ci: update actions to node24 (#50522)

ci: update actions to node24 (#50373)

* ci: update actions to node24

* chore: fixup actions/cache to 5.0.4 everywhere

(cherry picked from commit 639d3b99b7)

.github/PULL_REQUEST_TEMPLATE.md

@@ -11,7 +11,6 @@ Contributors guide: https://github.com/electron/electron/blob/main/CONTRIBUTING.
 <!-- Remove items that do not apply. For completed items, change [ ] to [x]. -->
 
 - [ ] PR description included
-- [ ] I have built and tested this PR
 - [ ] `npm test` passes
 - [ ] tests are [changed or added](https://github.com/electron/electron/blob/main/docs/development/testing.md)
 - [ ] relevant API documentation, tutorials, and examples are updated and follow the [documentation style guide](https://github.com/electron/electron/blob/main/docs/development/style-guide.md)

.github/actions/build-electron/action.yml

@@ -26,9 +26,6 @@ inputs:
   is-asan:
     description: 'The ASan Linux build'
     required: false
-  upload-out-gen-artifacts:
-    description: 'Whether to upload the out/${dir}/gen artifacts'
-    required: false
 runs:
   using: "composite"
   steps:
@@ -98,7 +95,7 @@ runs:
         # Upload build stats to Datadog
         if ($env:DD_API_KEY) {
           try {
-            npx node electron\script\build-stats.mjs out\Default\siso.exe.INFO --upload-stats
+            npx node electron\script\build-stats.mjs out\Default\siso.exe.INFO --upload-stats ; $LASTEXITCODE = 0
           } catch {
             Write-Host "Build stats upload failed, continuing..."
           }
@@ -128,6 +125,9 @@ runs:
         fi
         sed $SEDOPTION '/.*builtins-pgo/d' out/Default/mksnapshot_args
         sed $SEDOPTION '/--turbo-profiling-input/d' out/Default/mksnapshot_args
+        sed $SEDOPTION '/--reorder-builtins/d' out/Default/mksnapshot_args
+        sed $SEDOPTION '/--warn-about-builtin-profile-data/d' out/Default/mksnapshot_args
+        sed $SEDOPTION '/--abort-on-bad-builtin-profile-data/d' out/Default/mksnapshot_args
 
         if [ "${{ inputs.target-platform }}" = "win" ]; then
           cd out/Default
@@ -274,18 +274,12 @@ runs:
       run: ./src/electron/script/actions/move-artifacts.sh
     - name: Upload Generated Artifacts ${{ inputs.step-suffix }}
       if: always() && !cancelled()
-      uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
+      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f #v7.0.0
       with:
         name: generated_artifacts_${{ env.ARTIFACT_KEY }}
         path: ./generated_artifacts_${{ inputs.artifact-platform }}_${{ inputs.target-arch }}
     - name: Upload Src Artifacts ${{ inputs.step-suffix }}
-      uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
+      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f #v7.0.0
       with:
         name: src_artifacts_${{ env.ARTIFACT_KEY }}
         path: ./src_artifacts_${{ inputs.artifact-platform }}_${{ inputs.target-arch }}
-    - name: Upload Out Gen Artifacts ${{ inputs.step-suffix }}
-      if: ${{ inputs.upload-out-gen-artifacts == 'true' }}
-      uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
-      with:
-        name: out_gen_artifacts_${{ env.ARTIFACT_KEY }}
-        path: ./src/out/Default/gen

.github/actions/checkout/action.yml

@@ -43,7 +43,7 @@ runs:
       curl --unix-socket /var/run/sas/sas.sock --fail "http://foo/$CACHE_FILE?platform=${{ inputs.target-platform }}&getAccountName=true" > sas-token
   - name: Save SAS Key
     if: ${{ inputs.generate-sas-token == 'true' }}
-    uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+    uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
     with:
       path: sas-token
       key: sas-key-${{ inputs.target-platform }}-${{ github.run_number }}-${{ github.run_attempt }}

.github/actions/install-build-tools/action.yml

@@ -15,7 +15,7 @@ runs:
         git config --global core.preloadindex true
         git config --global core.longpaths true
       fi
-      export BUILD_TOOLS_SHA=4430e4a505e0f4fa2a41b707a10a36f780bbdd26
+      export BUILD_TOOLS_SHA=a0cc95a1884a631559bcca0c948465b725d9295a
       npm i -g @electron/build-tools
       # Update depot_tools to ensure python
       e d update_depot_tools

.github/actions/install-dependencies/action.yml

@@ -7,7 +7,7 @@ runs:
     shell: bash
     id: yarn-cache-dir-path
     run: echo "dir=$(node src/electron/script/yarn.js config get cacheFolder)" >> $GITHUB_OUTPUT
-  - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+  - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
     id: yarn-cache
     with:
       path: ${{ steps.yarn-cache-dir-path.outputs.dir }}

.github/actions/restore-cache-azcopy/action.yml

@@ -8,14 +8,14 @@ runs:
   steps:
   - name: Obtain SAS Key
     continue-on-error: true
-    uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+    uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
     with:
       path: sas-token
       key: sas-key-${{ inputs.target-platform }}-${{ github.run_number }}-1
       enableCrossOsArchive: true
   - name: Obtain SAS Key
     continue-on-error: true
-    uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+    uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
     with:
       path: sas-token
       key: sas-key-${{ inputs.target-platform }}-${{ github.run_number }}-${{ github.run_attempt }}
@@ -24,7 +24,7 @@ runs:
     # The cache will always exist here as a result of the checkout job
     # Either it was uploaded to Azure in the checkout job for this commit
     # or it was uploaded in the checkout job for a previous commit.
-    uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
+    uses: nick-fields/retry@ad984534de44a9489a53aefd81eb77f87c70dc60 # v4.0.0
     with:
       timeout_minutes: 30
       max_attempts: 3
@@ -101,7 +101,7 @@ runs:
 
   - name: Move Src Cache (Windows)
     if: ${{ inputs.target-platform == 'win' }}
-    uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
+    uses: nick-fields/retry@ad984534de44a9489a53aefd81eb77f87c70dc60 # v4.0.0
     with:
       timeout_minutes: 30
       max_attempts: 3

.github/copilot-instructions.md

@@ -0,0 +1,122 @@
+# Copilot Instructions for Electron
+
+## Build System
+
+Electron uses `@electron/build-tools` (`e` CLI). Install with `npm i -g @electron/build-tools`.
+
+```bash
+e sync              # Fetch sources and apply patches
+e build             # Build Electron (GN + Ninja)
+e build -k 999      # Build, continuing through errors
+e start             # Run built Electron
+e start --version   # Verify Electron launches
+e test              # Run full test suite
+e debug             # Run in debugger (lldb on macOS, gdb on Linux)
+```
+
+### Linting
+
+```bash
+npm run lint              # Run all linters (JS, C++, Python, GN, docs)
+npm run lint:js           # JavaScript/TypeScript only
+npm run lint:clang-format # C++ formatting only
+npm run lint:cpp          # C++ linting only
+npm run lint:docs         # Documentation only
+```
+
+### Running a Single Test
+
+```bash
+npm run test -- -g "pattern"   # Run tests matching a regex pattern
+# Example: npm run test -- -g "ipc"
+```
+
+### Running a Single Node.js Test
+
+```bash
+node script/node-spec-runner.js parallel/test-crypto-keygen
+```
+
+## Architecture
+
+Electron embeds Chromium (rendering) and Node.js (backend) to enable desktop apps with web technologies. The parent directory (`../`) is the Chromium source tree.
+
+### Process Model
+
+Electron has two primary process types, mirroring Chromium:
+
+- **Main process** (`shell/browser/` + `lib/browser/`): Controls app lifecycle, creates windows, system APIs
+- **Renderer process** (`shell/renderer/` + `lib/renderer/`): Runs web content in BrowserWindows
+
+### Native ↔ JavaScript Bridge
+
+Each API is implemented as a C++/JS pair:
+
+- C++ side: `shell/browser/api/electron_api_{name}.cc/.h` — uses `gin::Wrappable` and `ObjectTemplateBuilder`
+- JS side: `lib/browser/api/{name}.ts` — exports the module, registered in `lib/browser/api/module-list.ts`
+- Binding: `NODE_LINKED_BINDING_CONTEXT_AWARE(electron_browser_{name}, Initialize)` in C++ and registered in `shell/common/node_bindings.cc`
+- Type declaration: `typings/internal-ambient.d.ts` maps `process._linkedBinding('electron_browser_{name}')`
+
+### Patches System
+
+Electron patches upstream dependencies (Chromium, Node.js, V8, etc.) rather than forking them. Patches live in `patches/` organized by target, with `patches/config.json` mapping directories to repos.
+
+```text
+patches/{target}/*.patch  →  [e sync]   →  target repo commits
+                          ←  [e patches] ←
+```
+
+Key rules:
+
+- Fix existing patches rather than creating new ones
+- Preserve original authorship in TODO comments — never change `TODO(name)` assignees
+- Each patch commit message must explain why the patch exists
+- After modifying patches, run `e patches {target}` to export
+
+When working on the `roller/chromium/main` branch for Chromium upgrades, use `e sync --3` for 3-way merge conflict resolution.
+
+## Conventions
+
+### File Naming
+
+- JS/TS files: kebab-case (`file-name.ts`)
+- C++ files: snake_case with `electron_api_` prefix (`electron_api_safe_storage.cc`)
+- Test files: `api-{module-name}-spec.ts` in `spec/`
+- Source file lists are maintained in `filenames.gni` (with platform-specific sections)
+
+### JavaScript/TypeScript
+
+- Semicolons required (`"semi": ["error", "always"]`)
+- `const` and `let` only (no `var`)
+- Arrow functions preferred
+- Import order enforced: `@electron/internal` → `@electron` → `electron` → external → builtin → relative
+- API naming: `PascalCase` for classes (`BrowserWindow`), `camelCase` for module APIs (`globalShortcut`)
+- Prefer getters/setters over jQuery-style `.text([text])` patterns
+
+### C++
+
+- Follows Chromium coding style, enforced by `clang-format` and `clang-tidy`
+- Uses Chromium abstractions (`base::`, `content::`, etc.)
+- Header guards: `#ifndef ELECTRON_SHELL_BROWSER_API_ELECTRON_API_{NAME}_H_`
+- Platform-specific files: `_mac.mm`, `_win.cc`, `_linux.cc`
+
+### Testing
+
+- Framework: Mocha + Chai + Sinon
+- Test helpers in `spec/lib/` (e.g., `spec-helpers.ts`, `window-helpers.ts`)
+- Use `defer()` from spec-helpers for cleanup, `closeAllWindows()` for window teardown
+- Tests import from `electron/main` or `electron/renderer`
+
+### Documentation
+
+- API docs in `docs/api/` as Markdown, parsed by `@electron/docs-parser` to generate `electron.d.ts`
+- API history tracked via YAML blocks in HTML comments within doc files
+- Docs must pass `npm run lint:docs`
+
+### Build Configuration
+
+- `BUILD.gn`: Main GN build config
+- `buildflags/buildflags.gni`: Feature flags (PDF viewer, extensions, spellchecker)
+- `build/args/`: Build argument profiles (`testing.gn`, `release.gn`, `all.gn`)
+- `DEPS`: Dependency versions and checkout paths
+- `chromium_src/`: Chromium source file overrides (compiled instead of originals)

.github/workflows/apply-patches.yml

@@ -71,3 +71,11 @@ jobs:
       uses: ./src/electron/.github/actions/checkout
       with:
         target-platform: linux
+    - name: Upload Patch Conflict Fix
+      if: ${{ failure() }}
+      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+      with:
+        name: update-patches
+        path: patches/update-patches.patch
+        if-no-files-found: ignore
+        archive: false

.github/workflows/archaeologist-dig.yml

@@ -13,11 +13,11 @@ jobs:
       contents: read
     steps:
       - name: Checkout Electron
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
         with:
           fetch-depth: 0
       - name: Setup Node.js/npm
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f
         with:
           node-version: 24.12.x
       - name: Setting Up Dig Site

.github/workflows/audit-branch-ci.yml

@@ -11,17 +11,16 @@ permissions: {}
 jobs:
   audit_branch_ci:
     name: Audit CI on Branches
-    if: github.repository == 'electron/electron'
     runs-on: ubuntu-latest
     permissions:
       contents: read
     steps:
       - name: Setup Node.js
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version: 22.17.x
       - name: Sparse checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           sparse-checkout: |
             .

.github/workflows/branch-created.yml

@@ -14,7 +14,7 @@ permissions: {}
 jobs:
   release-branch-created:
     name: Release Branch Created
-    if: ${{ github.repository == 'electron/electron' && (github.event_name == 'workflow_dispatch' || (github.event.ref_type == 'branch' && endsWith(github.event.ref, '-x-y') && !startsWith(github.event.ref, 'roller'))) }}
+    if: ${{ github.event_name == 'workflow_dispatch' || (github.event.ref_type == 'branch' && endsWith(github.event.ref, '-x-y') && !startsWith(github.event.ref, 'roller')) }}
     permissions:
       contents: read
       pull-requests: write
@@ -68,7 +68,7 @@ jobs:
           done
       - name: Generate GitHub App token
         if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.RELEASE_BOARD_GH_APP_CREDS }}

.github/workflows/build-git-cache.yml

@@ -10,7 +10,6 @@ permissions: {}
 
 jobs:
   build-git-cache-linux:
-    if: github.repository == 'electron/electron'
     runs-on: electron-arc-centralus-linux-amd64-32core
     permissions:
       contents: read
@@ -24,7 +23,7 @@ jobs:
       GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True'
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0
@@ -34,7 +33,6 @@ jobs:
         target-platform: linux
 
   build-git-cache-windows:
-    if: github.repository == 'electron/electron'
     runs-on: electron-arc-centralus-linux-amd64-32core
     permissions:
       contents: read
@@ -49,7 +47,7 @@ jobs:
       TARGET_OS: 'win'
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0
@@ -59,7 +57,6 @@ jobs:
         target-platform: win
 
   build-git-cache-macos:
-    if: github.repository == 'electron/electron'
     runs-on: electron-arc-centralus-linux-amd64-32core
     permissions:
       contents: read
@@ -75,7 +72,7 @@ jobs:
       GCLIENT_EXTRA_ARGS: '--custom-var=checkout_mac=True --custom-var=host_os=mac'
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0

.github/workflows/build.yml

@@ -47,7 +47,6 @@ permissions: {}
 
 jobs:
   setup:
-    if: github.repository == 'electron/electron'
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -58,7 +57,7 @@ jobs:
         build-image-sha: ${{ steps.set-output.outputs.build-image-sha }}
         docs-only: ${{ steps.set-output.outputs.docs-only }}
     steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         ref: ${{ github.event.pull_request.head.sha }}
     - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
@@ -125,7 +124,7 @@ jobs:
       build-image-sha: ${{ needs.setup.outputs.build-image-sha }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0
@@ -157,7 +156,7 @@ jobs:
       build-image-sha: ${{ needs.setup.outputs.build-image-sha}}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0
@@ -189,7 +188,7 @@ jobs:
       build-image-sha: ${{ needs.setup.outputs.build-image-sha}}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0
@@ -284,15 +283,13 @@ jobs:
       contents: read
       issues: read
       pull-requests: read
-    uses: ./.github/workflows/pipeline-electron-build-and-tidy-and-test-and-nan.yml
+    uses: ./.github/workflows/pipeline-electron-build-and-test-and-nan.yml
     needs: checkout-linux
     if: ${{ needs.setup.outputs.src == 'true' }}
     with:
       build-runs-on: electron-arc-centralus-linux-amd64-32core
-      clang-tidy-runs-on: electron-arc-centralus-linux-amd64-8core
       test-runs-on: electron-arc-centralus-linux-amd64-4core
       build-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
-      clang-tidy-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
       test-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init"}'
       target-platform: linux
       target-arch: x64
@@ -429,8 +426,35 @@ jobs:
     permissions:
       contents: read
     needs: [docs-only, macos-x64, macos-arm64, linux-x64, linux-x64-asan, linux-arm, linux-arm64, windows-x64, windows-x86, windows-arm64]
-    if: always() && github.repository == 'electron/electron' && !contains(needs.*.result, 'failure')
+    if: always() && !contains(needs.*.result, 'failure')
     steps: 
     - name: GitHub Actions Jobs Done
       run: |
         echo "All GitHub Actions Jobs are done"
+
+  check-signed-commits:
+    name: Check signed commits in green PR
+    needs: gha-done
+    if: ${{ contains(github.event.pull_request.labels.*.name, 'needs-signed-commits')}}
+    runs-on: ubuntu-slim
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - name: Check signed commits in PR
+        uses: 1Password/check-signed-commits-action@ed2885f3ed2577a4f5d3c3fe895432a557d23d52 # v1
+        with:
+          comment: |
+            ⚠️ This PR contains unsigned commits. This repository enforces [commit signatures](https://docs.github.com/en/authentication/managing-commit-signature-verification) 
+            for all incoming PRs. To get your PR merged, please sign those commits 
+            (`git rebase --exec 'git commit -S --amend --no-edit -n' @{upstream}`) and force push them to this branch 
+            (`git push --force-with-lease`)
+
+            For more information on signing commits, see GitHub's documentation on [Telling Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key).
+
+      - name: Remove needs-signed-commits label
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_URL: ${{ github.event.pull_request.html_url }}
+        run: |
+          gh pr edit $PR_URL --remove-label needs-signed-commits

.github/workflows/clean-src-cache.yml

@@ -12,7 +12,6 @@ permissions: {}
 
 jobs:
   clean-src-cache:
-    if: github.repository == 'electron/electron'
     runs-on: electron-arc-centralus-linux-amd64-32core
     permissions:
       contents: read

.github/workflows/issue-commented.yml

@@ -21,7 +21,7 @@ jobs:
           AUTHOR_ASSOCIATION=$(gh api /repos/electron/electron/issues/comments/${{ github.event.comment.id }} --jq '.author_association')
           echo "author_association=$AUTHOR_ASSOCIATION" >> "$GITHUB_OUTPUT"
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         if: ${{ !contains(fromJSON('["MEMBER", "OWNER", "COLLABORATOR"]'), steps.get-author-association.outputs.author_association) }}
         id: generate-token
         with:

.github/workflows/issue-labeled.yml

@@ -15,7 +15,7 @@ jobs:
       contents: read
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
@@ -36,7 +36,7 @@ jobs:
       contents: read
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
@@ -69,7 +69,7 @@ jobs:
           fi
       - name: Generate GitHub App token
         if: ${{ steps.check-for-comment.outputs.SHOULD_COMMENT }}
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}

.github/workflows/issue-opened.yml

@@ -14,7 +14,7 @@ jobs:
     permissions: {}
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
@@ -32,13 +32,13 @@ jobs:
     permissions: {}
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
           org: electron
       - name: Sparse checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           sparse-checkout: |
             .

