chore: update patches

Merge 0edcc985fa into 38fe14041d
use pr head ref
2026-02-26 03:01:17 -05:00 · 2025-06-11 19:03:17 +00:00 · 2025-06-11 18:51:42 +00:00 · 2025-06-11 11:51:22 -07:00 · 2025-06-06 23:25:13 -07:00 · 2025-06-06 15:34:36 -07:00
1147 changed files with 31729 additions and 58540 deletions
--- a/.claude/.gitignore
+++ b/.claude/.gitignore
@@ -1 +0,0 @@
 settings.local.json
--- a/.claude/settings.json
+++ b/.claude/settings.json
@@ -1,24 +0,0 @@
 {
  "permissions": {
    "allow": [
      "Bash(e sync)",
      "Bash(e patches --list-targets:*)",
      "Bash(git add:*)",
      "Bash(git am:*)",
      "Bash(git commit:*)",
      "Bash(git log:*)",
      "Bash(git show:*)",
      "Bash(e patches:*)",
      "Bash(e sync:*)",
      "Skill(electron-chromium-upgrade)",
      "Read(*)",
      "Bash(echo:*)",
      "Bash(e build:*)",
      "Bash(tee:*)",
      "Bash(git diff:*)",
      "Bash(git rev-parse:*)"
    ],
    "deny": [],
    "ask": []
  }
 }
--- a/.claude/skills/electron-chromium-upgrade/SKILL.md
+++ b/.claude/skills/electron-chromium-upgrade/SKILL.md
@@ -1,181 +0,0 @@
 ---
 name: electron-chromium-upgrade
 description: Guide for performing Chromium version upgrades in the Electron project. Use when working on the roller/chromium/main branch to fix patch conflicts during `e sync --3`. Covers the patch application workflow, conflict resolution, analyzing upstream Chromium changes, and proper commit formatting for patch fixes.
 ---
 # Electron Chromium Upgrade: Phase One
 ## Summary
 Run `e sync --3` repeatedly, fixing patch conflicts as they arise, until it succeeds. Then export patches and commit changes atomically.
 ## Success Criteria
 Phase One is complete when:
 - `e sync --3` exits with code 0 (no patch failures)
 - All changes are committed per the commit guidelines
 Do not stop until these criteria are met.
 **CRITICAL** Do not delete or skip patches unless 100% certain the patch is no longer needed. Complicated conflicts or hard to resolve issues should be presented to the user after you have exhausted all other options. Do not delete the patch just because you can't solve it.
 ## Context
 The `roller/chromium/main` branch is created by automation to update Electron's Chromium dependency SHA. No work has been done to handle breaking changes between the old and new versions.
 **Key directories:**
 - Current directory: Electron repo (always run `e` commands here)
 - `..` (parent): Chromium repo (where most patches apply)
 - `patches/`: Patch files organized by target
 - `docs/development/patches.md`: Patch system documentation
 ## Pre-flight Checks
 Run these once at the start of each upgrade session:
 1. **Clear rerere cache** (if enabled): `git rerere clear` in both the electron and `..` repos. Stale recorded resolutions from a prior attempt can silently apply wrong merges.
 2. **Ensure pre-commit hooks are installed**: Check that `.git/hooks/pre-commit` exists. If not, run `yarn husky` to install it. The hook runs `lint-staged` which handles clang-format for C++ files.
 ## Workflow
 1. Run `e sync --3` (the `--3` flag enables 3-way merge, always required)
 2. If succeeds → skip to step 5
 3. If patch fails:
   - Identify target repo and patch from error output
   - Analyze failure (see references/patch-analysis.md)
   - Fix conflict in target repo's working directory
   - Run `git am --continue` in affected repo
   - Repeat until all patches for that repo apply
   - IMPORTANT: Once `git am --continue` succeeds you MUST run `e patches {target}` to export fixes
   - Return to step 1
 4. When `e sync --3` succeeds, run `e patches all`
 5. **Read `references/phase-one-commit-guidelines.md` NOW**, then commit changes following those instructions exactly.
 ## Commands Reference
 | Command | Purpose |
 |---------|---------|
 | `e sync --3` | Clone deps and apply patches with 3-way merge |
 | `git am --continue` | Continue after resolving conflict (run in target repo) |
 | `e patches {target}` | Export commits from target repo to patch files |
 | `e patches all` | Export all patches from all targets |
 | `e patches {target} --commit-updates` | Export patches and auto-commit trivial changes |
 | `e patches --list-targets` | List targets and config paths |
 ## Patch System Mental Model
 ```
 patches/{target}/*.patch  →  [e sync --3]  →  target repo commits
                          ←  [e patches]   ←
 ```
 ## When to Edit Patches
 | Situation | Action |
 |-----------|--------|
 | During active `git am` conflict | Fix in target repo, then `git am --continue` |
 | Modifying patch outside conflict | Edit `.patch` file directly |
 | Creating new patch (rare, avoid) | Commit in target repo, then `e patches {target}` |
 Fix existing patches 99% of the time rather than creating new ones.
 ## Patch Fixing Rules
 1. **Preserve authorship**: Keep original author in TODO comments (from patch `From:` field)
 2. **Never change TODO assignees**: `TODO(name)` must retain original name
 3. **Update descriptions**: If upstream changed (e.g., `DCHECK` → `CHECK_IS_TEST`), update patch commit message to reflect current state
 # Electron Chromium Upgrade: Phase Two
 ## Summary
 Run `e build -k 999 -- --quiet` repeatedly, fixing build issues as they arise, until it succeeds. Then run `e start --version` to validate Electron launches and commit changes atomically.
 Run Phase Two immediately after Phase One is complete.
 ## Success Criteria
 Phase Two is complete when:
 - `e build -k 999 -- --quiet` exits with code 0 (no build failures)
 - `e start --version` has been run to check Electron launches
 - All changes are committed per the commit guidelines
 Do not stop until these criteria are met. Do not delete code or features, never comment out code in order to take short cut. Make all existing code, logic and intention work.
 ## Context
 The `roller/chromium/main` branch is created by automation to update Electron's Chromium dependency SHA. No work has been done to handle breaking changes between the old and new versions. Chromium APIs frequently are renamed or refactored. In every case the code in Electron must be updated to account for the change in Chromium, strongly avoid making changes to the code in chromium to fix Electrons build.
 **Key directories:**
 - Current directory: Electron repo (always run `e` commands here)
 - `..` (parent): Chromium repo (do not touch this code to fix build issues, just read it to obtain context)
 ## Workflow
 1. Run `e build -k 999 -- --quiet` (the `--quiet` flag suppresses per-target status lines, showing only errors and the final result)
 2. If succeeds → skip to step 6
 3. If build fails:
    - Identify underlying file in "electron" from the compilation error message
    - Analyze failure
    - Fix build issue by adapting Electron's code for the change in Chromium
    - Run `e build -t {target_that_failed}.o` to build just the failed target we were specifically fixing
        - You can identify the target_that_failed from the failure line in the build log. E.g. `FAILED: 2e506007-8d5d-4f38-bdd1-b5cd77999a77 "./obj/electron/chromium_src/chrome/process_singleton_posix.o" CXX obj/electron/chromium_src/chrome/process_singleton_posix.o` the target name is `obj/electron/chromium_src/chrome/process_singleton_posix.o`
    - **Read `references/phase-two-commit-guidelines.md` NOW**, then commit changes following those instructions exactly.
    - Return to step 1
 4. **CRITICAL**: After ANY commit (especially patch commits), immediately run `git status` in the electron repo
    - Look for other modified `.patch` files that only have index/hunk header changes
    - These are dependent patches affected by your fix
    - Commit them immediately with: `git commit -am "chore: update patches (trivial only)"`
 5. Return to step 1
 6. When `e build` succeeds, run `e start --version`
 7. Check if you have any pending changes in the Chromium repo by running `git status`
    - If you have changes follow the instructions below in "A. Patch Fixes" to correctly commit those modifications into the appropriate patch file
 ## Commands Reference
 | Command | Purpose |
 |---------|---------|
 | `e build -k 999 -- --quiet` | Build Electron, continue on errors, suppress status lines |
 | `e build -t {target}.o` | Build just one specific target to verify a fix |
 | `e start --version` | Validate Electron launches after successful build |
 ## Two Types of Build Fixes
 ### A. Patch Fixes (for files in chromium_src or patched Chromium files)
 When the error is in a file that Electron patches (check with `grep -l "filename" patches/chromium/*.patch`):
 1. Edit the file in the Chromium source tree (e.g., `/src/chrome/browser/...`)
 2. Create a fixup commit targeting the original patch commit:
    ```bash
    cd ..  # to chromium repo
    git add <modified-file>
    git commit --fixup=<original-patch-commit-hash>
    GIT_SEQUENCE_EDITOR=: git rebase --autosquash --autostash -i <commit>^
    ```
 3. Export the updated patch: `e patches chromium`
 4. Commit the updated patch file following `references/phase-one-commit-guidelines.md`.
 To find the original patch commit to fixup: `git log --oneline | grep -i "keyword from patch name"`
 The base commit for rebase is the Chromium commit before patches were applied. Find it by checking the `refs/patches/upstream-head` ref.
 ### B. Electron Code Fixes (for files in shell/, electron/, etc.)
 When the error is in Electron's own source code:
 1. Edit files directly in the electron repo
 2. Commit directly (no patch export needed)
 # Critical: Read Before Committing
 - Before ANY Phase One commits: Read `references/phase-one-commit-guidelines.md`
 - Before ANY Phase Two commits: Read `references/phase-two-commit-guidelines.md`
 # Skill Directory Structure
 This skill has additional reference files in `references/`:
 - patch-analysis.md - How to analyze patch failures
 - phase-one-commit-guidelines.md - Commit format for Phase One
 - phase-two-commit-guidelines.md - Commit format for Phase Two
 Read these when referenced in the workflow steps.
--- a/.claude/skills/electron-chromium-upgrade/references/patch-analysis.md
+++ b/.claude/skills/electron-chromium-upgrade/references/patch-analysis.md
@@ -1,119 +0,0 @@
 # Analyzing Patch Failures
 ## Investigation Steps
 1. **Read the patch file** at `patches/{target}/{patch_name}.patch`
 2. **Examine current state** of the file in Chromium at mentioned line numbers
 3. **Check recent upstream changes:**
   ```bash
   cd ..  # or relevant target repo
   git log --oneline -10 -- {file}
   ```
 4. **Find Chromium CL** in commit messages:
   ```
   Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/{CL_NUMBER}
   ```
 ## Critical: Resolve by Intent, Not by Mechanical Merge
 When resolving a patch conflict, do NOT blindly preserve the patch's old code. Instead:
 1. **Understand the upstream CL's full scope** — not just the conflicting hunk.
   Run `git show <commit> --stat` and read diffs for all affected files.
   Upstream may have removed structs, members, or methods that the patch
   references in other hunks or files.
 2. **Re-read the patch commit message** to understand its *intent* — what
   behavior does it need to preserve or add?
 3. **Implement the intent against the new upstream code.** If the patch's
   purpose is "add a feature flag guard", add only the guard — don't also
   restore old code inside the guard that upstream separately removed.
 ### Lesson: Upstream Removals Break Patch References
 - **Trigger:** Patch conflict involves an upstream refactor (not just context drift)
 - **Strategy:** After identifying the upstream CL, check its full diff for
  removed types, members, and methods. If the patch's old code references
  something removed, the resolution must use the new upstream mechanism.
 - **Evidence:** An upstream CL removed a `HeadlessModeWindow` struct from a
  header, but the conflict was only in a `.mm` file. Mechanically keeping the
  patch's old line (`headless_mode_window_ = ...`) produced code referencing
  a nonexistent type — caught only on review, not at patch-apply time.
 ### Lesson: Separate Patch Purpose from Patch Implementation
 - **Trigger:** Conflict between "upstream simplified code" vs "patch has older code"
 - **Strategy:** Identify the *minimal* change the patch needs. If the patch
  wraps code in a conditional, only add the conditional — don't restore old
  code that was inside the conditional but was separately cleaned up upstream.
 - **Evidence:** An occlusion patch needed only a feature flag check, but the
  old patch also contained a version check that upstream intentionally removed.
  Mechanically preserving the old patch code re-added the removed check.
 ### Lesson: Finish the Adaptation at Conflict Time
 - **Trigger:** A patch conflict involves an upstream API removal or replacement
 - **Strategy:** When resolving the conflict, fully adapt the patch to use the
  new API in the same commit. Don't remove the old code and leave behind stale
  references that will "be fixed in Phase Two." Each patch fix commit should be
  a complete resolution.
 - **Evidence:** A safestorage patch conflicted because Chromium removed Keychain V1.
  The conflict was resolved by removing V1 hunks, but the remaining code still
  called V1 methods (`FindGenericPassword` with 3 args, `ItemDelete` with
  `SecKeychainItemRef`). These should have been adapted to V2 APIs in the same
  commit, not deferred.
 ## Common Failure Patterns
 | Pattern | Cause | Solution |
 |---------|-------|----------|
 | Context lines don't match | Surrounding code changed | Update context in patch |
 | File not found | File renamed/moved | Update patch target path |
 | Function not found | Refactored upstream | Find new function name |
 | `DCHECK` → `CHECK_IS_TEST` | Macro change | Update to new macro |
 | Deleted code | Feature removed | Verify patch still needed |
 ## Using Git Blame
 To find the CL that changed specific lines:
 ```bash
 cd ..
 git blame -L {start},{end} -- {file}
 git log -1 {commit_sha}  # Look for Reviewed-on: line
 ```
 ## Verifying Patch Necessity
 Before deleting a patch, verify:
 1. The patched functionality was intentionally removed upstream
 2. Electron doesn't need the patch for other reasons
 3. No other code depends on the patched behavior
 When in doubt, keep the patch and adapt it.
 ## Phase Two: Build-Time Patch Issues
 Sometimes patches that applied successfully in Phase One cause build errors in Phase Two. This can happen when:
 1. **Incomplete types**: A patch disables a header include, but new upstream code uses the type
 2. **Missing members**: A patch modifies a class, but upstream added new code referencing the original
 ### Finding Which Patch Affects a File
 ```bash
 grep -l "filename.cc" patches/chromium/*.patch
 ```
 Matching Existing Patch Patterns
 When fixing build errors in patched files, examine the existing patch to understand its style:
 - Does it use #if 0 / #endif guards?
 - Does it use #if BUILDFLAG(...) conditionals?
 - What's the pattern for disabled functionality?
 Apply fixes consistent with the existing patch style.
--- a/.claude/skills/electron-chromium-upgrade/references/phase-one-commit-guidelines.md
+++ b/.claude/skills/electron-chromium-upgrade/references/phase-one-commit-guidelines.md
@@ -1,102 +0,0 @@
 # Phase One Commit Guidelines
 Only follow these instructions if there are uncommitted changes to `patches/` after Phase One succeeds.
 Ignore other instructions about making commit messages, our guidelines are CRITICALLY IMPORTANT and must be followed.
 ## Each Commit Must Be Complete
 When resolving a patch conflict, fully adapt the patch to the new upstream code in the same commit. If the upstream change removes an API the patch uses, update the patch to use the replacement API now — don't leave stale references knowing they'll need fixing later. The goal is that each commit represents a finished resolution, not a partial one that defers known work to a future phase.
 ## Commit Message Style
 **Titles** follow the 60/80-character guideline: simple changes fit within 60 characters, otherwise the limit is 80 characters.
 Always include a `Co-Authored-By` trailer identifying the AI model that assisted (e.g., `Co-Authored-By: <AI model attribution>`).
 ### Patch conflict fixes
 Use `fix(patch):` prefix. The title should name the upstream change, not your response to it:
 ```
 fix(patch): {topic headline}
 Ref: {Chromium CL link}
 Co-Authored-By: <AI model attribution>
 ```
 Only add a description body if it provides clarity beyond the title. For straightforward context drift or simple API renames, the title + Ref is sufficient.
 Examples:
 - `fix(patch): constant moved to header`
 - `fix(patch): headless mode refactor upstream`
 - `fix(patch): V1 Keychain removal`
 ### Upstreamed patch removal
 When patches are no longer needed (applied cleanly with "already applied" or confirmed upstreamed), group ALL removals into a single commit:
 ```
 chore: remove upstreamed patch
 ```
 or (if multiple):
 ```
 chore: remove upstreamed patches
 ```
 If the patch file did NOT contain a `Reviewed-on: https://chromium-review.googlesource.com/c/chromium/...` link, add a `Ref:` in the commit. If it did (i.e. cherry-picks), no `Ref:` is needed.
 ### Trivial patch updates
 After all fix commits, stage remaining trivial changes (index, line numbers, context only):
 ```bash
 git add patches
 git commit -m "chore: update patches (trivial only)"
 ```
 **Conflict resolution can produce trivial results.** A `git am` conflict doesn't always mean the patch content changed — context drift alone can cause a conflict. After resolving and exporting, inspect the patch diff: if only index hashes, line numbers, and context lines changed (not the patch's own `+`/`-` lines), it's trivial and belongs here, not in a `fix(patch):` commit.
 ## Atomic Commits
 Each patch conflict fix gets its own commit with its own Ref.
 IMPORTANT: Try really hard to find the CL reference per the instructions below. Each change you made should in theory have been in response to a change made in Chromium that you identified or can identify. Try for a while to identify and include the ref in the commit message. Do not give up easily.
 ## Finding CL References
 Use `git log` or `git blame` on Chromium source files. Look for:
 ```
 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/XXXXXXX
 ```
 If no CL found after searching: `Ref: Unable to locate CL`
 ## Example Commits
 ### Patch conflict fix (simple — title is sufficient)
 ```
 fix(patch): constant moved to header
 Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7536483
 Co-Authored-By: <AI model attribution>
 ```
 ### Patch conflict fix (complex — description adds value)
 ```
 fix(patch): V1 Keychain removal
 Upstream deleted the V1 Keychain API. Removed V1 hunks and adapted
 keychain_password_mac.mm to use KeychainV2 APIs.
 Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7540447
 Co-Authored-By: <AI model attribution>
 ```
--- a/.claude/skills/electron-chromium-upgrade/references/phase-two-commit-guidelines.md
+++ b/.claude/skills/electron-chromium-upgrade/references/phase-two-commit-guidelines.md
@@ -1,84 +0,0 @@
 # Phase Two Commit Guidelines
 Only follow these instructions if there are uncommitted changes in the Electron repo after any fixes are made during Phase Two that result a target that was failing, successfully building.
 Ignore other instructions about making commit messages, our guidelines are CRITICALLY IMPORTANT and must be followed.
 ## Commit Message Style
 **Titles** follow the 60/80-character guideline: simple changes fit within 60 characters, otherwise the limit is 80 characters. Exception: upstream Chromium CL titles are used verbatim even if longer.
 Always include a `Co-Authored-By` trailer identifying the AI model that assisted (e.g., `Co-Authored-By: <AI model attribution>`).
 ## Two Commit Types
 ### For Electron Source Changes (shell/, electron/, etc.)
 ```
 {CL-Number}: {upstream CL's original title}
 Ref: {Chromium CL link}
 Co-Authored-By: <AI model attribution>
 ```
 Use the **upstream CL's original commit title** — do not paraphrase or rewrite it. To find it: `git log -1 --format=%s <chromium-commit-hash>`.
 Only add a description body if it provides clarity beyond what the title already says (e.g., when Electron's adaptation is non-obvious). For simple renames, method additions, or straightforward API updates, the title + Ref link is sufficient.
 Each change should have its own commit and its own Ref. Logically group into commits that make sense rather than one giant commit. You may include multiple "Ref" links if required.
 For a CL link in the format `https://chromium-review.googlesource.com/c/chromium/src/+/2958369` the "CL-Number" is `2958369`.
 IMPORTANT: Try really hard to find the CL reference. Each change you made should in theory have been in response to a change in Chromium. Do not give up easily.
 ### For Patch Updates (patches/chromium/*.patch)
 Use the same fixup workflow as Phase One and follow `references/phase-one-commit-guidelines.md` for the commit message format (`fix(patch):` prefix, topic style).
 ## Dependent Patch Header Updates
 After any patch modification, check for other affected patches:
 ```bash
 git status
 # If other .patch files show as modified with only index, line number, and context changes:
 git add patches/
 git commit -m "chore: update patches (trivial only)"
 ```
 ## Finding CL References
 Use git log or git blame on Chromium source files. Look for:
 ```
 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/XXXXXXX
 ```
 If no CL found after searching: `Ref: Unable to locate CL`
 ## Example Commits
 ### Electron Source Fix (simple — title is self-explanatory)
 ```
 7535923: Rename ozone buildflags
 Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7535923
 Co-Authored-By: <AI model attribution>
 ```
 ### Electron Source Fix (complex — description adds value)
 ```
 7534194: Convert some functions in ui::Clipboard to async
 Adapted ExtractCustomPlatformNames calls to use RunLoop pattern
 consistent with existing ReadImage implementation, since upstream
 converted the API from synchronous return to callback-based.
 Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7534194
 Co-Authored-By: <AI model attribution>
 ```
--- a/.devcontainer/docker-compose.yml
+++ b/.devcontainer/docker-compose.yml
@@ -2,7 +2,7 @@ version: '3'
 services:
  buildtools:
-    image: ghcr.io/electron/devcontainer:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
+    image: ghcr.io/electron/devcontainer:424eedbf277ad9749ffa9219068aa72ed4a5e373
    volumes:
      - ..:/workspaces/gclient/src/electron:cached
--- a/.devcontainer/on-create-command.sh
+++ b/.devcontainer/on-create-command.sh
@@ -48,8 +48,7 @@ if [ ! -f $buildtools/configs/evm.testing.json ]; then
            \"gen\": {
                \"args\": [
                    \"import(\\\"//electron/build/args/testing.gn\\\")\",
-                    \"use_remoteexec = true\",
+                    \"use_remoteexec = true\"
                    \"use_siso=true\"
                ],
                \"out\": \"Testing\"
            },
@@ -59,13 +58,13 @@ if [ ! -f $buildtools/configs/evm.testing.json ]; then
            },
            \"\$schema\": \"file:///home/builduser/.electron_build_tools/evm-config.schema.json\",
            \"configValidationLevel\": \"strict\",
-            \"remoteBuild\": \"siso\",
+            \"reclient\": \"$1\",
-            \"preserveSDK\": 5
+            \"preserveXcode\": 5
        }
    " >$buildtools/configs/evm.testing.json
  }
-  write_config
+  write_config remote_exec
  e use testing 
 else
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -58,16 +58,6 @@ body:
    label: Last Known Working Electron version
    description: What is the last version of Electron this worked in, if applicable?
    placeholder: 16.0.0
 - type: dropdown
  attributes:
    label: Does the issue also appear in Chromium / Google Chrome?
    description: If it does, please report the issue in the [Chromium issue tracker](https://issues.chromium.org/issues), not against Electron. Electron will inherit the fix once Chromium resolves the issue.
    options:
      - I don't know how to test
      - "Yes"
      - "No"
  validations:
    required: true
 - type: textarea
  attributes:
    label: Expected Behavior
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -10,8 +10,7 @@ Contributors guide: https://github.com/electron/electron/blob/main/CONTRIBUTING.
 #### Checklist
 <!-- Remove items that do not apply. For completed items, change [ ] to [x]. -->
- [ ] PR description included
+- [ ] PR description included and stakeholders cc'd
 - [ ] I have built and tested this PR
 - [ ] `npm test` passes
 - [ ] tests are [changed or added](https://github.com/electron/electron/blob/main/docs/development/testing.md)
 - [ ] relevant API documentation, tutorials, and examples are updated and follow the [documentation style guide](https://github.com/electron/electron/blob/main/docs/development/style-guide.md)
--- a/.github/actions/build-electron/action.yml
+++ b/.github/actions/build-electron/action.yml
@@ -17,6 +17,9 @@ inputs:
  is-release:
    description: 'Is release build'
    required: true
  strip-binaries:
    description: 'Strip binaries (Linux only)'
    required: false
  generate-symbols:
    description: 'Generate symbols'
    required: true
@@ -26,9 +29,6 @@ inputs:
  is-asan:
    description: 'The ASan Linux build'
    required: false
  upload-out-gen-artifacts:
    description: 'Whether to upload the out/${dir}/gen artifacts'
    required: false
 runs:
  using: "composite"
  steps:
@@ -38,17 +38,10 @@ runs:
      run: |
        GN_APPENDED_ARGS="$GN_EXTRA_ARGS target_cpu=\"x64\" v8_snapshot_toolchain=\"//build/toolchain/mac:clang_x64\""
        echo "GN_EXTRA_ARGS=$GN_APPENDED_ARGS" >> $GITHUB_ENV
    - name: Set GN_EXTRA_ARGS for Windows
      shell: bash
      if: ${{inputs.target-arch != 'x64' && inputs.target-platform == 'win' }}
      run: |
        GN_APPENDED_ARGS="$GN_EXTRA_ARGS target_cpu=\"${{ inputs.target-arch }}\""
        echo "GN_EXTRA_ARGS=$GN_APPENDED_ARGS" >> $GITHUB_ENV
    - name: Add Clang problem matcher
      shell: bash
      run: echo "::add-matcher::src/electron/.github/problem-matchers/clang.json"
    - name: Build Electron ${{ inputs.step-suffix }}
      if: ${{ inputs.target-platform != 'win' }}
      shell: bash
      run: |
        rm -rf "src/out/Default/Electron Framework.framework"
@@ -64,51 +57,22 @@ runs:
          sudo launchctl limit maxfiles 65536 200000
        fi
-        if [ "${{ inputs.is-release }}" = "true" ]; then
+        NINJA_SUMMARIZE_BUILD=1 e build -j $NUMBER_OF_NINJA_PROCESSES
          NINJA_SUMMARIZE_BUILD=1 e build --target electron:release_build
        else
          NINJA_SUMMARIZE_BUILD=1 e build --target electron:testing_build
        fi
        cp out/Default/.ninja_log out/electron_ninja_log
        node electron/script/check-symlinks.js
-
+    - name: Strip Electron Binaries ${{ inputs.step-suffix }}
-        # Upload build stats to Datadog
+      shell: bash
-        if ! [ -z $DD_API_KEY ]; then
+      if: ${{ inputs.strip-binaries == 'true' }}
          npx node electron/script/build-stats.mjs out/Default/siso.INFO --upload-stats || true          
        else
          echo "Skipping build-stats.mjs upload because DD_API_KEY is not set"
        fi
    - name: Build Electron (Windows) ${{ inputs.step-suffix }}
      if: ${{ inputs.target-platform == 'win' }}
      shell: powershell
      run: |
-        cd src\electron
+        cd src
-        git pack-refs
+        electron/script/copy-debug-symbols.py --target-cpu="${{ inputs.target-arch }}" --out-dir=out/Default/debug --compress
-        cd ..
+        electron/script/strip-binaries.py --target-cpu="${{ inputs.target-arch }}" --verbose
-
+        electron/script/add-debug-link.py --target-cpu="${{ inputs.target-arch }}" --debug-dir=out/Default/debug
-        $env:NINJA_SUMMARIZE_BUILD = 1
+    - name: Build Electron dist.zip ${{ inputs.step-suffix }}
        if ("${{ inputs.is-release }}" -eq "true") {          
          e build --target electron:release_build
        } else {
          e build --target electron:testing_build
        }
        Copy-Item out\Default\.ninja_log out\electron_ninja_log
        node electron\script\check-symlinks.js
        # Upload build stats to Datadog
        if ($env:DD_API_KEY) {
          try {
            npx node electron\script\build-stats.mjs out\Default\siso.exe.INFO --upload-stats ; $LASTEXITCODE = 0
          } catch {
            Write-Host "Build stats upload failed, continuing..."
          }
        } else {
          Write-Host "Skipping build-stats.mjs upload because DD_API_KEY is not set"
        }
    - name: Verify dist.zip ${{ inputs.step-suffix }}
      shell: bash
      run: |
-        cd src        
+        cd src
        e build --target electron:electron_dist_zip -j $NUMBER_OF_NINJA_PROCESSES -d explain
        if [ "${{ inputs.is-asan }}" != "true" ]; then
          target_os=${{ inputs.target-platform == 'macos' && 'mac' || inputs.target-platform }}
          if [ "${{ inputs.artifact-platform }}" = "mas" ]; then
@@ -116,10 +80,11 @@ runs:
          fi
          electron/script/zip_manifests/check-zip-manifest.py out/Default/dist.zip electron/script/zip_manifests/dist_zip.$target_os.${{ inputs.target-arch }}.manifest
        fi
-    - name: Fixup Mksnapshot ${{ inputs.step-suffix }}
+    - name: Build Mksnapshot ${{ inputs.step-suffix }}
      shell: bash
      run: |
        cd src
        e build --target electron:electron_mksnapshot -j $NUMBER_OF_NINJA_PROCESSES
        ELECTRON_DEPOT_TOOLS_DISABLE_LOG=1 e d gn desc out/Default v8:run_mksnapshot_default args > out/Default/mksnapshot_args
        # Remove unused args from mksnapshot_args
        SEDOPTION="-i"
@@ -129,6 +94,20 @@ runs:
        sed $SEDOPTION '/.*builtins-pgo/d' out/Default/mksnapshot_args
        sed $SEDOPTION '/--turbo-profiling-input/d' out/Default/mksnapshot_args
        if [ "${{ inputs.target-platform }}" = "linux" ]; then
          if [ "${{ inputs.target-arch }}" = "arm" ]; then
            electron/script/strip-binaries.py --file $PWD/out/Default/clang_x86_v8_arm/mksnapshot
            electron/script/strip-binaries.py --file $PWD/out/Default/clang_x86_v8_arm/v8_context_snapshot_generator
          elif [ "${{ inputs.target-arch }}" = "arm64" ]; then
            electron/script/strip-binaries.py --file $PWD/out/Default/clang_x64_v8_arm64/mksnapshot
            electron/script/strip-binaries.py --file $PWD/out/Default/clang_x64_v8_arm64/v8_context_snapshot_generator
          else
            electron/script/strip-binaries.py --file $PWD/out/Default/mksnapshot
            electron/script/strip-binaries.py --file $PWD/out/Default/v8_context_snapshot_generator
          fi
        fi
        e build --target electron:electron_mksnapshot_zip -j $NUMBER_OF_NINJA_PROCESSES
        if [ "${{ inputs.target-platform }}" = "win" ]; then
          cd out/Default
          powershell Compress-Archive -update mksnapshot_args mksnapshot.zip
@@ -162,15 +141,13 @@ runs:
      shell: bash
      run: |
        cd src
        e build --target electron:electron_chromedriver -j $NUMBER_OF_NINJA_PROCESSES
        e build --target electron:electron_chromedriver_zip
-
+    - name: Build Node.js headers ${{ inputs.step-suffix }}
-        if [ "${{ inputs.is-asan }}" != "true" ]; then
+      shell: bash
-          target_os=${{ inputs.target-platform == 'macos' && 'mac' || inputs.target-platform }}
+      run: |
-          if [ "${{ inputs.artifact-platform }}" = "mas" ]; then
+        cd src
-            target_os="${target_os}_mas"
+        e build --target electron:node_headers
          fi
          electron/script/zip_manifests/check-zip-manifest.py out/Default/chromedriver.zip electron/script/zip_manifests/chromedriver_zip.$target_os.${{ inputs.target-arch }}.manifest
        fi
    - name: Create installed_software.json ${{ inputs.step-suffix }}
      shell: powershell
      if: ${{ inputs.is-release == 'true' && inputs.target-platform == 'win' }}
@@ -190,11 +167,17 @@ runs:
        # Needed for msdia140.dll on 64-bit windows
        cd src
        export PATH="$PATH:$(pwd)/third_party/llvm-build/Release+Asserts/bin"
-    - name: Zip Symbols ${{ inputs.step-suffix }}
+    - name: Generate & Zip Symbols ${{ inputs.step-suffix }}
      shell: bash
      run: |
        # Generate breakpad symbols on release builds
        if [ "${{ inputs.generate-symbols }}" = "true" ]; then
          e build --target electron:electron_symbols
        fi
        cd src
        export BUILD_PATH="$(pwd)/out/Default"
        e build --target electron:licenses
        e build --target electron:electron_version_file
        if [ "${{ inputs.is-release }}" = "true" ]; then
          DELETE_DSYMS_AFTER_ZIP=1 electron/script/zip-symbols.py -b $BUILD_PATH
        else
@@ -205,8 +188,20 @@ runs:
      if: ${{ inputs.is-release == 'true' }}
      run: |
        cd src
-        gn gen out/ffmpeg --args="import(\"//electron/build/args/ffmpeg.gn\") use_remoteexec=true use_siso=true $GN_EXTRA_ARGS"
+        gn gen out/ffmpeg --args="import(\"//electron/build/args/ffmpeg.gn\") use_remoteexec=true $GN_EXTRA_ARGS"
-        e build --target electron:electron_ffmpeg_zip -C ../../out/ffmpeg
+        e build --target electron:electron_ffmpeg_zip -C ../../out/ffmpeg -j $NUMBER_OF_NINJA_PROCESSES
    - name: Generate Hunspell Dictionaries ${{ inputs.step-suffix }}
      shell: bash
      if: ${{ inputs.is-release == 'true' && inputs.target-platform == 'linux' }}
      run: |
        e build --target electron:hunspell_dictionaries_zip -j $NUMBER_OF_NINJA_PROCESSES
    - name: Generate Libcxx ${{ inputs.step-suffix }}
      shell: bash
      if: ${{ inputs.is-release == 'true' && inputs.target-platform == 'linux' }}
      run: |
        e build --target electron:libcxx_headers_zip -j $NUMBER_OF_NINJA_PROCESSES
        e build --target electron:libcxxabi_headers_zip -j $NUMBER_OF_NINJA_PROCESSES
        e build --target electron:libcxx_objects_zip -j $NUMBER_OF_NINJA_PROCESSES
    - name: Remove Clang problem matcher
      shell: bash
      run: echo "::remove-matcher owner=clang::"
@@ -215,11 +210,10 @@ runs:
      shell: bash
      run: |
        cd src/electron
-        node script/yarn.js create-typescript-definitions
+        node script/yarn create-typescript-definitions
    - name: Publish Electron Dist ${{ inputs.step-suffix }}
      if: ${{ inputs.is-release == 'true' }}
      shell: bash
      id: github-upload
      run: |
        rm -rf src/out/Default/obj
        cd src/electron
@@ -230,34 +224,7 @@ runs:
          echo 'Uploading Electron release distribution to GitHub releases'
          script/release/uploaders/upload.py --verbose
        fi
    - name: Generate artifact attestation
      if: ${{ inputs.is-release == 'true' }}
      uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0
      with:
        subject-path: ${{ steps.github-upload.outputs.UPLOADED_PATHS }}
    - name: Generate siso report
      if: ${{ inputs.target-platform != 'win' && !cancelled() }}
      shell: bash
      run: |
        cd src
        e d siso report -C out/Default > siso_report.txt
        SISO_REPORT_PATH=$(grep -o '/.*siso-report-[^ ]*' siso_report.txt)
        echo "SISO_REPORT_PATH=$SISO_REPORT_PATH" >> $GITHUB_ENV
        cat siso_report.txt
        echo "SISO REPORT AT $SISO_REPORT_PATH"
    - name: Generate siso report (Windows)
      if: ${{ inputs.target-platform == 'win' && !cancelled() }}
      shell: powershell
      run: |
        cd src
        e d siso report -C out\Default > siso_report.txt
        $SISO_REPORT_PATH = Get-Content "siso_report.txt" | Select-String "report file:\s*(.+)" | ForEach-Object { 
          $_.Matches.Groups[1].Value.Trim() 
        }
        echo "SISO_REPORT_PATH=$SISO_REPORT_PATH"
        echo "SISO_REPORT_PATH=$SISO_REPORT_PATH" >> $env:GITHUB_ENV
    - name: Generate Artifact Key
      if: always() && !cancelled()
      shell: bash
      run: |
        if [ "${{ inputs.is-asan }}" = "true" ]; then 
@@ -269,11 +236,9 @@ runs:
    # The current generated_artifacts_<< artifact.key >> name was taken from CircleCI
    # to ensure we don't break anything, but we may be able to improve that.
    - name: Move all Generated Artifacts to Upload Folder ${{ inputs.step-suffix }}
      if: always() && !cancelled()
      shell: bash
      run: ./src/electron/script/actions/move-artifacts.sh
    - name: Upload Generated Artifacts ${{ inputs.step-suffix }}
      if: always() && !cancelled()
      uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
      with:
        name: generated_artifacts_${{ env.ARTIFACT_KEY }}
@@ -283,9 +248,3 @@ runs:
      with:
        name: src_artifacts_${{ env.ARTIFACT_KEY }}
        path: ./src_artifacts_${{ inputs.artifact-platform }}_${{ inputs.target-arch }}
    - name: Upload Out Gen Artifacts ${{ inputs.step-suffix }}
      if: ${{ inputs.upload-out-gen-artifacts == 'true' }}
      uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
      with:
        name: out_gen_artifacts_${{ env.ARTIFACT_KEY }}
        path: ./src/out/Default/gen
--- a/.github/actions/checkout/action.yml
+++ b/.github/actions/checkout/action.yml
@@ -40,10 +40,10 @@ runs:
    if: ${{ inputs.generate-sas-token == 'true' }}
    shell: bash
    run: |
-      curl --unix-socket /var/run/sas/sas.sock --fail "http://foo/$CACHE_FILE?platform=${{ inputs.target-platform }}&getAccountName=true" > sas-token
+      curl --unix-socket /var/run/sas/sas.sock --fail "http://foo/$CACHE_FILE?platform=${{ inputs.target-platform }}" > sas-token
  - name: Save SAS Key
    if: ${{ inputs.generate-sas-token == 'true' }}
-    uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+    uses: actions/cache/save@d4323d4df104b026a6aa633fdb11d772146be0bf
    with:
      path: sas-token
      key: sas-key-${{ inputs.target-platform }}-${{ github.run_number }}-${{ github.run_attempt }}
@@ -143,17 +143,16 @@ runs:
          echo "No changes to patches detected"
        fi
      fi
-  - name: Remove patch conflict problem matchers
+  - name: Remove patch conflict problem matcher
    shell: bash
    run: |
      echo "::remove-matcher owner=merge-conflict::"
      echo "::remove-matcher owner=patch-conflict::"
      echo "::remove-matcher owner=patch-needs-update::"
  - name: Upload patches stats
    if: ${{ inputs.target-platform == 'linux' && github.ref == 'refs/heads/main' }}
    shell: bash
    run: |
-      node src/electron/script/patches-stats.mjs --upload-stats || true
+      npx node src/electron/script/patches-stats.mjs --upload-stats || true
  # delete all .git directories under src/ except for
  # third_party/angle/ and third_party/dawn/ because of build time generation of files
  # gen/angle/commit.h depends on third_party/angle/.git/HEAD
@@ -173,6 +172,7 @@ runs:
    run: |
      rm -rf src/android_webview
      rm -rf src/ios/chrome
      rm -rf src/third_party/blink/web_tests
      rm -rf src/third_party/blink/perf_tests
      rm -rf src/chrome/test/data/xr/webvr_info
      rm -rf src/third_party/angle/third_party/VK-GL-CTS/src
--- a/.github/actions/cipd-install/action.yml
+++ b/.github/actions/cipd-install/action.yml
@@ -14,9 +14,6 @@ inputs:
    description: 'Target platform, should be linux, win, macos'
  package:
    description: 'Package to install'
  dependency-version:
    description: 'Version of the dependency to install'
    default: ''
 runs:
  using: "composite"
  steps:
@@ -25,23 +22,15 @@ runs:
      run : |
        rm -rf ${{ inputs.cipd-root-prefix-path }}${{ inputs.installation-dir }}
    - name: Create ensure file for ${{ inputs.dependency }}
      if: ${{ inputs.dependency-version == '' }}
      shell: bash
      run: |
        echo '${{ inputs.package }}' `e d gclient getdep --deps-file=${{ inputs.deps-file }} -r '${{ inputs.installation-dir }}:${{ inputs.package }}'` > ${{ inputs.dependency }}_ensure_file
        cat ${{ inputs.dependency }}_ensure_file
    - name: Create ensure file for ${{ inputs.dependency }} from dependency-version
      if: ${{ inputs.dependency-version != '' }}
      shell: bash
      run: |
        echo '${{ inputs.package }} ${{ inputs.dependency-version }}'  > ${{ inputs.dependency }}_ensure_file
        cat ${{ inputs.dependency }}_ensure_file
    - name: CIPD installation of ${{ inputs.dependency }} (macOS)
-      if: ${{ inputs.target-platform != 'win' }}
+      if: ${{ inputs.target-platform == 'macos' }}
      shell: bash
      run: |
-        echo "ensuring ${{ inputs.dependency }}"
+        echo "ensuring ${{ inputs.dependency }} on macOS"
        e d cipd ensure --root ${{ inputs.cipd-root-prefix-path }}${{ inputs.installation-dir }} -ensure-file ${{ inputs.dependency }}_ensure_file
    - name: CIPD installation of ${{ inputs.dependency }} (Windows)
      if: ${{ inputs.target-platform == 'win' }}
--- a/.github/actions/fix-sync/action.yml
+++ b/.github/actions/fix-sync/action.yml
@@ -19,16 +19,12 @@ inputs:
 runs:
  using: "composite"
  steps:
-    - name: Fix llvm toolchain
+    - name: Fix clang
      if: ${{ inputs.target-platform != 'linux' }}
      shell: bash
      run : |
        rm -rf src/third_party/llvm-build
        python3 src/tools/clang/scripts/update.py
        # Refs https://chromium-review.googlesource.com/c/chromium/src/+/6667681
        python3 src/tools/clang/scripts/update.py --package objdump
    - name: Fix esbuild
      if: ${{ inputs.target-platform != 'linux' }}
      uses: ./src/electron/.github/actions/cipd-install
      with:
        cipd-root-prefix-path: src/third_party/devtools-frontend/src/
@@ -37,24 +33,7 @@ runs:
        installation-dir: third_party/esbuild
        target-platform: ${{ inputs.target-platform }}
        package: infra/3pp/tools/esbuild/${platform}
    - name: Fix rollup
      if: ${{ inputs.target-platform != 'linux' }}
      uses: ./src/electron/.github/actions/cipd-install
      with:
        cipd-root-prefix-path: src/third_party/devtools-frontend/src/
        dependency: rollup_libs
        deps-file: src/third_party/devtools-frontend/src/DEPS
        installation-dir: third_party/rollup_libs
        target-platform: ${{ inputs.target-platform }}
        package: infra/3pp/tools/rollup_libs/${platform}
    - name: Sync native rollup libs
      if: ${{ inputs.target-platform != 'linux' }}
      shell: bash
      run : |
        cd src/third_party/devtools-frontend/src
        python3 scripts/deps/sync_rollup_libs.py
    - name: Fix rustc
      if: ${{ inputs.target-platform != 'linux' }}
      shell: bash
      run : |
        rm -rf src/third_party/rust-toolchain
@@ -78,7 +57,6 @@ runs:
        target-platform: ${{ inputs.target-platform }}
        package: gn/gn/windows-amd64
    - name: Fix reclient
      if: ${{ inputs.target-platform != 'linux' }}
      uses: ./src/electron/.github/actions/cipd-install
      with:
        dependency: reclient
@@ -87,7 +65,6 @@ runs:
        target-platform: ${{ inputs.target-platform }}
        package: infra/rbe/client/${platform}
    - name: Configure reclient configs
      if: ${{ inputs.target-platform != 'linux' }}
      shell: bash
      run : |
        python3 src/buildtools/reclient_cfgs/configure_reclient_cfgs.py --rbe_instance "projects/rbe-chrome-untrusted/instances/default_instance" --reproxy_cfg_template reproxy.cfg.template --rewrapper_cfg_project "" --skip_remoteexec_cfg_fetch
@@ -105,7 +82,6 @@ runs:
          python3 src/third_party/depot_tools/download_from_google_storage.py --no_resume --no_auth --bucket chromium-browser-clang -s $DSYM_SHA_FILE -o src/tools/clang/dsymutil/bin/dsymutil
        fi
    - name: Fix ninja
      if: ${{ inputs.target-platform != 'linux' }}
      uses: ./src/electron/.github/actions/cipd-install
      with:
        dependency: ninja
@@ -114,20 +90,10 @@ runs:
        target-platform: ${{ inputs.target-platform }}
        package: infra/3pp/tools/ninja/${platform}
    - name: Set ninja in path
      if: ${{ inputs.target-platform != 'linux' }}
      shell: bash
      run : |
        echo "$(pwd)/src/third_party/ninja" >> $GITHUB_PATH
    - name: Fix siso
      uses: ./src/electron/.github/actions/cipd-install
      with:
        dependency: siso
        deps-file: src/DEPS
        installation-dir: src/third_party/siso/cipd
        target-platform: ${{ inputs.target-platform }}
        package: build/siso/${platform}
    - name: Fixup angle git
      if: ${{ inputs.target-platform != 'linux' }}
      shell: bash
      run : |
        cd src/third_party/angle
--- a/.github/actions/free-space-macos/action.yml
+++ b/.github/actions/free-space-macos/action.yml
@@ -6,8 +6,6 @@ runs:
    - name: Free Space on MacOS
      shell: bash
      run: |
        echo "Disk usage before cleanup:"
        df -h
        sudo mkdir -p $TMPDIR/del-target
        tmpify() {
@@ -17,30 +15,28 @@ runs:
        }
        strip_universal_deep() {
-          if [ -d "$1" ]; then
+          opwd=$(pwd)
-            opwd=$(pwd)
+          cd $1
-            cd $1
+          f=$(find . -perm +111 -type f)
-            f=$(find . -perm +111 -type f)
+          for fp in $f
-            for fp in $f
+          do
-            do
+            if [[ $(file "$fp") == *"universal binary"* ]]; then
-              if [[ $(file "$fp") == *"universal binary"* ]]; then
+              if [ "`arch`" == "arm64" ]; then
-                if [ "`arch`" == "arm64" ]; then
+                if [[ $(file "$fp") == *"x86_64"* ]]; then
-                  if [[ $(file "$fp") == *"x86_64"* ]]; then
+                  sudo lipo -remove x86_64 "$fp" -o "$fp" || true
-                    sudo lipo -remove x86_64 "$fp" -o "$fp" || true
+                fi
-                  fi
+              else
-                else
+                if [[ $(file "$fp") == *"arm64e)"* ]]; then
-                  if [[ $(file "$fp") == *"arm64e)"* ]]; then
+                  sudo lipo -remove arm64e "$fp" -o "$fp" || true
-                    sudo lipo -remove arm64e "$fp" -o "$fp" || true
+                fi
-                  fi
+                if [[ $(file "$fp") == *"arm64)"* ]]; then
-                  if [[ $(file "$fp") == *"arm64)"* ]]; then
+                  sudo lipo -remove arm64 "$fp" -o "$fp" || true
                    sudo lipo -remove arm64 "$fp" -o "$fp" || true
                  fi
                fi
              fi
-            done
+            fi
          done
-            cd $opwd
+          cd $opwd
          fi
        }
        tmpify /Library/Developer/CoreSimulator
@@ -61,31 +57,9 @@ runs:
        sudo rm -rf $TMPDIR/del-target
        sudo rm -rf /Applications/Safari.app
        sudo rm -rf /Applications/Xcode_16.1.app
        sudo rm -rf /Applications/Xcode_16.2.app
        sudo rm -rf /Applications/Xcode_16.3.app
        sudo rm -rf /Applications/Xcode_26*
        sudo rm -rf /Applications/Google Chrome.app
        sudo rm -rf /Applications/Google Chrome for Testing.app
        sudo rm -rf /Applications/Firefox.app
        sudo rm -rf /Applications/Microsoft Edge.app
        sudo rm -rf ~/project/src/third_party/catapult/tracing/test_data
        sudo rm -rf ~/project/src/third_party/angle/third_party/VK-GL-CTS
        sudo rm -rf /Users/runner/Library/Android
        sudo rm -rf $JAVA_HOME_11_arm64
        sudo rm -rf $JAVA_HOME_17_arm64
        sudo rm -rf $JAVA_HOME_21_arm64
        sudo rm -rf $JAVA_HOME_25_arm64
        sudo rm -rf /Users/runner/.dotnet/
        sudo rm -rf /Users/runner/.rustup
        # remove homebrew packages we don't need
        if command -v brew &> /dev/null; then
          brew uninstall -f --zap aws-sam-cli session-manager-plugin gcc gcc@13 gcc@14 llvm@18 gradle maven ant azure-cli
          brew autoremove
        fi
        # lipo off some huge binaries arm64 versions to save space
        strip_universal_deep $(xcode-select -p)/../SharedFrameworks
-        # strip_arm_deep /System/Volumes/Data/Library/Developer/CommandLineTools/usr
+        # strip_arm_deep /System/Volumes/Data/Library/Developer/CommandLineTools/usr
        sudo mdutil -a -i off
--- a/.github/actions/generate-types/action.yml
+++ b/.github/actions/generate-types/action.yml
@@ -13,16 +13,12 @@ runs:
  - name: Generating Types for SHA in ${{ inputs.sha-file }}
    shell: bash
    run: |
-      export ELECTRON_DIR=$(pwd)
+      git checkout $(cat ${{ inputs.sha-file }})
-      if [ "${{ inputs.sha-file }}" == ".dig-old" ]; then
+      rm -rf node_modules
-        cd /tmp
+      yarn install --frozen-lockfile --ignore-scripts
        git clone https://github.com/electron/electron.git
        cd electron
      fi
      git checkout $(cat $ELECTRON_DIR/${{ inputs.sha-file }})
      node script/yarn.js install --immutable
      echo "#!/usr/bin/env node\nglobal.x=1" > node_modules/typescript/bin/tsc
      node node_modules/.bin/electron-docs-parser --dir=./ --outDir=./ --moduleVersion=0.0.0-development
      node node_modules/.bin/electron-typescript-definitions --api=electron-api.json --outDir=artifacts
-      mv artifacts/electron.d.ts $ELECTRON_DIR/artifacts/${{ inputs.filename }}
+      mv artifacts/electron.d.ts artifacts/${{ inputs.filename }}
      git checkout .
    working-directory: ./electron
--- a/.github/actions/install-build-tools/action.yml
+++ b/.github/actions/install-build-tools/action.yml
@@ -11,11 +11,9 @@ runs:
        git config --global core.autocrlf false
        git config --global branch.autosetuprebase always
        git config --global core.fscache true
        git config --global core.longpaths true
        git config --global core.preloadindex true
        git config --global core.longpaths true
      fi
-      export BUILD_TOOLS_SHA=a0cc95a1884a631559bcca0c948465b725d9295a
+      export BUILD_TOOLS_SHA=6e8526315ea3b4828882497e532b8340e64e053c
      npm i -g @electron/build-tools
      # Update depot_tools to ensure python
      e d update_depot_tools
--- a/.github/actions/install-dependencies/action.yml
+++ b/.github/actions/install-dependencies/action.yml
@@ -6,8 +6,8 @@ runs:
  - name: Get yarn cache directory path
    shell: bash
    id: yarn-cache-dir-path
-    run: echo "dir=$(node src/electron/script/yarn.js config get cacheFolder)" >> $GITHUB_OUTPUT
+    run: echo "dir=$(node src/electron/script/yarn cache dir)" >> $GITHUB_OUTPUT
-  - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+  - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57
    id: yarn-cache
    with:
      path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
@@ -18,14 +18,4 @@ runs:
    shell: bash
    run: |
      cd src/electron
-      if [ "$TARGET_ARCH" = "x86" ]; then
+      node script/yarn install --frozen-lockfile --prefer-offline
        export npm_config_arch="ia32"
      fi
      # if running on linux arm skip yarn Builds
      ARCH=$(uname -m)
      if [ "$ARCH" = "armv7l" ]; then
        echo "Skipping yarn build on linux arm"
        node script/yarn.js install --immutable --mode=skip-build
      else
        node script/yarn.js install --immutable
      fi
--- a/.github/actions/restore-cache-azcopy/action.yml
+++ b/.github/actions/restore-cache-azcopy/action.yml
@@ -8,14 +8,14 @@ runs:
  steps:
  - name: Obtain SAS Key
    continue-on-error: true
-    uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+    uses: actions/cache/restore@d4323d4df104b026a6aa633fdb11d772146be0bf
    with:
      path: sas-token
      key: sas-key-${{ inputs.target-platform }}-${{ github.run_number }}-1
      enableCrossOsArchive: true
  - name: Obtain SAS Key
    continue-on-error: true
-    uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+    uses: actions/cache/restore@d4323d4df104b026a6aa633fdb11d772146be0bf
    with:
      path: sas-token
      key: sas-key-${{ inputs.target-platform }}-${{ github.run_number }}-${{ github.run_attempt }}
@@ -32,23 +32,22 @@ runs:
      shell: bash
      command: |
        sas_token=$(cat sas-token)
-        if [ -z "$sas_token" ]; then
+        if [ -z $sas-token ]; then
          echo "SAS Token not found; exiting src cache download early..."
          exit 1
        else
          sas_token=$(jq -r '.sasToken' sas-token)
          account_name=$(jq -r '.accountName' sas-token)
          if [ "${{ inputs.target-platform }}" = "win" ]; then
            azcopy copy --log-level=ERROR \
-            "https://$account_name.file.core.windows.net/${{ env.AZURE_AKS_WIN_CACHE_SHARE_NAME }}/${{ env.CACHE_PATH }}?$sas_token" $DEPSHASH.tar
+            "https://${{ env.AZURE_AKS_CACHE_STORAGE_ACCOUNT }}.file.core.windows.net/${{ env.AZURE_AKS_WIN_CACHE_SHARE_NAME }}/${{ env.CACHE_PATH }}?$sas_token" $DEPSHASH.tar
          else
            azcopy copy --log-level=ERROR \
-            "https://$account_name.file.core.windows.net/${{ env.AZURE_AKS_CACHE_SHARE_NAME }}/${{ env.CACHE_PATH }}?$sas_token" $DEPSHASH.tar
+            "https://${{ env.AZURE_AKS_CACHE_STORAGE_ACCOUNT }}.file.core.windows.net/${{ env.AZURE_AKS_CACHE_SHARE_NAME }}/${{ env.CACHE_PATH }}?$sas_token" $DEPSHASH.tar
          fi            
        fi
    env:
-      AZURE_AKS_CACHE_SHARE_NAME: linux-cache
+      AZURE_AKS_CACHE_STORAGE_ACCOUNT: f723719aa87a34622b5f7f3
-      AZURE_AKS_WIN_CACHE_SHARE_NAME: windows-cache
+      AZURE_AKS_CACHE_SHARE_NAME: pvc-f6a4089f-b082-4bee-a3f9-c3e1c0c02d8f
      AZURE_AKS_WIN_CACHE_SHARE_NAME: pvc-71dec4f2-0d44-4fd1-a2c3-add049d70bdf
  - name: Clean SAS Key
    shell: bash
    run: rm -f sas-token
@@ -97,7 +96,7 @@ runs:
      $TEMP_DIR=New-Item -ItemType Directory -Path temp-cache
      $TEMP_DIR_PATH = $TEMP_DIR.FullName
-      C:\ProgramData\Chocolatey\bin\7z.exe -y -snld20 x $src_cache -o"$TEMP_DIR_PATH"
+      C:\ProgramData\Chocolatey\bin\7z.exe -y x $src_cache -o"$TEMP_DIR_PATH"
  - name: Move Src Cache (Windows)
    if: ${{ inputs.target-platform == 'win' }}
--- a/.github/actions/ssh-debug/action.yml
+++ b/.github/actions/ssh-debug/action.yml
@@ -1,20 +0,0 @@
 name: Debug via SSH
 description: Setup a SSH server with a tunnel to access it to debug via SSH.
 inputs:
  tunnel:
    description: 'Enable SSH tunneling via cloudflared'
    required: true
    default: 'false'
  timeout:
    description: 'SSH session timeout in seconds'
    required: false
    type: number
    default: 3600
 runs:
  using: composite
  steps:
    - run: $GITHUB_ACTION_PATH/setup-ssh.sh
      shell: bash
      env:
        TUNNEL: ${{ inputs.tunnel }}
        TIMEOUT: ${{ inputs.timeout }}
--- a/.github/actions/ssh-debug/bashrc
+++ b/.github/actions/ssh-debug/bashrc
@@ -1,4 +0,0 @@
 # If we're in an interactive SSH session and we're not already in tmux and there's no explicit SSH command, auto attach tmux
 if [ -n "$SSH_TTY" ] && [ -z "$TMUX" ] && [ -z "$SSH_ORIGINAL_COMMAND" ]; then
    exec tmux attach || exec tmux
 fi
--- a/.github/actions/ssh-debug/setup-ssh.sh
+++ b/.github/actions/ssh-debug/setup-ssh.sh
@@ -1,146 +0,0 @@
 #!/bin/bash -e
 if [ "${TUNNEL}" != "true" ]; then
    echo "SSH tunneling is disabled. Set enable-tunnel: true to enable remote access."
    echo "Local SSH server would be available on localhost:2222 if this were a local environment."
    exit 0
 fi
 echo ::group::Configuring Tunnel
 echo "SSH tunneling enabled. Setting up remote access..."
 EXTERNAL_DEPS="curl jq ssh-keygen"
 for dep in $EXTERNAL_DEPS; do
    if ! command -v "${dep}" > /dev/null 2>&1; then
       echo "Command ${dep} not installed on the system!" >&2
       exit 1
    fi
 done
 cd "$GITHUB_ACTION_PATH"
 bashrc_path=$(pwd)/bashrc
 # Source `bashrc` to auto start tmux on SSH login.
 if ! grep -q "${bashrc_path}" ~/.bash_profile; then
    echo >> ~/.bash_profile # On macOS runner there's no newline at the end of the file
    echo "source \"${bashrc_path}\"" >> ~/.bash_profile
 fi
 OS=$(uname -s | tr '[:upper:]' '[:lower:]')
 ARCH=$(uname -m)
 if [ "${ARCH}" = "x86_64" ]; then
    ARCH="amd64"
 elif [ "${ARCH}" = "aarch64" ]; then
    ARCH="arm64"
 fi
 if [ "${OS}" = "darwin" ] && ! command -v tmux > /dev/null 2>&1; then
    echo "Installing tmux..."
    brew install tmux
 fi
 if [ "$OS" = "darwin" ]; then
    cloudflared_url="https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-${OS}-${ARCH}.tgz"
    echo "Downloading \`cloudflared\` from <$cloudflared_url>..."
    curl --location --silent --output cloudflared.tgz "${cloudflared_url}"
    tar xf cloudflared.tgz
    rm cloudflared.tgz
 fi
 chmod +x cloudflared
 echo 'Creating SSH server key...'
 ssh-keygen -q -f ssh_host_rsa_key -N ''
 echo 'Creating SSH server config...'
 sed "s,\$PWD,${PWD},;s,\$USER,${USER}," sshd_config.template > sshd_config
 echo 'Starting SSH server...'
 sudo /usr/sbin/sshd -f sshd_config -D &
 sshd_pid=$!
 echo "SSH server started successfully (PID: ${sshd_pid})"
 echo 'Starting tmux session...'
 (cd "${GITHUB_WORKSPACE}" && tmux new-session -d -s debug)
 mkdir ~/.cloudflared
 CLEAN_TUNNEL_CERT=$(printf '%s\n' "${CLOUDFLARE_TUNNEL_CERT}" | tr -d '\r' | sed '/^[[:space:]]*$/d')
 echo "${CLEAN_TUNNEL_CERT}" > ~/.cloudflared/cert.pem
 CLEAN_USER_CA_CERT=$(printf '%s\n' "${CLOUDFLARE_USER_CA_CERT}" | tr -d '\r' | sed '/^[[:space:]]*$/d')
 echo "${CLEAN_USER_CA_CERT}" | sudo tee /etc/ssh/ca.pub > /dev/null
 sudo chmod 644 /etc/ssh/ca.pub
 random_suffix=$(openssl rand -hex 5 | cut -c1-10)
 tunnel_name="${GITHUB_SHA}-${GITHUB_RUN_ID}-${random_suffix}"
 tunnel_url="${tunnel_name}.${CLOUDFLARE_TUNNEL_HOSTNAME}"
 if ./cloudflared tunnel list | grep -q "${tunnel_name}"; then
    echo "Deleting existing tunnel: ${tunnel_name}"
    ./cloudflared tunnel delete ${tunnel_name}
 fi
 echo "Creating new cloudflare tunnel: ${tunnel_name}"
 ./cloudflared tunnel create ${tunnel_name}
 credentials_file=$(find ~/.cloudflared -name "*.json" | head -n 1)
 if [ -z "${credentials_file}" ]; then
    echo "Error: Could not find tunnel credentials file"
    exit 1
 fi
 echo "Found credentials file: ${credentials_file}"
 echo 'Creating tunnel configuration...'
 cat > tunnel_config.yml << EOF
 tunnel: ${tunnel_name}
 credentials-file: ${credentials_file}
 ingress:
  - hostname: ${tunnel_url}
    service: ssh://localhost:2222
  - service: http_status:404
 EOF
 echo 'Setting up DNS routing for tunnel...'
 ./cloudflared tunnel route dns ${tunnel_name} ${tunnel_url}
 echo 'Running cloudflare tunnel...'
 ./cloudflared tunnel --no-autoupdate --config tunnel_config.yml run 2>&1 | tee cloudflared.log | sed -u 's/^/cloudflared: /' &
 cloudflared_pid=$!
 echo ::endgroup::
 echo ::notice title=SSH Debug Session Ready::ssh ${tunnel_url}
 (
    echo '    '
    echo '    '
    echo '🔗 SSH Debug Session Ready!'
    echo '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'
    echo '    '
    echo '📋 Infra WG can copy and run this command to connect:'
    echo '    '
    echo "ssh ${tunnel_url}"
    echo '    '
    echo "⏰ Session expires automatically in ${TIMEOUT} seconds"
    echo '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'
    echo '    '
    echo '    '
 ) | cat
 echo ::group::Starting Background Session
 echo 'Starting SSH session in background...'
 ./ssh-session.sh "${sshd_pid}" "${cloudflared_pid}" "${TIMEOUT}" "${tunnel_name}" &
 echo 'SSH session is running in background. GitHub Action will continue.'
 echo 'Session will auto-cleanup after timeout or when processes end.'
 echo ::endgroup::
--- a/.github/actions/ssh-debug/ssh-session.sh
+++ b/.github/actions/ssh-debug/ssh-session.sh
@@ -1,52 +0,0 @@
 #!/bin/bash
 SSHD_PID=$1
 CLOUDFLARED_PID=$2
 SESSION_TIMEOUT=${3:-10000}
 TUNNEL_NAME=$4
 cleanup() {
    # Kill processes.
    for pid in "$SLEEP_PID" "$SSHD_PID" "$CLOUDFLARED_PID"; do
        if [ -n "$pid" ] && kill -0 "$pid" 2>/dev/null; then
            kill "$pid" 2>/dev/null || true
        fi
    done
    # Clean up tunnel.
    if [ -n "$TUNNEL_NAME" ]; then
        cd "$GITHUB_ACTION_PATH"
        ./cloudflared tunnel delete "$TUNNEL_NAME" 2>/dev/null || {
            echo "Failed to delete tunnel"
        }
    fi
    echo "Session ended at $(date)"
    exit 0
 }
 # Trap signals to ensure cleanup.
 trap cleanup SIGTERM SIGINT SIGQUIT SIGHUP EXIT
 # Wait for timeout or until processes die.
 sleep "$SESSION_TIMEOUT" &
 SLEEP_PID=$!
 # Monitor processes
 while kill -0 "$SLEEP_PID" 2>/dev/null; do
    # Check SSH daemon.
    if ! kill -0 "$SSHD_PID" 2>/dev/null; then
        echo "SSH daemon died at $(date)"
        break
    fi
    # Check cloudflared,
    if ! kill -0 "$CLOUDFLARED_PID" 2>/dev/null; then
        echo "Cloudflared died at $(date)"
        break
    fi
    sleep 10
 done
 cleanup
--- a/.github/actions/ssh-debug/sshd_config.template
+++ b/.github/actions/ssh-debug/sshd_config.template
@@ -1,25 +0,0 @@
 Port 2222
 HostKey $PWD/ssh_host_rsa_key
 PidFile $PWD/sshd.pid
 # Connection settings
 ClientAliveInterval 30
 ClientAliveCountMax 10
 MaxStartups 10
 LoginGraceTime 120
 # Allow TCP forwarding for tunneling
 AllowTcpForwarding yes
 # Try to prevent timeouts
 TCPKeepAlive yes
 # Security
 TrustedUserCAKeys /etc/ssh/ca.pub
 PubkeyAuthentication yes
 PasswordAuthentication no
 AuthorizedPrincipalsCommand /bin/bash -c "echo '%t %k' | ssh-keygen -L -f - | grep -A1 Principals"
 AuthorizedPrincipalsCommandUser nobody
 PubkeyAcceptedKeyTypes ssh-rsa,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -1,122 +0,0 @@
 # Copilot Instructions for Electron
 ## Build System
 Electron uses `@electron/build-tools` (`e` CLI). Install with `npm i -g @electron/build-tools`.
 ```bash
 e sync              # Fetch sources and apply patches
 e build             # Build Electron (GN + Ninja)
 e build -k 999      # Build, continuing through errors
 e start             # Run built Electron
 e start --version   # Verify Electron launches
 e test              # Run full test suite
 e debug             # Run in debugger (lldb on macOS, gdb on Linux)
 ```
 ### Linting
 ```bash
 npm run lint              # Run all linters (JS, C++, Python, GN, docs)
 npm run lint:js           # JavaScript/TypeScript only
 npm run lint:clang-format # C++ formatting only
 npm run lint:cpp          # C++ linting only
 npm run lint:docs         # Documentation only
 ```
 ### Running a Single Test
 ```bash
 npm run test -- -g "pattern"   # Run tests matching a regex pattern
 # Example: npm run test -- -g "ipc"
 ```
 ### Running a Single Node.js Test
 ```bash
 node script/node-spec-runner.js parallel/test-crypto-keygen
 ```
 ## Architecture
 Electron embeds Chromium (rendering) and Node.js (backend) to enable desktop apps with web technologies. The parent directory (`../`) is the Chromium source tree.
 ### Process Model
 Electron has two primary process types, mirroring Chromium:
 - **Main process** (`shell/browser/` + `lib/browser/`): Controls app lifecycle, creates windows, system APIs
 - **Renderer process** (`shell/renderer/` + `lib/renderer/`): Runs web content in BrowserWindows
 ### Native ↔ JavaScript Bridge
 Each API is implemented as a C++/JS pair:
 - C++ side: `shell/browser/api/electron_api_{name}.cc/.h` — uses `gin::Wrappable` and `ObjectTemplateBuilder`
 - JS side: `lib/browser/api/{name}.ts` — exports the module, registered in `lib/browser/api/module-list.ts`
 - Binding: `NODE_LINKED_BINDING_CONTEXT_AWARE(electron_browser_{name}, Initialize)` in C++ and registered in `shell/common/node_bindings.cc`
 - Type declaration: `typings/internal-ambient.d.ts` maps `process._linkedBinding('electron_browser_{name}')`
 ### Patches System
 Electron patches upstream dependencies (Chromium, Node.js, V8, etc.) rather than forking them. Patches live in `patches/` organized by target, with `patches/config.json` mapping directories to repos.
 ```text
 patches/{target}/*.patch  →  [e sync]   →  target repo commits
                          ←  [e patches] ←
 ```
 Key rules:
 - Fix existing patches rather than creating new ones
 - Preserve original authorship in TODO comments — never change `TODO(name)` assignees
 - Each patch commit message must explain why the patch exists
 - After modifying patches, run `e patches {target}` to export
 When working on the `roller/chromium/main` branch for Chromium upgrades, use `e sync --3` for 3-way merge conflict resolution.
