fix: show error code on linux moveToTrash failure

2026-04-10 03:01:51 -04:00 · 2026-02-10 10:58:05 +01:00
796 changed files with 8983 additions and 19480 deletions
--- a/.claude/skills/electron-chromium-upgrade/SKILL.md
+++ b/.claude/skills/electron-chromium-upgrade/SKILL.md
@@ -7,20 +7,19 @@ description: Guide for performing Chromium version upgrades in the Electron proj
 ## Summary
-Run `e sync --3` repeatedly, fixing patch conflicts as they arise, until it succeeds. Then export patches and commit changes atomically.
+Run `e sync --3` repeatedly, fixing patch conflicts as they arise, until it succeeds. Then run `e patches all` and commit changes atomically.
 ## Success Criteria
 Phase One is complete when:
 - `e sync --3` exits with code 0 (no patch failures)
- All changes are committed per the commit guidelines
+- `e patches all` has been run to export all changes
 - All changes are committed per the commit guidelines below
 Do not stop until these criteria are met.
 **CRITICAL** Do not delete or skip patches unless 100% certain the patch is no longer needed. Complicated conflicts or hard to resolve issues should be presented to the user after you have exhausted all other options. Do not delete the patch just because you can't solve it.
 **CRITICAL** Never use `git am --skip` and then manually recreate a patch by making a new commit. This destroys the original patch's authorship, commit message, and position in the series. If `git am --continue` reports "No changes", investigate why — the changes were likely absorbed by a prior conflict resolution's 3-way merge. Present this situation to the user rather than skipping and recreating.
 ## Context
 The `roller/chromium/main` branch is created by automation to update Electron's Chromium dependency SHA. No work has been done to handle breaking changes between the old and new versions.
@@ -31,18 +30,12 @@ The `roller/chromium/main` branch is created by automation to update Electron's
 - `patches/`: Patch files organized by target
 - `docs/development/patches.md`: Patch system documentation
 ## Pre-flight Checks
 Run these once at the start of each upgrade session:
 1. **Clear rerere cache** (if enabled): `git rerere clear` in both the electron and `..` repos. Stale recorded resolutions from a prior attempt can silently apply wrong merges.
 2. **Ensure pre-commit hooks are installed**: Check that `.git/hooks/pre-commit` exists. If not, run `yarn husky` to install it. The hook runs `lint-staged` which handles clang-format for C++ files.
 ## Workflow
-1. Run `e sync --3` (the `--3` flag enables 3-way merge, always required)
+1. Delete the `.git/rr-cache` in both the `electron` and `..` folder to ensure no accidental rerere replays occur from before this upgrade phase attempt started
-2. If succeeds → skip to step 5
+2. Run `e sync --3` (the `--3` flag enables 3-way merge, always required)
-3. If patch fails:
+3. If succeeds → skip to step 6
 4. If patch fails:
   - Identify target repo and patch from error output
   - Analyze failure (see references/patch-analysis.md)
   - Fix conflict in target repo's working directory
@@ -50,8 +43,10 @@ Run these once at the start of each upgrade session:
   - Repeat until all patches for that repo apply
   - IMPORTANT: Once `git am --continue` succeeds you MUST run `e patches {target}` to export fixes
   - Return to step 1
-4. When `e sync --3` succeeds, run `e patches all`
+5. When `e sync --3` succeeds, run `e patches all`
-5. **Read `references/phase-one-commit-guidelines.md` NOW**, then commit changes following those instructions exactly.
+6. **Read `references/phase-one-commit-guidelines.md` NOW**, then commit changes following those instructions exactly.
 Before committing any Phase One changes, you MUST read `references/phase-one-commit-guidelines.md` and follow its instructions exactly.
 ## Commands Reference
@@ -61,7 +56,6 @@ Run these once at the start of each upgrade session:
 | `git am --continue` | Continue after resolving conflict (run in target repo) |
 | `e patches {target}` | Export commits from target repo to patch files |
 | `e patches all` | Export all patches from all targets |
 | `e patches {target} --commit-updates` | Export patches and auto-commit trivial changes |
 | `e patches --list-targets` | List targets and config paths |
 ## Patch System Mental Model
@@ -86,22 +80,25 @@ Fix existing patches 99% of the time rather than creating new ones.
 1. **Preserve authorship**: Keep original author in TODO comments (from patch `From:` field)
 2. **Never change TODO assignees**: `TODO(name)` must retain original name
 3. **Update descriptions**: If upstream changed (e.g., `DCHECK` → `CHECK_IS_TEST`), update patch commit message to reflect current state
-4. **Never skip-and-recreate a patch**: If `git am --continue` says "No changes — did you forget to use 'git add'?", do NOT run `git am --skip` and create a replacement commit. The patch's changes were already absorbed by a prior 3-way merge resolution. This means an earlier conflict resolution pulled in too many changes. Present the situation to the user for guidance — the correct fix may require re-doing an earlier resolution more carefully to keep each patch's changes separate.
+
 ## Final Deliverable
 After Phase One, write a summary of every change: what was fixed, why, reasoning, and Chromium CL links.
 # Electron Chromium Upgrade: Phase Two
 ## Summary
-Run `e build -k 999 -- --quiet` repeatedly, fixing build issues as they arise, until it succeeds. Then run `e start --version` to validate Electron launches and commit changes atomically.