.github/workflows/issue-transferred.yml

@@ -14,7 +14,7 @@ jobs:
     if: ${{ !github.event.changes.new_repository.private }}
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}

.github/workflows/issue-unlabeled.yml

@@ -24,7 +24,7 @@ jobs:
           fi
       - name: Generate GitHub App token
         if: ${{ steps.check-for-blocked-labels.outputs.NOT_BLOCKED }}
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}

.github/workflows/linux-publish.yml

@@ -21,7 +21,6 @@ permissions: {}
 
 jobs:
   checkout-linux:
-    if: github.repository == 'electron/electron'
     runs-on: electron-arc-centralus-linux-amd64-32core
     permissions:
       contents: read
@@ -36,7 +35,7 @@ jobs:
       GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True'
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0

.github/workflows/macos-disk-cleanup.yml

@@ -13,7 +13,6 @@ permissions: {}
 
 jobs:
   macos-disk-cleanup:
-    if: github.repository == 'electron/electron'
     strategy:
       fail-fast: false
       matrix:
@@ -26,7 +25,7 @@ jobs:
       contents: read
     steps:
       - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           sparse-checkout: |
             .github/actions/free-space-macos

.github/workflows/macos-publish.yml

@@ -22,7 +22,6 @@ permissions: {}
 
 jobs:
   checkout-macos:
-    if: github.repository == 'electron/electron'
     runs-on: electron-arc-centralus-linux-amd64-32core
     permissions:
       contents: read
@@ -37,7 +36,7 @@ jobs:
       GCLIENT_EXTRA_ARGS: '--custom-var=checkout_mac=True --custom-var=host_os=mac'
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0

.github/workflows/pipeline-electron-build-and-tidy-and-test-and-nan.yml

@@ -1,124 +0,0 @@
-name: Electron Build & Clang Tidy & Test (+ Node + NaN) Pipeline
-
-on:
-  workflow_call:
-    inputs:
-      target-platform:
-        type: string
-        description: 'Platform to run on, can be macos, win or linux.'
-        required: true
-      target-arch:
-        type: string
-        description: 'Arch to build for, can be x64, arm64 or arm'
-        required: true
-      build-runs-on:
-        type: string
-        description: 'What host to run the build'
-        required: true
-      clang-tidy-runs-on:
-        type: string
-        description: 'What host to run clang-tidy on'
-        required: true
-      test-runs-on:
-        type: string
-        description: 'What host to run the tests on'
-        required: true
-      build-container:
-        type: string
-        description: 'JSON container information for aks runs-on'
-        required: false
-        default: '{"image":null}'
-      clang-tidy-container:
-        type: string
-        description: 'JSON container information to run clang-tidy on'
-        required: false
-        default: '{"image":null}'
-      test-container:
-        type: string
-        description: 'JSON container information for testing'
-        required: false
-        default: '{"image":null}'
-      is-release:
-        description: 'Whether this build job is a release job'
-        required: true
-        type: boolean
-        default: false
-      gn-build-type:
-        description: 'The gn build type - testing or release'
-        required: true
-        type: string
-        default: testing
-      generate-symbols: 
-        description: 'Whether or not to generate symbols'
-        required: true
-        type: boolean
-        default: false
-      upload-to-storage: 
-        description: 'Whether or not to upload build artifacts to external storage'
-        required: true
-        type: string
-        default: '0'
-      is-asan: 
-        description: 'Building the Address Sanitizer (ASan) Linux build'
-        required: false
-        type: boolean
-        default: false
-
-permissions: {}
-
-concurrency:
-  group: electron-build-and-test-and-nan-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
-  cancel-in-progress: ${{ github.ref_protected != true }}
-
-jobs:
-  build:
-    uses: ./.github/workflows/pipeline-segment-electron-build.yml
-    permissions:
-      contents: read
-    with:
-      build-runs-on: ${{ inputs.build-runs-on }}
-      build-container: ${{ inputs.build-container }}
-      target-platform: ${{ inputs.target-platform }}
-      target-arch: ${{ inputs.target-arch }}
-      is-release: ${{ inputs.is-release }}
-      gn-build-type: ${{ inputs.gn-build-type }}
-      generate-symbols: ${{ inputs.generate-symbols }}
-      upload-to-storage: ${{ inputs.upload-to-storage }}
-      upload-out-gen-artifacts: true
-    secrets: inherit
-  clang-tidy:
-    uses: ./.github/workflows/pipeline-segment-electron-clang-tidy.yml
-    permissions:
-      contents: read
-    needs: build
-    with:
-      clang-tidy-runs-on: ${{ inputs.clang-tidy-runs-on }}
-      clang-tidy-container: ${{ inputs.clang-tidy-container }}
-      target-platform: ${{ inputs.target-platform }}
-      target-arch: ${{ inputs.target-arch }}
-    secrets: inherit
-  test:
-    uses: ./.github/workflows/pipeline-segment-electron-test.yml
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
-    needs: build
-    with:
-      target-arch: ${{ inputs.target-arch }}
-      target-platform: ${{ inputs.target-platform }}
-      test-runs-on: ${{ inputs.test-runs-on }}
-      test-container: ${{ inputs.test-container }}
-    secrets: inherit
-  nn-test:
-    uses: ./.github/workflows/pipeline-segment-node-nan-test.yml
-    permissions:
-      contents: read
-    needs: build
-    with:
-      target-arch: ${{ inputs.target-arch }}
-      target-platform: ${{ inputs.target-platform }}
-      test-runs-on: ${{ inputs.test-runs-on }}
-      test-container: ${{ inputs.test-container }}
-      gn-build-type: ${{ inputs.gn-build-type }}
-    secrets: inherit

.github/workflows/pipeline-electron-build-and-tidy-and-test.yml

@@ -1,121 +0,0 @@
-name: Electron Build & Clang Tidy & Test Pipeline
-
-on:
-  workflow_call:
-    inputs:
-      target-platform:
-        type: string
-        description: 'Platform to run on, can be macos, win or linux'
-        required: true
-      target-arch:
-        type: string
-        description: 'Arch to build for, can be x64, arm64 or arm'
-        required: true
-      build-runs-on:
-        type: string
-        description: 'What host to run the build'
-        required: true
-      clang-tidy-runs-on:
-        type: string
-        description: 'What host to run clang-tidy on'
-        required: true
-      test-runs-on:
-        type: string
-        description: 'What host to run the tests on'
-        required: true
-      build-container:
-        type: string
-        description: 'JSON container information for aks runs-on'
-        required: false
-        default: '{"image":null}'
-      clang-tidy-container:
-        type: string
-        description: 'JSON container information to run clang-tidy on'
-        required: false
-        default: '{"image":null}'
-      test-container:
-        type: string
-        description: 'JSON container information for testing'
-        required: false
-        default: '{"image":null}'
-      is-release:
-        description: 'Whether this build job is a release job'
-        required: true
-        type: boolean
-        default: false
-      gn-build-type:
-        description: 'The gn build type - testing or release'
-        required: true
-        type: string
-        default: testing
-      generate-symbols: 
-        description: 'Whether or not to generate symbols'
-        required: true
-        type: boolean
-        default: false
-      upload-to-storage: 
-        description: 'Whether or not to upload build artifacts to external storage'
-        required: true
-        type: string
-        default: '0'
-      is-asan: 
-        description: 'Building the Address Sanitizer (ASan) Linux build'
-        required: false
-        type: boolean
-        default: false
-      enable-ssh:
-        description: 'Enable SSH debugging'
-        required: false
-        type: boolean
-        default: false
-
-concurrency:
-  group: electron-build-and-tidy-and-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
-  cancel-in-progress: ${{ github.ref_protected != true }}
-
-permissions: {}
-
-jobs:
-  build:
-    uses: ./.github/workflows/pipeline-segment-electron-build.yml
-    permissions:
-      contents: read
-    with:
-      build-runs-on: ${{ inputs.build-runs-on }}
-      build-container: ${{ inputs.build-container }}
-      target-platform: ${{ inputs.target-platform }}
-      target-arch: ${{ inputs.target-arch }}
-      is-release: ${{ inputs.is-release }}
-      gn-build-type: ${{ inputs.gn-build-type }}
-      generate-symbols: ${{ inputs.generate-symbols }}
-      upload-to-storage: ${{ inputs.upload-to-storage }}
-      is-asan: ${{ inputs.is-asan }}
-      enable-ssh: ${{ inputs.enable-ssh }}
-      upload-out-gen-artifacts: true
-    secrets: inherit
-  clang-tidy:
-    uses: ./.github/workflows/pipeline-segment-electron-clang-tidy.yml
-    permissions:
-      contents: read
-    needs: build
-    with:
-      clang-tidy-runs-on: ${{ inputs.clang-tidy-runs-on }}
-      clang-tidy-container: ${{ inputs.clang-tidy-container }}
-      target-platform: ${{ inputs.target-platform }}
-      target-arch: ${{ inputs.target-arch }}
-    secrets: inherit
-  test:
-    uses: ./.github/workflows/pipeline-segment-electron-test.yml
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
-    needs: build
-    with:
-      target-arch: ${{ inputs.target-arch }}
-      target-platform: ${{ inputs.target-platform }}
-      test-runs-on: ${{ inputs.test-runs-on }}
-      test-container: ${{ inputs.test-container }}
-      is-asan: ${{ inputs.is-asan }}
-      enable-ssh: ${{ inputs.enable-ssh }}
-    secrets: inherit

.github/workflows/pipeline-electron-docs-only.yml

@@ -27,7 +27,7 @@ jobs:
     container: ${{ fromJSON(inputs.container) }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0
@@ -43,7 +43,7 @@ jobs:
       with:
         target-platform: linux
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0

.github/workflows/pipeline-electron-lint.yml

@@ -27,7 +27,7 @@ jobs:
     container: ${{ fromJSON(inputs.container) }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0
@@ -46,7 +46,7 @@ jobs:
       shell: bash
       run: |
         chromium_revision="$(grep -A1 chromium_version src/electron/DEPS | tr -d '\n' | cut -d\' -f4)"
-        gn_version="$(curl -sL "https://chromium.googlesource.com/chromium/src/+/${chromium_revision}/DEPS?format=TEXT" | base64 -d | grep gn_version | head -n1 | cut -d\' -f4)"
+        gn_version="$(curl -sL -b ~/.gitcookies "https://chromium.googlesource.com/chromium/src/+/${chromium_revision}/DEPS?format=TEXT" | base64 -d | grep gn_version | head -n1 | cut -d\' -f4)"
 
         cipd ensure -ensure-file - -root . <<-CIPD
         \$ServiceURL https://chrome-infra-packages.appspot.com/
@@ -62,7 +62,7 @@ jobs:
         chromium_revision="$(grep -A1 chromium_version src/electron/DEPS | tr -d '\n' | cut -d\' -f4)"
 
         mkdir -p src/buildtools
-        curl -sL "https://chromium.googlesource.com/chromium/src/+/${chromium_revision}/buildtools/DEPS?format=TEXT" | base64 -d > src/buildtools/DEPS
+        curl -sL -b ~/.gitcookies "https://chromium.googlesource.com/chromium/src/+/${chromium_revision}/buildtools/DEPS?format=TEXT" | base64 -d > src/buildtools/DEPS
 
         gclient sync --spec="solutions=[{'name':'src/buildtools','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':True},'managed':False}]"
     - name: Add problem matchers

.github/workflows/pipeline-segment-electron-build.yml

@@ -53,11 +53,6 @@ on:
         required: false
         type: boolean
         default: false
-      upload-out-gen-artifacts:
-        description: 'Whether to upload the src/gen artifacts'
-        required: false
-        type: boolean
-        default: false
       enable-ssh:
         description: 'Enable SSH debugging'
         required: false
@@ -100,7 +95,7 @@ jobs:
       run: |
         mkdir src
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0
@@ -124,7 +119,7 @@ jobs:
       run: df -h
     - name: Setup Node.js/npm
       if: ${{ inputs.target-platform == 'macos' }}
-      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
+      uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f
       with:
         node-version: 22.21.x
         cache: yarn
@@ -168,7 +163,7 @@ jobs:
       if: ${{ inputs.target-platform == 'linux' }}
       uses: ./src/electron/.github/actions/restore-cache-aks
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0
@@ -206,7 +201,6 @@ jobs:
         generate-symbols: '${{ inputs.generate-symbols }}'
         upload-to-storage: '${{ inputs.upload-to-storage }}'
         is-asan: '${{ inputs.is-asan }}'
-        upload-out-gen-artifacts: '${{ inputs.upload-out-gen-artifacts }}'
     - name: Set GN_EXTRA_ARGS for MAS Build
       if: ${{ inputs.target-platform == 'macos' && (inputs.target-variant == 'all' || inputs.target-variant == 'mas') }}
       run: |