 ## Conventions
 ### File Naming
 - JS/TS files: kebab-case (`file-name.ts`)
 - C++ files: snake_case with `electron_api_` prefix (`electron_api_safe_storage.cc`)
 - Test files: `api-{module-name}-spec.ts` in `spec/`
 - Source file lists are maintained in `filenames.gni` (with platform-specific sections)
 ### JavaScript/TypeScript
 - Semicolons required (`"semi": ["error", "always"]`)
 - `const` and `let` only (no `var`)
 - Arrow functions preferred
 - Import order enforced: `@electron/internal` → `@electron` → `electron` → external → builtin → relative
 - API naming: `PascalCase` for classes (`BrowserWindow`), `camelCase` for module APIs (`globalShortcut`)
 - Prefer getters/setters over jQuery-style `.text([text])` patterns
 ### C++
 - Follows Chromium coding style, enforced by `clang-format` and `clang-tidy`
 - Uses Chromium abstractions (`base::`, `content::`, etc.)
 - Header guards: `#ifndef ELECTRON_SHELL_BROWSER_API_ELECTRON_API_{NAME}_H_`
 - Platform-specific files: `_mac.mm`, `_win.cc`, `_linux.cc`
 ### Testing
 - Framework: Mocha + Chai + Sinon
 - Test helpers in `spec/lib/` (e.g., `spec-helpers.ts`, `window-helpers.ts`)
 - Use `defer()` from spec-helpers for cleanup, `closeAllWindows()` for window teardown
 - Tests import from `electron/main` or `electron/renderer`
 ### Documentation
 - API docs in `docs/api/` as Markdown, parsed by `@electron/docs-parser` to generate `electron.d.ts`
 - API history tracked via YAML blocks in HTML comments within doc files
 - Docs must pass `npm run lint:docs`
 ### Build Configuration
 - `BUILD.gn`: Main GN build config
 - `buildflags/buildflags.gni`: Feature flags (PDF viewer, extensions, spellchecker)
 - `build/args/`: Build argument profiles (`testing.gn`, `release.gn`, `all.gn`)
 - `DEPS`: Dependency versions and checkout paths
 - `chromium_src/`: Chromium source file overrides (compiled instead of originals)
--- a/.github/problem-matchers/markdownlint.json
+++ b/.github/problem-matchers/markdownlint.json
@@ -1,16 +0,0 @@
 {
  "problemMatcher": [
    {
      "owner": "markdownlint",
      "pattern": [
        {
          "regexp": "^(.+):(\\d+):(\\d+)\\s+(.*)$",
          "file": 1,
          "line": 2,
          "column": 3,
          "message": 4
        }
      ]
    }
  ]
 }
--- a/.github/problem-matchers/patch-conflict.json
+++ b/.github/problem-matchers/patch-conflict.json
@@ -19,16 +19,6 @@
          "line": 3
        }
      ]
    },
    {
      "owner": "patch-needs-update",
      "pattern": [
        {
          "regexp": "^((patches\/.*): needs update)$",
          "message": 1,
          "file": 2
        }
      ]
    }
  ]
 }
--- a/.github/workflows/apply-patches.yml
+++ b/.github/workflows/apply-patches.yml
@@ -1,73 +0,0 @@
 name: Apply Patches
 on:
  pull_request:
 permissions: {}
 concurrency:
  group: apply-patches-${{ github.ref }}
  cancel-in-progress: true
 jobs:
  setup:
    if: github.repository == 'electron/electron'
    runs-on: ubuntu-slim
    permissions:
      contents: read
      pull-requests: read
    outputs:
      has-patches: ${{ steps.filter.outputs.patches }}
    steps:
    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
      with:
        persist-credentials: false
        ref: ${{ github.event.pull_request.head.sha }}
    # Use dorny/paths-filter instead of the path filter under the on: pull_request: block
    # so that the output can be used to conditionally run the apply-patches job, which lets
    # the job be marked as a required status check (conditional skip counts as a success).
    - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
      id: filter
      with:
        filters: |
          patches:
            - DEPS
            - 'patches/**'
  apply-patches:
    needs: setup
    if: ${{ needs.setup.outputs.has-patches == 'true' }}
    runs-on: electron-arc-centralus-linux-amd64-32core
    permissions:
      contents: read
    container:
      image: ghcr.io/electron/build:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
      options: --user root
      volumes:
        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
        - /var/run/sas:/var/run/sas
    env:
      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True'
    steps:
    - name: Checkout Electron
      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
      with:
        path: src/electron
        fetch-depth: 0
        persist-credentials: false
        ref: ${{ github.event.pull_request.base.ref }}
    - name: Merge PR HEAD
      working-directory: src/electron
      env:
        PR_NUMBER: ${{ github.event.pull_request.number }}
      run: |
        git config user.email "electron@github.com"
        git config user.name "Electron Bot"
        git fetch origin refs/pull/${PR_NUMBER}/head
        git merge --squash FETCH_HEAD
        git commit -n -m "Squashed commits"
    - name: Checkout & Sync & Save
      uses: ./src/electron/.github/actions/checkout
      with:
        target-platform: linux
--- a/.github/workflows/archaeologist-dig.yml
+++ b/.github/workflows/archaeologist-dig.yml
@@ -3,23 +3,19 @@ name: Archaeologist
 on:
  pull_request:
 permissions: {}
 jobs:
   archaeologist-dig:
    name: Archaeologist Dig
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - name: Checkout Electron
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.0.2
        with:
          fetch-depth: 0
      - name: Setup Node.js/npm
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
        with:
-          node-version: 24.12.x
+          node-version: 20.19.x
      - name: Setting Up Dig Site
        run: |
          echo "remote: ${{ github.event.pull_request.head.repo.clone_url }}"
@@ -45,7 +41,7 @@ jobs:
          sha-file: .dig-old
          filename: electron.old.d.ts
      - name: Upload artifacts
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f #v6.0.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2
        with:
          name: artifacts
          path: electron/artifacts
--- a/.github/workflows/audit-branch-ci.yml
+++ b/.github/workflows/audit-branch-ci.yml
@@ -11,31 +11,16 @@ permissions: {}
 jobs:
  audit_branch_ci:
    name: Audit CI on Branches
    if: github.repository == 'electron/electron'
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
-      - name: Setup Node.js
+      - run: npm install @actions/cache @electron/fiddle-core
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+      - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          node-version: 22.17.x
      - name: Sparse checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          sparse-checkout: |
            .
            .github
            .yarn
      - run: yarn workspaces focus @electron/gha-workflows
      - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        id: audit-errors
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            const { chdir } = require('node:process');
            chdir('${{ github.workspace }}/.github/workflows');
            const cache = require('@actions/cache');
            const { ElectronVersions } = require('@electron/fiddle-core');
@@ -44,7 +29,7 @@ jobs:
            // Only want the most recent workflow run that wasn't skipped or cancelled
            const isValidWorkflowRun = (run) => !['skipped', 'cancelled'].includes(run.conclusion);
-            const versions = await ElectronVersions.create({ ignoreCache: true });
+            const versions = await ElectronVersions.create(undefined, { ignoreCache: true });
            const branches = versions.supportedMajors.map((branch) => `${branch}-x-y`);
            for (const branch of ["main", ...branches]) {
@@ -84,8 +69,6 @@ jobs:
                      annotation_level === "failure" &&
                      !message.startsWith("Process completed with exit code") &&
                      !message.startsWith("Response status code does not indicate success") &&
                      !message.startsWith("The hosted runner lost communication with the server") &&
                      !message.startsWith("Dependabot encountered an error performing the update") &&
                      !/Unable to make request/.test(message) &&
                      !/The requested URL returned error/.test(message),
                  )
@@ -118,6 +101,7 @@ jobs:
            }
            if (runsWithErrors.length > 0) {
              core.setOutput('errorsFound', true);
              core.summary.addHeading('⚠️ Runs with Errors');
              core.summary.addTable([
                [
@@ -144,7 +128,6 @@ jobs:
              // Set this as failed so it's easy to scan runs to find failures
              if (runsWithErrors.find((run) => !run.isStale)) {
                core.setOutput('errorsFound', true);
                process.exitCode = 1;
              }
            } else {
@@ -153,8 +136,8 @@ jobs:
            await core.summary.write();
      - name: Send Slack message if errors
-        if: ${{ always() && steps.audit-errors.outputs.errorsFound && github.ref == 'refs/heads/main' }}
+        if: ${{ steps.audit-errors.outputs.errorsFound && github.ref == 'refs/heads/main' }}
-        uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
+        uses: slackapi/slack-github-action@b0fa283ad8fea605de13dc3f449259339835fc52 # v2.1.0
        with:
          payload: |
            link: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
--- a/.github/workflows/branch-created.yml
+++ b/.github/workflows/branch-created.yml
@@ -14,7 +14,7 @@ permissions: {}
 jobs:
  release-branch-created:
    name: Release Branch Created
-    if: ${{ github.repository == 'electron/electron' && (github.event_name == 'workflow_dispatch' || (github.event.ref_type == 'branch' && endsWith(github.event.ref, '-x-y') && !startsWith(github.event.ref, 'roller'))) }}
+    if: ${{ github.event_name == 'workflow_dispatch' || (github.event.ref_type == 'branch' && endsWith(github.event.ref, '-x-y') && !startsWith(github.event.ref, 'roller')) }}
    permissions:
      contents: read
      pull-requests: write
@@ -68,14 +68,14 @@ jobs:
          done
      - name: Generate GitHub App token
        if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
        id: generate-token
        with:
          creds: ${{ secrets.RELEASE_BOARD_GH_APP_CREDS }}
          org: electron
      - name: Generate Release Project Board Metadata
        if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        id: generate-project-metadata
        with:
          script: |
--- a/.github/workflows/build-git-cache.yml
+++ b/.github/workflows/build-git-cache.yml
@@ -6,16 +6,11 @@ on:
  schedule:
    - cron: "0 0 * * *"
 permissions: {}
 jobs:
  build-git-cache-linux:
-    if: github.repository == 'electron/electron'
+    runs-on: electron-arc-linux-amd64-32core
    runs-on: electron-arc-centralus-linux-amd64-32core
    permissions:
      contents: read
    container:
-      image: ghcr.io/electron/build:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
+      image: ghcr.io/electron/build:bc2f48b2415a670de18d13605b1cf0eb5fdbaae1
      options: --user root
      volumes:
        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
@@ -24,7 +19,7 @@ jobs:
      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True'
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
@@ -34,12 +29,9 @@ jobs:
        target-platform: linux
  build-git-cache-windows:
-    if: github.repository == 'electron/electron'
+    runs-on: electron-arc-linux-amd64-32core
    runs-on: electron-arc-centralus-linux-amd64-32core
    permissions:
      contents: read
    container:
-      image: ghcr.io/electron/build:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
+      image: ghcr.io/electron/build:bc2f48b2415a670de18d13605b1cf0eb5fdbaae1
      options: --user root --device /dev/fuse --cap-add SYS_ADMIN
      volumes:
        - /mnt/win-cache:/mnt/win-cache
@@ -49,7 +41,7 @@ jobs:
      TARGET_OS: 'win'
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
@@ -59,14 +51,11 @@ jobs:
        target-platform: win
  build-git-cache-macos:
-    if: github.repository == 'electron/electron'
+    runs-on: electron-arc-linux-amd64-32core
    runs-on: electron-arc-centralus-linux-amd64-32core
    permissions:
      contents: read
    # This job updates the same git cache as linux, so it needs to run after the linux one.
    needs: build-git-cache-linux
    container:
-      image: ghcr.io/electron/build:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
+      image: ghcr.io/electron/build:bc2f48b2415a670de18d13605b1cf0eb5fdbaae1
      options: --user root
      volumes:
        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
@@ -75,7 +64,7 @@ jobs:
      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_mac=True --custom-var=host_os=mac'
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -6,7 +6,7 @@ on:
      build-image-sha:
        type: string
        description: 'SHA for electron/build image'
-        default: 'a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb'
+        default: '424eedbf277ad9749ffa9219068aa72ed4a5e373'
        required: true
      skip-macos:
        type: boolean
@@ -28,11 +28,6 @@ on:
        description: 'Skip lint check'
        default: false
        required: false
      enable-ssh:
        description: 'Enable SSH debugging'
        required: false
        type: boolean
        default: false
  push:
    branches:
      - main
@@ -43,14 +38,10 @@ defaults:
  run:
    shell: bash
 permissions: {}
 jobs:
  setup:
    if: github.repository == 'electron/electron'
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: read
    outputs:
        docs: ${{ steps.filter.outputs.docs }}
@@ -58,7 +49,7 @@ jobs:
        build-image-sha: ${{ steps.set-output.outputs.build-image-sha }}
        docs-only: ${{ steps.set-output.outputs.docs-only }}
    steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.0.2
      with:
        ref: ${{ github.event.pull_request.head.sha }}
    - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
@@ -67,17 +58,13 @@ jobs:
        filters: |
          docs:
            - 'docs/**'
            - README.md
            - SECURITY.md
            - CONTRIBUTING.md
            - CODE_OF_CONDUCT.md
          src:
            - '!docs/**'
    - name: Set Outputs for Build Image SHA & Docs Only
      id: set-output
      run: |
        if [ -z "${{ inputs.build-image-sha }}" ]; then
-          echo "build-image-sha=a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb" >> "$GITHUB_OUTPUT"
+          echo "build-image-sha=424eedbf277ad9749ffa9219068aa72ed4a5e373" >> "$GITHUB_OUTPUT"
        else
          echo "build-image-sha=${{ inputs.build-image-sha }}" >> "$GITHUB_OUTPUT"
        fi
@@ -88,30 +75,24 @@ jobs:
    needs: setup
    if: ${{ !inputs.skip-lint }}
    uses: ./.github/workflows/pipeline-electron-lint.yml
    permissions:
      contents: read
    with:
      container: '{"image":"ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}","options":"--user root"}'
    secrets: inherit
  # Docs Only Jobs
  docs-only:
-    needs: [setup, checkout-linux]
+    needs: setup
    if: ${{ needs.setup.outputs.docs-only == 'true' }}
    uses: ./.github/workflows/pipeline-electron-docs-only.yml
    permissions:
      contents: read
    with:
-      container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
+      container: '{"image":"ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}","options":"--user root"}'
    secrets: inherit
  # Checkout Jobs
  checkout-macos:
    needs: setup
    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-macos}}
-    runs-on: electron-arc-centralus-linux-amd64-32core
+    runs-on: electron-arc-linux-amd64-32core
    permissions:
      contents: read
    container:
      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
      options: --user root
@@ -125,7 +106,7 @@ jobs:
      build-image-sha: ${{ needs.setup.outputs.build-image-sha }}
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
@@ -138,10 +119,8 @@ jobs:
  checkout-linux:
    needs: setup
-    if: ${{ !inputs.skip-linux}}
+    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-linux}}
-    runs-on: electron-arc-centralus-linux-amd64-32core
+    runs-on: electron-arc-linux-amd64-32core
    permissions:
      contents: read
    container:
      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
      options: --user root
@@ -157,7 +136,7 @@ jobs:
      build-image-sha: ${{ needs.setup.outputs.build-image-sha}}
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
@@ -170,9 +149,7 @@ jobs:
  checkout-windows:
    needs: setup
    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
-    runs-on: electron-arc-centralus-linux-amd64-32core
+    runs-on: electron-arc-linux-amd64-32core
    permissions:
      contents: read
    container:
      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
      options: --user root --device /dev/fuse --cap-add SYS_ADMIN
@@ -189,7 +166,7 @@ jobs:
      build-image-sha: ${{ needs.setup.outputs.build-image-sha}}
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
@@ -203,39 +180,32 @@ jobs:
  # GN Check Jobs
  macos-gn-check:
    uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
    permissions:
      contents: read
    needs: checkout-macos
    with:
      target-platform: macos
      target-archs: x64 arm64
-      check-runs-on: macos-15
+      check-runs-on: macos-14
      gn-build-type: testing
    secrets: inherit
  linux-gn-check:
    uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
    permissions:
      contents: read
    needs: checkout-linux
    if: ${{ needs.setup.outputs.src == 'true' }}
    with:
      target-platform: linux
      target-archs: x64 arm arm64
-      check-runs-on: electron-arc-centralus-linux-amd64-8core
+      check-runs-on: electron-arc-linux-amd64-8core
      check-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
      gn-build-type: testing
    secrets: inherit
  windows-gn-check:
    uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
    permissions:
      contents: read
    needs: checkout-windows
    with:
      target-platform: win
      target-archs: x64 x86 arm64
-      check-runs-on: electron-arc-centralus-linux-amd64-8core
+      check-runs-on: electron-arc-linux-amd64-8core
      check-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-windows.outputs.build-image-sha }}","options":"--user root --device /dev/fuse --cap-add SYS_ADMIN","volumes":["/mnt/win-cache:/mnt/win-cache"]}'
      gn-build-type: testing
    secrets: inherit
@@ -249,15 +219,14 @@ jobs:
    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
    needs: checkout-macos
    with:
-      build-runs-on: macos-15-xlarge
+      build-runs-on: macos-14-xlarge
-      test-runs-on: macos-15-large
+      test-runs-on: macos-13
      target-platform: macos
      target-arch: x64
      is-release: false
      gn-build-type: testing
      generate-symbols: false
      upload-to-storage: '0'
      enable-ssh: ${{ inputs.enable-ssh || false }}
    secrets: inherit
  macos-arm64:
@@ -268,15 +237,14 @@ jobs:
    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
    needs: checkout-macos
    with:
-      build-runs-on: macos-15-xlarge
+      build-runs-on: macos-14-xlarge
-      test-runs-on: macos-15
+      test-runs-on: macos-14
      target-platform: macos
      target-arch: arm64
      is-release: false
      gn-build-type: testing
      generate-symbols: false
      upload-to-storage: '0'
      enable-ssh: ${{ inputs.enable-ssh || false }}
    secrets: inherit
  linux-x64:
@@ -284,15 +252,12 @@ jobs:
      contents: read
      issues: read
      pull-requests: read
-    uses: ./.github/workflows/pipeline-electron-build-and-tidy-and-test-and-nan.yml
+    uses: ./.github/workflows/pipeline-electron-build-and-test-and-nan.yml
    needs: checkout-linux
    if: ${{ needs.setup.outputs.src == 'true' }}
    with:
-      build-runs-on: electron-arc-centralus-linux-amd64-32core
+      build-runs-on: electron-arc-linux-amd64-32core
-      clang-tidy-runs-on: electron-arc-centralus-linux-amd64-8core
+      test-runs-on: electron-arc-linux-amd64-4core
      test-runs-on: electron-arc-centralus-linux-amd64-4core
      build-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
      clang-tidy-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
      test-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init"}'
      target-platform: linux
      target-arch: x64
@@ -309,10 +274,9 @@ jobs:
      pull-requests: read
    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
    needs: checkout-linux
    if: ${{ needs.setup.outputs.src == 'true' }}
    with:
-      build-runs-on: electron-arc-centralus-linux-amd64-32core
+      build-runs-on: electron-arc-linux-amd64-32core
-      test-runs-on: electron-arc-centralus-linux-amd64-4core
+      test-runs-on: electron-arc-linux-amd64-4core
      build-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
      test-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init"}'
      target-platform: linux
@@ -331,12 +295,11 @@ jobs:
      pull-requests: read
    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
    needs: checkout-linux
    if: ${{ needs.setup.outputs.src == 'true' }}
    with:
-      build-runs-on: electron-arc-centralus-linux-amd64-32core
+      build-runs-on: electron-arc-linux-amd64-32core
-      test-runs-on: electron-arc-centralus-linux-arm64-4core
+      test-runs-on: electron-arc-linux-arm64-4core
      build-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
-      test-container: '{"image":"ghcr.io/electron/test:arm32v7-${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init --memory=12g","volumes":["/home/runner/externals:/mnt/runner-externals"]}'
+      test-container: '{"image":"ghcr.io/electron/test:arm32v7-${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init","volumes":["/home/runner/externals:/mnt/runner-externals"]}'
      target-platform: linux
      target-arch: arm
      is-release: false
@@ -352,10 +315,9 @@ jobs:
      pull-requests: read
    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
    needs: checkout-linux
    if: ${{ needs.setup.outputs.src == 'true' }}
    with:
-      build-runs-on: electron-arc-centralus-linux-amd64-32core
+      build-runs-on: electron-arc-linux-amd64-32core
-      test-runs-on: ubuntu-22.04-arm
+      test-runs-on: electron-arc-linux-arm64-4core
      build-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
      test-container: '{"image":"ghcr.io/electron/test:arm64v8-${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init"}'
      target-platform: linux
@@ -375,7 +337,7 @@ jobs:
    needs: checkout-windows
    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
    with:
-      build-runs-on: electron-arc-centralus-windows-amd64-16core
+      build-runs-on: electron-arc-windows-amd64-16core
      test-runs-on: windows-latest
      target-platform: win
      target-arch: x64
@@ -394,7 +356,7 @@ jobs:
    needs: checkout-windows
    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
    with:
-      build-runs-on: electron-arc-centralus-windows-amd64-16core
+      build-runs-on: electron-arc-windows-amd64-16core
      test-runs-on: windows-latest
      target-platform: win
      target-arch: x86
@@ -413,8 +375,8 @@ jobs:
    needs: checkout-windows
    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
    with:
-      build-runs-on: electron-arc-centralus-windows-amd64-16core
+      build-runs-on: electron-arc-windows-amd64-16core
-      test-runs-on: windows-11-arm
+      test-runs-on: electron-hosted-windows-arm64-4core
      target-platform: win
      target-arch: arm64
      is-release: false
@@ -426,10 +388,8 @@ jobs:
  gha-done:
    name: GitHub Actions Completed
    runs-on: ubuntu-latest
    permissions:
      contents: read
    needs: [docs-only, macos-x64, macos-arm64, linux-x64, linux-x64-asan, linux-arm, linux-arm64, windows-x64, windows-x86, windows-arm64]
-    if: always() && github.repository == 'electron/electron' && !contains(needs.*.result, 'failure')
+    if: always() && !contains(needs.*.result, 'failure')
    steps: 
    - name: GitHub Actions Jobs Done
      run: |
--- a/.github/workflows/clean-src-cache.yml
+++ b/.github/workflows/clean-src-cache.yml
@@ -1,21 +1,16 @@
 name: Clean Source Cache
-# Description:
+description: |
-# This workflow cleans up the source cache on the cross-instance cache volume
+  This workflow cleans up the source cache on the cross-instance cache volume
-# to free up space. It runs daily at midnight and clears files older than 15 days.
+  to free up space. It runs daily at midnight and clears files older than 15 days.
 on:
  schedule:
    - cron: "0 0 * * *"
 permissions: {}
 jobs:
  clean-src-cache:
-    if: github.repository == 'electron/electron'
+    runs-on: electron-arc-linux-amd64-32core
    runs-on: electron-arc-centralus-linux-amd64-32core
    permissions:
      contents: read
    container:
      image: ghcr.io/electron/build:bc2f48b2415a670de18d13605b1cf0eb5fdbaae1
      options: --user root
--- a/.github/workflows/issue-commented.yml
+++ b/.github/workflows/issue-commented.yml
@@ -1,4 +1,4 @@
-name: Issue / Pull Request Commented
+name: Issue Commented
 on:
  issue_comment:
@@ -8,81 +8,19 @@ on:
 permissions: {}
 jobs:
-  blocked-issue-commented:
+  issue-commented:
    name: Remove blocked/{need-info,need-repro} on comment
-    if: ${{ !github.event.issue.pull_request && (contains(github.event.issue.labels.*.name, 'blocked/need-repro') || contains(github.event.issue.labels.*.name, 'blocked/need-info ❌')) && github.event.comment.user.type != 'Bot' }}
+    if: ${{ (contains(github.event.issue.labels.*.name, 'blocked/need-repro') || contains(github.event.issue.labels.*.name, 'blocked/need-info ❌')) && !contains(fromJSON('["MEMBER", "OWNER", "COLLABORATOR"]'), github.event.comment.author_association) && github.event.comment.user.type != 'Bot' }}
-    runs-on: ubuntu-slim
+    runs-on: ubuntu-latest
    steps:
      - name: Get author association
        id: get-author-association
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: &get-author-association |
          AUTHOR_ASSOCIATION=$(gh api /repos/electron/electron/issues/comments/${{ github.event.comment.id }} --jq '.author_association')
          echo "author_association=$AUTHOR_ASSOCIATION" >> "$GITHUB_OUTPUT"
      - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
        if: ${{ !contains(fromJSON('["MEMBER", "OWNER", "COLLABORATOR"]'), steps.get-author-association.outputs.author_association) }}
        id: generate-token
        with:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
      - name: Remove label
        if: ${{ !contains(fromJSON('["MEMBER", "OWNER", "COLLABORATOR"]'), steps.get-author-association.outputs.author_association) }}
        env:
          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
          ISSUE_URL: ${{ github.event.issue.html_url }}
        run: |
          gh issue edit $ISSUE_URL --remove-label 'blocked/need-repro','blocked/need-info ❌'
  pr-reviewer-requested:
    name: Maintainer requested reviewer on PR
    if: ${{ github.event.issue.pull_request && startsWith(github.event.comment.body, '/request-review') && github.event.comment.user.type != 'Bot' }}
    runs-on: ubuntu-slim
    steps:
      - name: Get author association
        id: get-author-association
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: *get-author-association
      - name: Generate GitHub App token
        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
        if: ${{ contains(fromJSON('["MEMBER", "OWNER"]'), steps.get-author-association.outputs.author_association) }}
        id: generate-token
        with:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
      - name: Request reviewer
        if: ${{ contains(fromJSON('["MEMBER", "OWNER"]'), steps.get-author-association.outputs.author_association) }}
        env:
          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
          PR_URL: ${{ github.event.issue.html_url }}
          COMMENT_BODY: ${{ github.event.comment.body }}
        run: |
          RAW=$(echo "$COMMENT_BODY" | head -n 1 | sed 's|/request-review\s*||' | xargs)
          if [ -z "$RAW" ]; then
            echo "::warning::No username provided. Usage: /request-review <username>[,<username>,...]"
            exit 0
          fi
          IFS=',' read -ra USERS <<< "$RAW"
          for USER in "${USERS[@]}"; do
            NAME=$(echo "$USER" | sed 's/@//g' | xargs)
            if [ -z "$NAME" ]; then
              continue
            fi
            # Strip "electron/" prefix if present to get the bare name
            BARE_NAME=$(echo "$NAME" | sed 's|^electron/||')
            # If the original name contained "electron/" or looks like a team slug, treat as team
            if [ "$NAME" != "$BARE_NAME" ]; then
              gh pr edit $PR_URL --add-reviewer "electron/$BARE_NAME"
            else
              if ! gh api /orgs/electron/public_members/$BARE_NAME --silent > /dev/null 2>&1; then
                echo "::warning::$BARE_NAME is not a public member of the electron organization."
                continue
              fi
              gh pr edit $PR_URL --add-reviewer "$BARE_NAME"
            fi
          done
--- a/.github/workflows/issue-labeled.yml
+++ b/.github/workflows/issue-labeled.yml
@@ -4,18 +4,17 @@ on:
  issues:
    types: [labeled]
-permissions: {}
+permissions:  # added using https://github.com/step-security/secure-workflows
  contents: read
 jobs:
  issue-labeled-with-status:
    name: status/{confirmed,reviewed} label added
    if: github.event.label.name == 'status/confirmed' || github.event.label.name == 'status/reviewed'
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
        id: generate-token
        with:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
@@ -32,11 +31,9 @@ jobs:
    name: blocked/* label added
    if: startsWith(github.event.label.name, 'blocked/')
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
        id: generate-token
        with:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
@@ -69,13 +66,13 @@ jobs:
          fi
      - name: Generate GitHub App token
        if: ${{ steps.check-for-comment.outputs.SHOULD_COMMENT }}
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
        id: generate-token
        with:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
      - name: Create comment
        if: ${{ steps.check-for-comment.outputs.SHOULD_COMMENT }}
-        uses: actions-cool/issues-helper@71b62d7da76e59ff7b193904feb6e77d4dbb2777 # v3.7.6
+        uses: actions-cool/issues-helper@a610082f8ac0cf03e357eb8dd0d5e2ba075e017e # v3.6.0
        with:
          actions: 'create-comment'
          token: ${{ steps.generate-token.outputs.token }}
--- a/.github/workflows/issue-opened.yml
+++ b/.github/workflows/issue-opened.yml
@@ -11,10 +11,9 @@ jobs:
  add-to-issue-triage:
    if: ${{ contains(github.event.issue.labels.*.name, 'bug :beetle:') }}
    runs-on: ubuntu-latest
    permissions: {}
    steps:
      - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
        id: generate-token
        with:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
@@ -29,37 +28,25 @@ jobs:
  set-labels:
    if: ${{ contains(github.event.issue.labels.*.name, 'bug :beetle:') }}
    runs-on: ubuntu-latest
    permissions: {}
    steps:
      - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
        id: generate-token
        with:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
          org: electron
-      - name: Sparse checkout repository
+      - run: npm install @electron/fiddle-core@1.3.3 mdast-util-from-markdown@2.0.0 unist-util-select@5.1.0 semver@7.6.0
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          sparse-checkout: |
            .