+Run `e build -k 999` repeatedly, fixing build issues as they arise, until it succeeds. Then run `e start --version` to validate Electron launches and commit changes atomically.
 Run Phase Two immediately after Phase One is complete.
 ## Success Criteria
 Phase Two is complete when:
- `e build -k 999 -- --quiet` exits with code 0 (no build failures)
+- `e build -k 999` exits with code 0 (no build failures)
 - `e start --version` has been run to check Electron launches
- All changes are committed per the commit guidelines
+- All changes are committed per the commit guidelines below
 Do not stop until these criteria are met. Do not delete code or features, never comment out code in order to take short cut. Make all existing code, logic and intention work.
@@ -115,7 +112,8 @@ The `roller/chromium/main` branch is created by automation to update Electron's
 ## Workflow
-1. Run `e build -k 999 -- --quiet` (the `--quiet` flag suppresses per-target status lines, showing only errors and the final result)
+1. Run `e build -k 999` (the `-k 999` flag is a flag to ninja to say "do not stop until you find that many errors" it is an attempt to get as much error
  context as possible for each time we run build)
 2. If succeeds → skip to step 6
 3. If build fails:
    - Identify underlying file in "electron" from the compilation error message
@@ -128,17 +126,27 @@ The `roller/chromium/main` branch is created by automation to update Electron's
 4. **CRITICAL**: After ANY commit (especially patch commits), immediately run `git status` in the electron repo
    - Look for other modified `.patch` files that only have index/hunk header changes
    - These are dependent patches affected by your fix
-    - Commit them immediately with: `git commit -am "chore: update patches (trivial only)"`
+    - Commit them immediately with: `git commit -am "chore: update patch hunk headers"`
    - This prevents losing track of necessary updates
 5. Return to step 1
 6. When `e build` succeeds, run `e start --version`
 7. Check if you have any pending changes in the Chromium repo by running `git status`
    - If you have changes follow the instructions below in "A. Patch Fixes" to correctly commit those modifications into the appropriate patch file
 Before committing any Phase Two changes, you MUST read `references/phase-two-commit-guidelines.md` and follow its instructions exactly.
 ## Build Error Detection
 When monitoring `e build -k 999` output, filter for errors using this regex pattern:
 error:|FAILED:|fatal:|subcommand failed|build finished
 The build output is extremely verbose. Filtering is essential to catch errors quickly.
 ## Commands Reference
 | Command | Purpose |
 |---------|---------|
-| `e build -k 999 -- --quiet` | Build Electron, continue on errors, suppress status lines |
+| `e build -k 999` | Builds Electron and won't stop until either all targets attempted or 999 errors found |
 | `e build -t {target}.o` | Build just one specific target to verify a fix |
 | `e start --version` | Validate Electron launches after successful build |
@@ -155,21 +163,28 @@ When the error is in a file that Electron patches (check with `grep -l "filename
    git add <modified-file>
    git commit --fixup=<original-patch-commit-hash>
    GIT_SEQUENCE_EDITOR=: git rebase --autosquash --autostash -i <commit>^
-    ```
+3. Export the updated patch: e patches chromium
-3. Export the updated patch: `e patches chromium`
+4. Commit the updated patch file in the electron repo following the `references/phase-one-commit-guidelines.md`, then commit changes following those instructions exactly. **READ THESE GUIDELINES BEFORE COMMITTING THESE CHANGES**
 4. Commit the updated patch file following `references/phase-one-commit-guidelines.md`.
 To find the original patch commit to fixup: `git log --oneline | grep -i "keyword from patch name"`
 The base commit for rebase is the Chromium commit before patches were applied. Find it by checking the `refs/patches/upstream-head` ref.
-### B. Electron Code Fixes (for files in shell/, electron/, etc.)
+B. Electron Code Fixes (for files in shell/, electron/, etc.)
 When the error is in Electron's own source code:
 1. Edit files directly in the electron repo
 2. Commit directly (no patch export needed)
 Dependent Patch Updates
 IMPORTANT: When you modify a patch, other patches that apply to the same file may have their hunk headers invalidated. After committing a patch fix:
 1. Run git status in the electron repo
 2. Look for other modified .patch files with just index/hunk header changes
 3. Commit these with: git commit -m "chore: update patch hunk headers"
 # Critical: Read Before Committing
 - Before ANY Phase One commits: Read `references/phase-one-commit-guidelines.md`
@@ -181,4 +196,4 @@ This skill has additional reference files in `references/`:
 - phase-one-commit-guidelines.md - Commit format for Phase One
 - phase-two-commit-guidelines.md - Commit format for Phase Two
-Read these when referenced in the workflow steps.
+Read these when referenced in the workflow steps.
--- a/.claude/skills/electron-chromium-upgrade/references/patch-analysis.md
+++ b/.claude/skills/electron-chromium-upgrade/references/patch-analysis.md
@@ -17,56 +17,6 @@
   Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/{CL_NUMBER}
   ```
 ## Critical: Resolve by Intent, Not by Mechanical Merge
 When resolving a patch conflict, do NOT blindly preserve the patch's old code. Instead:
 1. **Understand the upstream CL's full scope** — not just the conflicting hunk.