.github/workflows/pipeline-segment-electron-clang-tidy.yml

@@ -1,159 +0,0 @@
-name: Pipeline Segment - Electron Clang-Tidy
-
-on:
-  workflow_call:
-    inputs:
-      target-platform:
-        type: string
-        description: 'Platform to run on, can be macos, win or linux'
-        required: true
-      target-arch:
-        type: string
-        description: 'Arch to build for, can be x64, arm64 or arm'
-        required: true
-      clang-tidy-runs-on:
-        type: string
-        description: 'What host to run clang-tidy on'
-        required: true
-      clang-tidy-container:
-        type: string
-        description: 'JSON container information for aks runs-on'
-        required: false
-        default: '{"image":null}'
-
-permissions: {}
-
-concurrency:
-  group: electron-clang-tidy-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' && '--custom-var=checkout_mac=True --custom-var=host_os=mac' || (inputs.target-platform == 'linux' && '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' || '--custom-var=checkout_win=True') }}
-  ELECTRON_OUT_DIR: Default
-
-jobs:
-  clang-tidy:
-    defaults:
-      run:
-        shell: bash
-    runs-on: ${{ inputs.clang-tidy-runs-on }}
-    permissions:
-      contents: read
-    container: ${{ fromJSON(inputs.clang-tidy-container) }}
-    env:
-      BUILD_TYPE: ${{ inputs.target-platform == 'macos' && 'darwin' || inputs.target-platform }}
-      TARGET_ARCH: ${{ inputs.target-arch }}
-      TARGET_PLATFORM: ${{ inputs.target-platform }}
-      ARTIFACT_KEY: ${{ inputs.target-platform == 'macos' && 'darwin' || inputs.target-platform }}_${{ inputs.target-arch }}
-    steps:
-    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-      with:
-        path: src/electron
-        fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Cleanup disk space on macOS
-      if: ${{ inputs.target-platform == 'macos' }}
-      shell: bash
-      run: |   
-        sudo mkdir -p $TMPDIR/del-target
-
-        tmpify() {
-          if [ -d "$1" ]; then
-            sudo mv "$1" $TMPDIR/del-target/$(echo $1|shasum -a 256|head -n1|cut -d " " -f1)
-          fi
-        }   
-        tmpify /Library/Developer/CoreSimulator
-        tmpify ~/Library/Developer/CoreSimulator
-        sudo rm -rf $TMPDIR/del-target
-    - name: Check disk space after freeing up space
-      if: ${{ inputs.target-platform == 'macos' }}
-      run: df -h
-    - name: Set Chromium Git Cookie
-      uses: ./src/electron/.github/actions/set-chromium-cookie
-    - name: Install Build Tools
-      uses: ./src/electron/.github/actions/install-build-tools
-    - name: Enable windows toolchain
-      if: ${{ inputs.target-platform == 'win' }}
-      run: |
-        echo "ELECTRON_DEPOT_TOOLS_WIN_TOOLCHAIN=1" >> $GITHUB_ENV
-    - name: Generate DEPS Hash
-      run: |
-        node src/electron/script/generate-deps-hash.js
-        DEPSHASH=v1-src-cache-$(cat src/electron/.depshash)
-        echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
-        echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
-    - name: Restore src cache via AZCopy
-      if: ${{ inputs.target-platform == 'macos' }}
-      uses: ./src/electron/.github/actions/restore-cache-azcopy
-      with:
-        target-platform: ${{ inputs.target-platform }}      
-    - name: Restore src cache via AKS
-      if: ${{ inputs.target-platform == 'linux' || inputs.target-platform == 'win' }}
-      uses: ./src/electron/.github/actions/restore-cache-aks
-      with:
-        target-platform: ${{ inputs.target-platform }}
-    - name: Run Electron Only Hooks
-      run: |
-        echo "solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False},'managed':False}]" > tmpgclient
-        if [ "${{ inputs.target-platform }}" = "win" ]; then
-          echo "solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False,'install_sysroot':False,'checkout_win':True},'managed':False}]" > tmpgclient
-          echo "target_os=['win']" >> tmpgclient
-        fi
-        e d gclient runhooks --gclientfile=tmpgclient
-
-        # Fix VS Toolchain
-        if [ "${{ inputs.target-platform }}" = "win" ]; then
-          rm -rf src/third_party/depot_tools/win_toolchain/vs_files
-          e d python3 src/build/vs_toolchain.py update --force
-        fi
-    - name: Regenerate DEPS Hash
-      run: |
-        (cd src/electron && git checkout .) && node src/electron/script/generate-deps-hash.js
-        echo "DEPSHASH=$(cat src/electron/.depshash)" >> $GITHUB_ENV
-    - name: Add CHROMIUM_BUILDTOOLS_PATH to env
-      run: echo "CHROMIUM_BUILDTOOLS_PATH=$(pwd)/src/buildtools" >> $GITHUB_ENV
-    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-      with:
-        path: src/electron
-        fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Install Dependencies
-      uses: ./src/electron/.github/actions/install-dependencies
-    - name: Default GN gen
-      run: |
-        cd src/electron
-        git pack-refs
-    - name: Download Out Gen Artifacts
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
-      with:
-        name: out_gen_artifacts_${{ env.ARTIFACT_KEY }}
-        path: ./src/out/${{ env.ELECTRON_OUT_DIR }}/gen
-    - name: Add Clang problem matcher
-      shell: bash
-      run: echo "::add-matcher::src/electron/.github/problem-matchers/clang.json"
-    - name: Run Clang-Tidy
-      run: |
-        e init -f --root=$(pwd) --out=${ELECTRON_OUT_DIR} testing --target-cpu ${TARGET_ARCH}
-
-        export GN_EXTRA_ARGS="target_cpu=\"${TARGET_ARCH}\""
-        if [ "${{ inputs.target-platform }}" = "win" ]; then
-          export GN_EXTRA_ARGS="$GN_EXTRA_ARGS use_v8_context_snapshot=true target_os=\"win\""
-        fi
-
-        e build --only-gen
-
-        cd src/electron
-        node script/yarn.js lint:clang-tidy --jobs 8 --out-dir ../out/${ELECTRON_OUT_DIR}
-    - name: Remove Clang problem matcher
-      shell: bash
-      run: echo "::remove-matcher owner=clang::"
-    - name: Wait for active SSH sessions
-      if: always() && !cancelled()
-      shell: bash
-      run: |
-        while [ -f /var/.ssh-lock ]
-        do
-          sleep 60
-        done

.github/workflows/pipeline-segment-electron-gn-check.yml

@@ -48,7 +48,7 @@ jobs:
     container: ${{ fromJSON(inputs.check-container) }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0
@@ -115,7 +115,7 @@ jobs:
     - name: Add CHROMIUM_BUILDTOOLS_PATH to env
       run: echo "CHROMIUM_BUILDTOOLS_PATH=$(pwd)/src/buildtools" >> $GITHUB_ENV
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0

.github/workflows/pipeline-segment-electron-publish.yml

@@ -56,11 +56,6 @@ on:
         required: false
         type: boolean
         default: false
-      upload-out-gen-artifacts:
-        description: Whether to upload the src/gen artifacts
-        required: false
-        type: boolean
-        default: false
       enable-ssh:
         description: Enable SSH debugging
         required: false
@@ -107,7 +102,7 @@ jobs:
         run: |
           mkdir src
       - name: Checkout Electron
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
         with:
           path: src/electron
           fetch-depth: 0
@@ -132,7 +127,7 @@ jobs:
         run: df -h
       - name: Setup Node.js/npm
         if: ${{ inputs.target-platform == 'macos' }}
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f
         with:
           node-version: 22.21.x
           cache: yarn
@@ -177,7 +172,7 @@ jobs:
         if: ${{ inputs.target-platform == 'linux' }}
         uses: ./src/electron/.github/actions/restore-cache-aks
       - name: Checkout Electron
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
         with:
           path: src/electron
           fetch-depth: 0
@@ -221,7 +216,6 @@ jobs:
           generate-symbols: ${{ inputs.generate-symbols }}
           upload-to-storage: ${{ inputs.upload-to-storage }}
           is-asan: ${{ inputs.is-asan }}
-          upload-out-gen-artifacts: ${{ inputs.upload-out-gen-artifacts }}
       - name: Set GN_EXTRA_ARGS for MAS Build
         if: ${{ inputs.target-platform == 'macos' && (inputs.target-variant == 'all' ||
           inputs.target-variant == 'mas') }}

.github/workflows/pipeline-segment-electron-test.yml

@@ -72,7 +72,7 @@ jobs:
         cp $(which node) /mnt/runner-externals/node24/bin/
     - name: Setup Node.js/npm
       if: ${{ inputs.target-platform == 'win' }}
-      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
+      uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f
       with:
         node-version: 22.21.x
     - name: Add TCC permissions on macOS
@@ -119,7 +119,7 @@ jobs:
       if: ${{ inputs.target-platform == 'macos' }}
       run: sudo xcode-select --switch /Applications/Xcode_16.4.app
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0
@@ -191,15 +191,25 @@ jobs:
       run: |
         cd src/out/Default
         unzip -:o dist.zip
-    #- name: Import & Trust Self-Signed Codesigning Cert on MacOS
-    #  if: ${{ inputs.target-platform == 'macos' && inputs.target-arch == 'x64' }}
-    #  run: |
-    #    sudo security authorizationdb write com.apple.trust-settings.admin allow
-    #    cd src/electron
-    #    ./script/codesign/generate-identity.sh
+    - name: Import & Trust Self-Signed Codesigning Cert on MacOS
+      if: ${{ inputs.target-platform == 'macos' }}
+      run: |
+        cd src/electron
+        ./script/codesign/generate-identity.sh
+    # Only sign on x64 — arm64 builds are already ad-hoc signed, and re-signing
+    # with an untrusted cert breaks macOS system integrations (e.g. dock bounce).
+    # Autoupdater tests sign their own fixture copies via signApp().
+    - name: Sign Electron.app for macOS tests
+      if: ${{ inputs.target-platform == 'macos' && inputs.target-arch == 'x64' }}
+      run: |
+        identity=$(src/electron/script/codesign/get-trusted-identity.sh)
+        if [ -n "$identity" ]; then
+          codesign -s "$identity" --deep --force src/out/Default/Electron.app
+        fi
 
     - name: Run Electron Tests
       shell: bash
+      timeout-minutes: 40
       env:
         MOCHA_REPORTER: mocha-multi-reporters
         MOCHA_MULTI_REPORTERS: mocha-junit-reporter, tap
@@ -250,6 +260,19 @@ jobs:
             
           fi
         fi
+    - name: Take screenshot on timeout or cancellation
+      if: ${{ inputs.target-platform != 'linux' && (cancelled() || failure()) }}
+      shell: bash
+      run: |
+        screenshot_dir="src/electron/spec/artifacts"
+        mkdir -p "$screenshot_dir"
+        screenshot_file="$screenshot_dir/screenshot-timeout-$(date +%Y%m%d%H%M%S).png"
+        if [ "${{ inputs.target-platform }}" = "macos" ]; then
+          screencapture -x "$screenshot_file" || true
+        elif [ "${{ inputs.target-platform }}" = "win" ]; then
+          powershell -command "Add-Type -AssemblyName System.Windows.Forms; \$screen = [System.Windows.Forms.Screen]::PrimaryScreen.Bounds; \$bitmap = New-Object System.Drawing.Bitmap(\$screen.Width, \$screen.Height); \$graphics = [System.Drawing.Graphics]::FromImage(\$bitmap); \$graphics.CopyFromScreen(\$screen.Location, [System.Drawing.Point]::Empty, \$screen.Size); \$bitmap.Save('$screenshot_file')" || true
+        fi
+
     - name: Upload Test results to Datadog
       env:
         DD_ENV: ci
@@ -265,8 +288,8 @@ jobs:
         fi
       if: always() && !cancelled()
     - name: Upload Test Artifacts
-      if: always() && !cancelled()
-      uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f
+      if: always()
+      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f #v7.0.0
       with:
         name: test_artifacts_${{ env.ARTIFACT_KEY }}_${{ matrix.shard }}
         path: src/electron/spec/artifacts

.github/workflows/pipeline-segment-node-nan-test.yml

@@ -50,7 +50,7 @@ jobs:
     container: ${{ fromJSON(inputs.test-container) }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0
@@ -106,7 +106,7 @@ jobs:
     container: ${{ fromJSON(inputs.test-container) }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0

.github/workflows/pull-request-labeled.yml

@@ -32,7 +32,7 @@ jobs:
     permissions: {}
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.RELEASE_BOARD_GH_APP_CREDS }}
@@ -44,35 +44,3 @@ jobs:
           project-number: 94
           field: Status
           field-value: ✅ Reviewed
-  pull-request-labeled-ai-pr:
-    name: ai-pr label added
-    if: github.event.label.name == 'ai-pr'
-    runs-on: ubuntu-latest
-    permissions: {}
-    steps:
-    - name: Generate GitHub App token
-      uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
-      id: generate-token
-      with:
-        creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
-    - name: Create comment
-      uses: actions-cool/issues-helper@e2ff99831a4f13625d35064e2b3dfe65c07a0396 # v3.7.5
-      with:
-        actions: 'create-comment'
-        token: ${{ steps.generate-token.outputs.token }}
-        issue-number: ${{ github.event.pull_request.number }}
-        body: |
-          <!-- ai-pr -->
-
-          *AI PR Detected*
-
-          Hello @${{ github.event.pull_request.user.login }}. Due to the high amount of AI spam PRs we receive, if a PR is detected to be majority AI-generated without disclosure and untested, we will automatically close the PR.
-
-          We welcome the use of AI tools, as long as the PR meets our quality standards and has clearly been built and tested. If you believe your PR was closed in error, we welcome you to resubmit. However, please read our [CONTRIBUTING.md](http://contributing.md/) carefully before reopening. Thanks for your contribution.
-    - name: Close the pull request
-      env:
-        GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
-        GH_REPO: electron/electron
-        PR_NUMBER: ${{ github.event.pull_request.number }}
-      run: |
-        gh pr close "$PR_NUMBER"

.github/workflows/pull-request-opened-synchronized.yml

@@ -0,0 +1,35 @@
+name: Pull Request Opened/Synchronized
+
+on:
+  pull_request_target:
+    types: [opened, synchronize]
+
+permissions: {}
+
+jobs:
+  check-signed-commits:
+    name: Check signed commits in PR
+    if: ${{ !contains(github.event.pull_request.labels.*.name, 'needs-signed-commits')}}
+    runs-on: ubuntu-slim
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - name: Check signed commits in PR
+        uses: 1Password/check-signed-commits-action@ed2885f3ed2577a4f5d3c3fe895432a557d23d52 # v1
+        with:
+          comment: |
+            ⚠️ This PR contains unsigned commits. This repository enforces [commit signatures](https://docs.github.com/en/authentication/managing-commit-signature-verification) 
+            for all incoming PRs. To get your PR merged, please sign those commits 
+            (`git rebase --exec 'git commit -S --amend --no-edit -n' @{upstream}`) and force push them to this branch 
+            (`git push --force-with-lease`)
+
+            For more information on signing commits, see GitHub's documentation on [Telling Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key).
+
+      - name: Add needs-signed-commits label
+        if: ${{ failure() }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_URL: ${{ github.event.pull_request.html_url }}
+        run: |
+          gh pr edit $PR_URL --add-label needs-signed-commits

.github/workflows/scorecards.yml

@@ -13,7 +13,6 @@ permissions: read-all
 jobs:
   analysis:
     name: Scorecards analysis
-    if: github.repository == 'electron/electron'
     runs-on: ubuntu-latest
     permissions:
       # Needed to upload the results to code-scanning dashboard.
@@ -23,7 +22,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
 
@@ -51,6 +50,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v3.29.5
+        uses: github/codeql-action/upload-sarif@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v3.29.5
         with:
           sarif_file: results.sarif

.github/workflows/stable-prep-items.yml

@@ -10,12 +10,11 @@ permissions: {}
 jobs:
   check-stable-prep-items:
     name: Check Stable Prep Items
-    if: github.repository == 'electron/electron'
     runs-on: ubuntu-latest
     permissions: {}
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.RELEASE_BOARD_GH_APP_CREDS }}

.github/workflows/stale.yml

@@ -9,12 +9,11 @@ permissions: {}
 
 jobs:
   stale:
-    if: github.repository == 'electron/electron'
     runs-on: ubuntu-latest
     permissions: {}
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
@@ -34,11 +33,11 @@ jobs:
   pending-repro:
     runs-on: ubuntu-latest
     permissions: {}
-    if: ${{ always() && github.repository == 'electron/electron' }}
+    if: ${{ always() }}
     needs: stale
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}

.github/workflows/update-website-docs.yml

@@ -31,7 +31,7 @@ jobs:
             echo "isLatestRelease=false" >> $GITHUB_OUTPUT
           fi
       - name: Trigger website docs update
-        if: ${{ steps.check-if-latest-release.outputs.isLatestRelease }}
+        if: ${{ steps.check-if-latest-release.outputs.isLatestRelease == 'true' }}
         env:
           GH_REPO: electron/website
           GH_TOKEN: ${{ fromJSON(steps.secret-service.outputs.secrets).WEBSITE_DOCS_UPDATER_APP_TOKEN }}

.github/workflows/windows-publish.yml

@@ -22,7 +22,6 @@ permissions: {}
 
 jobs:
   checkout-windows:
-    if: github.repository == 'electron/electron'
     runs-on: electron-arc-centralus-linux-amd64-32core
     permissions:
       contents: read
@@ -41,7 +40,7 @@ jobs:
       build-image-sha: ${{ inputs.build-image-sha }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
       with:
         path: src/electron
         fetch-depth: 0

.gitignore

@@ -42,6 +42,7 @@ spec/.hash
 
 # Generated native addon files
 /spec/fixtures/native-addon/echo/build/
+/spec/fixtures/native-addon/dialog-helper/build/
 
 # If someone runs tsc this is where stuff will end up
 ts-gen

.yarnrc.yml

@@ -9,4 +9,8 @@ npmMinimalAgeGate: 10080
 npmPreapprovedPackages:
   - "@electron/*"
 
+httpProxy: "${HTTP_PROXY:-}"
+
+httpsProxy: "${HTTPS_PROXY:-}"
+
 yarnPath: .yarn/releases/yarn-4.12.0.cjs

BUILD.gn

@@ -596,7 +596,6 @@ source_set("electron_lib") {
     use_libcxx_modules = false
 
     deps += [
-      "//components/os_crypt/async/browser:keychain_key_provider",
       "//components/os_crypt/common:keychain_password_mac",
       "//components/remote_cocoa/app_shim",
       "//components/remote_cocoa/browser",
@@ -659,9 +658,6 @@ source_set("electron_lib") {
       ":libnotify_loader",
       "//build/config/linux/gtk",
       "//components/crash/content/browser",
-      "//components/os_crypt/async/browser:freedesktop_secret_key_provider",
-      "//components/os_crypt/async/browser:posix_key_provider",
-      "//components/os_crypt/async/browser:secret_portal_key_provider",
       "//dbus",
       "//device/bluetooth",
       "//third_party/crashpad/crashpad/client",
@@ -702,7 +698,6 @@ source_set("electron_lib") {
     deps += [
       "//components/app_launch_prefetch",
       "//components/crash/core/app:crash_export_thunks",
-      "//components/os_crypt/async/browser:dpapi_key_provider",
       "//third_party/libxml:xml_writer",
       "//ui/wm",
       "//ui/wm/public",

CLAUDE.md

@@ -127,6 +127,22 @@ patches/{target}/*.patch  →  [e sync --3]  →  target repo commits
 2. Create a git commit
 3. Run `e patches <target>` to export
 
+**Fixing patch conflicts on an existing PR:**
+
+If asked to fix a patch conflict on a branch that already has an open PR, check the PR's failed **Apply Patches** CI run for an `update-patches` artifact before running `e sync` locally. CI has already performed the 3-way merge and exported the resolved patch diff — applying it is much faster than a full local sync.
+
+```bash
+# Find the failed Apply Patches run for the PR and download the artifact
+gh run list --repo electron/electron --branch <pr-branch> --workflow "Apply Patches" --limit 1
+gh run download <run-id> --repo electron/electron --name update-patches
+
+# Apply the CI-generated fix, then push
+git am update-patches.patch
+git push
+```
+
+If no artifact exists (e.g. the 3-way merge itself failed), fall back to `e sync --3` and resolve manually.
+
 ## Testing
 
 **Test location:** `spec/` directory
@@ -155,6 +171,10 @@ e test                    # Run full test suite
 
 When working on the `roller/chromium/main` branch to upgrade Chromium activate the "Electron Chromium Upgrade" skill.
 
