boolean
--- a/docs/api/client-request.md
+++ b/docs/api/client-request.md
@@ -25,11 +25,6 @@ following properties:
    with which the request is associated. Defaults to the empty string. The
    `session` option supersedes `partition`. Thus if a `session` is explicitly
    specified, `partition` is ignored.
-  * `bypassCustomProtocolHandlers` boolean (optional) - When set to `true`,
-    custom protocol handlers registered for the request's URL scheme will not be
-    called. This allows forwarding an intercepted request to the built-in
-    handler. [webRequest](web-request.md) handlers will still be triggered
-    when bypassing custom protocols. Defaults to `false`.
  * `credentials` string (optional) - Can be `include`, `omit` or
    `same-origin`. Whether to send
    [credentials](https://fetch.spec.whatwg.org/#credentials) with this
@@ -65,10 +60,6 @@ following properties:
    `strict-origin-when-cross-origin`.
  * `cache` string (optional) - can be `default`, `no-store`, `reload`,
    `no-cache`, `force-cache` or `only-if-cached`.
-  * `priority` string (optional) - can be `throttled`, `idle`, `lowest`,
-    `low`, `medium`, or `highest`. Defaults to `idle`.
-  * `priorityIncremental` boolean (optional) - the incremental loading flag as part
-    of HTTP extensible priorities (RFC 9218). Default is `true`.

 `options` properties such as `protocol`, `host`, `hostname`, `port` and `path`
 strictly follow the Node.js model as described in the
--- a/docs/api/clipboard.md
+++ b/docs/api/clipboard.md
@@ -2,16 +2,7 @@

 > Perform copy and paste operations on the system clipboard.

-Process: [Main](../glossary.md#main-process), [Renderer](../glossary.md#renderer-process) _Deprecated_ (non-sandboxed only)
-
-> [!NOTE]
-> Using the `clipoard` API from the renderer process is deprecated.
-
-> [!IMPORTANT]
-> If you want to call this API from a renderer process,
-> place the API call in your preload script and
-> [expose](../tutorial/context-isolation.md#after-context-isolation-enabled) it using the
-> [`contextBridge`](context-bridge.md) API.
+Process: [Main](../glossary.md#main-process), [Renderer](../glossary.md#renderer-process) (non-sandboxed only)

 On Linux, there is also a `selection` clipboard. To manipulate it
 you need to pass `selection` to each method:
--- a/docs/api/command-line-switches.md
+++ b/docs/api/command-line-switches.md
@@ -8,7 +8,6 @@ is emitted:

 ```js
 const { app } = require('electron')
-
 app.commandLine.appendSwitch('remote-debugging-port', '8315')
 app.commandLine.appendSwitch('host-rules', 'MAP * 127.0.0.1')

@@ -49,10 +48,6 @@ Disables the disk cache for HTTP requests.

 Disable HTTP/2 and SPDY/3.1 protocols.

-### --disable-geolocation _macOS_
-
-Disables the Geolocation API. Permission requests for geolocation will be denied internally regardless of the decision made by a handler set via `session.setPermissionRequestHandler`. This functionality is currently implemented only for macOS. Has no effect on other platforms.
-
 ### --disable-renderer-backgrounding

 Prevents Chromium from lowering the priority of invisible pages' renderer
@@ -90,7 +85,7 @@ Field trials to be forcefully enabled or disabled.

 For example: `WebRTC-Audio-Red-For-Opus/Enabled/`

-### --host-rules=`rules` _Deprecated_
+### --host-rules=`rules`

 A comma-separated list of `rules` that control how hostnames are mapped.

@@ -108,23 +103,9 @@ These mappings apply to the endpoint host in a net request (the TCP connect
 and host resolver in a direct connection, and the `CONNECT` in an HTTP proxy
 connection, and the endpoint host in a `SOCKS` proxy connection).

-**Deprecated:** Use the `--host-resolver-rules` switch instead.
-
 ### --host-resolver-rules=`rules`

-A comma-separated list of `rules` that control how hostnames are mapped.
-
-For example:
-
-* `MAP * 127.0.0.1` Forces all hostnames to be mapped to 127.0.0.1
-* `MAP *.google.com proxy` Forces all google.com subdomains to be resolved to
-  "proxy".
-* `MAP test.com [::1]:77` Forces "test.com" to resolve to IPv6 loopback. Will
-  also force the port of the resulting socket address to be 77.
-* `MAP * baz, EXCLUDE www.google.com` Remaps everything to "baz", except for
-  "www.google.com".
-
-These `rules` only apply to the host resolver.
+Like `--host-rules` but these `rules` only apply to the host resolver.

 ### --ignore-certificate-errors

@@ -197,11 +178,6 @@ Disables the Chromium [sandbox](https://www.chromium.org/developers/design-docum
 Forces renderer process and Chromium helper processes to run un-sandboxed.
 Should only be used for testing.

-### --no-stdio-init
-
-Disable stdio initialization during node initialization.
-Used to avoid node initialization crash when the nul device is disabled on Windows platform.
-
 ### --proxy-bypass-list=`hosts`

 Instructs Electron to bypass the proxy server for the given semi-colon-separated
@@ -212,7 +188,6 @@ For example:

 ```js
 const { app } = require('electron')
-
 app.commandLine.appendSwitch('proxy-bypass-list', '<local>;*.google.com;*foo.com;1.2.3.4:5678')
 ```

@@ -315,7 +290,7 @@ Specify ways of the inspector web socket url exposure.

 By default inspector websocket url is available in stderr and under /json/list endpoint on `http://host:port/json/list`.

-### `--experimental-network-inspection`
+### `--experimental-network-inspector`

 Enable support for devtools network inspector events, for visibility into requests made by the nodejs `http` and `https` modules.

@@ -350,26 +325,6 @@ Set the directory to which all Node.js diagnostic output files are written. Defa

 Affects the default output directory of [v8.setHeapSnapshotNearHeapLimit](https://nodejs.org/docs/latest/api/v8.html#v8setheapsnapshotnearheaplimitlimit).

-### `--no-experimental-global-navigator`
-
-Disable exposition of [Navigator API][] on the global scope from Node.js.
-
-## Chromium Flags
-
-There isn't a documented list of all Chromium switches, but there are a few ways to find them.
-
-The easiest way is through Chromium's flags page, which you can access at `about://flags`. These flags don't directly match switch names, but they show up in the process's command-line arguments.
-
-To see these arguments, enable a flag in `about://flags`, then go to `about://version` in Chromium. You'll find a list of command-line arguments, including `--flag-switches-begin --your --list --flag-switches-end`, which contains the list of your flag enabled switches.
-
-Most flags are included as part of `--enable-features=`, but some are standalone switches, like `--enable-experimental-web-platform-features`.
-
-A complete list of flags exists in [Chromium's flag metadata page](https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/flag-metadata.json), but this list includes platform, environment and GPU specific, expired and potentially non-functional flags, so many of them might not always work in every situation.
-
-Keep in mind that standalone switches can sometimes be split into individual features, so there's no fully complete list of switches.
-
-Finally, you'll need to ensure that the version of Chromium in Electron matches the version of the browser you're using to cross-reference the switches.
-
 [app]: app.md
 [append-switch]: command-line.md#commandlineappendswitchswitch-value
 [debugging-main-process]: ../tutorial/debugging-main-process.md
@@ -378,4 +333,3 @@ Finally, you'll need to ensure that the version of Chromium in Electron matches
 [play-silent-audio]: https://github.com/atom/atom/pull/9485/files
 [ready]: app.md#event-ready
 [severities]: https://source.chromium.org/chromium/chromium/src/+/main:base/logging.h?q=logging::LogSeverity&ss=chromium
-[Navigator API]: https://github.com/nodejs/node/blob/main/doc/api/globals.md#navigator
--- a/docs/api/command-line.md
+++ b/docs/api/command-line.md
@@ -9,7 +9,6 @@ The following example shows how to check if the `--disable-gpu` flag is set.

 ```js
 const { app } = require('electron')
-
 app.commandLine.hasSwitch('disable-gpu')
 ```

--- a/docs/api/context-bridge.md
+++ b/docs/api/context-bridge.md
@@ -157,7 +157,6 @@ has been included below for completeness:
 | [Cloneable Types](https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Structured_clone_algorithm) | Simple | ✅ | ✅ | See the linked document on cloneable types |
 | `Element` | Complex | ✅ | ✅ | Prototype modifications are dropped.  Sending custom elements will not work. |
 | `Blob` | Complex | ✅ | ✅ | N/A |
-| `VideoFrame` | Complex | ✅ | ✅ | N/A |
 | `Symbol` | N/A | ❌ | ❌ | Symbols cannot be copied across contexts so they are dropped |

 If the type you care about is not in the above table, it is probably not supported.
@@ -190,9 +189,7 @@ Be very cautious about which globals and APIs you expose to untrusted remote con

 ```js
 const { contextBridge } = require('electron')
-
 const crypto = require('node:crypto')
-
 contextBridge.exposeInMainWorld('nodeCrypto', {
  sha256sum (data) {
    const hash = crypto.createHash('sha256')
--- a/docs/api/corner-smoothing-css.md
+++ b/docs/api/corner-smoothing-css.md
@@ -51,17 +51,19 @@ Use the `system-ui` keyword to match the smoothness to the OS design language.