   Run `git show <commit> --stat` and read diffs for all affected files.
   Upstream may have removed structs, members, or methods that the patch
   references in other hunks or files.
 2. **Re-read the patch commit message** to understand its *intent* — what
   behavior does it need to preserve or add?
 3. **Implement the intent against the new upstream code.** If the patch's
   purpose is "add a feature flag guard", add only the guard — don't also
   restore old code inside the guard that upstream separately removed.
 ### Lesson: Upstream Removals Break Patch References
 - **Trigger:** Patch conflict involves an upstream refactor (not just context drift)
 - **Strategy:** After identifying the upstream CL, check its full diff for
  removed types, members, and methods. If the patch's old code references
  something removed, the resolution must use the new upstream mechanism.
 - **Evidence:** An upstream CL removed a `HeadlessModeWindow` struct from a
  header, but the conflict was only in a `.mm` file. Mechanically keeping the
  patch's old line (`headless_mode_window_ = ...`) produced code referencing
  a nonexistent type — caught only on review, not at patch-apply time.
 ### Lesson: Separate Patch Purpose from Patch Implementation
 - **Trigger:** Conflict between "upstream simplified code" vs "patch has older code"
 - **Strategy:** Identify the *minimal* change the patch needs. If the patch
  wraps code in a conditional, only add the conditional — don't restore old
  code that was inside the conditional but was separately cleaned up upstream.
 - **Evidence:** An occlusion patch needed only a feature flag check, but the
  old patch also contained a version check that upstream intentionally removed.
  Mechanically preserving the old patch code re-added the removed check.
 ### Lesson: Finish the Adaptation at Conflict Time
 - **Trigger:** A patch conflict involves an upstream API removal or replacement
 - **Strategy:** When resolving the conflict, fully adapt the patch to use the
  new API in the same commit. Don't remove the old code and leave behind stale
  references that will "be fixed in Phase Two." Each patch fix commit should be
  a complete resolution.
 - **Evidence:** A safestorage patch conflicted because Chromium removed Keychain V1.
  The conflict was resolved by removing V1 hunks, but the remaining code still
  called V1 methods (`FindGenericPassword` with 3 args, `ItemDelete` with
  `SecKeychainItemRef`). These should have been adapted to V2 APIs in the same
  commit, not deferred.
 ## Common Failure Patterns
 | Pattern | Cause | Solution |
--- a/.claude/skills/electron-chromium-upgrade/references/phase-one-commit-guidelines.md
+++ b/.claude/skills/electron-chromium-upgrade/references/phase-one-commit-guidelines.md
@@ -4,65 +4,19 @@ Only follow these instructions if there are uncommitted changes to `patches/` af
 Ignore other instructions about making commit messages, our guidelines are CRITICALLY IMPORTANT and must be followed.
 ## Each Commit Must Be Complete
 When resolving a patch conflict, fully adapt the patch to the new upstream code in the same commit. If the upstream change removes an API the patch uses, update the patch to use the replacement API now — don't leave stale references knowing they'll need fixing later. The goal is that each commit represents a finished resolution, not a partial one that defers known work to a future phase.
 ## Commit Message Style
 **Titles** follow the 60/80-character guideline: simple changes fit within 60 characters, otherwise the limit is 80 characters.
 Always include a `Co-Authored-By` trailer identifying the AI model that assisted (e.g., `Co-Authored-By: <AI model attribution>`).
 ### Patch conflict fixes
 Use `fix(patch):` prefix. The title should name the upstream change, not your response to it:
 ```
 fix(patch): {topic headline}
 Ref: {Chromium CL link}
 Co-Authored-By: <AI model attribution>
 ```
 Only add a description body if it provides clarity beyond the title. For straightforward context drift or simple API renames, the title + Ref is sufficient.
 Examples:
 - `fix(patch): constant moved to header`
 - `fix(patch): headless mode refactor upstream`
 - `fix(patch): V1 Keychain removal`
 ### Upstreamed patch removal
 When patches are no longer needed (applied cleanly with "already applied" or confirmed upstreamed), group ALL removals into a single commit:
 ```
 chore: remove upstreamed patch
 ```
 or (if multiple):
 ```
 chore: remove upstreamed patches
 ```
 If the patch file did NOT contain a `Reviewed-on: https://chromium-review.googlesource.com/c/chromium/...` link, add a `Ref:` in the commit. If it did (i.e. cherry-picks), no `Ref:` is needed.
 ### Trivial patch updates
 After all fix commits, stage remaining trivial changes (index, line numbers, context only):
 ```bash
 git add patches
 git commit -m "chore: update patches (trivial only)"
 ```
 **Conflict resolution can produce trivial results.** A `git am` conflict doesn't always mean the patch content changed — context drift alone can cause a conflict. After resolving and exporting, inspect the patch diff: if only index hashes, line numbers, and context lines changed (not the patch's own `+`/`-` lines), it's trivial and belongs here, not in a `fix(patch):` commit.
 ## Atomic Commits
-Each patch conflict fix gets its own commit with its own Ref.
+For each fix made to a patch, create a separate commit:
 ```
 fix(patch-conflict): {concise title}
 {Brief explanation, 1-2 paragraphs max}
 Ref: {Chromium CL link}
 ```
 IMPORTANT: Ensure that any changes made to patch content as a result of a change in Chromium is committed individually. Each change should have it's own commit message and it's own REF.