            .github
            .yarn
      - run: yarn workspaces focus @electron/gha-workflows
      - name: Add labels
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        id: add-labels
        env:
          ISSUE_BODY: ${{ github.event.issue.body }}
        with:
          github-token: ${{ steps.generate-token.outputs.token }}
          script: |
-            const { chdir } = require('node:process');
+            const { fromMarkdown } = await import('${{ github.workspace }}/node_modules/mdast-util-from-markdown/index.js');
-            chdir('${{ github.workspace }}/.github/workflows');
+            const { select } = await import('${{ github.workspace }}/node_modules/unist-util-select/index.js');
-
+            const semver = await import('${{ github.workspace }}/node_modules/semver/index.js');
            const { ElectronVersions } = require('@electron/fiddle-core');
            const { fromMarkdown } = require('mdast-util-from-markdown');
            const { select } = require('unist-util-select');
            const semver = require('semver');
            const [ owner, repo ] = '${{ github.repository }}'.split('/');
            const issue_number = ${{ github.event.issue.number }};
@@ -73,8 +60,6 @@ jobs:
              // It's possible for multiple versions to be listed -
              // for now check for comma or space separated version.
              const versions = electronVersion.split(/, | /);
              let hasSupportedVersion = false;
              for (const version of versions) {
                const major = semver.coerce(version, { loose: true })?.major;
                if (major) {
@@ -90,19 +75,19 @@ jobs:
                    labelExists = true;
                  } catch {}
-                  const electronVersions = await ElectronVersions.create(undefined, { ignoreCache: true });
+                  if (labelExists) {
-                  const validVersions = [...electronVersions.supportedMajors, ...electronVersions.prereleaseMajors];
+                    // Check if it's an unsupported major
                    const { ElectronVersions } = await import('${{ github.workspace }}/node_modules/@electron/fiddle-core/dist/index.js');
                    const versions = await ElectronVersions.create(undefined, { ignoreCache: true });
-                  if (validVersions.includes(major)) {
+                    const validVersions = [...versions.supportedMajors, ...versions.prereleaseMajors];
-                    hasSupportedVersion = true;
+                    if (validVersions.includes(major)) {
                    if (labelExists) {
                      labels.push(versionLabel);
                    }
                  }
                }
              }
-
+              if (labels.length === 0) {
              if (!hasSupportedVersion) {
                core.setOutput('unsupportedMajor', true);
                labels.push('blocked/need-info ❌');
              }
@@ -146,7 +131,7 @@ jobs:
            }
      - name: Create unsupported major comment
        if: ${{ steps.add-labels.outputs.unsupportedMajor }}
-        uses: actions-cool/issues-helper@71b62d7da76e59ff7b193904feb6e77d4dbb2777 # v3.7.6
+        uses: actions-cool/issues-helper@a610082f8ac0cf03e357eb8dd0d5e2ba075e017e # v3.6.0
        with:
          actions: 'create-comment'
          token: ${{ steps.generate-token.outputs.token }}
--- a/.github/workflows/issue-transferred.yml
+++ b/.github/workflows/issue-transferred.yml
@@ -10,11 +10,10 @@ jobs:
  issue-transferred:
    name: Issue Transferred
    runs-on: ubuntu-latest
    permissions: {}
    if: ${{ !github.event.changes.new_repository.private }}
    steps:
      - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
        id: generate-token
        with:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
--- a/.github/workflows/issue-unlabeled.yml
+++ b/.github/workflows/issue-unlabeled.yml
@@ -4,15 +4,14 @@ on:
  issues:
    types: [unlabeled]
-permissions: {}
+permissions:
  contents: read
 jobs:
  issue-unlabeled-blocked:
    name: All blocked/* labels removed
    if: startsWith(github.event.label.name, 'blocked/') && github.event.issue.state == 'open'
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - name: Check for any blocked labels
        id: check-for-blocked-labels
@@ -24,7 +23,7 @@ jobs:
          fi
      - name: Generate GitHub App token
        if: ${{ steps.check-for-blocked-labels.outputs.NOT_BLOCKED }}
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
        id: generate-token
        with:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
--- a/.github/workflows/linux-publish.yml
+++ b/.github/workflows/linux-publish.yml
@@ -6,7 +6,7 @@ on:
      build-image-sha:
        type: string
        description: 'SHA for electron/build image'
-        default: 'a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb'
+        default: '424eedbf277ad9749ffa9219068aa72ed4a5e373'
      upload-to-storage:
        description: 'Uploads to Azure storage'
        required: false
@@ -17,14 +17,9 @@ on:
        type: boolean
        default: false
 permissions: {}
 jobs:
  checkout-linux:
-    if: github.repository == 'electron/electron'
+    runs-on: electron-arc-linux-amd64-32core
    runs-on: electron-arc-centralus-linux-amd64-32core
    permissions:
      contents: read
    container:
      image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
      options: --user root
@@ -36,7 +31,7 @@ jobs:
      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True'
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
@@ -44,61 +39,49 @@ jobs:
      uses: ./src/electron/.github/actions/checkout
  publish-x64:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
    permissions:
      artifact-metadata: write
      attestations: write
      contents: read
      id-token: write
    needs: checkout-linux
    with:
      environment: production-release
-      build-runs-on: electron-arc-centralus-linux-amd64-32core
+      build-runs-on: electron-arc-linux-amd64-32core
      build-container: '{"image":"ghcr.io/electron/build:${{ inputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
      target-platform: linux
      target-arch: x64
      is-release: true
      gn-build-type: release
      generate-symbols: true
      strip-binaries: true
      upload-to-storage: ${{ inputs.upload-to-storage }}
    secrets: inherit
  publish-arm:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
    permissions:
      artifact-metadata: write
      attestations: write
      contents: read
      id-token: write
    needs: checkout-linux
    with:
      environment: production-release
-      build-runs-on: electron-arc-centralus-linux-amd64-32core
+      build-runs-on: electron-arc-linux-amd64-32core
      build-container: '{"image":"ghcr.io/electron/build:${{ inputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
      target-platform: linux
      target-arch: arm
      is-release: true
      gn-build-type: release
      generate-symbols: true
      strip-binaries: true
      upload-to-storage: ${{ inputs.upload-to-storage }}
    secrets: inherit
  publish-arm64:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
    permissions:
      artifact-metadata: write
      attestations: write
      contents: read
      id-token: write
    needs: checkout-linux
    with:
      environment: production-release
-      build-runs-on: electron-arc-centralus-linux-amd64-32core
+      build-runs-on: electron-arc-linux-amd64-32core
      build-container: '{"image":"ghcr.io/electron/build:${{ inputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
      target-platform: linux
      target-arch: arm64
      is-release: true
      gn-build-type: release
      generate-symbols: true
      strip-binaries: true
      upload-to-storage: ${{ inputs.upload-to-storage }}
    secrets: inherit
--- a/.github/workflows/macos-disk-cleanup.yml
+++ b/.github/workflows/macos-disk-cleanup.yml
@@ -1,105 +0,0 @@
 name: macOS Disk Space Cleanup
 # Description:
 # This workflow runs the disk space reclaimer on macOS runners every night
 # and logs disk space metrics to Datadog for monitoring.
 on:
  schedule:
    - cron: "0 0 * * *"
  workflow_dispatch:
 permissions: {}
 jobs:
  macos-disk-cleanup:
    if: github.repository == 'electron/electron'
    strategy:
      fail-fast: false
      matrix:
        runner:
          - macos-15
          - macos-15-large
          - macos-15-xlarge
    runs-on: ${{ matrix.runner }}
    permissions:
      contents: read
    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          sparse-checkout: |
            .github/actions/free-space-macos
          sparse-checkout-cone-mode: false
      - name: Get Disk Space Before Cleanup
        id: disk-before
        shell: bash
        run: |
          echo "Disk space before cleanup:"
          df -h /
          FREE_SPACE_BEFORE=$(df -k / | tail -1 | awk '{print $4}')
          echo "free_kb=$FREE_SPACE_BEFORE" >> $GITHUB_OUTPUT
      - name: Free Space on macOS
        uses: ./.github/actions/free-space-macos
      - name: Get Disk Space After Cleanup
        id: disk-after
        shell: bash
        run: |
          echo "Disk space after cleanup:"
          df -h /
          FREE_SPACE_AFTER=$(df -k / | tail -1 | awk '{print $4}')
          echo "free_kb=$FREE_SPACE_AFTER" >> $GITHUB_OUTPUT
      - name: Log Disk Space to Datadog
        if: ${{ env.DD_API_KEY != '' }}
        shell: bash
        env:
          DD_API_KEY: ${{ secrets.DD_API_KEY }}
          FREE_BEFORE: ${{ steps.disk-before.outputs.free_kb }}
          FREE_AFTER: ${{ steps.disk-after.outputs.free_kb }}
          MATRIX_RUNNER: ${{ matrix.runner }}
        run: |
          TIMESTAMP=$(date +%s)
          FREE_BEFORE_GB=$(echo "scale=2; $FREE_BEFORE / 1024 / 1024" | bc)
          FREE_AFTER_GB=$(echo "scale=2; $FREE_AFTER / 1024 / 1024" | bc)
          SPACE_FREED_GB=$(echo "scale=2; ($FREE_AFTER - $FREE_BEFORE) / 1024 / 1024" | bc)
          echo "Free space before: ${FREE_BEFORE_GB}GB"
          echo "Free space after: ${FREE_AFTER_GB}GB"
          echo "Space freed: ${SPACE_FREED_GB}GB"
          curl -s -X POST "https://api.datadoghq.com/api/v2/series" \
            -H "Content-Type: application/json" \
            -H "DD-API-KEY: ${DD_API_KEY}" \
            -d @- << EOF
          {
            "series": [
              {
                "metric": "electron.macos.disk.free_space_before_cleanup_gb",
                "points": [{"timestamp": ${TIMESTAMP}, "value": ${FREE_BEFORE_GB}}],
                "type": 3,
                "unit": "gigabyte",
                "tags": ["runner:${MATRIX_RUNNER}", "platform:macos"]
              },
              {
                "metric": "electron.macos.disk.free_space_after_cleanup_gb",
                "points": [{"timestamp": ${TIMESTAMP}, "value": ${FREE_AFTER_GB}}],
                "type": 3,
                "unit": "gigabyte",
                "tags": ["runner:${MATRIX_RUNNER}", "platform:macos"]
              },
              {
                "metric": "electron.macos.disk.space_freed_gb",
                "points": [{"timestamp": ${TIMESTAMP}, "value": ${SPACE_FREED_GB}}],
                "type": 3,
                "unit": "gigabyte",
                "tags": ["runner:${MATRIX_RUNNER}", "platform:macos"]
              }
            ]
          }
          EOF
          echo "Disk space metrics logged to Datadog"
--- a/.github/workflows/macos-publish.yml
+++ b/.github/workflows/macos-publish.yml
@@ -6,7 +6,7 @@ on:
      build-image-sha:
        type: string
        description: 'SHA for electron/build image'
-        default: 'a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb'
+        default: '424eedbf277ad9749ffa9219068aa72ed4a5e373'
        required: true
      upload-to-storage:
        description: 'Uploads to Azure storage'
@@ -18,14 +18,9 @@ on:
        type: boolean
        default: false
 permissions: {}
 jobs:
  checkout-macos:
-    if: github.repository == 'electron/electron'
+    runs-on: electron-arc-linux-amd64-32core
    runs-on: electron-arc-centralus-linux-amd64-32core
    permissions:
      contents: read
    container:
      image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
      options: --user root
@@ -37,7 +32,7 @@ jobs:
      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_mac=True --custom-var=host_os=mac'
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
@@ -48,16 +43,11 @@ jobs:
        target-platform: macos
  publish-x64-darwin:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
    permissions:
      artifact-metadata: write
      attestations: write
      contents: read
      id-token: write
    needs: checkout-macos
    with:
      environment: production-release
-      build-runs-on: macos-15-xlarge
+      build-runs-on: macos-14-xlarge
      target-platform: macos
      target-arch: x64
      target-variant: darwin
@@ -68,16 +58,11 @@ jobs:
    secrets: inherit
  publish-x64-mas:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
    permissions:
      artifact-metadata: write
      attestations: write
      contents: read
      id-token: write
    needs: checkout-macos
    with:
      environment: production-release
-      build-runs-on: macos-15-xlarge
+      build-runs-on: macos-14-xlarge
      target-platform: macos
      target-arch: x64
      target-variant: mas
@@ -88,16 +73,11 @@ jobs:
    secrets: inherit
  publish-arm64-darwin:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
    permissions:
      artifact-metadata: write
      attestations: write
      contents: read
      id-token: write
    needs: checkout-macos
    with:
      environment: production-release
-      build-runs-on: macos-15-xlarge
+      build-runs-on: macos-14-xlarge
      target-platform: macos
      target-arch: arm64
      target-variant: darwin
@@ -108,16 +88,11 @@ jobs:
    secrets: inherit
  publish-arm64-mas:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
    permissions:
      artifact-metadata: write
      attestations: write
      contents: read
      id-token: write
    needs: checkout-macos
    with:
      environment: production-release
-      build-runs-on: macos-15-xlarge
+      build-runs-on: macos-14-xlarge
      target-platform: macos
      target-arch: arm64
      target-variant: mas
--- a/.github/workflows/non-maintainer-dependency-change.yml
+++ b/.github/workflows/non-maintainer-dependency-change.yml
@@ -1,42 +1,30 @@
-name: Check for Disallowed Non-Maintainer Change
+name: Check for Non-Maintainer Dependency Change
 on:
  pull_request_target:
    paths:
      - 'yarn.lock'
      - 'spec/yarn.lock'
      - '.github/workflows/**'
      - '.github/actions/**'
      - '.yarn/**'
      - '.yarnrc.yml'
 permissions: {}
 jobs:
  check-for-non-maintainer-dependency-change:
-    name: Check for disallowed non-maintainer change
+    name: Check for non-maintainer dependency change
-    if: ${{ github.event.pull_request.user.type != 'Bot' && !github.event.pull_request.draft }}
+    if: ${{ !contains(fromJSON('["MEMBER", "OWNER"]'), github.event.pull_request.author_association) && github.event.pull_request.user.type != 'Bot' && !github.event.pull_request.draft }}
    permissions:
      contents: read
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
      - name: Get author association
        id: get-author-association
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          AUTHOR_ASSOCIATION=$(gh api /repos/electron/electron/pulls/${{ github.event.pull_request.number }} --jq '.author_association')
          echo "author_association=$AUTHOR_ASSOCIATION" >> "$GITHUB_OUTPUT"
      - name: Check for existing review
        id: check-for-review
        if: ${{ !contains(fromJSON('["MEMBER", "OWNER"]'), steps.get-author-association.outputs.author_association) }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          PR_URL: ${{ github.event.pull_request.html_url }}
        run: |
          set -eo pipefail
-          REVIEW_COUNT=$(gh pr view $PR_URL --json reviews | jq '[ .reviews[] | select(.author.login == "github-actions") | select(.body | startswith("<!-- disallowed-non-maintainer-change -->")) ] | length')
+          REVIEW_COUNT=$(gh pr view $PR_URL --json reviews | jq '[ .reviews[] | select(.author.login == "github-actions") | select(.body | startswith("<!-- no-dependency-change -->")) ] | length')
          if [[ $REVIEW_COUNT -eq 0 ]]; then
            echo "SHOULD_REVIEW=1" >> "$GITHUB_OUTPUT"
          fi
@@ -46,4 +34,4 @@ jobs:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          PR_URL: ${{ github.event.pull_request.html_url }}
        run: |
-          printf "<!-- disallowed-non-maintainer-change -->\n\nHello @${{ github.event.pull_request.user.login }}! It looks like this pull request touches one of our dependency or CI files, and per [our contribution policy](https://github.com/electron/electron/blob/main/CONTRIBUTING.md#dependencies-upgrades-policy) we do not accept these types of changes in PRs." | gh pr review $PR_URL -r --body-file=-
+          printf "<!-- no-dependency-change -->\n\nHello @${{ github.event.pull_request.user.login }}! It looks like this pull request touches one of our dependency files, and per [our contribution policy](https://github.com/electron/electron/blob/main/CONTRIBUTING.md#dependencies-upgrades-policy) we do not accept these types of changes in PRs." | gh pr review $PR_URL -r --body-file=-
--- a/.github/workflows/package.json
+++ b/.github/workflows/package.json
@@ -1,13 +0,0 @@
 {
  "name": "@electron/gha-workflows",
  "version": "0.0.0-development",
  "private": true,
  "type": "module",
  "dependencies": {
    "@actions/cache": "^4.0.3",
    "@electron/fiddle-core": "^2.0.1",
    "mdast-util-from-markdown": "^2.0.0",
    "semver": "^7.7.2",
    "unist-util-select": "^5.1.0"
  }
 }
--- a/.github/workflows/pipeline-electron-build-and-test-and-nan.yml
+++ b/.github/workflows/pipeline-electron-build-and-test-and-nan.yml
@@ -55,8 +55,6 @@ on:
        type: boolean
        default: false
 permissions: {}
 concurrency:
  group: electron-build-and-test-and-nan-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
  cancel-in-progress: ${{ github.ref_protected != true }}
@@ -64,8 +62,6 @@ concurrency:
 jobs:
  build:
    uses: ./.github/workflows/pipeline-segment-electron-build.yml
    permissions:
      contents: read
    with:
      build-runs-on: ${{ inputs.build-runs-on }}
      build-container: ${{ inputs.build-container }}
@@ -78,10 +74,6 @@ jobs:
    secrets: inherit
  test:
    uses: ./.github/workflows/pipeline-segment-electron-test.yml
    permissions:
      contents: read
      issues: read
      pull-requests: read
    needs: build
    with:
      target-arch: ${{ inputs.target-arch }}
@@ -91,8 +83,6 @@ jobs:
    secrets: inherit
  nn-test:
    uses: ./.github/workflows/pipeline-segment-node-nan-test.yml
    permissions:
      contents: read
    needs: build
    with:
      target-arch: ${{ inputs.target-arch }}
--- a/.github/workflows/pipeline-electron-build-and-test.yml
+++ b/.github/workflows/pipeline-electron-build-and-test.yml
@@ -54,23 +54,19 @@ on:
        required: false
        type: boolean
        default: false
      enable-ssh:
        description: 'Enable SSH debugging'
        required: false
        type: boolean
        default: false
 concurrency:
  group: electron-build-and-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
  cancel-in-progress: ${{ github.ref_protected != true }}
-permissions: {}
+permissions:
  contents: read
  issues: read
  pull-requests: read  
 jobs:
  build:
    uses: ./.github/workflows/pipeline-segment-electron-build.yml
    permissions:
      contents: read
    with:
      build-runs-on: ${{ inputs.build-runs-on }}
      build-container: ${{ inputs.build-container }}
@@ -80,21 +76,15 @@ jobs:
      gn-build-type: ${{ inputs.gn-build-type }}
      generate-symbols: ${{ inputs.generate-symbols }}
      upload-to-storage: ${{ inputs.upload-to-storage }}
-      is-asan: ${{ inputs.is-asan }}
+      is-asan: ${{ inputs.is-asan}}
      enable-ssh: ${{ inputs.enable-ssh }}
    secrets: inherit
  test:
    uses: ./.github/workflows/pipeline-segment-electron-test.yml
    permissions:
      contents: read
      issues: read
      pull-requests: read
    needs: build
    with:
      target-arch: ${{ inputs.target-arch }}
      target-platform: ${{ inputs.target-platform }}
      test-runs-on: ${{ inputs.test-runs-on }}
      test-container: ${{ inputs.test-container }}
-      is-asan: ${{ inputs.is-asan }}
+      is-asan: ${{ inputs.is-asan}}
      enable-ssh: ${{ inputs.enable-ssh }}
    secrets: inherit
--- a/.github/workflows/pipeline-electron-build-and-tidy-and-test-and-nan.yml
+++ b/.github/workflows/pipeline-electron-build-and-tidy-and-test-and-nan.yml
@@ -1,124 +0,0 @@
 name: Electron Build & Clang Tidy & Test (+ Node + NaN) Pipeline
 on:
  workflow_call:
    inputs:
      target-platform:
        type: string
        description: 'Platform to run on, can be macos, win or linux.'
        required: true
      target-arch:
        type: string
        description: 'Arch to build for, can be x64, arm64 or arm'
        required: true
      build-runs-on:
        type: string
        description: 'What host to run the build'
        required: true
      clang-tidy-runs-on:
        type: string
        description: 'What host to run clang-tidy on'
        required: true
      test-runs-on:
        type: string
        description: 'What host to run the tests on'
        required: true
      build-container:
        type: string
        description: 'JSON container information for aks runs-on'
        required: false
        default: '{"image":null}'
      clang-tidy-container:
        type: string
        description: 'JSON container information to run clang-tidy on'
        required: false
        default: '{"image":null}'
      test-container:
        type: string
        description: 'JSON container information for testing'
        required: false
        default: '{"image":null}'
      is-release:
        description: 'Whether this build job is a release job'
        required: true
        type: boolean
        default: false
      gn-build-type:
        description: 'The gn build type - testing or release'
        required: true
        type: string
        default: testing
      generate-symbols: 
        description: 'Whether or not to generate symbols'
        required: true
        type: boolean
        default: false
      upload-to-storage: 
        description: 'Whether or not to upload build artifacts to external storage'
        required: true
        type: string
        default: '0'
      is-asan: 
        description: 'Building the Address Sanitizer (ASan) Linux build'
        required: false
        type: boolean
        default: false
 permissions: {}
 concurrency:
  group: electron-build-and-test-and-nan-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
  cancel-in-progress: ${{ github.ref_protected != true }}
 jobs:
  build:
    uses: ./.github/workflows/pipeline-segment-electron-build.yml
    permissions:
      contents: read
    with:
      build-runs-on: ${{ inputs.build-runs-on }}
      build-container: ${{ inputs.build-container }}
      target-platform: ${{ inputs.target-platform }}
      target-arch: ${{ inputs.target-arch }}
      is-release: ${{ inputs.is-release }}
      gn-build-type: ${{ inputs.gn-build-type }}
      generate-symbols: ${{ inputs.generate-symbols }}
      upload-to-storage: ${{ inputs.upload-to-storage }}
      upload-out-gen-artifacts: true
    secrets: inherit
  clang-tidy:
    uses: ./.github/workflows/pipeline-segment-electron-clang-tidy.yml
    permissions:
      contents: read
    needs: build
    with:
      clang-tidy-runs-on: ${{ inputs.clang-tidy-runs-on }}
      clang-tidy-container: ${{ inputs.clang-tidy-container }}
      target-platform: ${{ inputs.target-platform }}
      target-arch: ${{ inputs.target-arch }}
    secrets: inherit
  test:
    uses: ./.github/workflows/pipeline-segment-electron-test.yml
    permissions:
      contents: read
      issues: read
      pull-requests: read
    needs: build
    with:
      target-arch: ${{ inputs.target-arch }}
      target-platform: ${{ inputs.target-platform }}
      test-runs-on: ${{ inputs.test-runs-on }}
      test-container: ${{ inputs.test-container }}
    secrets: inherit
  nn-test:
    uses: ./.github/workflows/pipeline-segment-node-nan-test.yml
    permissions:
      contents: read
    needs: build
    with:
      target-arch: ${{ inputs.target-arch }}
      target-platform: ${{ inputs.target-platform }}
      test-runs-on: ${{ inputs.test-runs-on }}
      test-container: ${{ inputs.test-container }}
      gn-build-type: ${{ inputs.gn-build-type }}
    secrets: inherit
--- a/.github/workflows/pipeline-electron-build-and-tidy-and-test.yml
+++ b/.github/workflows/pipeline-electron-build-and-tidy-and-test.yml
@@ -1,121 +0,0 @@
 name: Electron Build & Clang Tidy & Test Pipeline
 on:
  workflow_call:
    inputs:
      target-platform:
        type: string
        description: 'Platform to run on, can be macos, win or linux'
        required: true
      target-arch:
        type: string
        description: 'Arch to build for, can be x64, arm64 or arm'
        required: true
      build-runs-on:
        type: string
        description: 'What host to run the build'
        required: true
      clang-tidy-runs-on:
        type: string
        description: 'What host to run clang-tidy on'
        required: true
      test-runs-on:
        type: string
        description: 'What host to run the tests on'
        required: true
      build-container:
        type: string
        description: 'JSON container information for aks runs-on'
        required: false
        default: '{"image":null}'
      clang-tidy-container:
        type: string
        description: 'JSON container information to run clang-tidy on'
        required: false
        default: '{"image":null}'
      test-container:
        type: string
        description: 'JSON container information for testing'
        required: false
        default: '{"image":null}'
      is-release:
        description: 'Whether this build job is a release job'
        required: true
        type: boolean
        default: false
      gn-build-type:
        description: 'The gn build type - testing or release'
        required: true
        type: string
        default: testing
      generate-symbols: 
        description: 'Whether or not to generate symbols'
        required: true
        type: boolean
        default: false
      upload-to-storage: 
        description: 'Whether or not to upload build artifacts to external storage'
        required: true
        type: string
        default: '0'
      is-asan: 
        description: 'Building the Address Sanitizer (ASan) Linux build'
        required: false
        type: boolean
        default: false
      enable-ssh:
        description: 'Enable SSH debugging'
        required: false
        type: boolean
        default: false
 concurrency:
  group: electron-build-and-tidy-and-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
  cancel-in-progress: ${{ github.ref_protected != true }}
 permissions: {}
 jobs:
  build:
    uses: ./.github/workflows/pipeline-segment-electron-build.yml
    permissions:
      contents: read
    with:
      build-runs-on: ${{ inputs.build-runs-on }}
      build-container: ${{ inputs.build-container }}
      target-platform: ${{ inputs.target-platform }}
      target-arch: ${{ inputs.target-arch }}
      is-release: ${{ inputs.is-release }}
      gn-build-type: ${{ inputs.gn-build-type }}
      generate-symbols: ${{ inputs.generate-symbols }}
      upload-to-storage: ${{ inputs.upload-to-storage }}
      is-asan: ${{ inputs.is-asan }}
      enable-ssh: ${{ inputs.enable-ssh }}
      upload-out-gen-artifacts: true
    secrets: inherit
  clang-tidy:
    uses: ./.github/workflows/pipeline-segment-electron-clang-tidy.yml
    permissions:
      contents: read
    needs: build
    with:
      clang-tidy-runs-on: ${{ inputs.clang-tidy-runs-on }}
      clang-tidy-container: ${{ inputs.clang-tidy-container }}
      target-platform: ${{ inputs.target-platform }}
      target-arch: ${{ inputs.target-arch }}
    secrets: inherit
  test:
    uses: ./.github/workflows/pipeline-segment-electron-test.yml
    permissions:
      contents: read
      issues: read
      pull-requests: read
    needs: build
    with:
      target-arch: ${{ inputs.target-arch }}
      target-platform: ${{ inputs.target-platform }}
      test-runs-on: ${{ inputs.test-runs-on }}
      test-container: ${{ inputs.test-container }}
      is-asan: ${{ inputs.is-asan }}
      enable-ssh: ${{ inputs.enable-ssh }}
    secrets: inherit
--- a/.github/workflows/pipeline-electron-docs-only.yml
+++ b/.github/workflows/pipeline-electron-docs-only.yml
@@ -8,42 +8,19 @@ on:
        description: 'Container to run the docs-only ts compile in'
        type: string
 permissions: {}
 concurrency:
  group: electron-docs-only-${{ github.ref }}
  cancel-in-progress: true
 env:  
  GCLIENT_EXTRA_ARGS: --custom-var=checkout_arm=True --custom-var=checkout_arm64=True
 jobs:
  docs-only:
    name: Docs Only Compile
-    runs-on: electron-arc-centralus-linux-amd64-4core
+    runs-on: electron-arc-linux-amd64-4core
    permissions:
      contents: read
    timeout-minutes: 20
    container: ${{ fromJSON(inputs.container) }}
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
        ref: ${{ github.event.pull_request.head.sha }}
    - name: Generate DEPS Hash
      run: |
        node src/electron/script/generate-deps-hash.js
        DEPSHASH=v1-src-cache-$(cat src/electron/.depshash)
        echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
        echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
    - name: Restore src cache via AKS
      uses: ./src/electron/.github/actions/restore-cache-aks
      with:
        target-platform: linux
    - name: Checkout Electron
      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
      with:
        path: src/electron
        fetch-depth: 0
@@ -54,12 +31,12 @@ jobs:
      shell: bash
      run: |
        cd src/electron
-        node script/yarn.js create-typescript-definitions
+        node script/yarn create-typescript-definitions
-        node script/yarn.js tsc -p tsconfig.default_app.json --noEmit
+        node script/yarn tsc -p tsconfig.default_app.json --noEmit
        for f in build/webpack/*.js
        do
            out="${f:29}"
            if [ "$out" != "base.js" ]; then
-            node script/yarn.js webpack --config $f --output-filename=$out --output-path=./.tmp --env mode=development
+            node script/yarn webpack --config $f --output-filename=$out --output-path=./.tmp --env mode=development
            fi
        done
--- a/.github/workflows/pipeline-electron-lint.yml
+++ b/.github/workflows/pipeline-electron-lint.yml
@@ -8,8 +8,6 @@ on:
        description: 'Container to run lint in'
        type: string
 permissions: {}
 concurrency:
  group: electron-lint-${{ github.ref_protected == true && github.run_id || github.ref }}
  cancel-in-progress: ${{ github.ref_protected != true }}
@@ -20,14 +18,12 @@ env:
 jobs:
  lint:
    name: Lint
-    runs-on: electron-arc-centralus-linux-amd64-4core
+    runs-on: electron-arc-linux-amd64-4core
    permissions:
      contents: read
    timeout-minutes: 20
    container: ${{ fromJSON(inputs.container) }}
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
@@ -65,11 +61,9 @@ jobs:
        curl -sL "https://chromium.googlesource.com/chromium/src/+/${chromium_revision}/buildtools/DEPS?format=TEXT" | base64 -d > src/buildtools/DEPS
        gclient sync --spec="solutions=[{'name':'src/buildtools','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':True},'managed':False}]"
-    - name: Add problem matchers
+    - name: Add ESLint problem matcher
      shell: bash
-      run: |
+      run: echo "::add-matcher::src/electron/.github/problem-matchers/eslint-stylish.json"
        echo "::add-matcher::src/electron/.github/problem-matchers/eslint-stylish.json"
        echo "::add-matcher::src/electron/.github/problem-matchers/markdownlint.json"
    - name: Run Lint
      shell: bash
      run: |
@@ -80,15 +74,11 @@ jobs:
        # but then we would lint its contents (at least gn format), and it doesn't pass it.
        cd src/electron
-        node script/yarn.js install --immutable
+        node script/yarn install --frozen-lockfile
-        node script/yarn.js lint
+        node script/yarn lint
    - name: Run Script Typechecker
      shell: bash
      run: |
        cd src/electron
-        node script/yarn.js tsc -p tsconfig.script.json
+        node script/yarn tsc -p tsconfig.script.json
-    - name: Check GHA Workflows
+    
      shell: bash
      run: |
        cd src/electron
        node script/copy-pipeline-segment-publish.js --check
--- a/.github/workflows/pipeline-segment-electron-build.yml
+++ b/.github/workflows/pipeline-segment-electron-build.yml
@@ -48,23 +48,17 @@ on:
        required: true
        type: string
        default: '0'
      strip-binaries: 
        description: 'Strip the binaries before release (Linux only)'
        required: false
        type: boolean
        default: false
      is-asan: 
        description: 'Building the Address Sanitizer (ASan) Linux build'
        required: false
        type: boolean
        default: false
      upload-out-gen-artifacts:
        description: 'Whether to upload the src/gen artifacts'
        required: false
        type: boolean
        default: false
      enable-ssh:
        description: 'Enable SSH debugging'
        required: false
        type: boolean
        default: false
 permissions: {}
 concurrency:
  group: electron-build-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ inputs.target-variant }}-${{ inputs.is-asan }}-${{ github.ref_protected == true && github.run_id || github.ref }}
@@ -73,14 +67,12 @@ concurrency:
 env:
  CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
  CHROMIUM_GIT_COOKIE_WINDOWS_STRING: ${{ secrets.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }}
  DD_API_KEY: ${{ secrets.DD_API_KEY }}
  ELECTRON_ARTIFACTS_BLOB_STORAGE: ${{ secrets.ELECTRON_ARTIFACTS_BLOB_STORAGE }}
  ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
  SUDOWOODO_EXCHANGE_URL: ${{ secrets.SUDOWOODO_EXCHANGE_URL }}
  SUDOWOODO_EXCHANGE_TOKEN: ${{ secrets.SUDOWOODO_EXCHANGE_TOKEN }}
  GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' && '--custom-var=checkout_mac=True --custom-var=host_os=mac' || inputs.target-platform == 'win' && '--custom-var=checkout_win=True' || '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' }}
  ELECTRON_OUT_DIR: Default
  ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }}
 jobs:
  build:
@@ -88,34 +80,20 @@ jobs:
      run:
        shell: bash
    runs-on: ${{ inputs.build-runs-on }}
    permissions:
      contents: read
    container: ${{ fromJSON(inputs.build-container) }}
    environment: ${{ inputs.environment }}
    env:
      TARGET_ARCH: ${{ inputs.target-arch }}
      TARGET_PLATFORM: ${{ inputs.target-platform }}
    steps:
    - name: Create src dir
      run: |
        mkdir src
    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
        ref: ${{ github.event.pull_request.head.sha }}
    - name: Setup SSH Debugging
      if: ${{ inputs.target-platform == 'macos' && (inputs.enable-ssh || env.ACTIONS_STEP_DEBUG == 'true') }}
      uses: ./src/electron/.github/actions/ssh-debug
      with:
        tunnel: 'true'
      env:
        CLOUDFLARE_TUNNEL_CERT: ${{ secrets.CLOUDFLARE_TUNNEL_CERT }}
        CLOUDFLARE_TUNNEL_HOSTNAME: ${{ vars.CLOUDFLARE_TUNNEL_HOSTNAME }}
        CLOUDFLARE_USER_CA_CERT: ${{ secrets.CLOUDFLARE_USER_CA_CERT }}
        AUTHORIZED_USERS: ${{ secrets.SSH_DEBUG_AUTHORIZED_USERS }}
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    - name: Free up space (macOS)
      if: ${{ inputs.target-platform == 'macos' }}
      uses: ./src/electron/.github/actions/free-space-macos
@@ -124,9 +102,9 @@ jobs:
      run: df -h
    - name: Setup Node.js/npm
      if: ${{ inputs.target-platform == 'macos' }}
-      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
+      uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
      with:
-        node-version: 22.21.x
+        node-version: 20.19.x
        cache: yarn
        cache-dependency-path: src/electron/yarn.lock
    - name: Install Dependencies
@@ -168,7 +146,7 @@ jobs:
      if: ${{ inputs.target-platform == 'linux' }}
      uses: ./src/electron/.github/actions/restore-cache-aks
    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
@@ -182,7 +160,7 @@ jobs:
        ELECTRON_DEPOT_TOOLS_DISABLE_LOG: true
    - name: Init Build Tools
      run: |
-        e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }} --import ${{ inputs.gn-build-type }} --target-cpu ${{ inputs.target-arch }} --remote-build siso
+        e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }} --import ${{ inputs.gn-build-type }} --target-cpu ${{ inputs.target-arch }}
    - name: Run Electron Only Hooks
      run: |
        e d gclient runhooks --spec="solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False},'managed':False}]"
@@ -192,6 +170,9 @@ jobs:
        echo "DEPSHASH=$(cat src/electron/.depshash)" >> $GITHUB_ENV
    - name: Add CHROMIUM_BUILDTOOLS_PATH to env
      run: echo "CHROMIUM_BUILDTOOLS_PATH=$(pwd)/src/buildtools" >> $GITHUB_ENV
    - name: Setup Number of Ninja Processes
      run: |
        echo "NUMBER_OF_NINJA_PROCESSES=${{ inputs.target-platform != 'macos' && '300' || '200' }}" >> $GITHUB_ENV
    - name: Free up space (macOS)
      if: ${{ inputs.target-platform == 'macos' }}
      uses: ./src/electron/.github/actions/free-space-macos
@@ -204,9 +185,9 @@ jobs:
        artifact-platform: ${{ inputs.target-platform == 'macos' && 'darwin' || inputs.target-platform }}
        is-release: '${{ inputs.is-release }}'
        generate-symbols: '${{ inputs.generate-symbols }}'
        strip-binaries: '${{ inputs.strip-binaries }}'
        upload-to-storage: '${{ inputs.upload-to-storage }}'
        is-asan: '${{ inputs.is-asan }}'
        upload-out-gen-artifacts: '${{ inputs.upload-out-gen-artifacts }}'
    - name: Set GN_EXTRA_ARGS for MAS Build
      if: ${{ inputs.target-platform == 'macos' && (inputs.target-variant == 'all' || inputs.target-variant == 'mas') }}
      run: |
--- a/.github/workflows/pipeline-segment-electron-clang-tidy.yml
+++ b/.github/workflows/pipeline-segment-electron-clang-tidy.yml
@@ -1,159 +0,0 @@
 name: Pipeline Segment - Electron Clang-Tidy
 on:
  workflow_call:
    inputs:
      target-platform:
        type: string
        description: 'Platform to run on, can be macos, win or linux'
        required: true
      target-arch:
        type: string
        description: 'Arch to build for, can be x64, arm64 or arm'
        required: true
      clang-tidy-runs-on:
        type: string
        description: 'What host to run clang-tidy on'
        required: true
      clang-tidy-container:
        type: string
        description: 'JSON container information for aks runs-on'
        required: false
        default: '{"image":null}'
 permissions: {}
 concurrency:
  group: electron-clang-tidy-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref }}
  cancel-in-progress: true
 env:
  GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' && '--custom-var=checkout_mac=True --custom-var=host_os=mac' || (inputs.target-platform == 'linux' && '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' || '--custom-var=checkout_win=True') }}
  ELECTRON_OUT_DIR: Default
 jobs:
  clang-tidy:
    defaults:
      run:
        shell: bash
    runs-on: ${{ inputs.clang-tidy-runs-on }}
    permissions:
      contents: read
    container: ${{ fromJSON(inputs.clang-tidy-container) }}
    env:
      BUILD_TYPE: ${{ inputs.target-platform == 'macos' && 'darwin' || inputs.target-platform }}
      TARGET_ARCH: ${{ inputs.target-arch }}
      TARGET_PLATFORM: ${{ inputs.target-platform }}
      ARTIFACT_KEY: ${{ inputs.target-platform == 'macos' && 'darwin' || inputs.target-platform }}_${{ inputs.target-arch }}
    steps:
    - name: Checkout Electron
      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
      with:
        path: src/electron
        fetch-depth: 0
        ref: ${{ github.event.pull_request.head.sha }}
    - name: Cleanup disk space on macOS
      if: ${{ inputs.target-platform == 'macos' }}
      shell: bash
      run: |   
        sudo mkdir -p $TMPDIR/del-target
        tmpify() {
          if [ -d "$1" ]; then
            sudo mv "$1" $TMPDIR/del-target/$(echo $1|shasum -a 256|head -n1|cut -d " " -f1)
          fi
        }   
        tmpify /Library/Developer/CoreSimulator
        tmpify ~/Library/Developer/CoreSimulator
        sudo rm -rf $TMPDIR/del-target
    - name: Check disk space after freeing up space
      if: ${{ inputs.target-platform == 'macos' }}
      run: df -h
    - name: Set Chromium Git Cookie
      uses: ./src/electron/.github/actions/set-chromium-cookie
    - name: Install Build Tools
      uses: ./src/electron/.github/actions/install-build-tools
    - name: Enable windows toolchain
      if: ${{ inputs.target-platform == 'win' }}
      run: |
        echo "ELECTRON_DEPOT_TOOLS_WIN_TOOLCHAIN=1" >> $GITHUB_ENV
    - name: Generate DEPS Hash
      run: |
        node src/electron/script/generate-deps-hash.js
        DEPSHASH=v1-src-cache-$(cat src/electron/.depshash)
        echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
        echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
    - name: Restore src cache via AZCopy
      if: ${{ inputs.target-platform == 'macos' }}
      uses: ./src/electron/.github/actions/restore-cache-azcopy
      with:
        target-platform: ${{ inputs.target-platform }}      
    - name: Restore src cache via AKS
      if: ${{ inputs.target-platform == 'linux' || inputs.target-platform == 'win' }}
      uses: ./src/electron/.github/actions/restore-cache-aks
      with:
        target-platform: ${{ inputs.target-platform }}
    - name: Run Electron Only Hooks
      run: |
        echo "solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False},'managed':False}]" > tmpgclient
        if [ "${{ inputs.target-platform }}" = "win" ]; then
          echo "solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False,'install_sysroot':False,'checkout_win':True},'managed':False}]" > tmpgclient
          echo "target_os=['win']" >> tmpgclient
        fi
        e d gclient runhooks --gclientfile=tmpgclient
        # Fix VS Toolchain
        if [ "${{ inputs.target-platform }}" = "win" ]; then
          rm -rf src/third_party/depot_tools/win_toolchain/vs_files
          e d python3 src/build/vs_toolchain.py update --force
        fi
    - name: Regenerate DEPS Hash
      run: |
        (cd src/electron && git checkout .) && node src/electron/script/generate-deps-hash.js
        echo "DEPSHASH=$(cat src/electron/.depshash)" >> $GITHUB_ENV
    - name: Add CHROMIUM_BUILDTOOLS_PATH to env
      run: echo "CHROMIUM_BUILDTOOLS_PATH=$(pwd)/src/buildtools" >> $GITHUB_ENV
    - name: Checkout Electron
      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
      with:
        path: src/electron
        fetch-depth: 0
        ref: ${{ github.event.pull_request.head.sha }}
    - name: Install Dependencies
      uses: ./src/electron/.github/actions/install-dependencies
    - name: Default GN gen
      run: |
        cd src/electron
        git pack-refs
    - name: Download Out Gen Artifacts
      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
      with:
        name: out_gen_artifacts_${{ env.ARTIFACT_KEY }}
        path: ./src/out/${{ env.ELECTRON_OUT_DIR }}/gen
    - name: Add Clang problem matcher
      shell: bash
      run: echo "::add-matcher::src/electron/.github/problem-matchers/clang.json"
    - name: Run Clang-Tidy
      run: |
        e init -f --root=$(pwd) --out=${ELECTRON_OUT_DIR} testing --target-cpu ${TARGET_ARCH}
        export GN_EXTRA_ARGS="target_cpu=\"${TARGET_ARCH}\""
        if [ "${{ inputs.target-platform }}" = "win" ]; then
          export GN_EXTRA_ARGS="$GN_EXTRA_ARGS use_v8_context_snapshot=true target_os=\"win\""
        fi
        e build --only-gen
        cd src/electron
        node script/yarn.js lint:clang-tidy --jobs 8 --out-dir ../out/${ELECTRON_OUT_DIR}
    - name: Remove Clang problem matcher
      shell: bash
      run: echo "::remove-matcher owner=clang::"
    - name: Wait for active SSH sessions
      if: always() && !cancelled()
      shell: bash
      run: |
        while [ -f /var/.ssh-lock ]
        do
          sleep 60
        done
--- a/.github/workflows/pipeline-segment-electron-gn-check.yml
+++ b/.github/workflows/pipeline-segment-electron-gn-check.yml
@@ -26,8 +26,6 @@ on:
        type: string
        default: testing
 permissions: {}
 concurrency:
  group: electron-gn-check-${{ inputs.target-platform }}-${{ github.ref }}
  cancel-in-progress: true
@@ -43,12 +41,10 @@ jobs:
      run:
        shell: bash
    runs-on: ${{ inputs.check-runs-on }}
    permissions:
      contents: read
    container: ${{ fromJSON(inputs.check-container) }}
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
@@ -115,7 +111,7 @@ jobs:
    - name: Add CHROMIUM_BUILDTOOLS_PATH to env
      run: echo "CHROMIUM_BUILDTOOLS_PATH=$(pwd)/src/buildtools" >> $GITHUB_ENV
    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
--- a/.github/workflows/pipeline-segment-electron-publish.yml
+++ b/.github/workflows/pipeline-segment-electron-publish.yml
@@ -1,243 +0,0 @@
 # AUTOGENERATED FILE - DO NOT EDIT MANUALLY
 # ONLY EDIT .github/workflows/pipeline-segment-electron-build.yml
 name: Pipeline Segment - Electron Build
 on:
  workflow_call:
    inputs:
      environment:
        description: using the production or testing environment
        required: false
        type: string
      target-platform:
        type: string
        description: Platform to run on, can be macos, win or linux
        required: true
      target-arch:
        type: string
        description: Arch to build for, can be x64, arm64, ia32 or arm
        required: true
      target-variant:
        type: string
        description: Variant to build for, no effect on non-macOS target platforms. Can
          be darwin, mas or all.