+## Pull Requests
+
+PR bodies must always include a `Notes:` section as the **last line** of the body. This is a consumer-facing release note for Electron app developers — describe the user-visible fix or change, not internal implementation details. Use `Notes: none` if there is no user-facing change.
+
 ## Code Style
 
 **C++:** Follows Chromium style, enforced by clang-format

DEPS

@@ -2,9 +2,9 @@ gclient_gn_args_from = 'src'
 
 vars = {
   'chromium_version':
-    '146.0.7666.0',
+    '146.0.7680.166',
   'node_version':
-    'v24.13.1',
+    'v24.14.0',
   'nan_version':
     '675cefebca42410733da8a454c8d9391fcebfbc2',
   'squirrel.mac_version':
@@ -12,7 +12,7 @@ vars = {
   'reactiveobjc_version':
     '74ab5baccc6f7202c8ac69a8d1e152c29dc1ea76',
   'mantle_version':
-    '2a8e2123a3931038179ee06105c9e6ec336b12ea',
+    '78d3966b3c331292ea29ec38661b25df0a245948',
   'engflow_reclient_configs_version':
     '955335c30a752e9ef7bff375baab5e0819b6c00d',
 

build/args/all.gn

@@ -51,9 +51,6 @@ is_cfi = false
 use_qt5 = false
 use_qt6 = false
 
-# Disables the builtins PGO for V8
-v8_builtins_profiling_log_file = ""
-
 # https://chromium.googlesource.com/chromium/src/+/main/docs/dangling_ptr.md
 # TODO(vertedinde): hunt down dangling pointers on Linux
 enable_dangling_raw_ptr_checks = false

build/fuses/fuses.json5

@@ -9,5 +9,6 @@
   "embedded_asar_integrity_validation": "0",
   "only_load_app_from_asar": "0",
   "load_browser_process_specific_v8_snapshot": "0",
-  "grant_file_protocol_extra_privileges": "1"
+  "grant_file_protocol_extra_privileges": "1",
+  "wasm_trap_handlers": "1"
 }

chromium_src/BUILD.gn

@@ -245,6 +245,10 @@ static_library("chrome") {
       "//chrome/browser/ui/views/dark_mode_manager_linux.cc",
       "//chrome/browser/ui/views/dark_mode_manager_linux.h",
     ]
+    sources += [
+      "//chrome/browser/ui/views/frame/browser_frame_view_paint_utils_linux.cc",
+      "//chrome/browser/ui/views/frame/browser_frame_view_paint_utils_linux.h",
+    ]
     public_deps += [ "//components/dbus" ]
   }
 

default_app/main.ts

@@ -111,7 +111,10 @@ async function loadApplicationPackage (packagePath: string) {
         app.name = packageJson.name;
       }
 
-      app.setDesktopName(packageJson.desktopName || `${app.name}.desktop`);
+      // Set application's desktop name (Linux). These usually match the executable name,
+      // so use it as the default to ensure the app gets the correct icon in the taskbar and application switcher.
+      const desktopName = packageJson.desktopName || `${path.basename(process.execPath)}.desktop`;
+      app.setDesktopName(desktopName);
 
       // Set v8 flags, deliberately lazy load so that apps that do not use this
       // feature do not pay the price
@@ -253,7 +256,7 @@ async function startRepl () {
 if (option.file && !option.webdriver) {
   const file = option.file;
   // eslint-disable-next-line n/no-deprecated-api
-  const protocol = url.parse(file).protocol;
+  const protocol = URL.canParse(file) ? new URL(file).protocol : null;
   const extension = path.extname(file);
   if (protocol === 'http:' || protocol === 'https:' || protocol === 'file:' || protocol === 'chrome:') {
     await loadApplicationByURL(file);

default_app/styles.css

@@ -41,7 +41,7 @@ h4 {
   transform-origin: 50% 50%;
 }
 
-hero-icon.loop-3 {
+.hero-icon.loop-3 {
   transform: translate(79px, 21px);
   opacity: 1;
 }

docs/api/app.md

@@ -250,7 +250,9 @@ Returns:
 
 Emitted when the user clicks the native macOS new tab button. The new
 tab button is only visible if the current `BrowserWindow` has a
-`tabbingIdentifier`
+`tabbingIdentifier`.
+
+You must create a window in this handler in order for macOS tabbing to work as expected.
 
 ### Event: 'browser-window-blur'
 
@@ -1330,7 +1332,7 @@ Returns `boolean` - Whether the current desktop environment is Unity launcher.
 ### `app.getLoginItemSettings([options])` _macOS_ _Windows_
 
 * `options` Object (optional)
-  * `type` string (optional) _macOS_ - Can be one of `mainAppService`, `agentService`, `daemonService`, or `loginItemService`. Defaults to `mainAppService`. Only available on macOS 13 and up. See [app.setLoginItemSettings](app.md#appsetloginitemsettingssettings-macos-windows) for more information about each type.
+  * `type` string (optional) _macOS_ - Can be `mainAppService`, `agentService`, `daemonService`, or `loginItemService`. Defaults to `mainAppService`. Only available on macOS 13 and up. See [app.setLoginItemSettings](app.md#appsetloginitemsettingssettings-macos-windows) for more information about each type.
   * `serviceName` string (optional) _macOS_ - The name of the service. Required if `type` is non-default. Only available on macOS 13 and up.
   * `path` string (optional) _Windows_ - The executable path to compare against. Defaults to `process.execPath`.
   * `args` string[] (optional) _Windows_ - The command-line arguments to compare against. Defaults to an empty array.
@@ -1345,13 +1347,13 @@ Returns `Object`:
 * `wasOpenedAtLogin` boolean _macOS_ - `true` if the app was opened at login automatically.
 * `wasOpenedAsHidden` boolean _macOS_ _Deprecated_ - `true` if the app was opened as a hidden login item. This indicates that the app should not open any windows at startup. This setting is not available on [MAS builds][mas-builds] or on macOS 13 and up.
 * `restoreState` boolean _macOS_ _Deprecated_ - `true` if the app was opened as a login item that should restore the state from the previous session. This indicates that the app should restore the windows that were open the last time the app was closed. This setting is not available on [MAS builds][mas-builds] or on macOS 13 and up.
-* `status` string _macOS_ - can be one of `not-registered`, `enabled`, `requires-approval`, or `not-found`.
+* `status` string _macOS_ - can be `not-registered`, `enabled`, `requires-approval`, or `not-found`.
 * `executableWillLaunchAtLogin` boolean _Windows_ - `true` if app is set to open at login and its run key is not deactivated. This differs from `openAtLogin` as it ignores the `args` option, this property will be true if the given executable would be launched at login with **any** arguments.
 * `launchItems` Object[] _Windows_
   * `name` string _Windows_ - name value of a registry entry.
   * `path` string _Windows_ - The executable to an app that corresponds to a registry entry.
   * `args` string[] _Windows_ - the command-line arguments to pass to the executable.
-  * `scope` string _Windows_ - one of `user` or `machine`. Indicates whether the registry entry is under `HKEY_CURRENT USER` or `HKEY_LOCAL_MACHINE`.
+  * `scope` string _Windows_ - can be `user` or `machine`. Indicates whether the registry entry is under `HKEY_CURRENT USER` or `HKEY_LOCAL_MACHINE`.
   * `enabled` boolean _Windows_ - `true` if the app registry key is startup approved and therefore shows as `enabled` in Task Manager and Windows settings.
 
 ### `app.setLoginItemSettings(settings)` _macOS_ _Windows_

docs/api/base-window.md

@@ -351,7 +351,11 @@ Emitted when the window has closed a sheet.
 
 #### Event: 'new-window-for-tab' _macOS_
 
-Emitted when the native new tab button is clicked.
+Emitted when the user clicks the native macOS new tab button. The new
+tab button is only visible if the current `BrowserWindow` has a
+`tabbingIdentifier`.
+
+You must create a window in this handler in order for macOS tabbing to work as expected.
 
 #### Event: 'system-context-menu' _Windows_ _Linux_
 

docs/api/browser-window.md

@@ -435,7 +435,11 @@ Emitted when the window has closed a sheet.
 
 #### Event: 'new-window-for-tab' _macOS_
 
-Emitted when the native new tab button is clicked.
+Emitted when the user clicks the native macOS new tab button. The new
+tab button is only visible if the current `BrowserWindow` has a
+`tabbingIdentifier`.
+
+You must create a window in this handler in order for macOS tabbing to work as expected.
 
 #### Event: 'system-context-menu' _Windows_ _Linux_
 

docs/api/clipboard.md

@@ -1,5 +1,14 @@
 # clipboard
 
+<!--
+```YAML history
+deprecated:
+  - pr-url: https://github.com/electron/electron/pull/48877
+    description: "Using the `clipboard` API directly in the renderer process is deprecated."
+    breaking-changes-header: deprecated-clipboard-api-access-from-renderer-processes
+```
+-->
+
 > Perform copy and paste operations on the system clipboard.
 
 Process: [Main](../glossary.md#main-process), [Renderer](../glossary.md#renderer-process) _Deprecated_ (non-sandboxed only)

docs/api/command-line-switches.md

@@ -354,6 +354,11 @@ Affects the default output directory of [v8.setHeapSnapshotNearHeapLimit](https:
 
 Disable exposition of [Navigator API][] on the global scope from Node.js.
 
+### `--experimental-transform-types`
+
+Enables the [transformation](https://nodejs.org/api/typescript.html#type-stripping)
+of TypeScript-only syntax into JavaScript code.
+
 ## Chromium Flags
 
 There isn't a documented list of all Chromium switches, but there are a few ways to find them.

docs/api/content-tracing.md

@@ -33,6 +33,15 @@ The `contentTracing` module has the following methods:
 
 ### `contentTracing.getCategories()`
 
+<!--
+```YAML history
+changes:
+  - pr-url: https://github.com/electron/electron/pull/16583
+    description: "This method now returns a Promise instead of using a callback function."
+    breaking-changes-header: api-changed-callback-based-versions-of-promisified-apis
+```
+-->
+
 Returns `Promise<string[]>` - resolves with an array of category groups once all child processes have acknowledged the `getCategories` request
 
 Get a set of category groups. The category groups can change as new code paths
@@ -44,6 +53,17 @@ are reached. See also the
 
 ### `contentTracing.startRecording(options)`
 
+<!--
+```YAML history
+changes:
+  - pr-url: https://github.com/electron/electron/pull/13914
+    description: "The `options` parameter now accepts `TraceConfig` in addition to `TraceCategoriesAndOptions`."
+  - pr-url: https://github.com/electron/electron/pull/16584
+    description: "This function now returns a callback`Promise<void>`."
+    breaking-changes-header: api-changed-callback-based-versions-of-promisified-apis
+```
+-->
+
 * `options` ([TraceConfig](structures/trace-config.md) | [TraceCategoriesAndOptions](structures/trace-categories-and-options.md))
 
 Returns `Promise<void>` - resolved once all child processes have acknowledged the `startRecording` request.
@@ -58,6 +78,17 @@ only one trace operation can be in progress at a time.
 
 ### `contentTracing.stopRecording([resultFilePath])`
 
+<!--
+```YAML history
+changes:
+  - pr-url: https://github.com/electron/electron/pull/16584
+    description: "This method now returns a Promise instead of using a callback function."
+    breaking-changes-header: api-changed-callback-based-versions-of-promisified-apis
+  - pr-url: https://github.com/electron/electron/pull/18411
+    description: "The `resultFilePath` parameter is now optional."
+```
+-->
+
 * `resultFilePath` string (optional)
 
 Returns `Promise<string>` - resolves with a path to a file that contains the traced data once all child processes have acknowledged the `stopRecording` request
@@ -76,6 +107,15 @@ will be returned in the promise.
 
 ### `contentTracing.getTraceBufferUsage()`
 
+<!--
+```YAML history
+changes:
+  - pr-url: https://github.com/electron/electron/pull/16600
+    description: "This method now returns a Promise instead of using a callback function."
+    breaking-changes-header: api-changed-callback-based-versions-of-promisified-apis
+```
+-->
+
 Returns `Promise<Object>` - Resolves with an object containing the `value` and `percentage` of trace buffer maximum usage
 
 * `value` number

docs/api/cookies.md

@@ -107,7 +107,7 @@ the response.
     cookie and will not be retained between sessions.
   * `sameSite` string (optional) - The [Same Site](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#SameSite_cookies) policy to apply to this cookie.  Can be `unspecified`, `no_restriction`, `lax` or `strict`.  Default is `lax`.
 
-Returns `Promise<void>` - A promise which resolves when the cookie has been set.
+Returns `Promise<void>` - A promise which resolves when the cookie has been set
 
 Sets a cookie with `details`.
 
@@ -116,16 +116,16 @@ Sets a cookie with `details`.
 * `url` string - The URL associated with the cookie.
 * `name` string - The name of cookie to remove.
 
-Returns `Promise<void>` - A promise which resolves when the cookie has been removed.
+Returns `Promise<void>` - A promise which resolves when the cookie has been removed
 
-Removes the cookies matching `url` and `name`.
+Removes the cookies matching `url` and `name`
 
 #### `cookies.flushStore()`
 
-Returns `Promise<void>` - A promise which resolves when the cookie store has been flushed.
+Returns `Promise<void>` - A promise which resolves when the cookie store has been flushed
 
-Writes any unwritten cookies data to disk.
+Writes any unwritten cookies data to disk
 
-Cookies written by any method will not be written to disk immediately, but will be written every 30 seconds or 512 operations.
+Cookies written by any method will not be written to disk immediately, but will be written every 30 seconds or 512 operations
 
 Calling this method can cause the cookie to be written to disk immediately.

docs/api/crash-reporter.md

@@ -50,6 +50,22 @@ The `crashReporter` module has the following methods:
 
 ### `crashReporter.start(options)`
 
+<!--
+```YAML history
+changes:
+  - pr-url: https://github.com/electron/electron/pull/23062
+    description: "Added `rateLimit` and `compress` options."
+  - pr-url: https://github.com/electron/electron/pull/23265
+    description: "Deprecated calling this method in the renderer process."
+    breaking-changes-header: deprecated-crashreporter-methods-in-the-renderer-process
+  - pr-url: https://github.com/electron/electron/pull/25288
+    description: "Default value of `compress` option changed from `false` to `true`."
+    breaking-changes-header: default-changed-crashreporterstart-compress-true-
+  - pr-url: https://github.com/electron/electron/pull/28105
+    description: "The `submitURL` parameter is now optional when `uploadToServer` is `false`."
+```
+-->
+
 * `options` Object
   * `submitURL` string (optional) - URL that crash reports will be sent to as
     POST. Required unless `uploadToServer` is `false`.
@@ -111,6 +127,15 @@ by the crash reporter.
 
 ### `crashReporter.getLastCrashReport()`
 
+<!--
+```YAML history
+changes:
+  - pr-url: https://github.com/electron/electron/pull/23265
+    description: "Deprecated calling this method in the renderer process."
+    breaking-changes-header: deprecated-crashreporter-methods-in-the-renderer-process
+```
+-->
+
 Returns [`CrashReport | null`](structures/crash-report.md) - The date and ID of the
 last crash report. Only crash reports that have been uploaded will be returned;
 even if a crash report is present on disk it will not be returned until it is
@@ -121,6 +146,15 @@ uploaded. In the case that there are no uploaded reports, `null` is returned.
 
 ### `crashReporter.getUploadedReports()`
 
+<!--
+```YAML history
+changes:
+  - pr-url: https://github.com/electron/electron/pull/23265
+    description: "Deprecated calling this method in the renderer process."
+    breaking-changes-header: deprecated-crashreporter-methods-in-the-renderer-process
+```
+-->
+
 Returns [`CrashReport[]`](structures/crash-report.md):
 
 Returns all uploaded crash reports. Each report contains the date and uploaded
@@ -131,6 +165,15 @@ ID.
 
 ### `crashReporter.getUploadToServer()`
 
+<!--
+```YAML history
+changes:
+  - pr-url: https://github.com/electron/electron/pull/23265
+    description: "Deprecated calling this method in the renderer process."
+    breaking-changes-header: deprecated-crashreporter-methods-in-the-renderer-process
+```
+-->
+
 Returns `boolean` - Whether reports should be submitted to the server. Set through
 the `start` method or `setUploadToServer`.
 
@@ -139,6 +182,15 @@ the `start` method or `setUploadToServer`.
 
 ### `crashReporter.setUploadToServer(uploadToServer)`
 
+<!--
+```YAML history
+changes:
+  - pr-url: https://github.com/electron/electron/pull/23265
+    description: "Deprecated calling this method in the renderer process."
+    breaking-changes-header: deprecated-crashreporter-methods-in-the-renderer-process
+```
+-->
+
 * `uploadToServer` boolean - Whether reports should be submitted to the server.
 