 IMPORTANT: Try really hard to find the CL reference per the instructions below. Each change you made should in theory have been in response to a change made in Chromium that you identified or can identify. Try for a while to identify and include the ref in the commit message. Do not give up easily.
@@ -76,27 +30,23 @@ Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/XXXXXXX
 If no CL found after searching: `Ref: Unable to locate CL`
-## Example Commits
+## Final Cleanup
-### Patch conflict fix (simple — title is sufficient)
+After all fix commits, stage remaining changes:
-```
+```bash
-fix(patch): constant moved to header
+git add patches
-
+git commit -m "chore: update patch hunk headers"
 Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7536483
 Co-Authored-By: <AI model attribution>
 ```
-### Patch conflict fix (complex — description adds value)
+## Example Commit
 ```
-fix(patch): V1 Keychain removal
+fix(patch-conflict): update web_contents_impl.cc context for navigation refactor
-Upstream deleted the V1 Keychain API. Removed V1 hunks and adapted
+The upstream navigation code was refactored to use NavigationRequest directly
-keychain_password_mac.mm to use KeychainV2 APIs.
+instead of going through NavigationController. Updated surrounding context
 to match new code structure.
-Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7540447
+Ref: https://chromium-review.googlesource.com/c/chromium/src/+/1234567
-
+```
 Co-Authored-By: <AI model attribution>
 ```
--- a/.claude/skills/electron-chromium-upgrade/references/phase-two-commit-guidelines.md
+++ b/.claude/skills/electron-chromium-upgrade/references/phase-two-commit-guidelines.md
@@ -4,37 +4,41 @@ Only follow these instructions if there are uncommitted changes in the Electron
 Ignore other instructions about making commit messages, our guidelines are CRITICALLY IMPORTANT and must be followed.
 ## Commit Message Style
 **Titles** follow the 60/80-character guideline: simple changes fit within 60 characters, otherwise the limit is 80 characters. Exception: upstream Chromium CL titles are used verbatim even if longer.
 Always include a `Co-Authored-By` trailer identifying the AI model that assisted (e.g., `Co-Authored-By: <AI model attribution>`).
 ## Two Commit Types
 ### For Electron Source Changes (shell/, electron/, etc.)
 ```
-{CL-Number}: {upstream CL's original title}
+{CL-Number}: {concise description of API change}
 {Brief explanation of what upstream changed and how Electron was adapted}
 Ref: {Chromium CL link}
 Co-Authored-By: <AI model attribution>
 ```
-Use the **upstream CL's original commit title** — do not paraphrase or rewrite it. To find it: `git log -1 --format=%s <chromium-commit-hash>`.
+IMPORTANT: Ensure that any change made to electron as a result of a change in Chromium is committed individually. Each change should have it's own commit message and it's own REF. Logically grouped into commits that make sense rather than one giant commit.
-Only add a description body if it provides clarity beyond what the title already says (e.g., when Electron's adaptation is non-obvious). For simple renames, method additions, or straightforward API updates, the title + Ref link is sufficient.
+IMPORTANT: Try really hard to find the CL reference per the instructions below. Each change you made should in theory have been in response to a change made in Chromium that you identified or can identify. Try for a while to identify and include the ref in the commit message. Do not give up easily.
-Each change should have its own commit and its own Ref. Logically group into commits that make sense rather than one giant commit. You may include multiple "Ref" links if required.
+You may include multiple "Ref" links if required.
-For a CL link in the format `https://chromium-review.googlesource.com/c/chromium/src/+/2958369` the "CL-Number" is `2958369`.
+For a CL link in the format `https://chromium-review.googlesource.com/c/chromium/src/+/2958369` the "CL-Number" is `2958369`
 IMPORTANT: Try really hard to find the CL reference. Each change you made should in theory have been in response to a change in Chromium. Do not give up easily.
 ### For Patch Updates (patches/chromium/*.patch)
-Use the same fixup workflow as Phase One and follow `references/phase-one-commit-guidelines.md` for the commit message format (`fix(patch):` prefix, topic style).
+Use the same fixup workflow as Phase One:
 1. Fix in Chromium source tree
 2. Fixup commit + rebase
 3. Export with `e patches chromium`
 4. Commit the patch file:
 ```
 fix(patch-update): {concise description}
 {Brief explanation}
 Ref: {Chromium CL link}
 ```
 ## Dependent Patch Header Updates
@@ -42,43 +46,37 @@ After any patch modification, check for other affected patches:
 ```bash
 git status
-# If other .patch files show as modified with only index, line number, and context changes:
+# If other .patch files show as modified with only hunk header changes:
 git add patches/
-git commit -m "chore: update patches (trivial only)"
+git commit -m "chore: update patch hunk headers"
 ```
 ## Finding CL References
 Use git log or git blame on Chromium source files. Look for:
 ```
 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/XXXXXXX
 ```
-If no CL found after searching: `Ref: Unable to locate CL`
+If no CL found after searching: Ref: Unable to locate CL
 ## Example Commits
-### Electron Source Fix (simple — title is self-explanatory)
+### Electron Source Fix
-```
+fix: update GetPlugins to GetPluginsAsync for API change
 7535923: Rename ozone buildflags
-Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7535923
+The upstream Chromium API changed:
 - Old: GetPlugins(callback) - took a callback
 - New: GetPluginsAsync(callback) - async version takes a callback
-Co-Authored-By: <AI model attribution>
+Ref: https://chromium-review.googlesource.com/c/chromium/src/+/1234567
 ```
-### Electron Source Fix (complex — description adds value)
+### Patch Fix
-```
+fix(patch-conflict): update picture-in-picture for gesture handling refactor
 7534194: Convert some functions in ui::Clipboard to async
-Adapted ExtractCustomPlatformNames calls to use RunLoop pattern
+Upstream added new gesture handling code that accesses live caption dialog.