        default: all
      build-runs-on:
        type: string
        description: What host to run the build
        required: true
      build-container:
        type: string
        description: JSON container information for aks runs-on
        required: false
        default: '{"image":null}'
      is-release:
        description: Whether this build job is a release job
        required: true
        type: boolean
        default: false
      gn-build-type:
        description: The gn build type - testing or release
        required: true
        type: string
        default: testing
      generate-symbols:
        description: Whether or not to generate symbols
        required: true
        type: boolean
        default: false
      upload-to-storage:
        description: Whether or not to upload build artifacts to external storage
        required: true
        type: string
        default: "0"
      is-asan:
        description: Building the Address Sanitizer (ASan) Linux build
        required: false
        type: boolean
        default: false
      upload-out-gen-artifacts:
        description: Whether to upload the src/gen artifacts
        required: false
        type: boolean
        default: false
      enable-ssh:
        description: Enable SSH debugging
        required: false
        type: boolean
        default: false
 permissions: {}
 concurrency:
  group: electron-build-${{ inputs.target-platform }}-${{ inputs.target-arch
    }}-${{ inputs.target-variant }}-${{ inputs.is-asan }}-${{
    github.ref_protected == true && github.run_id || github.ref }}
  cancel-in-progress: ${{ github.ref_protected != true }}
 env:
  CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
  CHROMIUM_GIT_COOKIE_WINDOWS_STRING: ${{ secrets.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }}
  DD_API_KEY: ${{ secrets.DD_API_KEY }}
  ELECTRON_ARTIFACTS_BLOB_STORAGE: ${{ secrets.ELECTRON_ARTIFACTS_BLOB_STORAGE }}
  ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
  SUDOWOODO_EXCHANGE_URL: ${{ secrets.SUDOWOODO_EXCHANGE_URL }}
  SUDOWOODO_EXCHANGE_TOKEN: ${{ secrets.SUDOWOODO_EXCHANGE_TOKEN }}
  GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' &&
    '--custom-var=checkout_mac=True --custom-var=host_os=mac' ||
    inputs.target-platform == 'win' && '--custom-var=checkout_win=True' ||
    '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' }}
  ELECTRON_OUT_DIR: Default
  ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }}
 jobs:
  build:
    defaults:
      run:
        shell: bash
    runs-on: ${{ inputs.build-runs-on }}
    permissions:
      artifact-metadata: write
      attestations: write
      contents: read
      id-token: write
    container: ${{ fromJSON(inputs.build-container) }}
    environment: ${{ inputs.environment }}
    env:
      TARGET_ARCH: ${{ inputs.target-arch }}
      TARGET_PLATFORM: ${{ inputs.target-platform }}
    steps:
      - name: Create src dir
        run: |
          mkdir src
      - name: Checkout Electron
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
        with:
          path: src/electron
          fetch-depth: 0
          ref: ${{ github.event.pull_request.head.sha }}
      - name: Setup SSH Debugging
        if: ${{ inputs.target-platform == 'macos' && (inputs.enable-ssh ||
          env.ACTIONS_STEP_DEBUG == 'true') }}
        uses: ./src/electron/.github/actions/ssh-debug
        with:
          tunnel: "true"
        env:
          CLOUDFLARE_TUNNEL_CERT: ${{ secrets.CLOUDFLARE_TUNNEL_CERT }}
          CLOUDFLARE_TUNNEL_HOSTNAME: ${{ vars.CLOUDFLARE_TUNNEL_HOSTNAME }}
          CLOUDFLARE_USER_CA_CERT: ${{ secrets.CLOUDFLARE_USER_CA_CERT }}
          AUTHORIZED_USERS: ${{ secrets.SSH_DEBUG_AUTHORIZED_USERS }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: Free up space (macOS)
        if: ${{ inputs.target-platform == 'macos' }}
        uses: ./src/electron/.github/actions/free-space-macos
      - name: Check disk space after freeing up space
        if: ${{ inputs.target-platform == 'macos' }}
        run: df -h
      - name: Setup Node.js/npm
        if: ${{ inputs.target-platform == 'macos' }}
        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
        with:
          node-version: 22.21.x
          cache: yarn
          cache-dependency-path: src/electron/yarn.lock
      - name: Install Dependencies
        uses: ./src/electron/.github/actions/install-dependencies
      - name: Install AZCopy
        if: ${{ inputs.target-platform == 'macos' }}
        run: brew install azcopy
      - name: Set GN_EXTRA_ARGS for Linux
        if: ${{ inputs.target-platform == 'linux' }}
        run: >
          if [ "${{ inputs.target-arch  }}" = "arm" ]; then
            if [ "${{ inputs.is-release  }}" = true ]; then
              GN_EXTRA_ARGS='target_cpu="arm" build_tflite_with_xnnpack=false symbol_level=1'
            else
              GN_EXTRA_ARGS='target_cpu="arm" build_tflite_with_xnnpack=false'
            fi
          elif [ "${{ inputs.target-arch }}" = "arm64" ]; then
            GN_EXTRA_ARGS='target_cpu="arm64" fatal_linker_warnings=false enable_linux_installer=false'
          elif [ "${{ inputs.is-asan }}" = true ]; then
            GN_EXTRA_ARGS='is_asan=true'
          fi
          echo "GN_EXTRA_ARGS=$GN_EXTRA_ARGS" >> $GITHUB_ENV
      - name: Set Chromium Git Cookie
        uses: ./src/electron/.github/actions/set-chromium-cookie
      - name: Install Build Tools
        uses: ./src/electron/.github/actions/install-build-tools
      - name: Generate DEPS Hash
        run: |
          node src/electron/script/generate-deps-hash.js
          DEPSHASH=v1-src-cache-$(cat src/electron/.depshash)
          echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
          echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
      - name: Restore src cache via AZCopy
        if: ${{ inputs.target-platform != 'linux' }}
        uses: ./src/electron/.github/actions/restore-cache-azcopy
        with:
          target-platform: ${{ inputs.target-platform }}
      - name: Restore src cache via AKS
        if: ${{ inputs.target-platform == 'linux' }}
        uses: ./src/electron/.github/actions/restore-cache-aks
      - name: Checkout Electron
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
        with:
          path: src/electron
          fetch-depth: 0
          ref: ${{ github.event.pull_request.head.sha }}
      - name: Fix Sync
        if: ${{ inputs.target-platform != 'linux' }}
        uses: ./src/electron/.github/actions/fix-sync
        with:
          target-platform: ${{ inputs.target-platform }}
        env:
          ELECTRON_DEPOT_TOOLS_DISABLE_LOG: true
      - name: Init Build Tools
        run: >
          e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }}
          --import ${{ inputs.gn-build-type }} --target-cpu ${{
          inputs.target-arch }} --remote-build siso
      - name: Run Electron Only Hooks
        run: |
          e d gclient runhooks --spec="solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False},'managed':False}]"
      - name: Regenerate DEPS Hash
        run: >
          (cd src/electron && git checkout .) && node
          src/electron/script/generate-deps-hash.js
          echo "DEPSHASH=$(cat src/electron/.depshash)" >> $GITHUB_ENV
      - name: Add CHROMIUM_BUILDTOOLS_PATH to env
        run: echo "CHROMIUM_BUILDTOOLS_PATH=$(pwd)/src/buildtools" >> $GITHUB_ENV
      - name: Free up space (macOS)
        if: ${{ inputs.target-platform == 'macos' }}
        uses: ./src/electron/.github/actions/free-space-macos
      - name: Build Electron
        if: ${{ inputs.target-platform != 'macos' || (inputs.target-variant == 'all' ||
          inputs.target-variant == 'darwin') }}
        uses: ./src/electron/.github/actions/build-electron
        with:
          target-arch: ${{ inputs.target-arch }}
          target-platform: ${{ inputs.target-platform }}
          artifact-platform: ${{ inputs.target-platform == 'macos' && 'darwin' ||
            inputs.target-platform }}
          is-release: ${{ inputs.is-release }}
          generate-symbols: ${{ inputs.generate-symbols }}
          upload-to-storage: ${{ inputs.upload-to-storage }}
          is-asan: ${{ inputs.is-asan }}
          upload-out-gen-artifacts: ${{ inputs.upload-out-gen-artifacts }}
      - name: Set GN_EXTRA_ARGS for MAS Build
        if: ${{ inputs.target-platform == 'macos' && (inputs.target-variant == 'all' ||
          inputs.target-variant == 'mas') }}
        run: |
          echo "MAS_BUILD=true" >> $GITHUB_ENV
          GN_EXTRA_ARGS='is_mas_build=true'
          echo "GN_EXTRA_ARGS=$GN_EXTRA_ARGS" >> $GITHUB_ENV
      - name: Build Electron (MAS)
        if: ${{ inputs.target-platform == 'macos' && (inputs.target-variant == 'all' ||
          inputs.target-variant == 'mas') }}
        uses: ./src/electron/.github/actions/build-electron
        with:
          target-arch: ${{ inputs.target-arch }}
          target-platform: ${{ inputs.target-platform }}
          artifact-platform: mas
          is-release: ${{ inputs.is-release }}
          generate-symbols: ${{ inputs.generate-symbols }}
          upload-to-storage: ${{ inputs.upload-to-storage }}
          step-suffix: (mas)
--- a/.github/workflows/pipeline-segment-electron-test.yml
+++ b/.github/workflows/pipeline-segment-electron-test.yml
@@ -25,24 +25,21 @@ on:
        required: false
        type: boolean
        default: false
      enable-ssh:
        description: 'Enable SSH debugging'
        required: false
        type: boolean
        default: false
 concurrency:
  group: electron-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ inputs.is-asan }}-${{ github.ref_protected == true && github.run_id || github.ref }}
  cancel-in-progress: ${{ github.ref_protected != true }}
-permissions: {}
+permissions:
  contents: read
  issues: read
  pull-requests: read
 env:
  CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
  CHROMIUM_GIT_COOKIE_WINDOWS_STRING: ${{ secrets.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }}
  ELECTRON_OUT_DIR: Default
  ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
  ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }}
 jobs:
  test:
@@ -50,10 +47,6 @@ jobs:
      run:
        shell: bash
    runs-on: ${{ inputs.test-runs-on }}
    permissions:
      contents: read
      issues: read
      pull-requests: read
    container: ${{ fromJSON(inputs.test-container) }}
    strategy:
      fail-fast: false
@@ -69,16 +62,29 @@ jobs:
      if: ${{ inputs.target-arch == 'arm' && inputs.target-platform == 'linux' }}
      run: |
        cp $(which node) /mnt/runner-externals/node20/bin/
-        cp $(which node) /mnt/runner-externals/node24/bin/
+    - name: Install Git on Windows arm64 runners
      if: ${{ inputs.target-arch == 'arm64' && inputs.target-platform == 'win' }}
      shell: powershell
      run: |
        Set-ExecutionPolicy Bypass -Scope Process -Force
        [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
        iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
        choco install -y --no-progress git.install --params "'/GitAndUnixToolsOnPath'"
        choco install -y --no-progress git
        choco install -y --no-progress python --version 3.11.9
        choco install -y --no-progress visualstudio2022-workload-vctools --package-parameters "--add Microsoft.VisualStudio.Component.VC.Tools.ARM64"
        echo "C:\Program Files\Git\cmd" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
        echo "C:\Program Files\Git\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
        echo "C:\Python311" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
        cp "C:\Python311\python.exe" "C:\Python311\python3.exe"
    - name: Setup Node.js/npm
      if: ${{ inputs.target-platform == 'win' }}
-      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
+      uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
      with:
-        node-version: 22.21.x
+        node-version: 20.19.x
    - name: Add TCC permissions on macOS
      if: ${{ inputs.target-platform == 'macos' }}
      run: |
        epochdate=$(($(date +'%s * 1000 + %-N / 1000000')))
        configure_user_tccdb () {
          local values=$1
          local dbPath="$HOME/Library/Application Support/com.apple.TCC/TCC.db"
@@ -94,17 +100,14 @@ jobs:
        }
        userValuesArray=(
            "'kTCCServiceMicrophone','/usr/local/opt/runner/provisioner/provisioner',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159"
            "'kTCCServiceCamera','/usr/local/opt/runner/provisioner/provisioner',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159"
            "'kTCCServiceBluetoothAlways','/usr/local/opt/runner/provisioner/provisioner',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159"
            "'kTCCServiceAppleEvents','/usr/local/opt/runner/provisioner/provisioner',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159"
            "'kTCCServiceCamera','/opt/hca/hosted-compute-agent',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159"
            "'kTCCServiceBluetoothAlways','/opt/hca/hosted-compute-agent',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159"
            "'kTCCServiceScreenCapture','/bin/bash',1,2,3,1,NULL,NULL,NULL,'UNUSED',NULL,0,$epochdate"
        )
        for values in "${userValuesArray[@]}"; do
          # Sonoma and higher have a few extra values
          # Ref: https://github.com/actions/runner-images/blob/main/images/macos/scripts/build/configure-tccdb-macos.sh
-          if [ "$OSTYPE" = "darwin23" ] || [ "$OSTYPE" = "darwin24" ]; then
+          if [ "$OSTYPE" = "darwin23" ]; then
            configure_user_tccdb "$values,NULL,NULL,'UNUSED',${values##*,}"
            configure_sys_tccdb "$values,NULL,NULL,'UNUSED',${values##*,}"
          else
@@ -115,32 +118,12 @@ jobs:
    - name: Turn off the unexpectedly quit dialog on macOS
      if: ${{ inputs.target-platform == 'macos' }}
      run: defaults write com.apple.CrashReporter DialogType server
    - name: Set xcode to 16.4
      if: ${{ inputs.target-platform == 'macos' }}
      run: sudo xcode-select --switch /Applications/Xcode_16.4.app
    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
        ref: ${{ github.event.pull_request.head.sha }}
    - name: Turn off screenshot nag on macOS
      if: ${{ inputs.target-platform == 'macos' }}
      run: |
        defaults write ~/Library/Group\ Containers/group.com.apple.replayd/ScreenCaptureApprovals.plist "/bin/bash" -date "3024-09-23 12:00:00 +0000"
        src/electron/script/actions/screencapture-nag-remover.sh -a $(which bash)
        src/electron/script/actions/screencapture-nag-remover.sh -a /opt/hca/hosted-compute-agent
    - name: Setup SSH Debugging
      if: ${{ inputs.target-platform == 'macos' && (inputs.enable-ssh || env.ACTIONS_STEP_DEBUG == 'true') }}
      uses: ./src/electron/.github/actions/ssh-debug
      with:
        tunnel: 'true'
      env:
        CLOUDFLARE_TUNNEL_CERT: ${{ secrets.CLOUDFLARE_TUNNEL_CERT }}
        CLOUDFLARE_TUNNEL_HOSTNAME: ${{ vars.CLOUDFLARE_TUNNEL_HOSTNAME }}
        CLOUDFLARE_USER_CA_CERT: ${{ secrets.CLOUDFLARE_USER_CA_CERT }}
        AUTHORIZED_USERS: ${{ secrets.SSH_DEBUG_AUTHORIZED_USERS }}
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    - name: Install Dependencies
      uses: ./src/electron/.github/actions/install-dependencies
    - name: Set Chromium Git Cookie
@@ -152,9 +135,7 @@ jobs:
        git config --global core.autocrlf false
        git config --global branch.autosetuprebase always
        git config --global core.fscache true
        git config --global core.longpaths true
        git config --global core.preloadindex true
        git config --global core.longpaths true
        git clone --filter=tree:0 https://chromium.googlesource.com/chromium/tools/depot_tools.git
        # Ensure depot_tools does not update.
        test -d depot_tools && cd depot_tools
@@ -168,42 +149,50 @@ jobs:
        echo "DISABLE_CRASH_REPORTER_TESTS=true" >> $GITHUB_ENV
        echo "IS_ASAN=true" >> $GITHUB_ENV
    - name: Download Generated Artifacts
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
+      uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
      with:
        name: generated_artifacts_${{ env.ARTIFACT_KEY }}
        path: ./generated_artifacts_${{ matrix.build-type }}_${{ inputs.target-arch }}
    - name: Download Src Artifacts
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
+      uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
      with:
        name: src_artifacts_${{ env.ARTIFACT_KEY }}
        path: ./src_artifacts_${{ matrix.build-type }}_${{ inputs.target-arch }}
    - name: Restore Generated Artifacts
      run: ./src/electron/script/actions/restore-artifacts.sh
-    - name: Unzip Dist (win)
+    - name: Unzip Dist, Mksnapshot & Chromedriver (win)
      if: ${{ inputs.target-platform == 'win' }}
      shell: powershell
      run: |
        Set-ExecutionPolicy Bypass -Scope Process -Force
        cd src/out/Default
        Expand-Archive -Force dist.zip -DestinationPath ./
-    - name: Unzip Dist (unix)
+        Expand-Archive -Force chromedriver.zip -DestinationPath ./
        Expand-Archive -Force mksnapshot.zip -DestinationPath ./
    - name: Unzip Dist, Mksnapshot & Chromedriver (unix)
      if: ${{ inputs.target-platform != 'win' }}
      run: |
        cd src/out/Default
        unzip -:o dist.zip
-    #- name: Import & Trust Self-Signed Codesigning Cert on MacOS
+        unzip -:o chromedriver.zip
-    #  if: ${{ inputs.target-platform == 'macos' && inputs.target-arch == 'x64' }}
+        unzip -:o mksnapshot.zip
-    #  run: |
+    - name: Import & Trust Self-Signed Codesigning Cert on MacOS
-    #    sudo security authorizationdb write com.apple.trust-settings.admin allow
+      if: ${{ inputs.target-platform == 'macos' && inputs.target-arch == 'x64' }}
-    #    cd src/electron
+      run: |
-    #    ./script/codesign/generate-identity.sh
+        sudo security authorizationdb write com.apple.trust-settings.admin allow
-
+        cd src/electron
        ./script/codesign/generate-identity.sh
    - name: Install Datadog CLI
      run: |
        cd src/electron
        node script/yarn global add @datadog/datadog-ci
    - name: Run Electron Tests
      shell: bash
      env:
        MOCHA_REPORTER: mocha-multi-reporters
        MOCHA_MULTI_REPORTERS: mocha-junit-reporter, tap
        ELECTRON_DISABLE_SECURITY_WARNINGS: 1
        ELECTRON_SKIP_NATIVE_MODULE_TESTS: true
        DISPLAY: ':99.0'
        NPM_CONFIG_MSVS_VERSION: '2022'
      run: |
@@ -223,7 +212,7 @@ jobs:
              export ELECTRON_FORCE_TEST_SUITE_EXIT="true"
            fi
          fi
-          node script/yarn.js test --runners=main --enableRerun=3 --trace-uncaught --enable-logging --files $tests_files
+          node script/yarn test --runners=main --trace-uncaught --enable-logging --files $tests_files
        else
          chown :builduser .. && chmod g+w ..
          chown -R :builduser . && chmod -R g+w .
@@ -240,14 +229,9 @@ jobs:
            export MOCHA_TIMEOUT=180000
            echo "Piping output to ASAN_SYMBOLIZE ($ASAN_SYMBOLIZE)"
            cd electron
-            runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn.js test --runners=main --trace-uncaught --enable-logging --files $tests_files | $ASAN_SYMBOLIZE
+            runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn test --runners=main --trace-uncaught --enable-logging --files $tests_files | $ASAN_SYMBOLIZE
          else
-            if [ "${{ inputs.target-arch }}" = "arm" ]; then
+            runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn test --runners=main --trace-uncaught --enable-logging --files $tests_files
              runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn.js test --skipYarnInstall --runners=main --enableRerun=3 --trace-uncaught --enable-logging --files $tests_files
            else 
              runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn.js test --runners=main --enableRerun=3 --trace-uncaught --enable-logging --files $tests_files
            fi
          fi
        fi
    - name: Upload Test results to Datadog
@@ -259,14 +243,13 @@ jobs:
        DD_TAGS: "os.architecture:${{ inputs.target-arch }},os.family:${{ inputs.target-platform }},os.platform:${{ inputs.target-platform }},asan:${{ inputs.is-asan }}"
      run: |
        if ! [ -z $DD_API_KEY ] && [ -f src/electron/junit/test-results-main.xml ]; then
-          cd src/electron
+          export DATADOG_PATH=`node src/electron/script/yarn global bin`
-          export DATADOG_PATH=`node script/yarn.js bin datadog-ci`
+          $DATADOG_PATH/datadog-ci junit upload src/electron/junit/test-results-main.xml
-          $DATADOG_PATH junit upload junit/test-results-main.xml
+        fi          
        fi
      if: always() && !cancelled()
    - name: Upload Test Artifacts
      if: always() && !cancelled()
-      uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
      with:
        name: test_artifacts_${{ env.ARTIFACT_KEY }}_${{ matrix.shard }}
        path: src/electron/spec/artifacts
--- a/.github/workflows/pipeline-segment-node-nan-test.yml
+++ b/.github/workflows/pipeline-segment-node-nan-test.yml
@@ -26,8 +26,6 @@ on:
        type: string
        default: testing
 permissions: {}
 concurrency:
  group: electron-node-nan-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
  cancel-in-progress: ${{ github.ref_protected != true }}
@@ -40,9 +38,7 @@ env:
 jobs:
  node-tests:
    name: Run Node.js Tests
-    runs-on: electron-arc-centralus-linux-amd64-8core
+    runs-on: electron-arc-linux-amd64-8core
    permissions:
      contents: read
    timeout-minutes: 30
    env: 
      TARGET_ARCH: ${{ inputs.target-arch }}
@@ -50,7 +46,7 @@ jobs:
    container: ${{ fromJSON(inputs.test-container) }}
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
@@ -65,12 +61,12 @@ jobs:
    - name: Install Dependencies
      uses: ./src/electron/.github/actions/install-dependencies
    - name: Download Generated Artifacts
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
+      uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
      with:
        name: generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
        path: ./generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
    - name: Download Src Artifacts
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
+      uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
      with:
        name: src_artifacts_linux_${{ env.TARGET_ARCH }}
        path: ./src_artifacts_linux_${{ env.TARGET_ARCH }}
@@ -96,9 +92,7 @@ jobs:
        done
  nan-tests:
    name: Run Nan Tests
-    runs-on: electron-arc-centralus-linux-amd64-4core
+    runs-on: electron-arc-linux-amd64-4core
    permissions:
      contents: read
    timeout-minutes: 30
    env: 
      TARGET_ARCH: ${{ inputs.target-arch }}
@@ -106,7 +100,7 @@ jobs:
    container: ${{ fromJSON(inputs.test-container) }}
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
@@ -121,12 +115,12 @@ jobs:
    - name: Install Dependencies
      uses: ./src/electron/.github/actions/install-dependencies
    - name: Download Generated Artifacts
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
+      uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
      with:
        name: generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
        path: ./generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
    - name: Download Src Artifacts
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
+      uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
      with:
        name: src_artifacts_linux_${{ env.TARGET_ARCH }}
        path: ./src_artifacts_linux_${{ env.TARGET_ARCH }}
@@ -138,16 +132,10 @@ jobs:
        unzip -:o dist.zip
    - name: Setup Linux for Headless Testing
      run: sh -e /etc/init.d/xvfb start
    - name: Add Clang problem matcher
      shell: bash
      run: echo "::add-matcher::src/electron/.github/problem-matchers/clang.json"
    - name: Run Nan Tests
      run: |
        cd src
        node electron/script/nan-spec-runner.js
    - name: Remove Clang problem matcher
      shell: bash
      run: echo "::remove-matcher owner=clang::"
    - name: Wait for active SSH sessions
      shell: bash
      if: always() && !cancelled()
--- a/.github/workflows/pull-request-labeled.yml
+++ b/.github/workflows/pull-request-labeled.yml
@@ -11,28 +11,23 @@ jobs:
    name: backport/requested label added
    if: github.event.label.name == 'backport/requested 🗳'
    runs-on: ubuntu-latest
    permissions: {}
    steps:
      - name: Trigger Slack workflow
-        uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
+        uses: slackapi/slack-github-action@b0fa283ad8fea605de13dc3f449259339835fc52 # v2.1.0
        with:
          webhook: ${{ secrets.BACKPORT_REQUESTED_SLACK_WEBHOOK_URL }} 
          webhook-type: webhook-trigger
          payload: |
            {
-              "base_ref": ${{ toJSON(github.event.pull_request.base.ref) }},
+              "url": "${{ github.event.pull_request.html_url }}"
              "title": ${{ toJSON(github.event.pull_request.title) }},
              "url": ${{ toJSON(github.event.pull_request.html_url) }},
              "user": ${{ toJSON(github.event.pull_request.user.login) }}
            }
  pull-request-labeled-deprecation-review-complete:
    name: deprecation-review/complete label added
    if: github.event.label.name == 'deprecation-review/complete ✅'
    runs-on: ubuntu-latest
    permissions: {}
    steps:
      - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
        id: generate-token
        with:
          creds: ${{ secrets.RELEASE_BOARD_GH_APP_CREDS }}
@@ -44,35 +39,3 @@ jobs:
          project-number: 94
          field: Status
          field-value: ✅ Reviewed
  pull-request-labeled-ai-pr:
    name: ai-pr label added
    if: github.event.label.name == 'ai-pr'
    runs-on: ubuntu-latest
    permissions: {}
    steps:
    - name: Generate GitHub App token
      uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
      id: generate-token
      with:
        creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
    - name: Create comment
      uses: actions-cool/issues-helper@71b62d7da76e59ff7b193904feb6e77d4dbb2777 # v3.7.6
      with:
        actions: 'create-comment'
        token: ${{ steps.generate-token.outputs.token }}
        issue-number: ${{ github.event.pull_request.number }}
        body: |
          <!-- ai-pr -->
          *AI PR Detected*
          Hello @${{ github.event.pull_request.user.login }}. Due to the high amount of AI spam PRs we receive, if a PR is detected to be majority AI-generated without disclosure and untested, we will automatically close the PR.
          We welcome the use of AI tools, as long as the PR meets our quality standards and has clearly been built and tested. If you believe your PR was closed in error, we welcome you to resubmit. However, please read our [CONTRIBUTING.md](http://contributing.md/) carefully before reopening. Thanks for your contribution.