 This would normally be controlled by user preferences. This has no effect if

docs/api/desktop-capturer.md

@@ -80,6 +80,17 @@ The `desktopCapturer` module has the following methods:
 
 ### `desktopCapturer.getSources(options)`
 
+<!--
+```YAML history
+added:
+  - pr-url: https://github.com/electron/electron/pull/2963
+changes:
+  - pr-url: https://github.com/electron/electron/pull/16427
+    description: "This method now returns a Promise instead of using a callback function."
+    breaking-changes-header: api-changed-callback-based-versions-of-promisified-apis
+```
+-->
+
 * `options` Object
   * `types` string[] - An array of strings that lists the types of desktop sources
     to be captured, available types can be `screen` and `window`.
@@ -94,7 +105,7 @@ The `desktopCapturer` module has the following methods:
 Returns `Promise<DesktopCapturerSource[]>` - Resolves with an array of [`DesktopCapturerSource`](structures/desktop-capturer-source.md) objects, each `DesktopCapturerSource` represents a screen or an individual window that can be captured.
 
 > [!NOTE]
-
+<!-- markdownlint-disable-next-line MD032 -->
 > * Capturing audio requires `NSAudioCaptureUsageDescription` Info.plist key on macOS 14.2 Sonoma and higher - [read more](#macos-versions-142-or-higher).
 > * Capturing the screen contents requires user consent on macOS 10.15 Catalina or higher, which can detected by [`systemPreferences.getMediaAccessStatus`][].
 
@@ -109,30 +120,41 @@ Returns `Promise<DesktopCapturerSource[]>` - Resolves with an array of [`Desktop
 
 PipeWire supports a single capture for both screens and windows. If you request the window and screen type, the selected source will be returned as a window capture.
 
----
+### macOS versions 14.2 or higher
 
-### MacOS versions 14.2 or higher
-
-`NSAudioCaptureUsageDescription` Info.plist key must be added in-order for audio to be captured by `desktopCapturer`. If instead you are running electron from another program like a terminal or IDE then that parent program must contain the Info.plist key.
+`NSAudioCaptureUsageDescription` Info.plist key must be added in order for audio to be captured by
+`desktopCapturer`. If instead you are running Electron from another program like a terminal or IDE
+then that parent program must contain the Info.plist key.
 
 This is in order to facillitate use of Apple's new [CoreAudio Tap API](https://developer.apple.com/documentation/CoreAudio/capturing-system-audio-with-core-audio-taps#Configure-the-sample-code-project) by Chromium.
 
 > [!WARNING]
-> Failure of `desktopCapturer` to start an audio stream due to `NSAudioCaptureUsageDescription` permission not present will still create a dead audio stream however no warnings or errors are displayed.
+> Failure of `desktopCapturer` to start an audio stream due to `NSAudioCaptureUsageDescription`
+> permission not present will still create a dead audio stream however no warnings or errors are
+> displayed.
 
-As of electron `v39.0.0-beta.4` Chromium [made Apple's new `CoreAudio Tap API` the default](https://source.chromium.org/chromium/chromium/src/+/ad17e8f8b93d5f34891b06085d373a668918255e) for desktop audio capture. There is no fallback to the older `Screen & System Audio Recording` permissions system even if [CoreAudio Tap API](https://developer.apple.com/documentation/CoreAudio/capturing-system-audio-with-core-audio-taps) stream creation fails.
+As of Electron `v39.0.0-beta.4`, Chromium [made Apple's new `CoreAudio Tap API` the default](https://source.chromium.org/chromium/chromium/src/+/ad17e8f8b93d5f34891b06085d373a668918255e)
+for desktop audio capture. There is no fallback to the older `Screen & System Audio Recording`
+permissions system even if [CoreAudio Tap API](https://developer.apple.com/documentation/CoreAudio/capturing-system-audio-with-core-audio-taps) stream creation fails.
 
-If you need to continue using `Screen & System Audio Recording` permissions for `desktopCapturer` on macOS versions 14.2 and later, you can apply a chromium feature flag to force use of that older permissions system:
+If you need to continue using `Screen & System Audio Recording` permissions for `desktopCapturer`
+on macOS versions 14.2 and later, you can apply a Chromium feature flag to force use of that older
+permissions system:
 
 ```js
 // main.js (right beneath your require/import statments)
 app.commandLine.appendSwitch('disable-features', 'MacCatapLoopbackAudioForScreenShare')
 ```
 
----
+### macOS versions 12.7.6 or lower
 
-### MacOS versions 12.7.6 or lower
+`navigator.mediaDevices.getUserMedia` does not work on macOS versions 12.7.6 and prior for audio
+capture due to a fundamental limitation whereby apps that want to access the system's audio require
+a [signed kernel extension](https://developer.apple.com/library/archive/documentation/Security/Conceptual/System_Integrity_Protection_Guide/KernelExtensions/KernelExtensions.html).
+Chromium, and by extension Electron, does not provide this. Only in macOS 13 and onwards does Apple
+provide APIs to capture desktop audio without the need for a signed kernel extension.
 
-`navigator.mediaDevices.getUserMedia` does not work on macOS versions 12.7.6 and prior for audio capture due to a fundamental limitation whereby apps that want to access the system's audio require a [signed kernel extension](https://developer.apple.com/library/archive/documentation/Security/Conceptual/System_Integrity_Protection_Guide/KernelExtensions/KernelExtensions.html). Chromium, and by extension Electron, does not provide this. Only in macOS 13 and onwards does Apple provide APIs to capture desktop audio without the need for a signed kernel extension.
-
-It is possible to circumvent this limitation by capturing system audio with another macOS app like [BlackHole](https://existential.audio/blackhole/) or [Soundflower](https://rogueamoeba.com/freebies/soundflower/) and passing it through a virtual audio input device. This virtual device can then be queried with `navigator.mediaDevices.getUserMedia`.
+It is possible to circumvent this limitation by capturing system audio with another macOS app like
+[BlackHole](https://existential.audio/blackhole/) or [Soundflower](https://rogueamoeba.com/freebies/soundflower/)
+and passing it through a virtual audio input device. This virtual device can then be queried
+with `navigator.mediaDevices.getUserMedia`.

docs/api/dialog.md

@@ -18,6 +18,13 @@ The `dialog` module has the following methods:
 
 ### `dialog.showOpenDialogSync([window, ]options)`
 
+<!--
+```YAML history
+added:
+  - pr-url: https://github.com/electron/electron/pull/16973
+```
+-->
+
 * `window` [BaseWindow](base-window.md) (optional)
 * `options` Object
   * `title` string (optional)
@@ -30,7 +37,7 @@ The `dialog` module has the following methods:
     * `openFile` - Allow files to be selected.
     * `openDirectory` - Allow directories to be selected.
     * `multiSelections` - Allow multiple paths to be selected.
-    * `showHiddenFiles` - Show hidden files in dialog.
+    * `showHiddenFiles` _macOS_ _Windows_ _Deprecated_ - Show hidden files in dialog. Deprecated on Linux.
     * `createDirectory` _macOS_ - Allow creating new directories from dialog.
     * `promptToCreate` _Windows_ - Prompt for creation if the file path entered
       in the dialog does not exist. This does not actually create the file at
@@ -90,6 +97,15 @@ dialog.showOpenDialogSync(mainWindow, {
 
 ### `dialog.showOpenDialog([window, ]options)`
 
+<!--
+```YAML history
+changes:
+  - pr-url: https://github.com/electron/electron/pull/16973
+    description: "This method now returns a Promise instead of using a callback function."
+    breaking-changes-header: api-changed-callback-based-versions-of-promisified-apis
+```
+-->
+
 * `window` [BaseWindow](base-window.md) (optional)
 * `options` Object
   * `title` string (optional)
@@ -102,7 +118,7 @@ dialog.showOpenDialogSync(mainWindow, {
     * `openFile` - Allow files to be selected.
     * `openDirectory` - Allow directories to be selected.
     * `multiSelections` - Allow multiple paths to be selected.
-    * `showHiddenFiles` - Show hidden files in dialog.
+    * `showHiddenFiles` _macOS_ _Windows_ _Deprecated_ - Show hidden files in dialog. Deprecated on Linux.
     * `createDirectory` _macOS_ - Allow creating new directories from dialog.
     * `promptToCreate` _Windows_ - Prompt for creation if the file path entered
       in the dialog does not exist. This does not actually create the file at
@@ -171,6 +187,13 @@ dialog.showOpenDialog(mainWindow, {
 
 ### `dialog.showSaveDialogSync([window, ]options)`
 
+<!--
+```YAML history
+added:
+  - pr-url: https://github.com/electron/electron/pull/17054
+```
+-->
+
 * `window` [BaseWindow](base-window.md) (optional)
 * `options` Object
   * `title` string (optional) - The dialog title. Cannot be displayed on some _Linux_ desktop environments.
@@ -185,7 +208,7 @@ dialog.showOpenDialog(mainWindow, {
   * `showsTagField` boolean (optional) _macOS_ - Show the tags input box,
     defaults to `true`.
   * `properties` string[]&#32;(optional)
-    * `showHiddenFiles` - Show hidden files in dialog.
+    * `showHiddenFiles` _macOS_ _Windows_ _Deprecated_ - Show hidden files in dialog. Deprecated on Linux.
     * `createDirectory` _macOS_ - Allow creating new directories from dialog.
     * `treatPackageAsDirectory` _macOS_ - Treat packages, such as `.app` folders,
       as a directory instead of a file.
@@ -202,6 +225,15 @@ The `filters` specifies an array of file types that can be displayed, see
 
 ### `dialog.showSaveDialog([window, ]options)`
 
+<!--
+```YAML history
+changes:
+  - pr-url: https://github.com/electron/electron/pull/17054
+    description: "This method now returns a Promise instead of using a callback function."
+    breaking-changes-header: api-changed-callback-based-versions-of-promisified-apis
+```
+-->
+
 * `window` [BaseWindow](base-window.md) (optional)
 * `options` Object
   * `title` string (optional) - The dialog title. Cannot be displayed on some _Linux_ desktop environments.
@@ -215,7 +247,7 @@ The `filters` specifies an array of file types that can be displayed, see
     displayed in front of the filename text field.
   * `showsTagField` boolean (optional) _macOS_ - Show the tags input box, defaults to `true`.
   * `properties` string[]&#32;(optional)
-    * `showHiddenFiles` - Show hidden files in dialog.
+    * `showHiddenFiles` _macOS_ _Windows_ _Deprecated_ - Show hidden files in dialog. Deprecated on Linux.
     * `createDirectory` _macOS_ - Allow creating new directories from dialog.
     * `treatPackageAsDirectory` _macOS_ - Treat packages, such as `.app` folders,
       as a directory instead of a file.
@@ -240,6 +272,13 @@ The `filters` specifies an array of file types that can be displayed, see
 
 ### `dialog.showMessageBoxSync([window, ]options)`
 
+<!--
+```YAML history
+added:
+  - pr-url: https://github.com/electron/electron/pull/17298
+```
+-->
+
 * `window` [BaseWindow](base-window.md) (optional)
 * `options` Object
   * `message` string - Content of the message box.
@@ -283,6 +322,19 @@ If `window` is not shown dialog will not be attached to it. In such case it will
 
 ### `dialog.showMessageBox([window, ]options)`
 
+<!--
+```YAML history
+changes:
+  - pr-url: https://github.com/electron/electron/pull/17298
+    description: "This method now returns a Promise instead of using a callback function."
+    breaking-changes-header: api-changed-callback-based-versions-of-promisified-apis
+  - pr-url: https://github.com/electron/electron/pull/26102
+    description: "Added the `signal` option."
+  - pr-url: https://github.com/electron/electron/pull/30474
+    description: "Added the `textWidth` option."
+```
+-->
+
 * `window` [BaseWindow](base-window.md) (optional)
 * `options` Object
   * `message` string - Content of the message box.
@@ -349,6 +401,17 @@ and no GUI dialog will appear.
 
 ### `dialog.showCertificateTrustDialog([window, ]options)` _macOS_ _Windows_
 
+<!--
+```YAML history
+added:
+  - pr-url: https://github.com/electron/electron/pull/9099
+changes:
+  - pr-url: https://github.com/electron/electron/pull/17181
+    description: "This method now returns a Promise instead of using a callback function."
+    breaking-changes-header: api-changed-callback-based-versions-of-promisified-apis
+```
+-->
+
 * `window` [BaseWindow](base-window.md) (optional)
 * `options` Object
   * `certificate` [Certificate](structures/certificate.md) - The certificate to trust/import.

docs/api/menu-item.md

@@ -73,13 +73,16 @@ The following properties are available on instances of `MenuItem`:
 
 #### `menuItem.id`
 
-A `string` indicating the item's unique id. This property can be
-dynamically changed.
+A `string` indicating the item's unique id.
+
+This property can be dynamically changed.
 
 #### `menuItem.label`
 
 A `string` indicating the item's visible label.
 
+This property can be dynamically changed.
+
 #### `menuItem.click`
 
 A `Function` that is fired when the MenuItem receives a click event.
@@ -118,31 +121,37 @@ An `Accelerator | null` indicating the item's [user-assigned accelerator](https:
 
 #### `menuItem.icon`
 
-A `NativeImage | string` (optional) indicating the
-item's icon, if set.
+A `NativeImage | string` (optional) indicating the item's icon, if set.
+
+This property can be dynamically changed.
 
 #### `menuItem.sublabel`
 
 A `string` indicating the item's sublabel.
 
+This property can be dynamically changed.
+
 #### `menuItem.toolTip` _macOS_
 
 A `string` indicating the item's hover text.
 
 #### `menuItem.enabled`
 
-A `boolean` indicating whether the item is enabled. This property can be
-dynamically changed.
+A `boolean` indicating whether the item is enabled.
+
+This property can be dynamically changed.
 
 #### `menuItem.visible`
 
-A `boolean` indicating whether the item is visible. This property can be
-dynamically changed.
+A `boolean` indicating whether the item is visible.
+
+This property can be dynamically changed.
 
 #### `menuItem.checked`
 
-A `boolean` indicating whether the item is checked. This property can be
-dynamically changed.
+A `boolean` indicating whether the item is checked.
+
+This property can be dynamically changed.
 
 A `checkbox` menu item will toggle the `checked` property on and off when
 selected.

docs/api/menu.md

@@ -123,7 +123,7 @@ Appends the `menuItem` to the menu.
 
 - `id` string
 
-Returns [`MenuItem | null`](menu-item.md) - the item with the specified `id`
+Returns `MenuItem | null` the item with the specified `id`
 
 #### `menu.insert(pos, menuItem)`
 

docs/api/native-theme.md

@@ -84,3 +84,7 @@ Currently, Windows high contrast is the only system setting that triggers forced
 ### `nativeTheme.prefersReducedTransparency` _Readonly_
 
 A `boolean` that indicates whether the user has chosen via system accessibility settings to reduce transparency at the OS level.
+
+### `nativeTheme.shouldDifferentiateWithoutColor` _macOS_ _Readonly_
+
+A `boolean` that indicates whether the user prefers UI that differentiates items using something other than color alone (e.g. shapes or labels). This maps to [NSWorkspace.accessibilityDisplayShouldDifferentiateWithoutColor](https://developer.apple.com/documentation/appkit/nsworkspace/accessibilitydisplayshoulddifferentiatewithoutcolor).

docs/api/notification.md

@@ -42,11 +42,15 @@ Returns `boolean` - Whether or not desktop notifications are supported on the cu
   * `timeoutType` string (optional) _Linux_ _Windows_ - The timeout duration of the notification. Can be 'default' or 'never'.
   * `replyPlaceholder` string (optional) _macOS_ - The placeholder to write in the inline reply input field.
   * `sound` string (optional) _macOS_ - The name of the sound file to play when the notification is shown.
-  * `urgency` string (optional) _Linux_ - The urgency level of the notification. Can be 'normal', 'critical', or 'low'.
+  * `urgency` string (optional) _Linux_ _Windows_ - The urgency level of the notification. Can be 'normal', 'critical', or 'low'.
   * `actions` [NotificationAction[]](structures/notification-action.md) (optional) _macOS_ - Actions to add to the notification. Please read the available actions and limitations in the `NotificationAction` documentation.
   * `closeButtonText` string (optional) _macOS_ - A custom title for the close button of an alert. An empty string will cause the default localized text to be used.
   * `toastXml` string (optional) _Windows_ - A custom description of the Notification on Windows superseding all properties above. Provides full customization of design and behavior of the notification.
 
+> [!NOTE]
+> On Windows, `urgency` type 'critical' sorts the notification higher in Action Center (above default priority notifications), but does not prevent auto-dismissal. To prevent auto-dismissal, you should also set
+> `timeoutType` to 'never'.
+
 ### Instance Events
 
 Objects created with `new Notification` emit the following events:
@@ -111,7 +115,8 @@ app.whenReady().then(() => {
 
 Returns:
 
-* `event` Event
+* `details` Event\<\>
+  * `reason` _Windows_ string (optional) - The reason the notification was closed. This can be 'userCanceled', 'applicationHidden', or 'timedOut'.
 