-consistent with existing ReadImage implementation, since upstream
+The live caption functionality is disabled in Electron's patch, so wrapped
-converted the API from synchronous return to callback-based.
+the new code in #if 0 guards to match existing pattern.
-Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7534194
+Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7654321
 Co-Authored-By: <AI model attribution>
 ```
--- a/.devcontainer/docker-compose.yml
+++ b/.devcontainer/docker-compose.yml
@@ -2,7 +2,7 @@ version: '3'
 services:
  buildtools:
-    image: ghcr.io/electron/devcontainer:eac3529546ea8f3aa356d31e345715eef342233b
+    image: ghcr.io/electron/devcontainer:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
    volumes:
      - ..:/workspaces/gclient/src/electron:cached
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -19,7 +19,6 @@ DEPS                                    @electron/wg-upgrades
 /lib/renderer/security-warnings.ts      @electron/wg-security
 # Infra WG
 /.claude/                               @electron/wg-infra
 /.github/actions/                       @electron/wg-infra
 /.github/workflows/*-publish.yml        @electron/wg-infra
 /.github/workflows/build.yml            @electron/wg-infra
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -5,8 +5,6 @@ Thank you for your Pull Request. Please provide a description above and review
 the requirements below.
 Contributors guide: https://github.com/electron/electron/blob/main/CONTRIBUTING.md
 NOTE: PRS submitted without this template will be automatically closed.
 -->
 #### Checklist
--- a/.github/actions/build-electron/action.yml
+++ b/.github/actions/build-electron/action.yml
@@ -47,16 +47,6 @@ runs:
    - name: Add Clang problem matcher
      shell: bash
      run: echo "::add-matcher::src/electron/.github/problem-matchers/clang.json"
    - name: Download previous object checksums
      shell: bash
      if: ${{ (github.event_name == 'push' || github.event_name == 'pull_request') && inputs.is-asan != 'true' }}
      env:
        GITHUB_TOKEN: ${{ github.token }}
        ARTIFACT_NAME: object-checksums.${{ inputs.artifact-platform }}_${{ inputs.target-arch }}.json
        SEARCH_BRANCH: ${{ case(github.event_name == 'push', github.ref_name, github.event.pull_request.base.ref) }}
        REPO: ${{ github.repository }}
        OUTPUT_PATH: src/previous-object-checksums.json
      run: node src/electron/.github/actions/build-electron/download-previous-object-checksums.mjs
    - name: Build Electron ${{ inputs.step-suffix }}
      if: ${{ inputs.target-platform != 'win' }}
      shell: bash
@@ -82,17 +72,12 @@ runs:
        cp out/Default/.ninja_log out/electron_ninja_log
        node electron/script/check-symlinks.js
-        # Build stats and object checksums
+        # Upload build stats to Datadog
-        BUILD_STATS_ARGS="out/Default/siso.INFO --out-dir out/Default --output-object-checksums object-checksums.${{ inputs.artifact-platform }}_${{ inputs.target-arch }}.json"
+        if ! [ -z $DD_API_KEY ]; then
-        if [ -f previous-object-checksums.json ]; then
+          npx node electron/script/build-stats.mjs out/Default/siso.INFO --upload-stats || true          
          BUILD_STATS_ARGS="$BUILD_STATS_ARGS --input-object-checksums previous-object-checksums.json"
        fi
        if ! [ -z "$DD_API_KEY" ]; then
          BUILD_STATS_ARGS="$BUILD_STATS_ARGS --upload-stats"
        else
          echo "Skipping build-stats.mjs upload because DD_API_KEY is not set"
        fi
        node electron/script/build-stats.mjs $BUILD_STATS_ARGS || true
    - name: Build Electron (Windows) ${{ inputs.step-suffix }}
      if: ${{ inputs.target-platform == 'win' }}
      shell: powershell
@@ -110,21 +95,16 @@ runs:
        Copy-Item out\Default\.ninja_log out\electron_ninja_log
        node electron\script\check-symlinks.js
-        # Build stats and object checksums
+        # Upload build stats to Datadog
        $statsArgs = @("out\Default\siso.exe.INFO", "--out-dir", "out\Default", "--output-object-checksums", "object-checksums.${{ inputs.artifact-platform }}_${{ inputs.target-arch }}.json")
        if (Test-Path previous-object-checksums.json) {
          $statsArgs += @("--input-object-checksums", "previous-object-checksums.json")
        }
        if ($env:DD_API_KEY) {
-          $statsArgs += "--upload-stats"
+          try {
            npx node electron\script\build-stats.mjs out\Default\siso.exe.INFO --upload-stats
          } catch {
            Write-Host "Build stats upload failed, continuing..."