    - name: Close the pull request
      env:
        GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
        GH_REPO: electron/electron
        PR_NUMBER: ${{ github.event.pull_request.number }}
      run: |
        gh pr close "$PR_NUMBER"
--- a/.github/workflows/rerun-apply-patches.yml
+++ b/.github/workflows/rerun-apply-patches.yml
@@ -1,71 +0,0 @@
 name: Rerun PR Apply Patches
 on:
  push:
    branches:
      - main
      - '[1-9][0-9]-x-y'
    paths:
      - 'DEPS'
      - 'patches/**'
 permissions: {}
 jobs:
  rerun-apply-patches:
    runs-on: ubuntu-latest
    permissions:
      actions: write
      checks: read
      contents: read
      pull-requests: read
    steps:
      - name: Find PRs and Rerun Apply Patches
        env:
          GH_REPO: ${{ github.repository }}
          GH_TOKEN: ${{ github.token }}
        run: |
          BRANCH="${GITHUB_REF#refs/heads/}"
          # Find all open PRs targeting this branch
          PRS=$(gh pr list --base "$BRANCH" --state open --limit 250 --json number)
          echo "$PRS" | jq -c '.[]' | while read -r pr; do
            PR_NUMBER=$(echo "$pr" | jq -r '.number')
            echo "Processing PR #${PR_NUMBER}"
            # Find the Apply Patches workflow check for this PR
            CHECK=$(gh pr view "$PR_NUMBER" --json statusCheckRollup --jq '[.statusCheckRollup[] | select(.workflowName == "Apply Patches" and .name == "apply-patches")] | first')
            if [ -z "$CHECK" ] || [ "$CHECK" = "null" ]; then
              echo "  No Apply Patches workflow found for PR #${PR_NUMBER}"
              continue
            fi
            CONCLUSION=$(echo "$CHECK" | jq -r '.conclusion')
            if [ "$CONCLUSION" = "SKIPPED" ]; then
              echo "  apply-patches job was skipped for PR #${PR_NUMBER} (no patches)"
              continue
            fi
            LINK=$(echo "$CHECK" | jq -r '.detailsUrl')
            # Extract the run ID from the link (format: .../runs/RUN_ID/job/JOB_ID)
            RUN_ID=$(echo "$LINK" | grep -oE 'runs/[0-9]+' | cut -d'/' -f2)
            if [ -z "$RUN_ID" ]; then
              echo "  Could not extract run ID from link: ${LINK}"
              continue
            fi
            # Check if the workflow is currently in progress
            RUN_STATUS=$(gh run view "$RUN_ID" --json status --jq '.status')
            if [ "$RUN_STATUS" = "in_progress" ] || [ "$RUN_STATUS" = "queued" ] || [ "$RUN_STATUS" = "waiting" ]; then
              echo "  Workflow run ${RUN_ID} is ${RUN_STATUS}, cancelling..."
              gh run cancel "$RUN_ID" --force
              gh run watch "$RUN_ID"
            fi
            gh run rerun "$RUN_ID"
          done
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -13,7 +13,6 @@ permissions: read-all
 jobs:
  analysis:
    name: Scorecards analysis
    if: github.repository == 'electron/electron'
    runs-on: ubuntu-latest
    permissions:
      # Needed to upload the results to code-scanning dashboard.
@@ -23,13 +22,13 @@ jobs:
    steps:
      - name: "Checkout code"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      # This is a pre-submit / pre-release.
      - name: "Run analysis"
-        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
+        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
        with:
          results_file: results.sarif
          results_format: sarif
@@ -43,7 +42,7 @@ jobs:
      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
      # format to the repository Actions tab.
      - name: "Upload artifact"
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: SARIF file
          path: results.sarif
@@ -51,6 +50,6 @@ jobs:
      # Upload the results to GitHub's code scanning dashboard.
      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v3.29.5
+        uses: github/codeql-action/upload-sarif@fca7ace96b7d713c7035871441bd52efbe39e27e # v3.28.19
        with:
          sarif_file: results.sarif
--- a/.github/workflows/semantic.yml
+++ b/.github/workflows/semantic.yml
@@ -7,7 +7,8 @@ on:
      - edited
      - synchronize
-permissions: {}
+permissions:
  contents: read
 jobs:
  main:
@@ -18,7 +19,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: semantic-pull-request
-        uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1
+        uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
--- a/.github/workflows/stable-prep-items.yml
+++ b/.github/workflows/stable-prep-items.yml
@@ -10,12 +10,10 @@ permissions: {}
 jobs:
  check-stable-prep-items:
    name: Check Stable Prep Items
    if: github.repository == 'electron/electron'
    runs-on: ubuntu-latest
    permissions: {}
    steps:
      - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
        id: generate-token
        with:
          creds: ${{ secrets.RELEASE_BOARD_GH_APP_CREDS }}
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -9,16 +9,14 @@ permissions: {}
 jobs:
  stale:
    if: github.repository == 'electron/electron'
    runs-on: ubuntu-latest
    permissions: {}
    steps:
      - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
        id: generate-token
        with:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
-      - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # tag: v10.2.0
+      - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # tag: v9.1.0
        with:
          repo-token: ${{ steps.generate-token.outputs.token }}
          days-before-stale: 90
@@ -29,20 +27,19 @@ jobs:
            This issue has been automatically marked as stale. **If this issue is still affecting you, please leave any comment** (for example, "bump"), and we'll keep it open. If you have any new additional information—in particular, if this is still reproducible in the [latest version of Electron](https://www.electronjs.org/releases/stable) or in the [beta](https://www.electronjs.org/releases/beta)—please include it with your comment!
          close-issue-message: >
            This issue has been closed due to inactivity, and will not be monitored.  If this is a bug and you can reproduce this issue on a [supported version of Electron](https://www.electronjs.org/docs/latest/tutorial/electron-timelines#timeline) please open a new issue and include instructions for reproducing the issue.
-          exempt-issue-labels: "discussion,security \U0001F512,enhancement :sparkles:,status/confirmed,stale-exempt,upgrade-follow-up,tracking-upstream"
+          exempt-issue-labels: "discussion,security \U0001F512,enhancement :sparkles:,status/confirmed,stale-exempt"
          only-pr-labels: not-a-real-label
  pending-repro:
    runs-on: ubuntu-latest
-    permissions: {}
+    if: ${{ always() }}
    if: ${{ always() && github.repository == 'electron/electron' }}
    needs: stale
    steps:
      - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
        id: generate-token
        with:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
-      - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # tag: v10.2.0
+      - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # tag: v9.1.0
        with:
          repo-token: ${{ steps.generate-token.outputs.token }}
          days-before-stale: -1
--- a/.github/workflows/update-website-docs.yml
+++ b/.github/workflows/update-website-docs.yml
@@ -1,39 +0,0 @@
 name: Update Website Docs
 on:
  release:
    types: [published]
 permissions: {}
 jobs:
  update-website-docs:
    name: Update Website Docs
    runs-on: ubuntu-latest
    environment: website-docs-updater
    permissions:
      contents: read
      id-token: write # needed for secret-service-action
    steps:
      - name: Get GitHub App token
        id: secret-service
        uses: electron/secret-service-action@3476425e8b30555aac15b1b7096938e254b0e155 # v1.0.0
      - name: Check if this release is the latest
        id: check-if-latest-release
        env:
          GH_REPO: electron/electron
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          LATEST_RELEASE_TAG="$(gh release view --json tagName --jq '.tagName')"
          if [ "$LATEST_RELEASE_TAG" = "${GITHUB_REF#refs/tags/}" ]; then
            echo "isLatestRelease=true" >> $GITHUB_OUTPUT
          else
            echo "isLatestRelease=false" >> $GITHUB_OUTPUT
          fi
      - name: Trigger website docs update
        if: ${{ steps.check-if-latest-release.outputs.isLatestRelease == 'true' }}
        env:
          GH_REPO: electron/website
          GH_TOKEN: ${{ fromJSON(steps.secret-service.outputs.secrets).WEBSITE_DOCS_UPDATER_APP_TOKEN }}
        run: |
          gh workflow run update-docs.yml -f sha=$GITHUB_SHA
--- a/.github/workflows/windows-publish.yml
+++ b/.github/workflows/windows-publish.yml
@@ -6,7 +6,7 @@ on:
      build-image-sha:
        type: string
        description: 'SHA for electron/build image'
-        default: 'a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb'
+        default: '424eedbf277ad9749ffa9219068aa72ed4a5e373'
        required: true
      upload-to-storage:
        description: 'Uploads to Azure storage'
@@ -18,14 +18,9 @@ on:
        type: boolean
        default: false
 permissions: {}
 jobs:
  checkout-windows:
-    if: github.repository == 'electron/electron'
+    runs-on: electron-arc-linux-amd64-32core
    runs-on: electron-arc-centralus-linux-amd64-32core
    permissions:
      contents: read
    container:
      image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
      options: --user root --device /dev/fuse --cap-add SYS_ADMIN
@@ -41,7 +36,7 @@ jobs:
      build-image-sha: ${{ inputs.build-image-sha }}
    steps:
    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        path: src/electron
        fetch-depth: 0
@@ -52,16 +47,11 @@ jobs:
        target-platform: win
  publish-x64-win:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
    permissions:
      artifact-metadata: write
      attestations: write
      contents: read
      id-token: write
    needs: checkout-windows
    with:
      environment: production-release
-      build-runs-on: electron-arc-centralus-windows-amd64-16core
+      build-runs-on: electron-arc-windows-amd64-16core
      target-platform: win
      target-arch: x64
      is-release: true
@@ -71,16 +61,11 @@ jobs:
    secrets: inherit
  publish-arm64-win:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
    permissions:
      artifact-metadata: write
      attestations: write
      contents: read
      id-token: write
    needs: checkout-windows
    with:
      environment: production-release
-      build-runs-on: electron-arc-centralus-windows-amd64-16core
+      build-runs-on: electron-arc-windows-amd64-16core
      target-platform: win
      target-arch: arm64
      is-release: true
@@ -90,16 +75,11 @@ jobs:
    secrets: inherit
  publish-x86-win:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
    permissions:
      artifact-metadata: write
      attestations: write
      contents: read
      id-token: write
    needs: checkout-windows
    with:
      environment: production-release
-      build-runs-on: electron-arc-centralus-windows-amd64-16core
+      build-runs-on: electron-arc-windows-amd64-16core
      target-platform: win
      target-arch: x86
      is-release: true
--- a/.gitignore
+++ b/.gitignore
@@ -53,5 +53,3 @@ ts-gen
 patches/mtime-cache.json
 spec/fixtures/logo.png
 .yarn/install-state.gz
--- a/.markdownlint-cli2.jsonc
+++ b/.markdownlint-cli2.jsonc
@@ -21,9 +21,7 @@
        "ul",
        "unknown",
        "Tabs",
-        "TabItem",
+        "TabItem"
        "DocCardList",
        "kbd"
      ]
    },
    "no-newline-in-links": true
--- a/.nvmrc
+++ b/.nvmrc
@@ -1 +1 @@
-22
+20
--- a/.yarn/releases/yarn-4.12.0.cjs
+++ b/.yarn/releases/yarn-4.12.0.cjs
--- a/.yarnrc.yml
+++ b/.yarnrc.yml
@@ -1,12 +0,0 @@
 enableScripts: false
 nmHoistingLimits: workspaces
 nodeLinker: node-modules
 npmMinimalAgeGate: 10080
 npmPreapprovedPackages:
  - "@electron/*"
 yarnPath: .yarn/releases/yarn-4.12.0.cjs
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -4,9 +4,9 @@ import("//build/config/win/manifest.gni")
 import("//components/os_crypt/sync/features.gni")
 import("//components/spellcheck/spellcheck_build_features.gni")
 import("//content/public/app/mac_helpers.gni")
 import("//content/public/common/features.gni")
 import("//extensions/buildflags/buildflags.gni")
 import("//pdf/features.gni")
 import("//ppapi/buildflags/buildflags.gni")
 import("//printing/buildflags/buildflags.gni")
 import("//testing/test.gni")
 import("//third_party/electron_node/node.gni")
@@ -38,13 +38,12 @@ if (is_mac) {
  import("build/rules.gni")
  assert(
-      mac_deployment_target == "12.0",
+      mac_deployment_target == "11.0",
-      "Chromium has updated the mac_deployment_target, please update this assert and flag this as a breaking change (docs/breaking-changes.md)")
+      "Chromium has updated the mac_deployment_target, please update this assert, update the supported versions documentation (docs/tutorial/support.md) and flag this as a breaking change")
 }
 if (is_linux) {
  import("//build/config/linux/pkg_config.gni")
  import("//electron/build/linux/strip_binary.gni")
  import("//tools/generate_stubs/rules.gni")
  pkg_config("gio_unix") {
@@ -446,7 +445,6 @@ source_set("electron_lib") {
    "shell/services/node/public/mojom",
    "//base:base_static",
    "//base/allocator:buildflags",
    "//build/util:chromium_git_revision",
    "//chrome:strings",
    "//chrome/app:command_ids",
    "//chrome/app/resources:platform_locale_settings",
@@ -454,7 +452,7 @@ source_set("electron_lib") {
    "//components/certificate_transparency",
    "//components/compose:buildflags",
    "//components/embedder_support:user_agent",
-    "//components/input",
+    "//components/input:input",
    "//components/language/core/browser",
    "//components/net_log",
    "//components/network_hints/browser",
@@ -481,14 +479,13 @@ source_set("electron_lib") {
    "//device/bluetooth",
    "//device/bluetooth/public/cpp",
    "//gin",
    "//gpu/ipc/client",
    "//media/capture/mojom:video_capture",
    "//media/mojo/mojom",
    "//media/mojo/mojom:web_speech_recognition",
    "//net:extras",
    "//net:net_resources",
    "//printing/buildflags",
-    "//services/device/public/cpp/bluetooth",
+    "//services/device/public/cpp/bluetooth:bluetooth",
    "//services/device/public/cpp/geolocation",
    "//services/device/public/cpp/hid",
    "//services/device/public/mojom",
@@ -502,7 +499,6 @@ source_set("electron_lib") {
    "//third_party/blink/public/platform/media",
    "//third_party/boringssl",
    "//third_party/electron_node:libnode",
    "//third_party/highway:libhwy",
    "//third_party/inspector_protocol:crdtp",
    "//third_party/leveldatabase",
    "//third_party/libyuv",
@@ -522,15 +518,10 @@ source_set("electron_lib") {
    "//v8:v8_libplatform",
  ]
  if (v8_use_external_startup_data && use_v8_context_snapshot) {
    deps += [ ":mksnapshot_checksum_gen" ]
  }
  public_deps = [
    "//base",
    "//base:i18n",
    "//content/public/app",
    "//ui/base/unowned_user_data",
  ]
  include_dirs = [
@@ -590,14 +581,7 @@ source_set("electron_lib") {
  }
  if (is_mac) {
    # Disable C++ modules to resolve linking error when including MacOS SDK
    # headers from third_party/electron_node/deps/uv/include/uv/darwin.h
    # TODO(samuelmaddock): consider revisiting this in the future
    use_libcxx_modules = false
    deps += [
      "//components/os_crypt/async/browser:keychain_key_provider",
      "//components/os_crypt/common:keychain_password_mac",
      "//components/remote_cocoa/app_shim",
      "//components/remote_cocoa/browser",
      "//content/browser:mac_helpers",
@@ -659,9 +643,6 @@ source_set("electron_lib") {
      ":libnotify_loader",
      "//build/config/linux/gtk",
      "//components/crash/content/browser",
      "//components/os_crypt/async/browser:freedesktop_secret_key_provider",
      "//components/os_crypt/async/browser:posix_key_provider",
      "//components/os_crypt/async/browser:secret_portal_key_provider",
      "//dbus",
      "//device/bluetooth",
      "//third_party/crashpad/crashpad/client",
@@ -669,7 +650,6 @@ source_set("electron_lib") {
      "//ui/events/devices/x11",
      "//ui/events/platform/x11",
      "//ui/gtk:gtk_config",
      "//ui/linux:display_server_utils",
      "//ui/linux:linux_ui",
      "//ui/linux:linux_ui_factory",
      "//ui/wm",
@@ -702,8 +682,7 @@ source_set("electron_lib") {
    deps += [
      "//components/app_launch_prefetch",
      "//components/crash/core/app:crash_export_thunks",
-      "//components/os_crypt/async/browser:dpapi_key_provider",
+      "//ui/native_theme:native_theme_browser",
      "//third_party/libxml:xml_writer",
      "//ui/wm",
      "//ui/wm/public",
    ]
@@ -748,7 +727,7 @@ source_set("electron_lib") {
      "shell/common/extensions/api:extensions_features",
      "//chrome/browser/resources:component_extension_resources",
      "//components/guest_view/common:mojom",
-      "//components/update_client",
+      "//components/update_client:update_client",
      "//components/zoom",
      "//extensions/browser",
      "//extensions/browser/api:api_provider",
@@ -770,13 +749,11 @@ source_set("electron_lib") {
  if (enable_pdf_viewer) {
    deps += [
      "//chrome/browser/resources/pdf:resources",
      "//chrome/browser/ui:browser_element_identifiers",
      "//components/pdf/browser",
      "//components/pdf/browser:interceptors",
      "//components/pdf/common:constants",
      "//components/pdf/common:util",
      "//components/pdf/renderer",
      "//components/user_education/webui",
      "//pdf",
      "//pdf:content_restriction",
    ]
@@ -795,18 +772,6 @@ source_set("electron_lib") {
  }
 }
 action("mksnapshot_checksum_gen") {
  script = "build/checksum_header.py"
  outputs = [ "$target_gen_dir/snapshot_checksum.h" ]
  inputs = [ "$root_out_dir/$v8_context_snapshot_filename" ]
  args = rebase_path(inputs)
  args += rebase_path(outputs)
  deps = [ "//tools/v8_context_snapshot" ]
 }
 electron_paks("packed_resources") {
  if (is_mac) {
    output_dir = "$root_gen_dir/electron_repack"
@@ -850,7 +815,7 @@ if (is_mac) {
      sources = []
      public_deps = []
      sources += [ "$root_out_dir/libffmpeg.dylib" ]
-      public_deps += [ "//third_party/ffmpeg" ]
+      public_deps += [ "//third_party/ffmpeg:ffmpeg" ]
      outputs = [ "{{bundle_contents_dir}}/Libraries/{{source_file_part}}" ]
    }
  } else {
@@ -1265,7 +1230,7 @@ if (is_mac) {
    }
    if (use_v8_context_snapshot) {
-      public_deps = [ "//tools/v8_context_snapshot" ]
+      public_deps = [ "//tools/v8_context_snapshot:v8_context_snapshot" ]
    }
    if (is_linux) {
@@ -1444,18 +1409,6 @@ dist_zip("electron_dist_zip") {
    ":licenses",
  ]
  if (is_linux) {
    if (is_official_build) {
      data_deps += [
        ":strip_chrome_crashpad_handler",
        ":strip_chrome_sandbox",
        ":strip_electron_binary",
        ":strip_libEGL_shlib",
        ":strip_libGLESv2_shlib",
        ":strip_libffmpeg_shlib",
        ":strip_libvk_swiftshader_shlib",
      ]
    }
    data_deps += [ "//sandbox/linux:chrome_sandbox" ]
  }
  deps = data_deps
@@ -1501,16 +1454,6 @@ group("electron_mksnapshot") {
 dist_zip("electron_mksnapshot_zip") {
  data_deps = mksnapshot_deps
  if (is_linux && is_official_build) {
    data_deps += [
      ":strip_libEGL_shlib",
      ":strip_libGLESv2_shlib",
      ":strip_libffmpeg_shlib",
      ":strip_libvk_swiftshader_shlib",
      ":strip_mksnapshot_binary",
      ":strip_v8_context_snapshot_generator_binary",
    ]
  }
  deps = data_deps
  outputs = [ "$root_build_dir/mksnapshot.zip" ]
 }
@@ -1635,101 +1578,3 @@ group("copy_node_headers") {
 group("node_headers") {
  public_deps = [ ":tar_node_headers" ]
 }
 group("testing_build") {
  public_deps = [
    ":electron_dist_zip",
    ":electron_mksnapshot_zip",
    ":node_headers",
  ]
 }
 group("release_build") {
  public_deps = [ ":testing_build" ]
  if (is_official_build) {
    public_deps += [ ":electron_symbols" ]
  }
  if (is_linux) {
    public_deps += [
      ":hunspell_dictionaries_zip",
      ":libcxx_headers_zip",
      ":libcxx_objects_zip",
      ":libcxxabi_headers_zip",
    ]
  }
 }
 if (is_linux && is_official_build) {
  strip_binary("strip_electron_binary") {
    binary_input = "$root_out_dir/$electron_project_name"
    symbol_output = "$root_out_dir/debug/$electron_project_name.debug"
    compress_debug_sections = true
    deps = [ ":electron_app" ]
  }
  strip_binary("strip_chrome_crashpad_handler") {
    binary_input = "$root_out_dir/chrome_crashpad_handler"
    symbol_output = "$root_out_dir/debug/chrome_crashpad_handler.debug"
    compress_debug_sections = true
    deps = [ "//components/crash/core/app:chrome_crashpad_handler" ]
  }
  strip_binary("strip_chrome_sandbox") {
    binary_input = "$root_out_dir/chrome_sandbox"
    symbol_output = "$root_out_dir/debug/chrome-sandbox.debug"
    compress_debug_sections = true
    deps = [ "//sandbox/linux:chrome_sandbox" ]
  }
  strip_binary("strip_libEGL_shlib") {
    binary_input = "$root_out_dir/libEGL.so"
    symbol_output = "$root_out_dir/debug/libEGL.so.debug"
    compress_debug_sections = true
    deps = [ "//third_party/angle:libEGL" ]
  }
  strip_binary("strip_libGLESv2_shlib") {
    binary_input = "$root_out_dir/libGLESv2.so"
    symbol_output = "$root_out_dir/debug/libGLESv2.so.debug"
    compress_debug_sections = true
    deps = [ "//third_party/angle:libGLESv2" ]
  }
  strip_binary("strip_libffmpeg_shlib") {
    binary_input = "$root_out_dir/libffmpeg.so"
    symbol_output = "$root_out_dir/debug/libffmpeg.so.debug"
    compress_debug_sections = true
    deps = [ "//third_party/ffmpeg" ]
  }
  strip_binary("strip_libvk_swiftshader_shlib") {
    binary_input = "$root_out_dir/libvk_swiftshader.so"
    symbol_output = "$root_out_dir/debug/libvk_swiftshader.so.debug"
    compress_debug_sections = true
    deps = [ "//third_party/swiftshader/src/Vulkan:swiftshader_libvulkan" ]
  }
  strip_binary("strip_mksnapshot_binary") {
    _binary_path = rebase_path(
            get_label_info(
                    ":v8_context_snapshot_generator($v8_snapshot_toolchain)",
                    "root_out_dir") + "/mksnapshot",
            root_build_dir)
    binary_input = "$root_out_dir/$_binary_path"
    symbol_output = "$root_out_dir/debug/${_binary_path}.debug"
    compress_debug_sections = true
    deps = mksnapshot_deps
  }
  strip_binary("strip_v8_context_snapshot_generator_binary") {
    _binary_path = rebase_path(
            get_label_info(
                    ":v8_context_snapshot_generator($v8_snapshot_toolchain)",
                    "root_out_dir") + "/v8_context_snapshot_generator",
            root_build_dir)
    binary_input = "$root_out_dir/$_binary_path"
    symbol_output = "$root_out_dir/debug/${_binary_path}.debug"
    compress_debug_sections = true
    deps = mksnapshot_deps
  }
 }
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -1,230 +0,0 @@
 # Electron Development Guide
 ## Project Overview
 Electron is a framework for building cross-platform desktop applications using web technologies. It embeds Chromium for rendering and Node.js for backend functionality.
 ## Directory Structure
 ```text
 electron/                 # This repo (run `e` commands here)
 ├── shell/               # Core C++ application code
 │   ├── browser/         # Main process implementation (107+ API modules)
 │   ├── renderer/        # Renderer process code
 │   ├── common/          # Shared code between processes
 │   ├── app/             # Application entry points
 │   └── services/        # Node.js service integration
 ├── lib/                 # TypeScript/JavaScript library code
 │   ├── browser/         # Main process JS (47 API implementations)
 │   ├── renderer/        # Renderer process JS
 │   └── common/          # Shared JS modules
 ├── patches/             # Patches for upstream dependencies
 │   ├── chromium/        # ~159 patches to Chromium
 │   ├── node/            # ~48 patches to Node.js
 │   └── ...              # Other targets (v8, boringssl, etc.)
 ├── spec/                # Test suite (1189+ TypeScript test files)
 ├── docs/                # API documentation and guides
 ├── build/               # Build configuration
 ├── script/              # Build and automation scripts
 └── chromium_src/        # Chromium source overrides
 ../                      # Parent directory is Chromium source
 ```
 ## Build Tools Setup
 Electron uses `@electron/build-tools` for development. The `e` command is the primary CLI.
 **Installation:**
 ```bash
 npm i -g @electron/build-tools
 ```
 **Configuration location:** `~/.electron_build_tools/configs/`
 ## Essential Commands
 ### Configuration Management
 | Command | Purpose |
 |---------|---------|
 | `e init <name> --root=<path> --bootstrap testing` | Create new build config and sync |
 | `e use <name>` | Switch to a different build configuration |
 | `e show current` | Display active configuration name |
 | `e show configs` | List all available configurations |
 ### Build & Development Loop
 | Command | Purpose |
 |---------|---------|
 | `e sync` | Fetch/update all source code and apply patches |
 | `e sync --3` | Sync with 3-way merge (required for Chromium upgrades) |
 | `e build` | Build Electron (runs GN + Ninja) |
 | `e build -k 999` | Build and continue on errors (up to 999) |
 | `e build -t <target>` | Build specific target (e.g., `electron:node_headers`) |
 | `e start` | Run the built Electron executable |
 | `e start --version` | Verify Electron launches and print version |
 | `e test` | Run the test suite |
 | `e debug` | Run Electron in debugger (lldb on macOS, gdb on Linux) |
 ### Patch Management
 | Command | Purpose |
 |---------|---------|
 | `e patches <target>` | Export patches for a target (chromium, node, v8, etc.) |
 | `e patches all` | Export all patches from all targets |
 | `e patches --list-targets` | List available patch targets |
 ## Typical Development Workflow
 ```bash
 # 1. Ensure you're on the right config
 e show current
 # 2. Sync to get latest code
 e sync
 # 3. Make your changes in shell/ or lib/ or ../
 # 4. Build
 e build
 # 5. Test your changes (Leave the user to do this, don't run these commands unless asked)
 e start
 e test
 # 6. If you modified patched files in Chromium:
 cd ..  # Go to Chromium repo
 git add <files>
 git commit -m "description of change"
 cd electron
 e patches chromium  # Export the patch
 ```
 ## Patches System
 Electron patches upstream dependencies (Chromium, Node.js, V8, etc.) to add features or modify behavior.
 **How patches work:**
 ```text
 patches/{target}/*.patch  →  [e sync --3]  →  target repo commits
                          ←  [e patches]   ←
 ```
 **Patch configuration:** `patches/config.json` maps patch directories to target repos.
 **Key rules:**
 - Fix existing patches 99% of the time rather than creating new ones
 - Preserve original authorship in TODO comments
 - Never change TODO assignees (`TODO(name)` must retain original name)
 - Each patch file includes commit message explaining its purpose
 **Creating/modifying patches:**
 1. Make changes in the target repo (e.g., `../` for Chromium)
 2. Create a git commit
 3. Run `e patches <target>` to export
 ## Testing
 **Test location:** `spec/` directory
 **Running tests:**
 ```bash
 e test                    # Run full test suite
 ```
 **Test frameworks:** Mocha, Chai, Sinon
 ## Build Configuration
 **GN build arguments:** Located in `build/args/`:
 - `testing.gn` - Debug/testing builds
 - `release.gn` - Release builds
 - `all.gn` - Common arguments for all builds
 **Main build file:** `BUILD.gn`
 **Feature flags:** `buildflags/buildflags.gni`
 ## Chromium Upgrade Workflow
 When working on the `roller/chromium/main` branch to upgrade Chromium activate the "Electron Chromium Upgrade" skill.
 ## Pull Requests
 PR bodies must always include a `Notes:` section as the **last line** of the body. This is a consumer-facing release note for Electron app developers — describe the user-visible fix or change, not internal implementation details. Use `Notes: none` if there is no user-facing change.
 ## Code Style
 **C++:** Follows Chromium style, enforced by clang-format
 **TypeScript/JavaScript:** ESLint configuration in `.eslintrc.json`
 **Linting:**
 ```bash
 npm run lint              # Run all linters
 npm run lint:clang-format # C++ formatting
 ```
 ## Key Files
 | File | Purpose |
 |------|---------|
 | `BUILD.gn` | Main GN build configuration |
 | `DEPS` | Dependency versions and checkout paths |
 | `patches/config.json` | Patch target configuration |
 | `filenames.gni` | Source file lists by platform |
 | `package.json` | Node.js dependencies and scripts |
 ## Environment Variables
 | Variable | Purpose |
 |----------|---------|
 | `GN_EXTRA_ARGS` | Additional GN arguments (useful in CI) |
 | `ELECTRON_RUN_AS_NODE=1` | Run Electron as Node.js |
 ## Useful Git Commands for Chromium
 ```bash
 # Find CL that changed a file
 cd ..
 git log --oneline -10 -- {file}
 git blame -L {start},{end} -- {file}
 # Look for Chromium CL reference in commit
 git log -1 {commit_sha}  # Find "Reviewed-on:" line
 # Find which patch affects a file
 grep -l "filename.cc" patches/chromium/*.patch
 ```
 ## CI/CD
 GitHub Actions workflows in `.github/workflows/`:
 - `build.yml` - Main build workflow
 - `pipeline-electron-lint.yml` - Linting
 - `pipeline-segment-electron-test.yml` - Testing
 ## Common Issues
 **Patch conflict during sync:**
 - Use `e sync --3` for 3-way merge
 - Check if file was renamed/moved upstream
 - Verify patch is still needed
 **Build error in patched file:**
 - Find the patch: `grep -l "filename" patches/chromium/*.patch`
 - Match existing patch style (#if 0 guards, BUILDFLAG conditionals, etc.)
 **Remote build issues:**
 - Try `e build --no-remote` to build locally
 - Check reclient/siso configuration in your build config
--- a/13
+++ b/13
@@ -2,17 +2,17 @@ gclient_gn_args_from = 'src'
 vars = {
  'chromium_version':
-    '147.0.7699.0',
+    '138.0.7190.0',
  'node_version':
-    'v24.13.1',
+    'v22.16.0',
  'nan_version':
-    '675cefebca42410733da8a454c8d9391fcebfbc2',
+    'e14bdcd1f72d62bca1d541b66da43130384ec213',
  'squirrel.mac_version':
    '0e5d146ba13101a1302d59ea6e6e0b3cace4ae38',
  'reactiveobjc_version':
    '74ab5baccc6f7202c8ac69a8d1e152c29dc1ea76',
  'mantle_version':
-    '2a8e2123a3931038179ee06105c9e6ec336b12ea',
+    '78d3966b3c331292ea29ec38661b25df0a245948',
  'engflow_reclient_configs_version':
    '955335c30a752e9ef7bff375baab5e0819b6c00d',
@@ -30,6 +30,9 @@ vars = {
  # The path of the sysroots.json file.
  'sysroots_json_path': 'electron/script/sysroots.json',
  # KEEP IN SYNC WITH utils.js FILE
  'yarn_version': '1.15.2',
  # To be able to build clean Chromium from sources.
  'apply_patches': True,
@@ -152,7 +155,7 @@ hooks = [
    'action': [
      'python3',
      '-c',
-      'import os, subprocess; os.chdir(os.path.join("src", "electron")); subprocess.check_call(["node", ".yarn/releases/yarn-4.12.0.cjs", "install", "--immutable"]);',
+      'import os, subprocess; os.chdir(os.path.join("src", "electron")); subprocess.check_call(["python3", "script/lib/npx.py", "yarn@' + (Var("yarn_version")) + '", "install", "--frozen-lockfile"]);',
    ],
  },
  {
--- a/README.md
+++ b/README.md
@@ -37,9 +37,9 @@ For more installation options and troubleshooting tips, see
 Each Electron release provides binaries for macOS, Windows, and Linux.
-* macOS (Monterey and up): Electron provides 64-bit Intel and Apple Silicon / ARM binaries for macOS.
+* macOS (Big Sur and up): Electron provides 64-bit Intel and Apple Silicon / ARM binaries for macOS.
 * Windows (Windows 10 and up): Electron provides `ia32` (`x86`), `x64` (`amd64`), and `arm64` binaries for Windows. Windows on ARM support was added in Electron 5.0.8. Support for Windows 7, 8 and 8.1 was [removed in Electron 23, in line with Chromium's Windows deprecation policy](https://www.electronjs.org/blog/windows-7-to-8-1-deprecation-notice).
-* Linux: The prebuilt binaries of Electron are built on Ubuntu 22.04. They have also been verified to work on:
+* Linux: The prebuilt binaries of Electron are built on Ubuntu 20.04. They have also been verified to work on:
  * Ubuntu 18.04 and newer
  * Fedora 32 and newer
  * Debian 10 and newer
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -8,12 +8,6 @@ The Electron team will send a response indicating the next steps in handling you
 Report security bugs in third-party modules to the person or team maintaining the module. You can also report a vulnerability through the [npm contact form](https://www.npmjs.com/support) by selecting "I'm reporting a security vulnerability".
 ## Escalation
 If you do not receive an acknowledgement of your report within 6 business days, or if you cannot find a private security contact for the project, you may escalate to the OpenJS Foundation CNA at `security@lists.openjsf.org`.
 If the project acknowledges your report but does not provide any further response or engagement within 14 days, escalation is also appropriate.
 ## The Electron Security Notification Process
 For context on Electron's security notification process, please see the [Notifications](https://github.com/electron/governance/blob/main/wg-security/membership-and-notifications.md#notifications) section of the Security WG's [Membership and Notifications](https://github.com/electron/governance/blob/main/wg-security/membership-and-notifications.md) Governance document.