 ### Controlling availibility

-This CSS rule can be disabled using the Blink feature flag `ElectronCSSCornerSmoothing`.
+This CSS rule can be disabled by setting [the `cornerSmoothingCSS` web preference](./structures/web-preferences.md) to `false`.

 ```js
 const myWindow = new BrowserWindow({
  // [...]
  webPreferences: {
-    disableBlinkFeatures: 'ElectronCSSCornerSmoothing' // Disables the `-electron-corner-smoothing` CSS rule
+    enableCornerSmoothingCSS: false // Disables the `-electron-corner-smoothing` CSS rule
  }
 })
 ```

+The CSS rule will still parse, but will have no visual effect.
+
 ### Formal reference

 * **Initial value**: `0%`
--- a/docs/api/crash-reporter.md
+++ b/docs/api/crash-reporter.md
@@ -4,12 +4,6 @@

 Process: [Main](../glossary.md#main-process), [Renderer](../glossary.md#renderer-process)

-> [!IMPORTANT]
-> If you want to call this API from a renderer process with context isolation enabled,
-> place the API call in your preload script and
-> [expose](../tutorial/context-isolation.md#after-context-isolation-enabled) it using the
-> [`contextBridge`](context-bridge.md) API.
-
 The following is an example of setting up Electron to automatically submit
 crash reports to a remote server:

@@ -69,7 +63,7 @@ The `crashReporter` module has the following methods:
  * `extra` Record\<string, string\> (optional) - Extra string key/value
    annotations that will be sent along with crash reports that are generated
    in the main process. Only string values are supported. Crashes generated in
-    child processes will not include these extra parameters. To add extra
+    child processes will not contain these extra
    parameters to crash reports generated from child processes, call
    [`addExtraParameter`](#crashreporteraddextraparameterkey-value) from the
    child process.
--- a/docs/api/debugger.md
+++ b/docs/api/debugger.md
@@ -10,7 +10,6 @@ runtime that allows interacting with pages and instrumenting them.

 ```js
 const { BrowserWindow } = require('electron')
-
 const win = new BrowserWindow()

 try {
--- a/docs/api/desktop-capturer.md
+++ b/docs/api/desktop-capturer.md
@@ -102,10 +102,6 @@ Returns `Promise<DesktopCapturerSource[]>` - Resolves with an array of [`Desktop

 ## Caveats

-`desktopCapturer.getSources(options)` only returns a single source on Linux when using Pipewire.
-
-PipeWire supports a single capture for both screens and windows. If you request the window and screen type, the selected source will be returned as a window capture.
-
 `navigator.mediaDevices.getUserMedia` does not work on macOS for audio capture due to a fundamental limitation whereby apps that want to access the system's audio require a [signed kernel extension](https://developer.apple.com/library/archive/documentation/Security/Conceptual/System_Integrity_Protection_Guide/KernelExtensions/KernelExtensions.html). Chromium, and by extension Electron, does not provide this.

 It is possible to circumvent this limitation by capturing system audio with another macOS app like Soundflower and passing it through a virtual audio input device. This virtual device can then be queried with `navigator.mediaDevices.getUserMedia`.
--- a/docs/api/dialog.md
+++ b/docs/api/dialog.md
@@ -8,7 +8,6 @@ An example of showing a dialog to select multiple files:

 ```js
 const { dialog } = require('electron')
-
 console.log(dialog.showOpenDialog({ properties: ['openFile', 'multiSelections'] }))
 ```

@@ -53,8 +52,6 @@ The `window` argument allows the dialog to attach itself to a parent window, mak
 The `filters` specifies an array of file types that can be displayed or
 selected when you want to limit the user to a specific type. For example:

-<!-- eslint-skip -->
-
 ```js
 {
  filters: [
@@ -129,8 +126,6 @@ The `window` argument allows the dialog to attach itself to a parent window, mak
 The `filters` specifies an array of file types that can be displayed or
 selected when you want to limit the user to a specific type. For example:

-<!-- eslint-skip -->
-
 ```js
 {
  filters: [
--- a/docs/api/dock.md
+++ b/docs/api/dock.md
@@ -5,8 +5,12 @@
 Process: [Main](../glossary.md#main-process)<br />
 _This class is not exported from the `'electron'` module. It is only available as a return value of other methods in the Electron API._

-> [!TIP]
-> See also: [A detailed guide about how to implement Dock menus](../tutorial/macos-dock.md).
+The following example shows how to bounce your icon on the dock.
+
+```js
+const { app } = require('electron')
+app.dock?.bounce()
+```

 ### Instance Methods

@@ -45,9 +49,6 @@ Bounces the Downloads stack if the filePath is inside the Downloads folder.

 Sets the string to be displayed in the dock’s badging area.

-> [!IMPORTANT]
-> You need to ensure that your application has the permission to display notifications for this method to work.
-
 #### `dock.getBadge()` _macOS_

 Returns `string` - The badge string of the dock.
--- a/docs/api/download-item.md
+++ b/docs/api/download-item.md
@@ -12,7 +12,6 @@ control the download item.
 ```js
 // In the main process.
 const { BrowserWindow } = require('electron')
-
 const win = new BrowserWindow()
 win.webContents.session.on('will-download', (event, item, webContents) => {
  // Set the save path, making Electron not to prompt a save dialog.
--- a/docs/api/environment-variables.md
+++ b/docs/api/environment-variables.md
@@ -104,7 +104,7 @@ you would when running the normal Node.js executable, with the exception of the
 These flags are disabled owing to the fact that Electron uses BoringSSL instead of OpenSSL when building Node.js'
 `crypto` module, and so will not work as designed.

-If the [`runAsNode` fuse](../tutorial/fuses.md#runasnode) is disabled, `ELECTRON_RUN_AS_NODE` will be ignored.
+If the [`runAsNode` fuse](../tutorial/fuses.md#L13) is disabled, `ELECTRON_RUN_AS_NODE` will be ignored.

 ### `ELECTRON_NO_ATTACH_CONSOLE` _Windows_

@@ -125,6 +125,16 @@ Options:
 * `kioclient5`
 * `kioclient`

+### `ELECTRON_OZONE_PLATFORM_HINT` _Linux_
+
+Selects the preferred platform backend used on Linux. The default one is `x11`. `auto` selects Wayland if possible, X11 otherwise.
+
+Options:
+
+* `auto`
+* `wayland`
+* `x11`
+
 ## Development Variables

 The following environment variables are intended primarily for development and
@@ -186,3 +196,14 @@ the one downloaded by `npm install`. Usage:
 ```sh
 export ELECTRON_OVERRIDE_DIST_PATH=/Users/username/projects/electron/out/Testing
 ```
+
+## Set By Electron
+
+Electron sets some variables in your environment at runtime.
+
+### `ORIGINAL_XDG_CURRENT_DESKTOP`
+
+This variable is set to the value of `XDG_CURRENT_DESKTOP` that your application
+originally launched with.  Electron sometimes modifies the value of `XDG_CURRENT_DESKTOP`
+to affect other logic within Chromium so if you want access to the _original_ value
+you should look up this environment variable instead.
--- a/docs/api/extensions-api.md
+++ b/docs/api/extensions-api.md
@@ -77,7 +77,6 @@ extension to be loaded.

 ```js
 const { app, session } = require('electron')
-
 const path = require('node:path')

 app.whenReady().then(async () => {
--- a/docs/api/global-shortcut.md
+++ b/docs/api/global-shortcut.md
@@ -46,16 +46,13 @@ app.on('will-quit', () => {
 })
 ```

-> [!TIP]
-> See also: [A detailed guide on Keyboard Shortcuts](../tutorial/keyboard-shortcuts.md).
-
 ## Methods

 The `globalShortcut` module has the following methods:

 ### `globalShortcut.register(accelerator, callback)`

-* `accelerator` string - An [accelerator](../tutorial/keyboard-shortcuts.md#accelerators) shortcut.
+* `accelerator` [Accelerator](accelerator.md)
 * `callback` Function

 Returns `boolean` - Whether or not the shortcut was registered successfully.
@@ -77,7 +74,7 @@ the app has been authorized as a [trusted accessibility client](https://develope

 ### `globalShortcut.registerAll(accelerators, callback)`

-* `accelerators` string[] - An array of [accelerator](../tutorial/keyboard-shortcuts.md#accelerators) shortcuts.
+* `accelerators` [Accelerator](accelerator.md)[] - an array of [Accelerator](accelerator.md)s.
 * `callback` Function

 Registers a global shortcut of all `accelerator` items in `accelerators`. The `callback` is called when any of the registered shortcuts are pressed by the user.
@@ -96,7 +93,7 @@ the app has been authorized as a [trusted accessibility client](https://develope

 ### `globalShortcut.isRegistered(accelerator)`

-* `accelerator` string - An [accelerator](../tutorial/keyboard-shortcuts.md#accelerators) shortcut.
+* `accelerator` [Accelerator](accelerator.md)

 Returns `boolean` - Whether this application has registered `accelerator`.