 Emitted when the notification is closed by manual intervention from the user.
 

docs/api/protocol.md

@@ -56,6 +56,15 @@ app.whenReady().then(() => {
 })
 ```
 
+## Protocol names
+
+[RFC 3986](https://www.rfc-editor.org/rfc/rfc3986#section-3.1) defines what a valid
+protocol name is:
+
+> Scheme names consist of a sequence of characters beginning with a letter and followed
+> by any combination of letters, digits, plus ("+"), period ("."), or hyphen ("-").
+> Although schemes are case-insensitive, the canonical form is lowercase […].
+
 ## Methods
 
 The `protocol` module has the following methods:

docs/api/safe-storage.md

@@ -7,44 +7,21 @@ Process: [Main](../glossary.md#main-process)
 This module adds extra protection to data being stored on disk by using OS-provided cryptography systems. Current
 security semantics for each platform are outlined below.
 
-> [!NOTE]
-> We recommend using the asynchronous API (`encryptStringAsync`/`decryptStringAsync`) over the synchronous API.
-> The async API is non-blocking, supports key rotation, and handles temporary unavailability gracefully.
-> The synchronous API may be deprecated in a future version of Electron.
-
-## Platform-Specific Key Providers
-
-### Synchronous API
-
 * **macOS**: Encryption keys are stored for your app in [Keychain Access](https://support.apple.com/en-ca/guide/keychain-access/kyca1083/mac) in a way that prevents
 other applications from loading them without user override. Therefore, content is protected from other users and other apps running in the same userspace.
-* **Windows**: Encryption keys are generated via [DPAPI](https://learn.microsoft.com/en-us/windows/win32/api/dpapi/nf-dpapi-cryptprotectdata). As per the Windows documentation: "Typically, only a user with the same logon credential as the user who encrypted the data can typically decrypt the data". Therefore, content is protected from other users on the same machine, but not from other apps running in the
+* **Windows**: Encryption keys are generated via [DPAPI](https://learn.microsoft.com/en-us/windows/win32/api/dpapi/nf-dpapi-cryptprotectdata).
+As per the Windows documentation: "Typically, only a user with the same logon credential as the user who encrypted the data can typically
+decrypt the data". Therefore, content is protected from other users on the same machine, but not from other apps running in the
 same userspace.
 * **Linux**: Encryption keys are generated and stored in a secret store that varies depending on your window manager and system setup. Options currently supported are `kwallet`, `kwallet5`, `kwallet6` and `gnome-libsecret`, but more may be available in future versions of Electron. As such, the
 security semantics of content protected via the `safeStorage` API vary between window managers and secret stores.
-  * Note that not all Linux setups have an available secret store. If no secret store is available, items stored in using the `safeStorage` API will be unprotected as they are encrypted via hardcoded plaintext password. You can detect when this happens when `safeStorage.getSelectedStorageBackend()` returns `basic_text`.
+  * Note that not all Linux setups have an available secret store. If no secret store is available, items stored in using the `safeStorage` API will be unprotected
+as they are encrypted via hardcoded plaintext password. You can detect when this happens when `safeStorage.getSelectedStorageBackend()` returns `basic_text`.
 
-Note that on macOS, access to the system Keychain is required and
+Note that on Mac, access to the system Keychain is required and
 these calls can block the current thread to collect user input.
 The same is true for Linux, if a password management tool is available.
 
-### Asynchronous API
-
-The asynchronous API uses pluggable key providers that vary by platform:
-
-* **macOS**: Encryption keys are stored and retrieved from [Keychain Access](https://developer.apple.com/documentation/security/keychain-items). This provides the same security model as the synchronous API, protecting content from other users and other apps running in the same userspace.
-* **Windows**: Encryption keys are protected via [DPAPI](https://learn.microsoft.com/en-us/windows/win32/api/dpapi). This provides the same security model as the synchronous API, protecting content from other users on the same machine but not from other apps running in the same userspace.
-* **Linux**: Multiple key providers may be available depending on the desktop environment:
-  * [`org.freedesktop.portal.Secret`](https://flatpak.github.io/xdg-desktop-portal/docs/doc-org.freedesktop.portal.Secret.html): Uses the Portal Secret D-Bus interface to retrieve application-specific secrets. This is the preferred provider for sandboxed environments like Flatpak.
-  * [Secret Service API](https://specifications.freedesktop.org/secret-service/latest/): Uses the freedesktop.org Secret Service API (e.g., GNOME Keyring) for key storage.
-  * A fallback provider is used for environments without a secret service available.
-
-Unlike the synchronous API, these operations are non-blocking and support additional features like key rotation (indicated by `shouldReEncrypt`) and temporary unavailability handling (indicated by `isTemporarilyUnavailable`).
-
-## Events
-
-The `safeStorage` module emits the following events:
-
 ## Methods
 
 The `safeStorage` module has the following methods:
@@ -57,10 +34,6 @@ On Linux, returns true if the app has emitted the `ready` event and the secret k
 On MacOS, returns true if Keychain is available.
 On Windows, returns true once the app has emitted the `ready` event.
 
-### `safeStorage.isAsyncEncryptionAvailable()`
-
-Returns `Promise<Boolean>` - Whether encryption is available for asynchronous safeStorage operations.
-
 ### `safeStorage.encryptString(plainText)`
 
 * `plainText` string
@@ -76,21 +49,7 @@ This function will throw an error if encryption fails.
 Returns `string` - the decrypted string. Decrypts the encrypted buffer
 obtained  with `safeStorage.encryptString` back into a string.
 
-### `safeStorage.encryptStringAsync(plainText)`
-
-* `plainText` string
-
-Returns `Promise<Buffer>` -  An array of bytes representing the encrypted string.
-
-### `safeStorage.decryptStringAsync(encrypted)`
-
-* `encrypted` Buffer
-
-Returns `Promise<Object>` - Resolve with an object containing the following:
-
-* `shouldReEncrypt` boolean - whether data that has just been returned from the decrypt operation should be
-  re-encrypted, as the key has been rotated or a new  key is available that provides a different security level. If `true`, you should call `decryptStringAsync` again to receive the new decrypted string.
-* `result` string - the decrypted string.
+This function will throw an error if decryption fails.
 
 ### `safeStorage.setUsePlainTextEncryption(usePlainText)`
 

docs/api/screen.md

@@ -110,6 +110,8 @@ Returns [`Point`](structures/point.md)
 
 The current absolute position of the mouse pointer.
 
+Not supported on Wayland (Linux).
+
 > [!NOTE]
 > The return value is a DIP point, not a screen physical point.
 

docs/api/shared-texture.md

@@ -1,6 +1,6 @@
 # sharedTexture
 
-> Import shared textures into Electron and converts platform specific handles into [`VideoFrame`](https://developer.mozilla.org/en-US/docs/Web/API/VideoFrame). Supports all Web rendering systems, and can be transferred across Electron processes. Read [here](https://github.com/electron/electron/blob/main/shell/common/api/shared_texture/README.md) for more information.
+> Import shared textures into Electron and converts platform specific handles into [`VideoFrame`](https://developer.mozilla.org/en-US/docs/Web/API/VideoFrame). Supports all Web rendering systems, and can be transferred across Electron processes. Read [here](../../shell/common/api/shared_texture/README.md) for more information.
 
 Process: [Main](../glossary.md#main-process), [Renderer](../glossary.md#renderer-process)
 
@@ -21,7 +21,7 @@ Imports the shared texture from the given options.
 > [!NOTE]
 > This method is only available in the main process.
 
-Returns [`SharedTextureImported`](structures/shared-texture-imported.md) - The imported shared texture.
+Returns `SharedTextureImported` - The imported shared texture.
 
 ### `sharedTexture.sendSharedTexture(options, ...args)` _Experimental_
 

docs/api/structures/shared-texture-handle.md

@@ -1,6 +1,6 @@
 # SharedTextureHandle Object
 
-* `ntHandle` Buffer (optional) _Windows_ - NT HANDLE holds the shared texture. Note that this NT HANDLE is local to current process.
+* `ntHandle` Buffer (optional) _Windows_ - NT HANDLE holds the shared texture. Note that this NT HANDLE is local to current process.  Output textures of `rgba`, `bgra`, `rgbaf16` formats don't have a keyed mutex on the texture handle, but `nv12` format texture handles do have a keyed mutex.
 * `ioSurface` Buffer (optional) _macOS_ - IOSurfaceRef holds the shared texture. Note that this IOSurface is local to current process (not global).
 * `nativePixmap` Object (optional) _Linux_ - Structure contains planes of shared texture.
   * `planes` Object[] _Linux_ - Each plane's info of the shared texture.

docs/api/structures/shared-texture-import-texture-info.md

@@ -5,7 +5,6 @@
   * `rgba` - 32bpp RGBA (byte-order), 1 plane.
   * `rgbaf16` - Half float RGBA, 1 plane.
   * `nv12` - 12bpp with Y plane followed by a 2x2 interleaved UV plane.
-  * `p010le` - 4:2:0 10-bit YUV (little-endian), Y plane followed by a 2x2 interleaved UV plane.
 * `colorSpace` [ColorSpace](color-space.md) (optional) - The color space of the texture.
 * `codedSize` [Size](size.md) - The full dimensions of the shared texture.
 * `visibleRect` [Rectangle](rectangle.md) (optional) - A subsection of [0, 0, codedSize.width, codedSize.height]. In common cases, it is the full section area.

docs/api/structures/web-preferences.md

@@ -94,7 +94,6 @@
     The actual output pixel format and color space of the texture should refer to [`OffscreenSharedTexture`](../structures/offscreen-shared-texture.md) object in the `paint` event.
     * `argb` - The requested output texture format is 8-bit unorm RGBA, with SRGB SDR color space.
     * `rgbaf16` - The requested output texture format is 16-bit float RGBA, with scRGB HDR color space.
-  * `deviceScaleFactor` number (optional) _Experimental_ - The device scale factor of the offscreen rendering output. If not set, will use primary display's scale factor as default.
 * `contextIsolation` boolean (optional) - Whether to run Electron APIs and
   the specified `preload` script in a separate JavaScript context. Defaults
   to `true`. The context that the `preload` script runs in will only have

docs/api/view.md

@@ -62,17 +62,9 @@ it becomes the topmost view.
 
 If the view passed as a parameter is not a child of this view, this method is a no-op.
 
-#### `view.setBounds(bounds[, options])`
+#### `view.setBounds(bounds)`
 
 * `bounds` [Rectangle](structures/rectangle.md) - New bounds of the View.
-* `options` Object (optional) - Options for setting the bounds.
-  * `animate` boolean | Object (optional) - If true, the bounds change will be animated. If an object is passed, it can contain the following properties:
-    * `duration` Integer (optional) - Duration of the animation in milliseconds. Default is `250`.
-    * `easing` string (optional) - Easing function for the animation. Default is `linear`.
-      * `linear`
-      * `ease-in`
-      * `ease-out`
-      * `ease-in-out`
 
 #### `view.getBounds()`
 

docs/api/web-contents.md

@@ -933,7 +933,7 @@ copying data between CPU and GPU memory, with Chromium's hardware acceleration s
 Only a limited number of textures can exist at the same time, so it's important that you call `texture.release()` as soon as you're done with the texture.
 By managing the texture lifecycle by yourself, you can safely pass the `texture.textureInfo` to other processes through IPC.
 
-More details can be found in the [offscreen rendering tutorial](../tutorial/offscreen-rendering.md). To learn about how to handle the texture in native code, refer to [offscreen rendering's code documentation.](https://github.com/electron/electron/blob/main/shell/browser/osr/README.md).
+More details can be found in the [offscreen rendering tutorial](../tutorial/offscreen-rendering.md). To learn about how to handle the texture in native code, refer to [offscreen rendering's code documentation.](../../shell/browser/osr/README.md).
 
 ```js
 const { BrowserWindow } = require('electron')
@@ -1485,6 +1485,11 @@ mainWindow.webContents.setWindowOpenHandler((details) => {
       const browserView = new BrowserView(options)
       mainWindow.addBrowserView(browserView)
       browserView.setBounds({ x: 0, y: 0, width: 640, height: 480 })
+      // For `background-tab` disposition (e.g., when middle-clicking or ctrl/cmd-clicking a link),
+      // `options.webContents` is undefined because its creation can be deferred. So load the URL manually.
+      if (details.disposition === 'background-tab') {
+        browserView.webContents.loadURL(details.url)
+      }
       return browserView.webContents
     }
   }
@@ -2235,6 +2240,16 @@ Returns `string` - The identifier of a WebContents stream. This identifier can b
 with `navigator.mediaDevices.getUserMedia` using a `chromeMediaSource` of `tab`.
 The identifier is restricted to the web contents that it is registered to and is only valid for 10 seconds.
 
+#### `contents.getOrCreateDevToolsTargetId()`
+
+Returns `string` - The Chrome DevTools Protocol
+[TargetID](https://chromedevtools.github.io/devtools-protocol/tot/Target/#type-TargetID)
+associated with this WebContents. This is the reverse of
+[`webContents.fromDevToolsTargetId()`](#webcontentsfromdevtoolstargetidtargetid).
+
+> [!NOTE]
+> This method creates a new DevTools agent for this WebContents if one does not already exist.
+
 #### `contents.getOSProcessId()`
 
 Returns `Integer` - The operating system `pid` of the associated renderer

docs/breaking-changes.md

@@ -12,16 +12,6 @@ This document uses the following convention to categorize breaking changes:
 * **Deprecated:** An API was marked as deprecated. The API will continue to function, but will emit a deprecation warning, and will be removed in a future release.
 * **Removed:** An API or feature was removed, and is no longer supported by Electron.
 
-## Planned Breaking API Changes (42.0)
-
-### Behavior Changed: Offscreen rendering will use `1.0` as default device scale factor.
-
-Previously, OSR used the primary display's device scale factor for rendering, which made the output frame size vary across users.
-Developers had to manually calculate the correct size using `screen.getPrimaryDisplay().scaleFactor`. We now provide an optional property
-`webPreferences.offscreen.deviceScaleFactor` to specify a custom value when creating an OSR window. At first, if the property is not set, it defaults
-to the primary display's scale factor (preserving the old behavior). Starting from Electron 42, the default will change to a constant value of `1.0`
-for more consistent output sizes.
-
 ## Planned Breaking API Changes (41.0)
 
 ### Behavior Changed: PDFs no longer create a separate WebContents
@@ -51,6 +41,12 @@ your preload script and expose it using the [contextBridge](https://www.electron
 Debug symbols for MacOS (dSYM) now use xz compression in order to handle larger file sizes. `dsym.zip` files are now
 `dsym.tar.xz` files. End users using debug symbols may need to update their zip utilities.
 
+### Deprecated: `showHiddenFiles` in Dialogs on Linux
+
+This property will still be honored on macOS and Windows, but support on Linux
+will be removed in Electron 42. GTK intends for this to be a user choice rather
+than an app choice and has removed the API to do this programmatically.
+
 ## Planned Breaking API Changes (39.0)
 
 ### Deprecated: `--host-rules` command line switch

docs/development/build-instructions-gn.md

@@ -41,7 +41,7 @@ e init --root=~/electron --bootstrap testing
 ```
 
 The `--bootstrap` flag also runs `e sync` (synchronizes source code branches from
-[`DEPS`](https://github.com/electron/electron/blob/main/DEPS) using
+[`DEPS`](../../DEPS) using
 [`gclient`](https://chromium.googlesource.com/chromium/tools/depot_tools.git/+/HEAD/README.gclient.md))
 and `e build` (compiles the Electron binary into the `${root}/src/out` folder).
 
@@ -63,7 +63,7 @@ Some quick tips on building once your checkout is set up:
 * **Updating your checkout:** Run git commands such as `git checkout <branch>` and `git pull` from `${root}/src/electron`.
   Whenever you update your commit `HEAD`, make sure to `e sync` before `e build` to sync dependencies
   such as Chromium and Node.js. This is especially relevant because the Chromium version in
-  [`DEPS`](https://github.com/electron/electron/blob/main/DEPS) changes frequently.
+  [`DEPS`](../../DEPS) changes frequently.
 * **Rebuilding:** When making changes to code in `${root}/src/electron/` in a local branch, you only need to re-run `e build`.
 * **Adding patches:** When contributing changes in `${root}/src/` outside of `${root}/src/electron/`, you need to do so
   via Electron's [patch system](./patches.md). The `e patches` command can export all relevant patches to
@@ -98,7 +98,7 @@ Project configurations can be found in the `.gn` and `.gni` files in the `electr
 
 The following `gn` files contain the main rules for building Electron:
 
-* [`BUILD.gn`](https://github.com/electron/electron/blob/main/BUILD.gn) defines how Electron itself
+* [`BUILD.gn`](../../BUILD.gn) defines how Electron itself
   is built and includes the default configurations for linking with Chromium.
 * [`build/args/{testing,release,all}.gn`](https://github.com/electron/electron/tree/main/build/args)
   contain the default build arguments for building Electron.

docs/development/creating-api.md

@@ -6,7 +6,7 @@ This is not a comprehensive end-all guide to creating an Electron Browser API, r
 
 ## Add your files to Electron's project configuration
 
-Electron uses [GN](https://gn.googlesource.com/gn) as a meta build system to generate files for its compiler, [Ninja](https://ninja-build.org/). This means that in order to tell Electron to compile your code, we have to add your API's code and header file names into [`filenames.gni`](https://github.com/electron/electron/blob/main/filenames.gni).
+Electron uses [GN](https://gn.googlesource.com/gn) as a meta build system to generate files for its compiler, [Ninja](https://ninja-build.org/). This means that in order to tell Electron to compile your code, we have to add your API's code and header file names into [`filenames.gni`](../../filenames.gni).
 
 You will need to append your API file names alphabetically into the appropriate files like so:
 
@@ -127,7 +127,7 @@ void Initialize(v8::Local<v8::Object> exports,
 
 ## Link your Electron API with Node
 
-In the [`typings/internal-ambient.d.ts`](https://github.com/electron/electron/blob/main/typings/internal-ambient.d.ts) file, we need to append a new property onto the `Process` interface like so:
+In the [`typings/internal-ambient.d.ts`](../../typings/internal-ambient.d.ts) file, we need to append a new property onto the `Process` interface like so:
 
 ```ts title='typings/internal-ambient.d.ts' @ts-nocheck
 interface Process {
@@ -141,7 +141,7 @@ At the very bottom of your `api_name.cc` file:
 NODE_LINKED_BINDING_CONTEXT_AWARE(electron_browser_{api_name},Initialize)
 ```
 
-In your [`shell/common/node_bindings.cc`](https://github.com/electron/electron/blob/main/shell/common/node_bindings.cc) file, add your node binding name to Electron's built-in modules.
+In your [`shell/common/node_bindings.cc`](../../shell/common/node_bindings.cc) file, add your node binding name to Electron's built-in modules.
 