--- a/build/.eslintrc.json
+++ b/build/.eslintrc.json
@@ -1,8 +1,8 @@
 {
  "plugins": [
-    "import"
+    "unicorn"
  ],
  "rules": {
-    "import/enforce-node-protocol-usage": ["error", "always"]
+    "unicorn/prefer-node-protocol": "error"
  }
 }
--- a/build/args/all.gn
+++ b/build/args/all.gn
@@ -2,7 +2,7 @@ is_electron_build = true
 root_extra_deps = [ "//electron" ]
 # Registry of NMVs --> https://github.com/nodejs/node/blob/main/doc/abi_version_registry.json
-node_module_version = 145
+node_module_version = 136
 v8_promise_internal_field_count = 1
 v8_embedder_string = "-electron.0"
@@ -19,15 +19,15 @@ proprietary_codecs = true
 enable_printing = true
 # Refs https://chromium-review.googlesource.com/c/chromium/src/+/6986517
 # CI is using MacOS 15.5 which doesn't have the required modulemaps.
 use_clang_modules = false
 # Removes DLLs from the build, which are only meant to be used for Chromium development.
 # See https://github.com/electron/electron/pull/17985
 angle_enable_vulkan_validation_layers = false
 dawn_enable_vulkan_validation_layers = false
 # Removes dxc dll's that are only used experimentally.
 # See https://bugs.chromium.org/p/chromium/issues/detail?id=1474897
 dawn_use_built_dxc = false
 # These are disabled because they cause the zip manifest to differ between
 # testing and release builds.
 # See https://chromium-review.googlesource.com/c/chromium/src/+/2774898.
@@ -70,8 +70,6 @@ v8_expose_public_symbols = true
 # sensitive content by enterprise users.
 enterprise_cloud_content_analysis = false
-# We don't use anything from here, and it causes target collisions
+# TODO: remove dependency on legacy ipc
-enable_linux_installer = false
+# https://issues.chromium.org/issues/40943039
-
+content_enable_legacy_ipc = true
 # Disable "Save to Drive" feature in PDF viewer
 enable_pdf_save_to_drive = false
--- a/build/checksum_header.py
+++ b/build/checksum_header.py
@@ -1,37 +0,0 @@
 #!/usr/bin/env python3
 import os
 import sys
 import hashlib
 dir_path = os.path.dirname(os.path.realpath(__file__))
 TEMPLATE_H = """
 #ifndef ELECTRON_SNAPSHOT_CHECKSUM_H_
 #define ELECTRON_SNAPSHOT_CHECKSUM_H_
 namespace electron::snapshot_checksum {
 inline constexpr std::string_view kChecksum = "{checksum}";
 }  // namespace electron::snapshot_checksum
 #endif  // ELECTRON_SNAPSHOT_CHECKSUM_H_
 """
 def calculate_sha256(filepath):
    sha256_hash = hashlib.sha256()
    with open(filepath, "rb") as f:
        for byte_block in iter(lambda: f.read(4096), b""):
            sha256_hash.update(byte_block)
    return sha256_hash.hexdigest()
 input_file = sys.argv[1]
 output_file = sys.argv[2]
 checksum = calculate_sha256(input_file)
 checksum_h = TEMPLATE_H.replace("{checksum}", checksum)
 with open(output_file, 'w') as f:
    f.write(checksum_h)
--- a/build/fuses/fuses.json5
+++ b/build/fuses/fuses.json5
@@ -9,6 +9,5 @@
  "embedded_asar_integrity_validation": "0",
  "only_load_app_from_asar": "0",
  "load_browser_process_specific_v8_snapshot": "0",
-  "grant_file_protocol_extra_privileges": "1",
+  "grant_file_protocol_extra_privileges": "1"
  "wasm_trap_handlers": "1"
 }
--- a/build/linux/strip_binary.gni
+++ b/build/linux/strip_binary.gni
@@ -1,70 +0,0 @@
 # Copyright 2021 The Chromium Authors
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 # This has been adapted from https://source.chromium.org/chromium/chromium/src/+/main:build/linux/strip_binary.gni;drc=c220a41e0422d45f1657c28146d32e99cc53640b
 # The notable difference is it has an option to compress the debug sections
 import("//build/config/clang/clang.gni")
 import("//build/toolchain/toolchain.gni")
 # Extracts symbols from a binary into a symbol file.
 #
 # Args:
 #   binary_input: Path to the binary containing symbols to extract, e.g.:
 #       "$root_out_dir/chrome"
 #   symbol_output: Desired output file for symbols, e.g.:
 #       "$root_out_dir/chrome.debug"
 #   stripped_binary_output: Desired output file for stripped file, e.g.:
 #       "$root_out_dir/chrome.stripped"
 #   compress_debug_sections: If true, compress the extracted debug sections
 template("strip_binary") {
  forward_variables_from(invoker,
                         [
                           "deps",
                           "testonly",
                         ])
  action("${target_name}") {
    llvm_strip_binary = "${clang_base_path}/bin/llvm-strip"
    llvm_objcopy_binary = "${clang_base_path}/bin/llvm-objcopy"
    script = "//electron/build/linux/strip_binary.py"
    if (defined(invoker.stripped_binary_output)) {
      stripped_binary_output = invoker.stripped_binary_output
    } else {
      stripped_binary_output = invoker.binary_input + ".stripped"
    }
    if (defined(invoker.symbol_output)) {
      symbol_output = invoker.symbol_output
    } else {
      symbol_output = invoker.binary_input + ".debug"
    }
    inputs = [
      invoker.binary_input,
      llvm_strip_binary,
      llvm_objcopy_binary,
    ]
    outputs = [
      symbol_output,
      stripped_binary_output,
    ]
    args = [
      "--llvm-strip-binary-path",
      rebase_path(llvm_strip_binary, root_build_dir),
      "--llvm-objcopy-binary-path",
      rebase_path(llvm_objcopy_binary, root_build_dir),
      "--symbol-output",
      rebase_path(symbol_output, root_build_dir),
      "--stripped-binary-output",
      rebase_path(stripped_binary_output, root_build_dir),
      "--binary-input",
      rebase_path(invoker.binary_input, root_build_dir),
    ]
    if (defined(invoker.compress_debug_sections) &&
        invoker.compress_debug_sections) {
      args += [ "--compress-debug-sections" ]
    }
  }
 }
--- a/build/linux/strip_binary.py
+++ b/build/linux/strip_binary.py
@@ -1,63 +0,0 @@
 #!/usr/bin/env python3
 #
 # Copyright 2021 The Chromium Authors
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 # This has been adapted from https://source.chromium.org/chromium/chromium/src/+/main:build/linux/strip_binary.py;drc=c220a41e0422d45f1657c28146d32e99cc53640b
 # The notable difference is it has an option to compress the debug sections
 import argparse
 import subprocess
 import sys
 def main() -> int:
  parser = argparse.ArgumentParser(description="Strip binary using LLVM tools.")
  parser.add_argument("--llvm-strip-binary-path",
                      help="Path to llvm-strip executable.")
  parser.add_argument("--llvm-objcopy-binary-path",
                      required=True,
                      help="Path to llvm-objcopy executable.")
  parser.add_argument("--binary-input", help="Input ELF binary.")
  parser.add_argument("--symbol-output",
                      help="File to write extracted debug info (.debug).")
  parser.add_argument("--compress-debug-sections",
                      action="store_true",
                      help="Compress extracted debug info.")
  parser.add_argument("--stripped-binary-output",
                      help="File to write stripped binary.")
  args = parser.parse_args()
  # Replicate the behavior of:
  # eu-strip <binary_input> -o <stripped_binary_output> -f <symbol_output>
  objcopy_args = [
      "--only-keep-debug",
      args.binary_input,
      args.symbol_output,
  ]
  if args.compress_debug_sections:
    objcopy_args.insert(0, "--compress-debug-sections")
  subprocess.check_output([args.llvm_objcopy_binary_path] + objcopy_args)
  subprocess.check_output([
      args.llvm_strip_binary_path,
      "--strip-debug",
      "--strip-unneeded",
      "-o",
      args.stripped_binary_output,
      args.binary_input,
  ])
  subprocess.check_output([
      args.llvm_objcopy_binary_path,
      f"--add-gnu-debuglink={args.symbol_output}",
      args.stripped_binary_output,
  ])
  return 0
 if __name__ == "__main__":
  sys.exit(main())
--- a/build/rules.gni
+++ b/build/rules.gni
@@ -67,6 +67,10 @@ template("mac_xib_bundle_data") {
    ibtool_flags = [
      "--minimum-deployment-target",
      mac_deployment_target,
      # TODO(rsesek): Enable this once all the bots are on Xcode 7+.
      # "--target-device",
      # "mac",
    ]
  }
--- a/build/webpack/webpack.config.base.js
+++ b/build/webpack/webpack.config.base.js
@@ -121,7 +121,6 @@ if ((globalThis.process || binding.process).argv.includes("--profile-electron-in
          'electron/main$': electronAPIFile,
          'electron/renderer$': electronAPIFile,
          'electron/common$': electronAPIFile,
          'electron/utility$': electronAPIFile,
          // Force timers to resolve to our dependency that doesn't use window.postMessage
          timers: path.resolve(electronRoot, 'node_modules', 'timers-browserify', 'main.js')
        },
@@ -144,9 +143,7 @@ if ((globalThis.process || binding.process).argv.includes("--profile-electron-in
            transpileOnly: onlyPrintingGraph,
            ignoreDiagnostics: [
              // File '{0}' is not under 'rootDir' '{1}'.
-              6059,
+              6059
              // Private field '{0}' must be declared in an enclosing class.
              1111
            ]
          }
        }]
--- a/build/zip.py
+++ b/build/zip.py
@@ -41,8 +41,6 @@ PATHS_TO_SKIP = [
  'resources/inspector',
  'gen/third_party/devtools-frontend/src',
  'gen/ui/webui',
  # Skip because these get zipped separately in script/zip-symbols.py
  'debug',
 ]
 def skip_path(dep, dist_zip, target_cpu):
@@ -82,11 +80,6 @@ def main(argv):
      dep = dep.strip()
      if not skip_path(dep, dist_zip, target_cpu):
        dist_files.add(dep)
  # On Linux, filter out any files which have a .stripped companion
  if sys.platform == 'linux':
    dist_files = {
      dep for dep in dist_files if f"{dep.removeprefix('./')}.stripped" not in dist_files
    }
  if sys.platform == 'darwin' and not should_flatten:
    execute(['zip', '-r', '-y', dist_zip] + list(dist_files))
  else:
@@ -103,13 +96,10 @@ def main(argv):
          dirname = os.path.dirname(dep)
          arcname = (
            os.path.join(dirname, 'chrome-sandbox')
-            if basename.removesuffix('.stripped') == 'chrome_sandbox'
+            if basename == 'chrome_sandbox'
            else dep
          )
          name_to_write = arcname
          # On Linux, strip the .stripped suffix from the name before zipping
          if sys.platform == 'linux':
            name_to_write = name_to_write.removesuffix('.stripped')
          if should_flatten:
            if flatten_relative_to:
              if name_to_write.startswith(flatten_relative_to):
--- a/chromium_src/BUILD.gn
+++ b/chromium_src/BUILD.gn
@@ -23,8 +23,6 @@ static_library("chrome") {
    "//chrome/browser/browser_process.h",
    "//chrome/browser/devtools/devtools_contents_resizing_strategy.cc",
    "//chrome/browser/devtools/devtools_contents_resizing_strategy.h",
    "//chrome/browser/devtools/devtools_dispatch_http_request_params.cc",
    "//chrome/browser/devtools/devtools_dispatch_http_request_params.h",
    "//chrome/browser/devtools/devtools_embedder_message_dispatcher.cc",
    "//chrome/browser/devtools/devtools_embedder_message_dispatcher.h",
    "//chrome/browser/devtools/devtools_eye_dropper.cc",
@@ -68,8 +66,6 @@ static_library("chrome") {
    "//chrome/browser/picture_in_picture/picture_in_picture_occlusion_tracker.h",
    "//chrome/browser/picture_in_picture/picture_in_picture_occlusion_tracker_observer.cc",
    "//chrome/browser/picture_in_picture/picture_in_picture_occlusion_tracker_observer.h",
    "//chrome/browser/picture_in_picture/picture_in_picture_widget_fade_animator.cc",
    "//chrome/browser/picture_in_picture/picture_in_picture_widget_fade_animator.h",
    "//chrome/browser/picture_in_picture/picture_in_picture_window_manager.cc",
    "//chrome/browser/picture_in_picture/picture_in_picture_window_manager.h",
    "//chrome/browser/picture_in_picture/picture_in_picture_window_manager_uma_helper.cc",
@@ -78,8 +74,14 @@ static_library("chrome") {
    "//chrome/browser/picture_in_picture/scoped_picture_in_picture_occlusion_observation.h",
    "//chrome/browser/platform_util.cc",
    "//chrome/browser/platform_util.h",
    "//chrome/browser/predictors/preconnect_manager.cc",
    "//chrome/browser/predictors/preconnect_manager.h",
    "//chrome/browser/predictors/predictors_features.cc",
    "//chrome/browser/predictors/predictors_features.h",
    "//chrome/browser/predictors/proxy_lookup_client_impl.cc",
    "//chrome/browser/predictors/proxy_lookup_client_impl.h",
    "//chrome/browser/predictors/resolve_host_client_impl.cc",
    "//chrome/browser/predictors/resolve_host_client_impl.h",
    "//chrome/browser/process_singleton.h",
    "//chrome/browser/process_singleton_internal.cc",
    "//chrome/browser/process_singleton_internal.h",
@@ -126,12 +128,8 @@ static_library("chrome") {
    "//chrome/browser/ui/views/overlay/hang_up_button.h",
    "//chrome/browser/ui/views/overlay/minimize_button.cc",
    "//chrome/browser/ui/views/overlay/minimize_button.h",
    "//chrome/browser/ui/views/overlay/overlay_controls_fade_animation.cc",
    "//chrome/browser/ui/views/overlay/overlay_controls_fade_animation.h",
    "//chrome/browser/ui/views/overlay/overlay_window_image_button.cc",
    "//chrome/browser/ui/views/overlay/overlay_window_image_button.h",
    "//chrome/browser/ui/views/overlay/overlay_window_live_caption_button.cc",
    "//chrome/browser/ui/views/overlay/overlay_window_live_caption_button.h",
    "//chrome/browser/ui/views/overlay/playback_image_button.cc",
    "//chrome/browser/ui/views/overlay/playback_image_button.h",
    "//chrome/browser/ui/views/overlay/resize_handle_button.cc",
@@ -146,10 +144,6 @@ static_library("chrome") {
    "//chrome/browser/ui/views/overlay/toggle_microphone_button.h",
    "//chrome/browser/ui/views/overlay/video_overlay_window_views.cc",
    "//chrome/browser/ui/views/overlay/video_overlay_window_views.h",
    "//chrome/browser/ui/views/picture_in_picture/picture_in_picture_bounds_change_animation.cc",
    "//chrome/browser/ui/views/picture_in_picture/picture_in_picture_bounds_change_animation.h",
    "//chrome/browser/ui/views/picture_in_picture/picture_in_picture_tucker.cc",
    "//chrome/browser/ui/views/picture_in_picture/picture_in_picture_tucker.h",
    "//chrome/browser/ui/webui/accessibility/accessibility_ui.cc",
    "//chrome/browser/ui/webui/accessibility/accessibility_ui.h",
    "//chrome/browser/usb/usb_blocklist.cc",
@@ -213,7 +207,7 @@ static_library("chrome") {
    "//components/enterprise/common/proto:connectors_proto",
    "//components/enterprise/obfuscation/core:enterprise_obfuscation",
    "//components/safe_browsing/core/browser/db:safebrowsing_proto",
-    "//components/vector_icons",
+    "//components/vector_icons:vector_icons",
    "//ui/base/accelerators/global_accelerator_listener",
    "//ui/snapshot",
    "//ui/views/controls/webview",
@@ -223,8 +217,8 @@ static_library("chrome") {
    sources += [
      "//chrome/browser/platform_util_aura.cc",
      "//chrome/browser/ui/views/eye_dropper/eye_dropper_aura.cc",
-      "//ui/native_window_tracker/native_window_tracker_aura.cc",
+      "//ui/views/native_window_tracker_aura.cc",
-      "//ui/native_window_tracker/native_window_tracker_aura.h",
+      "//ui/views/native_window_tracker_aura.h",
    ]
    deps += [ "//components/eye_dropper" ]
  }
@@ -280,8 +274,6 @@ static_library("chrome") {
      "//chrome/browser/process_singleton_mac.mm",
      "//chrome/browser/ui/views/eye_dropper/eye_dropper_view_mac.h",
      "//chrome/browser/ui/views/eye_dropper/eye_dropper_view_mac.mm",
      "//chrome/browser/ui/views/overlay/video_overlay_window_native_widget_mac.h",
      "//chrome/browser/ui/views/overlay/video_overlay_window_native_widget_mac.mm",
    ]
    deps += [ ":system_media_capture_permissions_mac_conflict" ]
  }
@@ -383,8 +375,6 @@ static_library("chrome") {
        "//chrome/browser/pdf/chrome_pdf_stream_delegate.h",
        "//chrome/browser/pdf/pdf_extension_util.cc",
        "//chrome/browser/pdf/pdf_extension_util.h",
        "//chrome/browser/pdf/pdf_help_bubble_handler_factory.cc",
        "//chrome/browser/pdf/pdf_help_bubble_handler_factory.h",
        "//chrome/browser/pdf/pdf_viewer_stream_manager.cc",
        "//chrome/browser/pdf/pdf_viewer_stream_manager.h",
        "//chrome/browser/plugins/pdf_iframe_navigation_throttle.cc",
@@ -393,8 +383,6 @@ static_library("chrome") {
      deps += [
        "//components/pdf/browser",
        "//components/pdf/renderer",
        "//ui/base/interaction",
        "//ui/webui/resources/cr_components/help_bubble:mojo_bindings",
      ]
    }
  } else {
@@ -508,17 +496,15 @@ source_set("chrome_spellchecker") {
  ]
 }
-if (is_mac) {
+# These sources create an object file conflict with one in |:chrome|, so they
-  # These sources create an object file conflict with one in |:chrome|, so they
+# must live in a separate target.
-  # must live in a separate target.
+# Conflicting sources:
-  # Conflicting sources:
+#   //chrome/browser/media/webrtc/system_media_capture_permissions_stats_mac.mm
-  #   //chrome/browser/media/webrtc/system_media_capture_permissions_stats_mac.mm
+#   //chrome/browser/permissions/system/system_media_capture_permissions_mac.mm
-  #   //chrome/browser/permissions/system/system_media_capture_permissions_mac.mm
+source_set("system_media_capture_permissions_mac_conflict") {
-  source_set("system_media_capture_permissions_mac_conflict") {
+  sources = [
-    sources = [
+    "//chrome/browser/permissions/system/system_media_capture_permissions_mac.h",
-      "//chrome/browser/permissions/system/system_media_capture_permissions_mac.h",
+    "//chrome/browser/permissions/system/system_media_capture_permissions_mac.mm",
-      "//chrome/browser/permissions/system/system_media_capture_permissions_mac.mm",
+  ]
-    ]
+  deps = [ "//chrome/common" ]
    deps = [ "//chrome/common" ]
  }
 }
--- a/default_app/.eslintrc.json
+++ b/default_app/.eslintrc.json
@@ -1,8 +1,8 @@
 {
  "plugins": [
-    "import"
+    "unicorn"
  ],
  "rules": {
-    "import/enforce-node-protocol-usage": ["error", "always"]
+    "unicorn/prefer-node-protocol": "error"
  }
 }
--- a/default_app/main.ts
+++ b/default_app/main.ts
@@ -110,9 +110,11 @@ async function loadApplicationPackage (packagePath: string) {
      } else if (packageJson.name) {
        app.name = packageJson.name;
      }
-
+      if (packageJson.desktopName) {
-      app.setDesktopName(packageJson.desktopName || `${app.name}.desktop`);
+        app.setDesktopName(packageJson.desktopName);
-
+      } else {
        app.setDesktopName(`${app.name}.desktop`);
      }
      // Set v8 flags, deliberately lazy load so that apps that do not use this
      // feature do not pay the price
      if (packageJson.v8Flags) {
--- a/docs/.eslintrc.json
+++ b/docs/.eslintrc.json
@@ -1,8 +1,8 @@
 {
  "extends": "standard",
  "plugins": [
-    "import",
+    "markdown",
-    "markdown"
+    "unicorn"
  ],
  "overrides": [
    {
@@ -30,6 +30,6 @@
    "no-undef": "off",
    "no-unused-expressions": "off",
    "no-unused-vars": "off",
-    "import/enforce-node-protocol-usage": ["error", "always"]
+    "unicorn/prefer-node-protocol": "error"
  }
 }
--- a/docs/api/accelerator.md
+++ b/docs/api/accelerator.md
@@ -0,0 +1,82 @@
 # Accelerator
 > Define keyboard shortcuts.
 Accelerators are strings that can contain multiple modifiers and a single key code,
 combined by the `+` character, and are used to define keyboard shortcuts
 throughout your application. Accelerators are case insensitive.
 Examples:
 * `CommandOrControl+A`
 * `CommandOrControl+Shift+Z`
 Shortcuts are registered with the [`globalShortcut`](global-shortcut.md) module
 using the [`register`](global-shortcut.md#globalshortcutregisteraccelerator-callback)
 method, i.e.
 ```js
 const { app, globalShortcut } = require('electron')
 app.whenReady().then(() => {
  // Register a 'CommandOrControl+Y' shortcut listener.
  globalShortcut.register('CommandOrControl+Y', () => {
    // Do stuff when Y and either Command/Control is pressed.
  })
 })
 ```
 ## Platform notice
 On Linux and Windows, the `Command` key does not have any effect so
 use `CommandOrControl` which represents `Command` on macOS and `Control` on
 Linux and Windows to define some accelerators.
 Use `Alt` instead of `Option`. The `Option` key only exists on macOS, whereas
 the `Alt` key is available on all platforms.
 The `Super` (or `Meta`) key is mapped to the `Windows` key on Windows and Linux and
 `Cmd` on macOS.
 ## Available modifiers
 * `Command` (or `Cmd` for short)
 * `Control` (or `Ctrl` for short)
 * `CommandOrControl` (or `CmdOrCtrl` for short)
 * `Alt`
 * `Option`
 * `AltGr`
 * `Shift`
 * `Super`
 * `Meta`
 ## Available key codes
 * `0` to `9`
 * `A` to `Z`
 * `F1` to `F24`
 * Various Punctuation: `)`, `!`, `@`, `#`, `$`, `%`, `^`, `&`, `*`, `(`, `:`, `;`, `:`, `+`, `=`, `<`, `,`, `_`, `-`, `>`, `.`, `?`, `/`, `~`, `` ` ``, `{`, `]`, `[`, `|`, `\`, `}`, `"`
 * `Plus`
 * `Space`
 * `Tab`
 * `Capslock`
 * `Numlock`
 * `Scrolllock`
 * `Backspace`
 * `Delete`
 * `Insert`
 * `Return` (or `Enter` as alias)
 * `Up`, `Down`, `Left` and `Right`
 * `Home` and `End`
 * `PageUp` and `PageDown`
 * `Escape` (or `Esc` for short)
 * `VolumeUp`, `VolumeDown` and `VolumeMute`
 * `MediaNextTrack`, `MediaPreviousTrack`, `MediaStop` and `MediaPlayPause`
 * `PrintScreen`
 * NumPad Keys
  * `num0` - `num9`
  * `numdec` - decimal key
  * `numadd` - numpad `+` key
  * `numsub` - numpad `-` key
  * `nummult` - numpad `*` key
  * `numdiv` - numpad `÷` key
--- a/docs/api/app.md
+++ b/docs/api/app.md
@@ -250,9 +250,7 @@ Returns:
 Emitted when the user clicks the native macOS new tab button. The new
 tab button is only visible if the current `BrowserWindow` has a
-`tabbingIdentifier`.
+`tabbingIdentifier`
 You must create a window in this handler in order for macOS tabbing to work as expected.
 ### Event: 'browser-window-blur'
@@ -423,7 +421,6 @@ Returns:
    * `oom` - Process ran out of memory
    * `launch-failed` - Process never successfully launched
    * `integrity-failure` - Windows code integrity checks failed
    * `memory-eviction` - Process proactively terminated to prevent a future out-of-memory (OOM) situation
  * `exitCode` number - The exit code for the process
      (e.g. status from waitpid if on POSIX, from GetExitCodeProcess on Windows).
  * `serviceName` string (optional) - The non-localized name of the process.
@@ -567,9 +564,8 @@ and subscribing to the `ready` event if the app is not ready yet.
  * `steal` boolean _macOS_ - Make the receiver the active app even if another app is
  currently active.
-On macOS, makes the application the active app. On Windows, focuses on the application's
+On Linux, focuses on the first visible window. On macOS, makes the application
-first window. On Linux, either focuses on the first visible window (X11) or requests
+the active app. On Windows, focuses on the application's first window.
 focus but may instead show a notification or flash the app icon (Wayland).
 You should seek to use the `steal` option as sparingly as possible.
@@ -606,7 +602,6 @@ Returns `string` - The current application directory.
    * `%APPDATA%` on Windows
    * `$XDG_CONFIG_HOME` or `~/.config` on Linux
    * `~/Library/Application Support` on macOS
  * `assets` The directory where app assets such as `resources.pak` are stored. By default this is the same as the folder containing the `exe` path. Available on Windows and Linux only.
  * `userData` The directory for storing your app's configuration files, which
    by default is the `appData` directory appended with your app's name. By
    convention files storing user data should be written to this directory, and
@@ -614,14 +609,14 @@ Returns `string` - The current application directory.
    may backup this directory to cloud storage.
  * `sessionData` The directory for storing data generated by `Session`, such
    as localStorage, cookies, disk cache, downloaded dictionaries, network
-    state, DevTools files. By default this points to `userData`. Chromium may
+    state, devtools files. By default this points to `userData`. Chromium may
    write very large disk cache here, so if your app does not rely on browser
    storage like localStorage or cookies to save user data, it is recommended
    to set this directory to other locations to avoid polluting the `userData`
    directory.
  * `temp` Temporary directory.
  * `exe` The current executable file.
-  * `module` The location of the Chromium module. By default this is synonymous with `exe`.
+  * `module` The `libchromiumcontent` library.
  * `desktop` The current user's Desktop directory.
  * `documents` Directory for a user's "My Documents".
  * `downloads` Directory for a user's downloads.
@@ -635,7 +630,7 @@ Returns `string` - The current application directory.
 Returns `string` - A path to a special directory or file associated with `name`. On
 failure, an `Error` is thrown.
-If `app.getPath('logs')` is called without calling `app.setAppLogsPath()` being called first, a default log directory will be created equivalent to calling `app.setAppLogsPath()` without a `path` parameter.
+If `app.getPath('logs')` is called without called `app.setAppLogsPath()` being called first, a default log directory will be created equivalent to calling `app.setAppLogsPath()` without a `path` parameter.
 ### `app.getFileIcon(path[, options])`
@@ -650,7 +645,7 @@ Returns `Promise<NativeImage>` - fulfilled with the app's icon, which is a [Nati
 Fetches a path's associated icon.
-On _Windows_, there are 2 kinds of icons:
+On _Windows_, there a 2 kinds of icons:
 * Icons associated with certain file extensions, like `.mp3`, `.png`, etc.
 * Icons inside the file itself, like `.exe`, `.dll`, `.ico`.
@@ -766,7 +761,7 @@ app.getPreferredSystemLanguages() // ['fr-CA', 'en-US', 'zh-Hans-FI', 'es-419']
 Both the available languages and regions and the possible return values differ between the two operating systems.
-As can be seen with the example above, on Windows, it is possible that a preferred system language has no country code, and that one of the preferred system languages corresponds with the language used for the regional format. On macOS, the region serves more as a default country code: the user doesn't need to have Finnish as a preferred language to use Finland as the region, and the country code `FI` is used as the country code for preferred system languages that do not have associated countries in the language name.
+As can be seen with the example above, on Windows, it is possible that a preferred system language has no country code, and that one of the preferred system languages corresponds with the language used for the regional format. On macOS, the region serves more as a default country code: the user doesn't need to have Finnish as a preferred language to use Finland as the region,and the country code `FI` is used as the country code for preferred system languages that do not have associated countries in the language name.
 ### `app.addRecentDocument(path)` _macOS_ _Windows_
@@ -781,22 +776,6 @@ bar, and on macOS, you can visit it from dock menu.
 Clears the recent documents list.
 ### `app.getRecentDocuments()` _macOS_ _Windows_
 Returns `string[]` - An array containing documents in the most recent documents list.
 ```js
 const { app } = require('electron')
 const path = require('node:path')
 const file = path.join(app.getPath('desktop'), 'foo.txt')
 app.addRecentDocument(file)
 const recents = app.getRecentDocuments()
 console.log(recents) // ['/path/to/desktop/foo.txt'}
 ```
 ### `app.setAsDefaultProtocolClient(protocol[, path, args])`
 * `protocol` string - The name of your protocol, without `://`. For example,
@@ -1124,19 +1103,6 @@ Updates the current activity if its type matches `type`, merging the entries fro
 Changes the [Application User Model ID][app-user-model-id] to `id`.
 ### `app.setToastActivatorCLSID(id)` _Windows_
 * `id` string
 Changes the [Toast Activator CLSID][toast-activator-clsid] to `id`. If one is not set via this method, it will be randomly generated for the app.
 * The value must be a valid GUID/CLSID in one of the following forms:
  * Canonical brace-wrapped: `{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}` (preferred)
  * Canonical without braces: `XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX` (braces will be added automatically)
 * Hex digits are case-insensitive.
 This method should be called early (before showing notifications) so the value is baked into the registration/shortcut. Supplying an empty string or an unparsable value throws and leaves the existing (or generated) CLSID unchanged. If this method is never called, a random CLSID is generated once per run and exposed via `app.toastActivatorCLSID`.
 ### `app.setActivationPolicy(policy)` _macOS_
 * `policy` string - Can be 'regular', 'accessory', or 'prohibited'.
@@ -1231,17 +1197,10 @@ Disables hardware acceleration for current app.
 This method can only be called before app is ready.
 ### `app.isHardwareAccelerationEnabled()`
 Returns `boolean` - whether hardware acceleration is currently enabled.
 > [!NOTE]
 > This information is only usable after the `gpu-info-update` event is emitted.
 ### `app.disableDomainBlockingFor3DAPIs()`
 By default, Chromium disables 3D APIs (e.g. WebGL) until restart on a per
-domain basis if the GPU process crashes too frequently. This function
+domain basis if the GPU processes crashes too frequently. This function
 disables that behavior.
 This method can only be called before app is ready.
@@ -1300,8 +1259,6 @@ For `infoType` equal to `basic`:
 Using `basic` should be preferred if only basic information like `vendorId` or `deviceId` is needed.
 Promise is rejected if the GPU is completely disabled, i.e. no hardware and software implementations are available.
 ### `app.setBadgeCount([count])` _Linux_ _macOS_
 * `count` Integer (optional) - If a value is provided, set the badge to the provided value otherwise, on macOS, display a plain white dot (e.g. unknown number of notifications). On Linux, if a value is not provided the badge will not display.
@@ -1332,7 +1289,7 @@ Returns `boolean` - Whether the current desktop environment is Unity launcher.
 ### `app.getLoginItemSettings([options])` _macOS_ _Windows_
 * `options` Object (optional)
-  * `type` string (optional) _macOS_ - Can be `mainAppService`, `agentService`, `daemonService`, or `loginItemService`. Defaults to `mainAppService`. Only available on macOS 13 and up. See [app.setLoginItemSettings](app.md#appsetloginitemsettingssettings-macos-windows) for more information about each type.
+  * `type` string (optional) _macOS_ - Can be one of `mainAppService`, `agentService`, `daemonService`, or `loginItemService`. Defaults to `mainAppService`. Only available on macOS 13 and up. See [app.setLoginItemSettings](app.md#appsetloginitemsettingssettings-macos-windows) for more information about each type.
  * `serviceName` string (optional) _macOS_ - The name of the service. Required if `type` is non-default. Only available on macOS 13 and up.
  * `path` string (optional) _Windows_ - The executable path to compare against. Defaults to `process.execPath`.
  * `args` string[] (optional) _Windows_ - The command-line arguments to compare against. Defaults to an empty array.
@@ -1347,13 +1304,13 @@ Returns `Object`:
 * `wasOpenedAtLogin` boolean _macOS_ - `true` if the app was opened at login automatically.
 * `wasOpenedAsHidden` boolean _macOS_ _Deprecated_ - `true` if the app was opened as a hidden login item. This indicates that the app should not open any windows at startup. This setting is not available on [MAS builds][mas-builds] or on macOS 13 and up.
 * `restoreState` boolean _macOS_ _Deprecated_ - `true` if the app was opened as a login item that should restore the state from the previous session. This indicates that the app should restore the windows that were open the last time the app was closed. This setting is not available on [MAS builds][mas-builds] or on macOS 13 and up.
-* `status` string _macOS_ - can be `not-registered`, `enabled`, `requires-approval`, or `not-found`.
+* `status` string _macOS_ - can be one of `not-registered`, `enabled`, `requires-approval`, or `not-found`.
 * `executableWillLaunchAtLogin` boolean _Windows_ - `true` if app is set to open at login and its run key is not deactivated. This differs from `openAtLogin` as it ignores the `args` option, this property will be true if the given executable would be launched at login with **any** arguments.
 * `launchItems` Object[] _Windows_
  * `name` string _Windows_ - name value of a registry entry.
  * `path` string _Windows_ - The executable to an app that corresponds to a registry entry.
  * `args` string[] _Windows_ - the command-line arguments to pass to the executable.
-  * `scope` string _Windows_ - can be `user` or `machine`. Indicates whether the registry entry is under `HKEY_CURRENT USER` or `HKEY_LOCAL_MACHINE`.
+  * `scope` string _Windows_ - one of `user` or `machine`. Indicates whether the registry entry is under `HKEY_CURRENT USER` or `HKEY_LOCAL_MACHINE`.
  * `enabled` boolean _Windows_ - `true` if the app registry key is startup approved and therefore shows as `enabled` in Task Manager and Windows settings.
 ### `app.setLoginItemSettings(settings)` _macOS_ _Windows_
@@ -1423,75 +1380,7 @@ details. Disabled by default.
 This API must be called after the `ready` event is emitted.
 > [!NOTE]
-> Rendering accessibility tree can significantly affect the performance of your app. It should not be enabled by default. Calling this method will enable the following accessibility support features: `nativeAPIs`, `webContents`, `inlineTextBoxes`, and `extendedProperties`.
+> Rendering accessibility tree can significantly affect the performance of your app. It should not be enabled by default.
 ### `app.getAccessibilitySupportFeatures()` _macOS_ _Windows_
 Returns `string[]` - Array of strings naming currently enabled accessibility support components. Possible values:
 * `nativeAPIs` - Native OS accessibility APIs integration enabled.
 * `webContents` - Web contents accessibility tree exposure enabled.
 * `inlineTextBoxes` - Inline text boxes (character bounding boxes) enabled.
 * `extendedProperties` - Extended accessibility properties enabled.
 * `screenReader` - Screen reader specific mode enabled.
 * `html` - HTML accessibility tree construction enabled.
 * `labelImages` - Accessibility support for automatic image annotations.