@@ -106,7 +103,7 @@ don't want applications to fight for global shortcuts.

 ### `globalShortcut.unregister(accelerator)`

-* `accelerator` string - An [accelerator](../tutorial/keyboard-shortcuts.md#accelerators) shortcut.
+* `accelerator` [Accelerator](accelerator.md)

 Unregisters the global shortcut of `accelerator`.

--- a/docs/api/image-view.md
+++ b/docs/api/image-view.md
@@ -1,66 +0,0 @@
-# ImageView
-
-> A View that displays an image.
-
-Process: [Main](../glossary.md#main-process)
-
-This module cannot be used until the `ready` event of the `app`
-module is emitted.
-
-Useful for showing splash screens that will be swapped for `WebContentsView`s
-when the content finishes loading.
-
-Note that `ImageView` is experimental and may be changed or removed in the future.
-
-```js
-const { BaseWindow, ImageView, nativeImage, WebContentsView } = require('electron')
-
-const path = require('node:path')
-
-const win = new BaseWindow({ width: 800, height: 600 })
-
-// Create a "splash screen" image to display while the WebContentsView loads
-const splashView = new ImageView()
-const splashImage = nativeImage.createFromPath(path.join(__dirname, 'loading.png'))
-splashView.setImage(splashImage)
-win.setContentView(splashView)
-
-const webContentsView = new WebContentsView()
-webContentsView.webContents.once('did-finish-load', () => {
-  // Now that the WebContentsView has loaded, swap out the "splash screen" ImageView
-  win.setContentView(webContentsView)
-})
-webContentsView.webContents.loadURL('https://electronjs.org')
-```
-
-## Class: ImageView extends `View`
-
-> A View that displays an image.
-
-Process: [Main](../glossary.md#main-process)
-
-`ImageView` inherits from [`View`](view.md).
-
-`ImageView` is an [EventEmitter][event-emitter].
-
-> [!WARNING]
-> Electron's built-in classes cannot be subclassed in user code.
-> For more information, see [the FAQ](../faq.md#class-inheritance-does-not-work-with-electron-built-in-modules).
-
-### `new ImageView()` _Experimental_
-
-Creates an ImageView.
-
-### Instance Methods
-
-The following methods are available on instances of the `ImageView` class, in
-addition to those inherited from [View](view.md):
-
-#### `image.setImage(image)` _Experimental_
-
-* `image` NativeImage
-
-Sets the image for this `ImageView`. Note that only image formats supported by
-`NativeImage` can be used with an `ImageView`.
-
-[event-emitter]: https://nodejs.org/api/events.html#events_class_eventemitter
--- a/docs/api/ipc-main-service-worker.md
+++ b/docs/api/ipc-main-service-worker.md
@@ -11,10 +11,6 @@ Process: [Main](../glossary.md#main-process)

 <!-- TODO(samuelmaddock): refactor doc gen to allow generics to reduce duplication -->

-> [!WARNING]
-> Electron's built-in classes cannot be subclassed in user code.
-> For more information, see [the FAQ](../faq.md#class-inheritance-does-not-work-with-electron-built-in-modules).
-
 ### Instance Methods

 #### `ipcMainServiceWorker.on(channel, listener)`
--- a/docs/api/ipc-renderer.md
+++ b/docs/api/ipc-renderer.md
@@ -20,12 +20,6 @@ changes:

 Process: [Renderer](../glossary.md#renderer-process)

-> [!IMPORTANT]
-> If you want to call this API from a renderer process with context isolation enabled,
-> place the API call in your preload script and
-> [expose](../tutorial/context-isolation.md#after-context-isolation-enabled) it using the
-> [`contextBridge`](context-bridge.md) API.
-
 The `ipcRenderer` module is an  [EventEmitter][event-emitter]. It provides a few
 methods so you can send synchronous and asynchronous messages from the render
 process (web page) to the main process. You can also receive replies from the
--- a/Show More
+++ b/Show More