          }
        } else {
          Write-Host "Skipping build-stats.mjs upload because DD_API_KEY is not set"
        }
        try {
          & node electron\script\build-stats.mjs @statsArgs ; $LASTEXITCODE = 0
        } catch {
          Write-Host "Build stats failed, continuing..."
        }
    - name: Verify dist.zip ${{ inputs.step-suffix }}
      shell: bash
      run: |
@@ -148,9 +128,6 @@ runs:
        fi
        sed $SEDOPTION '/.*builtins-pgo/d' out/Default/mksnapshot_args
        sed $SEDOPTION '/--turbo-profiling-input/d' out/Default/mksnapshot_args
        sed $SEDOPTION '/--reorder-builtins/d' out/Default/mksnapshot_args
        sed $SEDOPTION '/--warn-about-builtin-profile-data/d' out/Default/mksnapshot_args
        sed $SEDOPTION '/--abort-on-bad-builtin-profile-data/d' out/Default/mksnapshot_args
        if [ "${{ inputs.target-platform }}" = "win" ]; then
          cd out/Default
@@ -297,25 +274,18 @@ runs:
      run: ./src/electron/script/actions/move-artifacts.sh
    - name: Upload Generated Artifacts ${{ inputs.step-suffix }}
      if: always() && !cancelled()
-      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f #v7.0.0
+      uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
      with:
        name: generated_artifacts_${{ env.ARTIFACT_KEY }}
        path: ./generated_artifacts_${{ inputs.artifact-platform }}_${{ inputs.target-arch }}
    - name: Upload Src Artifacts ${{ inputs.step-suffix }}
-      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f #v7.0.0
+      uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
      with:
        name: src_artifacts_${{ env.ARTIFACT_KEY }}
        path: ./src_artifacts_${{ inputs.artifact-platform }}_${{ inputs.target-arch }}
    - name: Upload Out Gen Artifacts ${{ inputs.step-suffix }}
      if: ${{ inputs.upload-out-gen-artifacts == 'true' }}
-      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f #v7.0.0
+      uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
      with:
        name: out_gen_artifacts_${{ env.ARTIFACT_KEY }}
        path: ./src/out/Default/gen
    - name: Upload Object Checksums ${{ inputs.step-suffix }}
      if: ${{ always() && !cancelled() && inputs.is-asan != 'true' }}
      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
      with:
        name: object_checksums_${{ inputs.artifact-platform }}_${{ inputs.target-arch }}
        path: ./src/object-checksums.${{ inputs.artifact-platform }}_${{ inputs.target-arch }}.json
        archive: false
--- a/.github/actions/build-electron/download-previous-object-checksums.mjs
+++ b/.github/actions/build-electron/download-previous-object-checksums.mjs
@@ -1,82 +0,0 @@
 import { Octokit } from '@octokit/rest';
 import { writeFileSync } from 'node:fs';
 const token = process.env.GITHUB_TOKEN;
 const repo = process.env.REPO;
 const artifactName = process.env.ARTIFACT_NAME;
 const branch = process.env.SEARCH_BRANCH;
 const outputPath = process.env.OUTPUT_PATH;
 const required = { GITHUB_TOKEN: token, REPO: repo, ARTIFACT_NAME: artifactName, SEARCH_BRANCH: branch, OUTPUT_PATH: outputPath };
 const missing = Object.entries(required).filter(([, v]) => !v).map(([k]) => k);
 if (missing.length > 0) {
  console.error(`Missing required environment variables: ${missing.join(', ')}`);
  process.exit(1);
 }
 const [owner, repoName] = repo.split('/');
 const octokit = new Octokit({ auth: token });
 async function main () {
  console.log(`Searching for artifact '${artifactName}' on branch '${branch}'...`);
  // Resolve the "Build" workflow name to an ID, mirroring how `gh run list --workflow` works
  // under the hood (it uses /repos/{owner}/{repo}/actions/workflows/{id}/runs).