 * `pdfPrinting` - Accessibility support for PDF printing enabled.
 Notes:
 * The array may be empty if no accessibility modes are active.
 * Use `app.isAccessibilitySupportEnabled()` for the legacy boolean check;
  prefer this method for granular diagnostics or telemetry.
 Example:
 ```js
 const { app } = require('electron')
 app.whenReady().then(() => {
  if (app.getAccessibilitySupportFeatures().includes('screenReader')) {
    // Change some app UI to better work with Screen Readers.
  }
 })
 ```
 ### `app.setAccessibilitySupportFeatures(features)` _macOS_ _Windows_
 * `features` string[] - An array of the accessibility features to enable.
 Possible values are:
 * `nativeAPIs` - Native OS accessibility APIs integration enabled.
 * `webContents` - Web contents accessibility tree exposure enabled.
 * `inlineTextBoxes` - Inline text boxes (character bounding boxes) enabled.
 * `extendedProperties` - Extended accessibility properties enabled.
 * `screenReader` - Screen reader specific mode enabled.
 * `html` - HTML accessibility tree construction enabled.
 * `labelImages` - Accessibility support for automatic image annotations.
 * `pdfPrinting` - Accessibility support for PDF printing enabled.
 To disable all supported features, pass an empty array `[]`.
 Example:
 ```js
 const { app } = require('electron')
 app.whenReady().then(() => {
  // Enable a subset of features:
  app.setAccessibilitySupportFeatures([
    'screenReader',
    'pdfPrinting',
    'webContents'
  ])
  // Other logic
  // Some time later, disable all features:
  app.setAccessibilitySupportFeatures([])
 })
 ```
 ### `app.showAboutPanel()`
@@ -1719,13 +1608,8 @@ platforms) that allows you to perform actions on your app icon in the user's doc
 A `boolean` property that returns  `true` if the app is packaged, `false` otherwise. For many apps, this property can be used to distinguish development and production environments.
 ### `app.toastActivatorCLSID` _Windows_ _Readonly_
 A `string` property that returns the app's [Toast Activator CLSID][toast-activator-clsid].
 [tasks]:https://learn.microsoft.com/en-us/windows/win32/shell/taskbar-extensions#tasks
 [app-user-model-id]: https://learn.microsoft.com/en-us/windows/win32/shell/appids
 [toast-activator-clsid]: https://learn.microsoft.com/en-us/windows/win32/properties/props-system-appusermodel-toastactivatorclsid
 [electron-forge]: https://www.electronforge.io/
 [electron-packager]: https://github.com/electron/packager
 [CFBundleURLTypes]: https://developer.apple.com/library/ios/documentation/General/Reference/InfoPlistKeyReference/Articles/CoreFoundationKeys.html#//apple_ref/doc/uid/TP40009249-102207-TPXREF115
--- a/docs/api/auto-updater.md
+++ b/docs/api/auto-updater.md
@@ -32,19 +32,9 @@ update process. Apps that need to disable ATS can add the
 ### Windows
-On Windows, the `autoUpdater` module automatically selects the appropriate update mechanism
+On Windows, you have to install your app into a user's machine before you can
-based on how your app is packaged:
+use the `autoUpdater`, so it is recommended that you use
-
+[electron-winstaller][installer-lib] or [Electron Forge's Squirrel.Windows maker][electron-forge-lib] to generate a Windows installer.
 * **MSIX packages**: If your app is running as an MSIX package (created with [electron-windows-msix][msix-lib] and detected via [`process.windowsStore`](process.md#processwindowsstore-readonly)),
  the module uses the MSIX updater, which supports direct MSIX file links and JSON update feeds.
 * **Squirrel.Windows**: For apps installed via traditional installers (created with
  [electron-winstaller][installer-lib] or [Electron Forge's Squirrel.Windows maker][electron-forge-lib]),
  the module uses Squirrel.Windows for updates.
 You don't need to configure which updater to use; Electron automatically detects the packaging
 format and uses the appropriate one.
 #### Squirrel.Windows
 Apps built with Squirrel.Windows will trigger [custom launch events](https://github.com/Squirrel/Squirrel.Windows/blob/51f5e2cb01add79280a53d51e8d0cfa20f8c9f9f/docs/using/custom-squirrel-events-non-cs.md#application-startup-commands)
 that must be handled by your Electron application to ensure proper setup and teardown.
@@ -65,14 +55,6 @@ The installer generated with Squirrel.Windows will create a shortcut icon with a
 same ID for your app with `app.setAppUserModelId` API, otherwise Windows will
 not be able to pin your app properly in task bar.
 #### MSIX Packages
 When your app is packaged as an MSIX, the `autoUpdater` module provides additional
 functionality:
 * Use the `allowAnyVersion` option in `setFeedURL()` to allow updates to older versions (downgrades)
 * Support for direct MSIX file links or JSON update feeds (similar to Squirrel.Mac format)
 ## Events
 The `autoUpdater` object emits the following events:
@@ -110,7 +92,7 @@ Returns:
 Emitted when an update has been downloaded.
-With Squirrel.Windows only `releaseName` is available.
+On Windows only `releaseName` is available.
 > [!NOTE]
 > It is not strictly necessary to handle this event. A successfully
@@ -118,13 +100,6 @@ With Squirrel.Windows only `releaseName` is available.
 ### Event: 'before-quit-for-update'
 <!--
 ```YAML history
 added:
  - pr-url: https://github.com/electron/electron/pull/12619
 ```
 -->
 This event is emitted after a user calls `quitAndInstall()`.
 When this API is called, the `before-quit` event is not emitted before all windows are closed. As a result you should listen to this event if you wish to perform actions before the windows are closed while a process is quitting, as well as listening to `before-quit`.
@@ -135,23 +110,11 @@ The `autoUpdater` object has the following methods:
 ### `autoUpdater.setFeedURL(options)`
 <!--
 ```YAML history
 changes:
  - pr-url: https://github.com/electron/electron/pull/5879
    description: "Added `headers` as a second parameter."
  - pr-url: https://github.com/electron/electron/pull/11925
    description: "Changed API to accept a single `options` argument (contains `url`, `headers`, and `serverType` properties)."
 ```
 -->
 * `options` Object
-  * `url` string - The update server URL. For _Windows_ MSIX, this can be either a direct link to an MSIX file (e.g., `https://example.com/update.msix`) or a JSON endpoint that returns update information (see the [Squirrel.Mac][squirrel-mac] README for more information).
+  * `url` string
  * `headers` Record\<string, string\> (optional) _macOS_ - HTTP request headers.
  * `serverType` string (optional) _macOS_ - Can be `json` or `default`, see the [Squirrel.Mac][squirrel-mac]
    README for more information.
  * `allowAnyVersion` boolean (optional) _Windows_ - If `true`, allows downgrades to older versions for MSIX packages.
    Defaults to `false`.
 Sets the `url` and initialize the auto updater.
@@ -188,4 +151,3 @@ closed.
 [electron-forge-lib]: https://www.electronforge.io/config/makers/squirrel.windows
 [app-user-model-id]: https://learn.microsoft.com/en-us/windows/win32/shell/appids
 [event-emitter]: https://nodejs.org/api/events.html#events_class_eventemitter
 [msix-lib]:  https://github.com/electron-userland/electron-windows-msix
--- a/docs/api/base-window.md
+++ b/docs/api/base-window.md
@@ -351,11 +351,7 @@ Emitted when the window has closed a sheet.
 #### Event: 'new-window-for-tab' _macOS_
-Emitted when the user clicks the native macOS new tab button. The new
+Emitted when the native new tab button is clicked.
 tab button is only visible if the current `BrowserWindow` has a
 `tabbingIdentifier`.
 You must create a window in this handler in order for macOS tabbing to work as expected.
 #### Event: 'system-context-menu' _Windows_ _Linux_
@@ -760,9 +756,6 @@ Returns [`Rectangle`](structures/rectangle.md) - The `bounds` of the window as `
 > [!NOTE]
 > On macOS, the y-coordinate value returned will be at minimum the [Tray](tray.md) height. For example, calling `win.setBounds({ x: 25, y: 20, width: 800, height: 600 })` with a tray height of 38 means that `win.getBounds()` will return `{ x: 25, y: 38, width: 800, height: 600 }`.
 > [!NOTE]
 > On Wayland, this method will return `{ x: 0, y: 0, ... }` as introspecting or programmatically changing the global window coordinates is prohibited.
 #### `win.getBackgroundColor()`
 Returns `string` - Gets the background color of the window in Hex (`#RRGGBB`) format.
@@ -976,9 +969,6 @@ Moves window to `x` and `y`.
 Returns `Integer[]` - Contains the window's current position.
 > [!NOTE]
 > On Wayland, this method will return `[0, 0]` as introspecting or programmatically changing the global window coordinates is prohibited.
 #### `win.setTitle(title)`
 * `title` string
@@ -1053,7 +1043,7 @@ under this mode apps can choose to optimize their UI for tablets, such as
 enlarging the titlebar and hiding titlebar buttons.
 This API returns whether the window is in tablet mode, and the `resize` event
-can be used to listen to changes to tablet mode.
+can be be used to listen to changes to tablet mode.
 #### `win.getMediaSourceId()`
@@ -1270,47 +1260,6 @@ Sets the properties for the window's taskbar button.
 > `relaunchCommand` and `relaunchDisplayName` must always be set
 > together. If one of those properties is not set, then neither will be used.
 #### `win.setAccentColor(accentColor)` _Windows_
 * `accentColor` boolean | string | null - The accent color for the window. By default, follows user preference in System Settings. To reset to system default, pass `null`.
 Sets the system accent color and highlighting of active window border.
 The `accentColor` parameter accepts the following values:
 * **Color string** - Like `true`, but sets a custom accent color using standard CSS color formats (Hex, RGB, RGBA, HSL, HSLA, or named colors). Alpha values in RGBA/HSLA formats are ignored and the color is treated as fully opaque.
 * **`true`** - Enable accent color highlighting for the window with the system accent color regardless of whether accent colors are enabled for windows in System `Settings.`
 * **`false`** - Disable accent color highlighting for the window regardless of whether accent colors are currently enabled for windows in System Settings.
 * **`null`** - Reset window accent color behavior to follow behavior set in System Settings.
 Examples:
 ```js
 const win = new BrowserWindow({ frame: false })
 // Set red accent color.
 win.setAccentColor('#ff0000')
 // RGB format (alpha ignored if present).
 win.setAccentColor('rgba(255,0,0,0.5)')
 // Enable accent color, using the color specified in System Settings.
 win.setAccentColor(true)
 // Disable accent color.
 win.setAccentColor(false)
 // Reset window accent color behavior to follow behavior set in System Settings.
 win.setAccentColor(null)
 ```
 #### `win.getAccentColor()` _Windows_
 Returns `string | boolean` - the system accent color and highlighting of active window border in Hex RGB format.
 If a color has been set for the window that differs from the system accent color, the window accent color will
 be returned. Otherwise, a boolean will be returned, with `true` indicating that the window uses the global system accent color, and `false` indicating that accent color highlighting is disabled for this window.
 #### `win.setIcon(icon)` _Windows_ _Linux_
 * `icon` [NativeImage](native-image.md) | string
--- a/docs/api/browser-window.md
+++ b/docs/api/browser-window.md
@@ -140,10 +140,6 @@ state is `hidden` in order to minimize power consumption.
  move.
 * On Linux the type of modal windows will be changed to `dialog`.
 * On Linux many desktop environments do not support hiding a modal window.
 * On Wayland (Linux) it is generally not possible to programmatically resize windows
  after creation, or to position, move, focus, or blur windows without user input.
  If your app needs these capabilities, run it in Xwayland by appending the flag
  `--ozone-platform=x11`.
 ## Class: BrowserWindow extends `BaseWindow`
@@ -435,11 +431,7 @@ Emitted when the window has closed a sheet.
 #### Event: 'new-window-for-tab' _macOS_
-Emitted when the user clicks the native macOS new tab button. The new
+Emitted when the native new tab button is clicked.
 tab button is only visible if the current `BrowserWindow` has a
 `tabbingIdentifier`.
 You must create a window in this handler in order for macOS tabbing to work as expected.
 #### Event: 'system-context-menu' _Windows_ _Linux_
@@ -664,15 +656,10 @@ the [close event](#event-close).
 Focuses on the window.
 On Wayland (Linux), the desktop environment may show a notification or flash
 the app icon if the window or app is not already focused.
 #### `win.blur()`
 Removes focus from the window.
 Not supported on Wayland (Linux).
 #### `win.isFocused()`
 Returns `boolean` - Whether the window is focused.
@@ -689,8 +676,6 @@ Shows and gives focus to the window.
 Shows the window but doesn't focus on it.
 Not supported on Wayland (Linux).
 #### `win.hide()`
 Hides the window.
@@ -839,8 +824,6 @@ Closes the currently open [Quick Look][quick-look] panel.
 Resizes and moves the window to the supplied bounds. Any properties that are not supplied will default to their current values.
 On Wayland (Linux), has the same limitations as `setSize` and `setPosition`.
 ```js
 const { BrowserWindow } = require('electron')
@@ -866,9 +849,6 @@ Returns [`Rectangle`](structures/rectangle.md) - The `bounds` of the window as `
 > [!NOTE]
 > On macOS, the y-coordinate value returned will be at minimum the [Tray](tray.md) height. For example, calling `win.setBounds({ x: 25, y: 20, width: 800, height: 600 })` with a tray height of 38 means that `win.getBounds()` will return `{ x: 25, y: 38, width: 800, height: 600 }`.
 > [!NOTE]
 > On Wayland, this method will return `{ x: 0, y: 0, ... }` as introspecting or programmatically changing the global window coordinates is prohibited.
 #### `win.getBackgroundColor()`
 Returns `string` - Gets the background color of the window in Hex (`#RRGGBB`) format.
@@ -886,8 +866,6 @@ See [Setting `backgroundColor`](#setting-the-backgroundcolor-property).
 Resizes and moves the window's client area (e.g. the web page) to
 the supplied bounds.
 On Wayland (Linux), has the same limitations as `setContentSize` and `setPosition`.
 #### `win.getContentBounds()`
 Returns [`Rectangle`](structures/rectangle.md) - The `bounds` of the window's client area as `Object`.
@@ -917,8 +895,6 @@ Returns `boolean` - whether the window is enabled.
 Resizes the window to `width` and `height`. If `width` or `height` are below any set minimum size constraints the window will snap to its minimum size.
 On Wayland (Linux), may not work as some window managers restrict programmatic window resizing.
 #### `win.getSize()`
 Returns `Integer[]` - Contains the window's width and height.
@@ -931,8 +907,6 @@ Returns `Integer[]` - Contains the window's width and height.
 Resizes the window's client area (e.g. the web page) to `width` and `height`.
 On Wayland (Linux), may not work as some window managers restrict programmatic window resizing.
 #### `win.getContentSize()`
 Returns `Integer[]` - Contains the window's client area's width and height.
@@ -1070,16 +1044,12 @@ this method throws an error.
 #### `win.moveTop()`
-Moves window to top(z-order) regardless of focus.
+Moves window to top(z-order) regardless of focus
 Not supported on Wayland (Linux).
 #### `win.center()`
 Moves window to the center of the screen.
 Not supported on Wayland (Linux).
 #### `win.setPosition(x, y[, animate])`
 * `x` Integer
@@ -1088,15 +1058,10 @@ Not supported on Wayland (Linux).
 Moves window to `x` and `y`.
 Not supported on Wayland (Linux).
 #### `win.getPosition()`
 Returns `Integer[]` - Contains the window's current position.
 > [!NOTE]
 > On Wayland, this method will return `[0, 0]` as introspecting or programmatically changing the global window coordinates is prohibited.
 #### `win.setTitle(title)`
 * `title` string
@@ -1169,7 +1134,7 @@ under this mode apps can choose to optimize their UI for tablets, such as
 enlarging the titlebar and hiding titlebar buttons.
 This API returns whether the window is in tablet mode, and the `resize` event
-can be used to listen to changes to tablet mode.
+can be be used to listen to changes to tablet mode.
 #### `win.getMediaSourceId()`
@@ -1262,8 +1227,7 @@ Captures a snapshot of the page within `rect`. Omitting `rect` will capture the
 Returns `Promise<void>` - the promise will resolve when the page has finished loading
 (see [`did-finish-load`](web-contents.md#event-did-finish-load)), and rejects
-if the page fails to load (see
+if the page fails to load (see [`did-fail-load`](web-contents.md#event-did-fail-load)).
 [`did-fail-load`](web-contents.md#event-did-fail-load)). A noop rejection handler is already attached, which avoids unhandled rejection errors. If the existing page has a beforeUnload handler, [`did-fail-load`](web-contents.md#event-did-fail-load) will be called unless [`will-prevent-unload`](web-contents.md#event-did-fail-load) is handled.
 Same as [`webContents.loadURL(url[, options])`](web-contents.md#contentsloadurlurl-options).
@@ -1476,47 +1440,6 @@ Sets the properties for the window's taskbar button.
 > `relaunchCommand` and `relaunchDisplayName` must always be set
 > together. If one of those properties is not set, then neither will be used.
 #### `win.setAccentColor(accentColor)` _Windows_
 * `accentColor` boolean | string | null - The accent color for the window. By default, follows user preference in System Settings. To reset to system default, pass `null`.
 Sets the system accent color and highlighting of active window border.
 The `accentColor` parameter accepts the following values:
 * **Color string** - Like `true`, but sets a custom accent color using standard CSS color formats (Hex, RGB, RGBA, HSL, HSLA, or named colors). Alpha values in RGBA/HSLA formats are ignored and the color is treated as fully opaque.
 * **`true`** - Enable accent color highlighting for the window with the system accent color regardless of whether accent colors are enabled for windows in System `Settings.`
 * **`false`** - Disable accent color highlighting for the window regardless of whether accent colors are currently enabled for windows in System Settings.
 * **`null`** - Reset window accent color behavior to follow behavior set in System Settings.
 Examples:
 ```js
 const win = new BrowserWindow({ frame: false })
 // Set red accent color.
 win.setAccentColor('#ff0000')
 // RGB format (alpha ignored if present).
 win.setAccentColor('rgba(255,0,0,0.5)')
 // Enable accent color, using the color specified in System Settings.
 win.setAccentColor(true)
 // Disable accent color.
 win.setAccentColor(false)
 // Reset window accent color behavior to follow behavior set in System Settings.
 win.setAccentColor(null)
 ```
 #### `win.getAccentColor()` _Windows_
 Returns `string | boolean` - the system accent color and highlighting of active window border in Hex RGB format.
 If a color has been set for the window that differs from the system accent color, the window accent color will
 be returned. Otherwise, a boolean will be returned, with `true` indicating that the window uses the global system accent color, and `false` indicating that accent color highlighting is disabled for this window.
 #### `win.showDefinitionForSelection()` _macOS_
 Same as `webContents.showDefinitionForSelection()`.
@@ -1610,18 +1533,11 @@ events.
 Prevents the window contents from being captured by other apps.
-On Windows, it calls [`SetWindowDisplayAffinity`](https://learn.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-setwindowdisplayaffinity) with `WDA_EXCLUDEFROMCAPTURE`.
+On macOS it sets the NSWindow's sharingType to NSWindowSharingNone.
 On Windows it calls SetWindowDisplayAffinity with `WDA_EXCLUDEFROMCAPTURE`.
 For Windows 10 version 2004 and up the window will be removed from capture entirely,
 older Windows versions behave as if `WDA_MONITOR` is applied capturing a black window.
 On macOS, it sets the `NSWindow`'s
 [`sharingType`](https://developer.apple.com/documentation/appkit/nswindow/sharingtype-swift.property?language=objc)
 to
 [`NSWindowSharingNone`](https://developer.apple.com/documentation/appkit/nswindow/sharingtype-swift.enum/none?language=objc).
 Unfortunately, due to an intentional change in macOS, newer Mac applications that use
 `ScreenCaptureKit` will capture your window despite `win.setContentProtection(true)`.
 See [here](https://github.com/electron/electron/issues/48258#issuecomment-3269893618).
 #### `win.isContentProtected()` _macOS_ _Windows_
 Returns `boolean` - whether or not content protection is currently enabled.
--- a/docs/api/client-request.md
+++ b/docs/api/client-request.md
@@ -25,11 +25,6 @@ following properties:
    with which the request is associated. Defaults to the empty string. The
    `session` option supersedes `partition`. Thus if a `session` is explicitly
    specified, `partition` is ignored.
  * `bypassCustomProtocolHandlers` boolean (optional) - When set to `true`,
    custom protocol handlers registered for the request's URL scheme will not be
    called. This allows forwarding an intercepted request to the built-in
    handler. [webRequest](web-request.md) handlers will still be triggered
    when bypassing custom protocols. Defaults to `false`.
  * `credentials` string (optional) - Can be `include`, `omit` or
    `same-origin`. Whether to send
    [credentials](https://fetch.spec.whatwg.org/#credentials) with this
@@ -264,7 +259,7 @@ will not be allowed. The `finish` event is emitted just after the end operation.
 Cancels an ongoing HTTP transaction. If the request has already emitted the
 `close` event, the abort operation will have no effect. Otherwise an ongoing
 event will emit `abort` and `close` events. Additionally, if there is an ongoing
-response object, it will emit the `aborted` event.
+response object,it will emit the `aborted` event.
 #### `request.followRedirect()`
--- a/docs/api/clipboard.md
+++ b/docs/api/clipboard.md
@@ -2,16 +2,7 @@
 > Perform copy and paste operations on the system clipboard.
-Process: [Main](../glossary.md#main-process), [Renderer](../glossary.md#renderer-process) _Deprecated_ (non-sandboxed only)
+Process: [Main](../glossary.md#main-process), [Renderer](../glossary.md#renderer-process) (non-sandboxed only)
 > [!NOTE]
 > Using the `clipboard` API from the renderer process is deprecated.
 > [!IMPORTANT]
 > If you want to call this API from a renderer process,
 > place the API call in your preload script and
 > [expose](../tutorial/context-isolation.md#after-context-isolation-enabled) it using the
 > [`contextBridge`](context-bridge.md) API.
 On Linux, there is also a `selection` clipboard. To manipulate it
 you need to pass `selection` to each method:
--- a/docs/api/command-line-switches.md
+++ b/docs/api/command-line-switches.md
@@ -49,10 +49,6 @@ Disables the disk cache for HTTP requests.
 Disable HTTP/2 and SPDY/3.1 protocols.
 ### --disable-geolocation _macOS_
 Disables the Geolocation API. Permission requests for geolocation will be denied internally regardless of the decision made by a handler set via `session.setPermissionRequestHandler`. This functionality is currently implemented only for macOS. Has no effect on other platforms.
 ### --disable-renderer-backgrounding
 Prevents Chromium from lowering the priority of invisible pages' renderer
@@ -90,7 +86,7 @@ Field trials to be forcefully enabled or disabled.
 For example: `WebRTC-Audio-Red-For-Opus/Enabled/`
-### --host-rules=`rules` _Deprecated_
+### --host-rules=`rules`
 A comma-separated list of `rules` that control how hostnames are mapped.
@@ -108,23 +104,9 @@ These mappings apply to the endpoint host in a net request (the TCP connect
 and host resolver in a direct connection, and the `CONNECT` in an HTTP proxy
 connection, and the endpoint host in a `SOCKS` proxy connection).
 **Deprecated:** Use the `--host-resolver-rules` switch instead.
 ### --host-resolver-rules=`rules`
-A comma-separated list of `rules` that control how hostnames are mapped.
+Like `--host-rules` but these `rules` only apply to the host resolver.
 For example:
 * `MAP * 127.0.0.1` Forces all hostnames to be mapped to 127.0.0.1
 * `MAP *.google.com proxy` Forces all google.com subdomains to be resolved to
  "proxy".
 * `MAP test.com [::1]:77` Forces "test.com" to resolve to IPv6 loopback. Will
  also force the port of the resulting socket address to be 77.
 * `MAP * baz, EXCLUDE www.google.com` Remaps everything to "baz", except for
  "www.google.com".
 These `rules` only apply to the host resolver.
 ### --ignore-certificate-errors
@@ -172,7 +154,7 @@ Enables net log events to be saved and writes them to `path`.
 Sets the verbosity of logging when used together with `--enable-logging`.
 `N` should be one of [Chrome's LogSeverities][severities].
-Note that two complementary logging mechanisms in Chromium -- `LOG()`
+Note that two complimentary logging mechanisms in Chromium -- `LOG()`
 and `VLOG()` -- are controlled by different switches. `--log-level`
 controls `LOG()` messages, while `--v` and `--vmodule` control `VLOG()`
 messages. So you may want to use a combination of these three switches
@@ -197,11 +179,6 @@ Disables the Chromium [sandbox](https://www.chromium.org/developers/design-docum
 Forces renderer process and Chromium helper processes to run un-sandboxed.
 Should only be used for testing.
 ### --no-stdio-init
 Disable stdio initialization during node initialization.
 Used to avoid node initialization crash when the nul device is disabled on Windows platform.
 ### --proxy-bypass-list=`hosts`
 Instructs Electron to bypass the proxy server for the given semi-colon-separated
@@ -315,9 +292,9 @@ Specify ways of the inspector web socket url exposure.
 By default inspector websocket url is available in stderr and under /json/list endpoint on `http://host:port/json/list`.
-### `--experimental-network-inspection`
+### `--experimental-network-inspector`
-Enable support for DevTools network inspector events, for visibility into requests made by the nodejs `http` and `https` modules.
+Enable support for devtools network inspector events, for visibility into requests made by the nodejs `http` and `https` modules.
 ### `--no-deprecation`
@@ -354,34 +331,6 @@ Affects the default output directory of [v8.setHeapSnapshotNearHeapLimit](https:
 Disable exposition of [Navigator API][] on the global scope from Node.js.
 ### `--experimental-transform-types`
 Enables the [transformation](https://nodejs.org/api/typescript.html#type-stripping)
 of TypeScript-only syntax into JavaScript code.
 ## Chromium Flags
 There isn't a documented list of all Chromium switches, but there are a few ways to find them.
 The easiest way is through Chromium's flags page, which you can access at `about://flags`. These flags don't directly match switch names, but they show up in the process's command-line arguments.
 To see these arguments, enable a flag in `about://flags`, then go to `about://version` in Chromium. You'll find a list of command-line arguments, including `--flag-switches-begin --your --list --flag-switches-end`, which contains the list of your flag enabled switches.
 Most flags are included as part of `--enable-features=`, but some are standalone switches, like `--enable-experimental-web-platform-features`.
 A complete list of flags exists in [Chromium's flag metadata page](https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/flag-metadata.json), but this list includes platform, environment and GPU specific, expired and potentially non-functional flags, so many of them might not always work in every situation.
 Keep in mind that standalone switches can sometimes be split into individual features, so there's no fully complete list of switches.
 Finally, you'll need to ensure that the version of Chromium in Electron matches the version of the browser you're using to cross-reference the switches.
 ### Chromium features relevant to Electron apps
 * `AlwaysLogLOAFURL`: enables script attribution for
  [`long-animation-frame`](https://developer.mozilla.org/en-US/docs/Web/API/Performance_API/Long_animation_frame_timing)
  `PerformanceObserver` events for non-http(s), non-data, non-blob URLs (such as `file:` or custom
  protocol URLs).
 [app]: app.md
 [append-switch]: command-line.md#commandlineappendswitchswitch-value
 [debugging-main-process]: ../tutorial/debugging-main-process.md
--- a/docs/api/context-bridge.md
+++ b/docs/api/context-bridge.md
@@ -157,7 +157,6 @@ has been included below for completeness:
 | [Cloneable Types](https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Structured_clone_algorithm) | Simple | ✅ | ✅ | See the linked document on cloneable types |
 | `Element` | Complex | ✅ | ✅ | Prototype modifications are dropped.  Sending custom elements will not work. |
 | `Blob` | Complex | ✅ | ✅ | N/A |
 | `VideoFrame` | Complex | ✅ | ✅ | N/A |
 | `Symbol` | N/A | ❌ | ❌ | Symbols cannot be copied across contexts so they are dropped |
 If the type you care about is not in the above table, it is probably not supported.
--- a/docs/api/cookies.md
+++ b/docs/api/cookies.md
@@ -51,12 +51,7 @@ Returns:
 * `event` Event
 * `cookie` [Cookie](structures/cookie.md) - The cookie that was changed.
 * `cause` string - The cause of the change with one of the following values:
-  * `inserted` -  The cookie was inserted.
+  * `explicit` - The cookie was changed directly by a consumer's action.
  * `inserted-no-change-overwrite` - The newly inserted cookie overwrote a cookie but
    did not result in any change. For example, inserting an identical cookie will produce this cause.
  * `inserted-no-value-change-overwrite` - The newly inserted cookie overwrote a cookie but
    did not result in any value change, but it's web observable (e.g. updates the expiry).
  * `explicit` - The cookie was deleted directly by a consumer's action.
  * `overwrite` - The cookie was automatically removed due to an insert
    operation that overwrote it.
  * `expired` - The cookie was automatically removed as it expired.
@@ -107,7 +102,7 @@ the response.
    cookie and will not be retained between sessions.
  * `sameSite` string (optional) - The [Same Site](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#SameSite_cookies) policy to apply to this cookie.  Can be `unspecified`, `no_restriction`, `lax` or `strict`.  Default is `lax`.
-Returns `Promise<void>` - A promise which resolves when the cookie has been set.
+Returns `Promise<void>` - A promise which resolves when the cookie has been set
 Sets a cookie with `details`.
@@ -116,16 +111,16 @@ Sets a cookie with `details`.
 * `url` string - The URL associated with the cookie.
 * `name` string - The name of cookie to remove.
-Returns `Promise<void>` - A promise which resolves when the cookie has been removed.
+Returns `Promise<void>` - A promise which resolves when the cookie has been removed
-Removes the cookies matching `url` and `name`.
+Removes the cookies matching `url` and `name`
 #### `cookies.flushStore()`
-Returns `Promise<void>` - A promise which resolves when the cookie store has been flushed.
+Returns `Promise<void>` - A promise which resolves when the cookie store has been flushed
-Writes any unwritten cookies data to disk.
+Writes any unwritten cookies data to disk
-Cookies written by any method will not be written to disk immediately, but will be written every 30 seconds or 512 operations.
+Cookies written by any method will not be written to disk immediately, but will be written every 30 seconds or 512 operations
 Calling this method can cause the cookie to be written to disk immediately.
--- a/docs/api/corner-smoothing-css.md
+++ b/docs/api/corner-smoothing-css.md
@@ -49,19 +49,21 @@ Use the `system-ui` keyword to match the smoothness to the OS design language.
 | Value: | `60%` | `0%` |
 | Example: | ![A rectangle with round corners whose smoothness matches macOS](../images/corner-smoothing-example-60.svg) | ![A rectangle with round corners whose smoothness matches Windows and Linux](../images/corner-smoothing-example-0.svg) |
-### Controlling availability
+### Controlling availibility
-This CSS rule can be disabled using the Blink feature flag `ElectronCSSCornerSmoothing`.
+This CSS rule can be disabled by setting [the `cornerSmoothingCSS` web preference](./structures/web-preferences.md) to `false`.
 ```js
 const myWindow = new BrowserWindow({
  // [...]
  webPreferences: {
-    disableBlinkFeatures: 'ElectronCSSCornerSmoothing' // Disables the `-electron-corner-smoothing` CSS rule
+    enableCornerSmoothingCSS: false // Disables the `-electron-corner-smoothing` CSS rule
  }
 })
 ```
 The CSS rule will still parse, but will have no visual effect.
 ### Formal reference
 * **Initial value**: `0%`
--- a/docs/api/crash-reporter.md
+++ b/docs/api/crash-reporter.md
@@ -4,12 +4,6 @@
 Process: [Main](../glossary.md#main-process), [Renderer](../glossary.md#renderer-process)
 > [!IMPORTANT]
 > If you want to call this API from a renderer process with context isolation enabled,
 > place the API call in your preload script and
 > [expose](../tutorial/context-isolation.md#after-context-isolation-enabled) it using the
 > [`contextBridge`](context-bridge.md) API.
 The following is an example of setting up Electron to automatically submit
 crash reports to a remote server:
@@ -69,7 +63,7 @@ The `crashReporter` module has the following methods:
  * `extra` Record\<string, string\> (optional) - Extra string key/value
    annotations that will be sent along with crash reports that are generated
    in the main process. Only string values are supported. Crashes generated in
-    child processes will not include these extra parameters. To add extra
+    child processes will not contain these extra
    parameters to crash reports generated from child processes, call
    [`addExtraParameter`](#crashreporteraddextraparameterkey-value) from the
    child process.
--- a/docs/api/debugger.md
+++ b/docs/api/debugger.md
@@ -44,7 +44,7 @@ Returns:
 * `reason` string - Reason for detaching debugger.
 Emitted when the debugging session is terminated. This happens either when
-`webContents` is closed or DevTools is invoked for the attached `webContents`.
+`webContents` is closed or devtools is invoked for the attached `webContents`.
 #### Event: 'message'
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
patchup[bot]	dde9f9d3ef	chore: update patches	2025-06-11 19:03:17 +00:00
John Kleinschmidt	5db9939e9c	Merge `0edcc985fa` into `38fe14041d`	2025-06-11 18:51:42 +00:00
Samuel Attard	0edcc985fa	use pr head ref	2025-06-11 11:51:22 -07:00
Samuel Attard	37402a18a4	oops	2025-06-06 23:25:13 -07:00
Samuel Attard	a21afc3e45	again	2025-06-06 15:34:36 -07:00
John Kleinschmidt	cafcfe106d	debug	2025-06-06 17:04:30 -04:00
John Kleinschmidt	1b1be6e1b3	Revert "chore: update patches (#47346 )" This reverts commit `ba7c3bbdf7`.	2025-06-06 16:43:32 -04:00
Samuel Attard	efafa08682	build: rewrite push-patch to use the github API instead of local git commits to ensure commits are signed	2025-06-06 13:00:15 -07:00