 ```cpp title='shell/common/node_bindings.cc'
 #define ELECTRON_BROWSER_MODULES(V)      \
@@ -159,7 +159,7 @@ We will need to create a new TypeScript file in the path that follows:
 
 `"lib/browser/api/{electron_browser_{api_name}}.ts"`
 
-An example of the contents of this file can be found [here](https://github.com/electron/electron/blob/main/lib/browser/api/native-theme.ts).
+An example of the contents of this file can be found [here](../../lib/browser/api/native-theme.ts).
 
 ### Expose your module to TypeScript
 

docs/development/pull-requests.md

@@ -21,24 +21,33 @@
 
 ### Step 1: Fork
 
-Fork the project [on GitHub](https://github.com/electron/electron) and clone your fork
-locally.
-
-```sh
-$ git clone git@github.com:username/electron.git
-$ cd electron
-$ git remote add upstream https://github.com/electron/electron.git
-$ git fetch upstream
-```
+Fork Electron's [GitHub repository](https://github.com/electron/electron).
 
 ### Step 2: Build
 
-Build steps and dependencies differ slightly depending on your operating system.
-See these detailed guides on building Electron locally:
+We recommend using [`@electron/build-tools`](https://github.com/electron/build-tools) to build
+Electron itself.
 
-* [Building on macOS](build-instructions-macos.md)
-* [Building on Linux](build-instructions-linux.md)
-* [Building on Windows](build-instructions-windows.md)
+```sh
+# Install build-tools package globally:
+npm install -g @electron/build-tools
+# Run the init script where you want to clone the project and point it to your fork:
+e init --fork my-org/electron --bootstrap testing
+```
+
+This will create a new `electron` folder in your working directory and initialize the project.
+Once the build completes, navigate to `electron/src/electron`, where your fork is actually cloned.
+
+> [!IMPORTANT]
+> Your Electron project has a complex folder structure with nested repositories.
+> See the [Build Instructions](./build-instructions-gn.md) docs for detailed Build Tools
+> usage instructions (e.g. how to sync dependencies or how to recompile the binary)
+> and platform-specific notices.
+
+There, you should have two `remote` URLs in git:
+
+* `origin` will point to `electron/electron`
+* `fork` will point to your fork (`my-org/electron`)
 
 Once you've built the project locally, you're ready to start making changes!
 
@@ -48,7 +57,7 @@ To keep your development environment organized, create local branches to
 hold your work. These should be branched directly off of the `main` branch.
 
 ```sh
-$ git checkout -b my-branch -t upstream/main
+git checkout -b my-branch
 ```
 
 ## Making Changes
@@ -60,7 +69,7 @@ changes to either the C/C++ code in the `shell/` folder,
 the JavaScript code in the `lib/` folder, the documentation in `docs/api/`
 or tests in the `spec/` folder.
 
-Please be sure to run `npm run lint` from time to time on any code changes
+Please be sure to run `yarn lint` from time to time on any code changes
 to ensure that they follow the project's code style.
 
 See [coding style](coding-style.md) for
@@ -75,8 +84,8 @@ across multiple commits. There is no limit to the number of commits in a
 pull request.
 
 ```sh
-$ git add my/changed/files
-$ git commit
+git add my/changed/files
+git commit
 ```
 
 Note that multiple commits get squashed when they are landed.
@@ -138,8 +147,8 @@ Once you have committed your changes, it is a good idea to use `git rebase`
 (not `git merge`) to synchronize your work with the main repository.
 
 ```sh
-$ git fetch upstream
-$ git rebase upstream/main
+git fetch origin
+git rebase origin/main
 ```
 
 This ensures that your working branch has the latest changes from `electron/electron`
@@ -156,7 +165,7 @@ Before submitting your changes in a pull request, always run the full
 test suite. To run the tests:
 
 ```sh
-$ npm run test
+yarn test
 ```
 
 Make sure the linter does not report any issues and that all tests pass.
@@ -165,7 +174,7 @@ Please do not submit patches that fail either check.
 If you are updating tests and want to run a single spec to check it:
 
 ```sh
-$ npm run test -match=menu
+yarn test -match=menu
 ```
 
 The above would only run spec modules matching `menu`, which is useful for
@@ -179,13 +188,13 @@ begin the process of opening a pull request by pushing your working branch
 to your fork on GitHub.
 
 ```sh
-$ git push origin my-branch
+git push fork my-branch
 ```
 
 ### Step 9: Opening the Pull Request
 
 From within GitHub, opening a new pull request will present you with a template
-that should be filled out. It can be found [here](https://github.com/electron/electron/blob/main/.github/PULL_REQUEST_TEMPLATE.md).
+that should be filled out. It can be found [here](../../.github/PULL_REQUEST_TEMPLATE.md).
 
 If you do not adequately complete this template, your PR may be delayed in being merged as maintainers
 seek more information or clarify ambiguities.
@@ -203,9 +212,9 @@ branch, add a new commit with those changes, and push those to your fork.
 GitHub will automatically update the pull request.
 
 ```sh
-$ git add my/changed/files
-$ git commit
-$ git push origin my-branch
+git add my/changed/files
+git commit
+git push fork my-branch
 ```
 
 There are a number of more advanced mechanisms for managing commits using
@@ -213,13 +222,12 @@ There are a number of more advanced mechanisms for managing commits using
 
 Feel free to post a comment in the pull request to ping reviewers if you are
 awaiting an answer on something. If you encounter words or acronyms that
-seem unfamiliar, refer to this
-[glossary](https://sites.google.com/a/chromium.org/dev/glossary).
+seem unfamiliar, refer to the
+[Chromium glossary](https://sites.google.com/a/chromium.org/dev/glossary).
 
 #### Approval and Request Changes Workflow
 
-All pull requests require approval from a
-[Code Owner](https://github.com/electron/electron/blob/main/.github/CODEOWNERS)
+All pull requests require approval from a [Code Owner](../../.github/CODEOWNERS)
 of the area you modified in order to land. Whenever a maintainer reviews a pull
 request they may request changes. These may be small, such as fixing a typo, or
 may involve substantive changes. Such requests are intended to be helpful, but

docs/development/source-code-directory-structure.md

@@ -10,7 +10,7 @@ to understand the source code better.
 ## Project structure
 
 Electron is a complex project containing multiple upstream dependencies, which are tracked in source
-control via the [`DEPS`](https://github.com/electron/electron/blob/main/DEPS) file. When
+control via the [`DEPS`](../../DEPS) file. When
 [initializing a local Electron checkout](./build-instructions-gn.md), Electron's source code is just one
 of many nested folders within the project root.
 

docs/tutorial/asar-archives.md

@@ -6,7 +6,7 @@ hide_title: false
 ---
 
 After creating an [application distribution](application-distribution.md), the
-app's source code are usually bundled into an [ASAR archive](https://github.com/electron/asar),
+app's source code is usually bundled into an [ASAR archive](https://github.com/electron/asar),
 which is a simple extensive archive format designed for Electron apps. By bundling the app
 we can mitigate issues around long path names on Windows, speed up `require` and conceal your source
 code from cursory inspection.
@@ -134,7 +134,7 @@ underlying system calls, Electron will extract the needed file into a
 temporary file and pass the path of the temporary file to the APIs to make them
 work. This adds a little overhead for those APIs.
 
-APIs that requires extra unpacking are:
+APIs that require extra unpacking are:
 
 * `child_process.execFile`
 * `child_process.execFileSync`

docs/tutorial/asar-integrity.md

@@ -15,6 +15,14 @@ Currently, ASAR integrity checking is supported on:
 * macOS as of `electron>=16.0.0`
 * Windows as of `electron>=30.0.0`
 
+> [!NOTE]
+> ASAR integrity is fully supported in Mac App Store (MAS) builds and is recommended
+> as a best practice. While MAS-installed applications have their `Resources/` folder
+> protected by the system (owned by root), ASAR integrity still provides an additional
+> layer of security. It is especially important if you use Electron's MAS build but
+> distribute your app through channels other than the Mac App Store (such as direct
+> download), since those installations won't have the system-level read-only protections.
+
 In order to enable ASAR integrity checking, you also need to ensure that your `app.asar` file
 was generated by a version of the `@electron/asar` npm package that supports ASAR integrity.
 
@@ -24,7 +32,7 @@ All versions of `@electron/asar` support ASAR integrity.
 ## How it works
 
 Each ASAR archive contains a JSON string header. The header format includes an `integrity` object
-that contain a hex encoded hash of the entire archive as well as an array of hex encoded hashes for each
+that contains a hex encoded hash of the entire archive as well as an array of hex encoded hashes for each
 block of `blockSize` bytes.
 
 ```json

docs/tutorial/automated-testing.md

@@ -203,7 +203,7 @@ test('launch app', async () => {
 })
 ```
 
-After that, you will access to an instance of Playwright's `ElectronApp` class. This
+After that, you will have access to an instance of Playwright's `ElectronApp` class. This
 is a powerful class that has access to main process modules for example:
 
 ```js {5-10} @ts-nocheck
@@ -237,7 +237,7 @@ test('save screenshot', async () => {
 })
 ```
 
-Putting all this together using the Playwright test-runner, let's create a `example.spec.js`
+Putting all this together using the Playwright test-runner, let's create an `example.spec.js`
 test file with a single test and assertion:
 
 ```js title='example.spec.js' @ts-nocheck
@@ -377,7 +377,7 @@ class TestDriver {
 module.exports = { TestDriver }
 ```
 
-In your app code, can then write a simple handler to receive RPC calls:
+In your app code, you can then write a simple handler to receive RPC calls:
 
 ```js title='main.js'
 const METHODS = {

docs/tutorial/code-signing.md

@@ -17,7 +17,7 @@ run them, users need to go through multiple advanced and manual steps.
 
 If you are building an Electron app that you intend to package and distribute,
 it should be code signed. The Electron ecosystem tooling makes codesigning your
-apps straightforward - this documentation explains how sign your apps on both
+apps straightforward - this documentation explains how to sign your apps on both
 Windows and macOS.
 
 ## Signing & notarizing macOS builds

docs/tutorial/custom-title-bar.md

@@ -110,7 +110,7 @@ const win = new BrowserWindow({
 #### Show and hide the traffic lights programmatically _macOS_
 
 You can also show and hide the traffic lights programmatically from the main process.
-The `win.setWindowButtonVisibility` forces traffic lights to be show or hidden depending
+The `win.setWindowButtonVisibility` forces traffic lights to be shown or hidden depending
 on the value of its boolean parameter.
 
 ```js title='main.js'

docs/tutorial/custom-window-interactions.md

@@ -5,12 +5,12 @@
 By default, windows are dragged using the title bar provided by the OS chrome. Apps
 that remove the default title bar need to use the `app-region` CSS property to define
 specific areas that can be used to drag the window. Setting `app-region: drag` marks
-a rectagular area as draggable.
+a rectangular area as draggable.
 
 It is important to note that draggable areas ignore all pointer events. For example,
 a button element that overlaps a draggable region will not emit mouse clicks or mouse
 enter/exit events within that overlapping area. Setting `app-region: no-drag` reenables
-pointer events by excluding a rectagular area from a draggable region.
+pointer events by excluding a rectangular area from a draggable region.
 
 To make the whole window draggable, you can add `app-region: drag` as
 `body`'s style:

docs/tutorial/custom-window-styles.md

@@ -12,6 +12,10 @@ To create a frameless window, set the [`BaseWindowContructorOptions`][] `frame`
 
 ```
 
+On Wayland (Linux), frameless windows have GTK drop shadows and extended
+resize boundaries by default. To create a fully frameless window with no
+decorations, set `hasShadow: false` in the window constructor options.
+
 ## Transparent windows
 
 ![Transparent Window](../images/transparent-window.png)

docs/tutorial/dark-mode.md

@@ -29,7 +29,7 @@ be updated accordingly.
 In macOS 10.14 Mojave, Apple introduced a new [system-wide dark mode][system-wide-dark-mode]
 for all macOS computers. If your Electron app has a dark mode, you can make it
 follow the system-wide dark mode setting using
-[the `nativeTheme` api](../api/native-theme.md).
+[the `nativeTheme` API](../api/native-theme.md).
 
 In macOS 10.15 Catalina, Apple introduced a new "automatic" dark mode option
 for all macOS computers. In order for the `nativeTheme.shouldUseDarkColors` and

docs/tutorial/electron-timelines.md

@@ -7,47 +7,7 @@ check out our [Electron Versioning](./electron-versioning.md) doc.
 
 ## Timeline
 
-| Electron | Alpha | Beta | Stable | EOL | Chrome | Node | Supported |
-| ------- | ----- | ------- | ------ | ------ | ---- | ---- | ---- |
-| 40.0.0 |  2025-Oct-30 | 2025-Dec-03 | 2026-Jan-13 | 2026-Jun-30 | M144 | TBD | ✅ |
-| 39.0.0 |  2025-Sep-04 | 2025-Oct-01 | 2025-Oct-28 | 2026-May-05 | M142 | v22.20 | ✅ |
-| 38.0.0 |  2025-Jun-26 | 2025-Aug-06 | 2025-Sep-02 | 2026-Mar-10 | M140 | v22.18 | ✅ |
-| 37.0.0 |  2025-May-01 | 2025-May-28 | 2025-Jun-24 | 2026-Jan-13 | M138 | v22.16 | ✅ |
-| 36.0.0 |  2025-Mar-06 | 2025-Apr-02 | 2025-Apr-29 | 2025-Oct-28 | M136 | v22.14 | 🚫 |
-| 35.0.0 |  2025-Jan-16 | 2025-Feb-05 | 2025-Mar-04 | 2025-Sep-02 | M134 | v22.14 | 🚫 |
-| 34.0.0 |  2024-Oct-17 | 2024-Nov-13 | 2025-Jan-14 | 2025-Jun-24 | M132 | v20.18 | 🚫 |
-| 33.0.0 |  2024-Aug-22 | 2024-Sep-18 | 2024-Oct-15 | 2025-Apr-29 | M130 | v20.18 | 🚫 |
-| 32.0.0 |  2024-Jun-14 | 2024-Jul-24 | 2024-Aug-20 | 2025-Mar-04 | M128 | v20.16 | 🚫 |
-| 31.0.0 |  2024-Apr-18 | 2024-May-15 | 2024-Jun-11 | 2025-Jan-14 | M126 | v20.14 | 🚫 |
-| 30.0.0 |  2024-Feb-22 | 2024-Mar-20 | 2024-Apr-16 | 2024-Oct-15 | M124 | v20.11 | 🚫 |
-| 29.0.0 |  2023-Dec-07 | 2024-Jan-24 | 2024-Feb-20 | 2024-Aug-20 | M122 | v20.9 | 🚫 |
-| 28.0.0 |  2023-Oct-11 | 2023-Nov-06 | 2023-Dec-05 | 2024-Jun-11 | M120 | v18.18 | 🚫 |
-| 27.0.0 |  2023-Aug-17 | 2023-Sep-13 | 2023-Oct-10 | 2024-Apr-16 | M118 | v18.17 | 🚫 |
-| 26.0.0 | 2023-Jun-01 | 2023-Jun-27 | 2023-Aug-15 | 2024-Feb-20 | M116 | v18.16 | 🚫 |
-| 25.0.0 | 2023-Apr-10 | 2023-May-02 | 2023-May-30 | 2023-Dec-05 | M114 | v18.15 | 🚫 |
-| 24.0.0 | 2023-Feb-09 | 2023-Mar-07 | 2023-Apr-04 | 2023-Oct-10 | M112 | v18.14 | 🚫 |
-| 23.0.0 | 2022-Dec-01 | 2023-Jan-10 | 2023-Feb-07 | 2023-Aug-15 | M110 | v18.12 | 🚫 |
-| 22.0.0 | 2022-Sep-29 | 2022-Oct-25 | 2022-Nov-29 | 2023-Oct-10 | M108 | v16.17 | 🚫 |
-| 21.0.0 | 2022-Aug-04 | 2022-Aug-30 | 2022-Sep-27 | 2023-Apr-04 | M106 | v16.16 | 🚫 |
-| 20.0.0 | 2022-May-26 | 2022-Jun-21 | 2022-Aug-02 | 2023-Feb-07 | M104 | v16.15 | 🚫 |
-| 19.0.0 | 2022-Mar-31 | 2022-Apr-26 | 2022-May-24 | 2022-Nov-29 | M102 | v16.14 | 🚫 |
-| 18.0.0 | 2022-Feb-03 | 2022-Mar-03 | 2022-Mar-29 | 2022-Sep-27 | M100 | v16.13 | 🚫 |
-| 17.0.0 | 2021-Nov-18 | 2022-Jan-06 | 2022-Feb-01 | 2022-Aug-02 | M98 | v16.13 | 🚫 |
-| 16.0.0 | 2021-Sep-23 | 2021-Oct-20 | 2021-Nov-16 | 2022-May-24 | M96 | v16.9 | 🚫 |
-| 15.0.0 | 2021-Jul-20 | 2021-Sep-01 | 2021-Sep-21 | 2022-May-24 | M94 | v16.5 | 🚫 |
-| 14.0.0 | -- | 2021-May-27 | 2021-Aug-31 | 2022-Mar-29 | M93 | v14.17 | 🚫 |
-| 13.0.0 | -- | 2021-Mar-04 | 2021-May-25 | 2022-Feb-01 | M91 | v14.16 | 🚫 |
-| 12.0.0 | -- | 2020-Nov-19 | 2021-Mar-02 | 2021-Nov-16 | M89 | v14.16 | 🚫 |
-| 11.0.0 | -- | 2020-Aug-27 | 2020-Nov-17 | 2021-Aug-31 | M87 | v12.18 | 🚫 |
-| 10.0.0 | -- | 2020-May-21 | 2020-Aug-25 | 2021-May-25 | M85 | v12.16 | 🚫 |
-| 9.0.0 | -- | 2020-Feb-06 | 2020-May-19 | 2021-Mar-02 | M83 | v12.14 | 🚫 |
-| 8.0.0 | -- | 2019-Oct-24 | 2020-Feb-04 | 2020-Nov-17 | M80 | v12.13 | 🚫 |
-| 7.0.0 | -- | 2019-Aug-01 | 2019-Oct-22 | 2020-Aug-25 | M78 | v12.8 | 🚫 |
-| 6.0.0 | -- | 2019-Apr-25 | 2019-Jul-30 | 2020-May-19 | M76 | v12.14.0 | 🚫 |
-| 5.0.0 | -- | 2019-Jan-22 | 2019-Apr-23 | 2020-Feb-04 | M73 | v12.0 | 🚫 |
-| 4.0.0 | -- | 2018-Oct-11 | 2018-Dec-20 | 2019-Oct-22 | M69 | v10.11 | 🚫 |
-| 3.0.0 | -- | 2018-Jun-21 | 2018-Sep-18 | 2019-Jul-30 | M66 | v10.2 | 🚫 |
-| 2.0.0 | -- | 2018-Feb-21 | 2018-May-01 | 2019-Apr-23 | M61 | v8.9 | 🚫 |
+[Electron's Release Schedule](https://releases.electronjs.org/schedule) lists a schedule of Electron major releases showing key milestones including alpha, beta, and stable release dates, as well as end-of-life dates and dependency versions.
 
 :::info Official support dates may change
 

docs/tutorial/fuses.md

@@ -137,6 +137,35 @@ The extra privileges granted to the `file://` protocol by this fuse are incomple
 * `file://` protocol pages have universal access granted to child frames also running on `file://`
   protocols regardless of sandbox settings
 
+### `wasmTrapHandlers`
+
+**Default:** Enabled
+
+**@electron/fuses:** `FuseV1Options.WasmTrapHandlers`
+
+The `wasmTrapHandlers` fuse controls whether V8 will use signal handlers to trap Out of Bounds memory
+access from WebAssembly. The feature works by surrounding the WebAssembly memory with large guard regions
+and then installing a signal handler that traps attempt to access memory in the guard region. The feature
+is only supported on the following 64-bit systems:
+
+* Linux, macOS, Windows - x86_64
+* Linux, macOS - aarch64
+
+```text
+| Guard Pages | WASM heap | Guard Pages |
+|-----8GB-----|           |-----8GB-----|
+```
+
+When the fuse is disabled V8 will use explicit bound checks in the generated WebAssembly code to ensure
+memory safety. However, this method has some downsides
+
+* The compiler generates extra nodes for each memory reference, leading to longer compile times due to the
+additional processing time needed for these nodes.
+* In turn, these extra nodes lead to lots of extra code being generated, making WebAssembly modules bigger
+than they ideally should be.
+* This extra code, particularly the compare and branch before every memory reference,
+incurs a significant runtime cost.
+
 ## How do I flip fuses?
 
 ### The easy way
@@ -197,4 +226,4 @@ Somewhere in the Electron binary, there will be a sequence of bytes that look li
 
 To flip a fuse, you find its position in the fuse wire and change it to "0" or "1" depending on the state you'd like.
 
-You can view the current schema [here](https://github.com/electron/electron/blob/main/build/fuses/fuses.json5).
+You can view the current schema [here](../../build/fuses/fuses.json5).

docs/tutorial/ipc.md

@@ -50,7 +50,7 @@ sections.
 
 In the main process, set an IPC listener on the `set-title` channel with the `ipcMain.on` API:
 
-```js {6-10,22} title='main.js (Main Process)'
+```js {7-11,23} title='main.js (Main Process)'
 const { app, BrowserWindow, ipcMain } = require('electron')
 
 const path = require('node:path')
@@ -171,7 +171,7 @@ sections.
 
 In the main process, we'll be creating a `handleFileOpen()` function that calls
 `dialog.showOpenDialog` and returns the value of the file path selected by the user. This function
-is used as a callback whenever an `ipcRender.invoke` message is sent through the `dialog:openFile`
+is used as a callback whenever an `ipcRenderer.invoke` message is sent through the `dialog:openFile`
 channel from the renderer process. The return value is then returned as a Promise to the original
 `invoke` call.
 
@@ -446,7 +446,7 @@ After loading the preload script, your renderer process should have access to th
 We don't directly expose the whole `ipcRenderer.on` API for [security reasons][]. Make sure to
 limit the renderer's access to Electron APIs as much as possible.
 Also don't just pass the callback to `ipcRenderer.on` as this will leak `ipcRenderer` via `event.sender`.
-Use a custom handler that invoke the `callback` only with the desired arguments.
+Use a custom handler that invokes the `callback` only with the desired arguments.
 :::
 
 :::info

docs/tutorial/keyboard-shortcuts.md

@@ -10,7 +10,7 @@ hide_title: false
 ## Accelerators
 
 Accelerators are strings that can be used to represent keyboard shortcuts throughout your Electron.
-These strings can contain multiple modifiers keys and a single key code joined by the `+` character.
+These strings can contain multiple modifier keys and a single key code joined by the `+` character.
 
 > [!NOTE]
 > Accelerators are **case-insensitive**.

docs/tutorial/launch-app-from-url-in-another-app.md

@@ -62,9 +62,9 @@ const createWindow = () => {
 }
 ```
 
-In this next step, we will create our  `BrowserWindow` and tell our application how to handle an event in which an external protocol is clicked.
+In this next step, we will create our `BrowserWindow` and tell our application how to handle an event in which an external protocol is clicked.
 
-This code will be different in Windows and Linux compared to MacOS. This is due to both platforms emitting the `second-instance` event rather than the `open-url` event and Windows requiring additional code in order to open the contents of the protocol link within the same Electron instance. Read more about this [here](../api/app.md#apprequestsingleinstancelockadditionaldata).
+This code will be different in Windows and Linux compared to macOS. This is due to both platforms emitting the `second-instance` event rather than the `open-url` event and Windows requiring additional code in order to open the contents of the protocol link within the same Electron instance. Read more about this [here](../api/app.md#apprequestsingleinstancelockadditionaldata).
 
 #### Windows and Linux code:
 
@@ -91,7 +91,7 @@ if (!gotTheLock) {
 }
 ```
 
-#### MacOS code:
+#### macOS code:
 
 ```js @ts-type={createWindow:()=>void}
 // This method will be called when Electron has finished

docs/tutorial/mac-app-store-submission-guide.md

@@ -65,7 +65,7 @@ The full list of certificate types can be found
 Apps signed with "Apple Development" and "Apple Distribution" certificates can
 only run under [App Sandbox][app-sandboxing], so they must use the MAS build of
 Electron. However, the "Developer ID Application" certificate does not have this
-restrictions, so apps signed with it can use either the normal build or the MAS
+restriction, so apps signed with it can use either the normal build or the MAS
 build of Electron.
 
 #### Legacy certificate names
@@ -208,7 +208,7 @@ signAsync({
 After signing the app with the "Apple Distribution" certificate, you can
 continue to submit it to Mac App Store.
 
-However, this guide do not ensure your app will be approved by Apple; you
+However, this guide does not ensure your app will be approved by Apple; you
 still need to read Apple's [Submitting Your App][submitting-your-app] guide on
 how to meet the Mac App Store requirements.
 

docs/tutorial/macos-dock.md

@@ -25,7 +25,7 @@ Electron application, and this property only exists on macOS.
 One of the main uses for your app's Dock icon is to expose additional app menus. The Dock menu is
 triggered by right-clicking or <kbd>Ctrl</kbd>-clicking the app icon. By default, the app's Dock menu
 will come with system-provided window management utilities, including the ability to show all windows,
-hide the app, and switch betweeen different open windows.
+hide the app, and switch between different open windows.
 
 To set an app-defined custom Dock menu, pass any [Menu](../api/menu.md) instance into the
 [`dock.setMenu`](../api/dock.md#docksetmenumenu-macos) API.

docs/tutorial/native-code-and-electron-cpp-linux.md

@@ -1339,7 +1339,7 @@ For developers wanting to learn more, you can refer to the [official N-API docum
 
 ### Putting `cpp_addon.cc` together
 
-We've now finished the bridge part our addon - that is, the code that's most concerned with being the bridge between your JavaScript and C++ code (and by contrast, less so actually interacting with the operating system or GTK). After adding all the sections above, your `src/cpp_addon.cc` should look like this:
+We've now finished the bridge part of our addon - that is, the code that's most concerned with being the bridge between your JavaScript and C++ code (and by contrast, less so actually interacting with the operating system or GTK). After adding all the sections above, your `src/cpp_addon.cc` should look like this:
 
 ```cpp title='src/cpp_addon.cc'
 #include <napi.h>

docs/tutorial/native-code-and-electron-cpp-win32.md

@@ -4,13 +4,13 @@ This tutorial builds on the [general introduction to Native Code and Electron](.
 
 Specifically, we'll be integrating with two commonly used native Windows libraries:
 
-* `comctl32.lib`, which contains common controls and user interface components. It provides various UI elements like buttons, scrollbars, toolbars, status bars, progress bars, and tree views. As far as GUI development on Windows goes, this library is very low-level and basic - more modern frameworks like WinUI or WPF are advanced and alternatives but require a lot more C++ and Windows version considerations than are useful for this tutorial. This way, we can avoid the many perils of building native interfaces for multiple Windows versions!
+* `comctl32.lib`, which contains common controls and user interface components. It provides various UI elements like buttons, scrollbars, toolbars, status bars, progress bars, and tree views. As far as GUI development on Windows goes, this library is very low-level and basic - more modern frameworks like WinUI or WPF are more advanced alternatives but require a lot more C++ and Windows version considerations than are useful for this tutorial. This way, we can avoid the many perils of building native interfaces for multiple Windows versions!
 * `shcore.lib`, a library that provides high-DPI awareness functionality and other Shell-related features around managing displays and UI elements.
 
 This tutorial will be most useful to those who already have some familiarity with native C++ GUI development on Windows. You should have experience with basic window classes and procedures, like `WNDCLASSEXW` and `WindowProc` functions. You should also be familiar with the Windows message loop, which is the heart of any native application - our code will be using `GetMessage`, `TranslateMessage`, and `DispatchMessage` to handle messages. Lastly, we'll be using (but not explaining) standard Win32 controls like `WC_EDITW` or `WC_BUTTONW`.
 
 > [!NOTE]
-> If you're not familiar with C++ GUI development on Windows, we recommend Microsoft's excellent documentation and guides, particular for beginners. "[Get Started with Win32 and C++](https://learn.microsoft.com/en-us/windows/win32/learnwin32/learn-to-program-for-windows)" is a great introduction.
+> If you're not familiar with C++ GUI development on Windows, we recommend Microsoft's excellent documentation and guides, particularly for beginners. "[Get Started with Win32 and C++](https://learn.microsoft.com/en-us/windows/win32/learnwin32/learn-to-program-for-windows)" is a great introduction.
 
 ## Requirements
 
@@ -1333,7 +1333,7 @@ npm run build
 
 ## Conclusion
 
-You've now built a complete native Node.js addon for Windows using C++ and the Win32 API. Some of things we've done here are:
+You've now built a complete native Node.js addon for Windows using C++ and the Win32 API. Some of the things we've done here are:
 
 1. Creating a native Windows GUI from C++
 2. Implementing a Todo list application with Add, Edit, and Delete functionality

docs/tutorial/native-code-and-electron-swift-macos.md

@@ -1167,7 +1167,7 @@ The approach demonstrated here allows you to:
 * Setting up bidirectional communication using callbacks and events
 * Configuring a custom build process to compile Swift code
 
-For more information on developing with Swift and Swift, refer to Apple's developer documentation:
+For more information on developing with Swift and SwiftUI, refer to Apple's developer documentation:
 
 * [Swift Programming Language](https://developer.apple.com/swift/)
 * [SwiftUI Framework](https://developer.apple.com/documentation/swiftui)

docs/tutorial/offscreen-rendering.md

@@ -36,8 +36,8 @@ setting.
     This is an advanced feature requiring a native node module to work with your own code.
     The frames are directly copied in GPU textures, thus this mode is very fast because
     there's no CPU-GPU memory copies overhead, and you can directly import the shared
-    texture to your own rendering program. You can read more details at
-    [here](https://github.com/electron/electron/blob/main/shell/browser/osr/README.md).
+    texture to your own rendering program. You can read more details
+    [here](../../shell/common/api/shared_texture/README.md).
 
 2. Use CPU shared memory bitmap
 

docs/tutorial/performance.md

@@ -60,7 +60,7 @@ at once, consider the [Chrome Tracing](https://www.chromium.org/developers/how-t
 ## Checklist: Performance recommendations
 
 Chances are that your app could be a little leaner, faster, and generally less
-resource-hungry if you avoid the following common pitfalls.
+resource-hungry if you attempt these steps.
 
 1. [Carelessly including modules](#1-carelessly-including-modules)
 2. [Loading and running code too soon](#2-loading-and-running-code-too-soon)
@@ -294,7 +294,7 @@ particularly useful if users complain about your app sometimes "stuttering".
 
 Generally speaking, all advice for building performant web apps for modern
 browsers apply to Electron's renderers, too. The two primary tools at your
-disposal  are currently `requestIdleCallback()` for small operations and
+disposal are currently `requestIdleCallback()` for small operations and
 `Web Workers` for long-running operations.
 
 _`requestIdleCallback()`_ allows developers to queue up a function to be
@@ -360,7 +360,7 @@ turning into a desktop application. As web developers, we are used to loading
 resources from a variety of content delivery networks. Now that you are
 shipping a proper desktop application, attempt to "cut the cord" where possible
 and avoid letting your users wait for resources that never change and could
-easily be included  in your app.
+easily be included in your app.
 
 A typical example is Google Fonts. Many developers make use of Google's
 impressive collection of free fonts, which comes with a content delivery

docs/tutorial/process-model.md

@@ -113,7 +113,7 @@ For a full list of Electron's main process modules, check out our API documentat
 
 Each Electron app spawns a separate renderer process for each open `BrowserWindow`
 (and each web embed). As its name implies, a renderer is responsible for
-_rendering_ web content. For all intents and purposes, code ran in renderer processes
+_rendering_ web content. For all intents and purposes, code run in renderer processes
 should behave according to web standards (insofar as Chromium does, at least).
 
 Therefore, all user interfaces and app functionality within a single browser

docs/tutorial/security.md

@@ -9,7 +9,7 @@ toc_max_heading_level: 3
 
 :::info Reporting security issues
 For information on how to properly disclose an Electron vulnerability,
-see [SECURITY.md](https://github.com/electron/electron/blob/main/SECURITY.md).
+see [SECURITY.md](../../SECURITY.md).
 
 For upstream Chromium vulnerabilities: Electron keeps up to date with alternating
 Chromium releases. For more information, see the
@@ -771,7 +771,7 @@ ipcMain.handle('get-secrets', (e) => {
 })
 
 function validateSender (frame) {
-  // Value the host of the URL using an actual URL parser and an allowlist
+  // Validate the host of the URL using an actual URL parser and an allowlist
   if ((new URL(frame.url)).host === 'electronjs.org') return true
   return false
 }

docs/tutorial/support.md

@@ -2,4 +2,4 @@
 
 * For information on supported releases, see the [Electron Releases](./electron-timelines.md) doc.
 * For community support on Electron, see the [Community page](https://www.electronjs.org/community).
-* For platform support info, see the [README](https://github.com/electron/electron/blob/main/README.md).
+* For platform support info, see the [README](../../README.md).