  const { data: workflows } = await octokit.actions.listRepoWorkflows({ owner, repo: repoName });
  const buildWorkflow = workflows.workflows.find((w) => w.name === 'Build');
  if (!buildWorkflow) {
    console.log('Could not find "Build" workflow, continuing without previous checksums');
    return;
  }
  const { data: runs } = await octokit.actions.listWorkflowRuns({
    owner,
    repo: repoName,
    workflow_id: buildWorkflow.id,
    branch,
    status: 'completed',
    event: 'push',
    per_page: 20,
    exclude_pull_requests: true
  });
  for (const run of runs.workflow_runs) {
    const { data: artifacts } = await octokit.actions.listWorkflowRunArtifacts({
      owner,
      repo: repoName,
      run_id: run.id,
      name: artifactName
    });
    if (artifacts.artifacts.length > 0) {
      const artifact = artifacts.artifacts[0];
      console.log(`Found artifact in run ${run.id} (artifact ID: ${artifact.id}), downloading...`);
      // Non-archived artifacts are still downloaded from the /zip endpoint
      const response = await octokit.actions.downloadArtifact({
        owner,
        repo: repoName,
        artifact_id: artifact.id,
        archive_format: 'zip'
      });
      if (response.headers['content-type'] !== 'application/json') {
        console.error(`Unexpected content type for artifact download: ${response.headers['content-type']}`);
        console.error('Expected application/json, continuing without previous checksums');
        return;
      }
      writeFileSync(outputPath, JSON.stringify(response.data));
      console.log('Downloaded previous object checksums successfully');
      return;
    }
  }
  console.log(`No previous object checksums found in last ${runs.workflow_runs.length} runs, continuing without them`);
 }
 main().catch((err) => {
  console.error('Failed to download previous object checksums, continuing without them:', err.message);
  process.exit(0);
 });
--- a/.github/actions/checkout/action.yml
+++ b/.github/actions/checkout/action.yml
@@ -43,7 +43,7 @@ runs:
      curl --unix-socket /var/run/sas/sas.sock --fail "http://foo/$CACHE_FILE?platform=${{ inputs.target-platform }}&getAccountName=true" > sas-token
  - name: Save SAS Key
    if: ${{ inputs.generate-sas-token == 'true' }}
-    uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
+    uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
    with:
      path: sas-token
      key: sas-key-${{ inputs.target-platform }}-${{ github.run_number }}-${{ github.run_attempt }}
--- a/.github/actions/cipd-install/action.yml
+++ b/.github/actions/cipd-install/action.yml
@@ -22,50 +22,30 @@ runs:
  steps:
    - name: Delete wrong ${{ inputs.dependency }}
      shell: bash
      env:
        CIPD_ROOT_PREFIX: ${{ inputs.cipd-root-prefix-path }}
        INSTALLATION_DIR: ${{ inputs.installation-dir }}
      run : |
-        rm -rf "${CIPD_ROOT_PREFIX}${INSTALLATION_DIR}"
+        rm -rf ${{ inputs.cipd-root-prefix-path }}${{ inputs.installation-dir }}
    - name: Create ensure file for ${{ inputs.dependency }}
      if: ${{ inputs.dependency-version == '' }}
      shell: bash
      env:
        PACKAGE: ${{ inputs.package }}
        DEPS_FILE: ${{ inputs.deps-file }}
        INSTALLATION_DIR: ${{ inputs.installation-dir }}
        DEPENDENCY: ${{ inputs.dependency }}
      run: |
-        echo "$PACKAGE" $(e d gclient getdep --deps-file="$DEPS_FILE" -r "${INSTALLATION_DIR}:${PACKAGE}") > "${DEPENDENCY}_ensure_file"
+        echo '${{ inputs.package }}' `e d gclient getdep --deps-file=${{ inputs.deps-file }} -r '${{ inputs.installation-dir }}:${{ inputs.package }}'` > ${{ inputs.dependency }}_ensure_file
-        cat "${DEPENDENCY}_ensure_file"
+        cat ${{ inputs.dependency }}_ensure_file
    - name: Create ensure file for ${{ inputs.dependency }} from dependency-version
      if: ${{ inputs.dependency-version != '' }}
      shell: bash
      env:
        PACKAGE: ${{ inputs.package }}
        DEPENDENCY_VERSION: ${{ inputs.dependency-version }}
        DEPENDENCY: ${{ inputs.dependency }}
      run: |
-        echo "$PACKAGE $DEPENDENCY_VERSION" > "${DEPENDENCY}_ensure_file"
+        echo '${{ inputs.package }} ${{ inputs.dependency-version }}'  > ${{ inputs.dependency }}_ensure_file
-        cat "${DEPENDENCY}_ensure_file"
+        cat ${{ inputs.dependency }}_ensure_file
    - name: CIPD installation of ${{ inputs.dependency }} (macOS)
      if: ${{ inputs.target-platform != 'win' }}
      shell: bash
      env:
        CIPD_ROOT_PREFIX: ${{ inputs.cipd-root-prefix-path }}
        INSTALLATION_DIR: ${{ inputs.installation-dir }}
        DEPENDENCY: ${{ inputs.dependency }}
      run: |
-        echo "ensuring $DEPENDENCY"
+        echo "ensuring ${{ inputs.dependency }}"
-        e d cipd ensure --root "${CIPD_ROOT_PREFIX}${INSTALLATION_DIR}" -ensure-file "${DEPENDENCY}_ensure_file"
+        e d cipd ensure --root ${{ inputs.cipd-root-prefix-path }}${{ inputs.installation-dir }} -ensure-file ${{ inputs.dependency }}_ensure_file
    - name: CIPD installation of ${{ inputs.dependency }} (Windows)
      if: ${{ inputs.target-platform == 'win' }}
      shell: powershell
      env:
        CIPD_ROOT_PREFIX: ${{ inputs.cipd-root-prefix-path }}
        INSTALLATION_DIR: ${{ inputs.installation-dir }}
        DEPENDENCY: ${{ inputs.dependency }}
      run: |
-        echo "ensuring $env:DEPENDENCY on Windows"
+        echo "ensuring ${{ inputs.dependency }} on Windows"
-        e d cipd ensure --root "$env:CIPD_ROOT_PREFIX$env:INSTALLATION_DIR" -ensure-file "$($env:DEPENDENCY)_ensure_file"
+        e d cipd ensure --root ${{ inputs.cipd-root-prefix-path }}${{ inputs.installation-dir }} -ensure-file ${{ inputs.dependency }}_ensure_file
--- a/.github/actions/install-build-tools/action.yml
+++ b/.github/actions/install-build-tools/action.yml
@@ -15,7 +15,7 @@ runs:
        git config --global core.preloadindex true
        git config --global core.longpaths true
      fi
-      export BUILD_TOOLS_SHA=a0cc95a1884a631559bcca0c948465b725d9295a
+      export BUILD_TOOLS_SHA=4430e4a505e0f4fa2a41b707a10a36f780bbdd26
      npm i -g @electron/build-tools
      # Update depot_tools to ensure python
      e d update_depot_tools
--- a/.github/actions/install-dependencies/action.yml
+++ b/.github/actions/install-dependencies/action.yml
@@ -7,7 +7,7 @@ runs:
    shell: bash
    id: yarn-cache-dir-path
    run: echo "dir=$(node src/electron/script/yarn.js config get cacheFolder)" >> $GITHUB_OUTPUT
-  - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
+  - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
    id: yarn-cache
    with:
      path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
--- a/.github/actions/restore-cache-azcopy/action.yml
+++ b/.github/actions/restore-cache-azcopy/action.yml
@@ -8,14 +8,14 @@ runs:
  steps:
  - name: Obtain SAS Key
    continue-on-error: true
-    uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
+    uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
    with:
      path: sas-token
      key: sas-key-${{ inputs.target-platform }}-${{ github.run_number }}-1
      enableCrossOsArchive: true
  - name: Obtain SAS Key
    continue-on-error: true
-    uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
+    uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
    with:
      path: sas-token
      key: sas-key-${{ inputs.target-platform }}-${{ github.run_number }}-${{ github.run_attempt }}
@@ -24,7 +24,7 @@ runs:
    # The cache will always exist here as a result of the checkout job
    # Either it was uploaded to Azure in the checkout job for this commit
    # or it was uploaded in the checkout job for a previous commit.
-    uses: nick-fields/retry@ad984534de44a9489a53aefd81eb77f87c70dc60 # v4.0.0
+    uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
    with:
      timeout_minutes: 30
      max_attempts: 3
@@ -101,7 +101,7 @@ runs:
  - name: Move Src Cache (Windows)
    if: ${{ inputs.target-platform == 'win' }}
-    uses: nick-fields/retry@ad984534de44a9489a53aefd81eb77f87c70dc60 # v4.0.0
+    uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
    with:
      timeout_minutes: 30
      max_attempts: 3
--- a/.github/actions/set-chromium-cookie/action.yml
+++ b/.github/actions/set-chromium-cookie/action.yml
@@ -7,7 +7,7 @@ runs:
    if: ${{ runner.os != 'Windows' }}
    shell: bash
    run: |
-      if [[ -z "$CHROMIUM_GIT_COOKIE" ]]; then
+      if [[ -z "${{ env.CHROMIUM_GIT_COOKIE }}" ]]; then
        echo "CHROMIUM_GIT_COOKIE is not set - cannot authenticate."
        exit 0
      fi
@@ -18,7 +18,9 @@ runs:
      git config --global http.cookiefile ~/.gitcookies
-      echo "$CHROMIUM_GIT_COOKIE" | tr , \\t >>~/.gitcookies
+      tr , \\t <<\__END__ >>~/.gitcookies
      ${{ env.CHROMIUM_GIT_COOKIE }}
      __END__
      eval 'set -o history' 2>/dev/null || unsetopt HIST_IGNORE_SPACE 2>/dev/null
      RESPONSE=$(curl -s -b ~/.gitcookies https://chromium-review.googlesource.com/a/accounts/self)
@@ -40,7 +42,7 @@ runs:
      )
      git config --global http.cookiefile "%USERPROFILE%\.gitcookies"
-      powershell -noprofile -nologo -command Write-Output $env:CHROMIUM_GIT_COOKIE_WINDOWS_STRING >>"%USERPROFILE%\.gitcookies"
+      powershell -noprofile -nologo -command Write-Output "${{ env.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }}" >>"%USERPROFILE%\.gitcookies"
      curl -s -b "%USERPROFILE%\.gitcookies" https://chromium-review.googlesource.com/a/accounts/self > response.txt
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -1,122 +0,0 @@
 # Copilot Instructions for Electron
 ## Build System
 Electron uses `@electron/build-tools` (`e` CLI). Install with `npm i -g @electron/build-tools`.
 ```bash
 e sync              # Fetch sources and apply patches
 e build             # Build Electron (GN + Ninja)
 e build -k 999      # Build, continuing through errors
 e start             # Run built Electron
 e start --version   # Verify Electron launches
 e test              # Run full test suite
 e debug             # Run in debugger (lldb on macOS, gdb on Linux)
 ```
 ### Linting
 ```bash
 npm run lint              # Run all linters (JS, C++, Python, GN, docs)
 npm run lint:js           # JavaScript/TypeScript only
 npm run lint:clang-format # C++ formatting only
 npm run lint:cpp          # C++ linting only
 npm run lint:docs         # Documentation only
 ```
 ### Running a Single Test
 ```bash
 npm run test -- -g "pattern"   # Run tests matching a regex pattern
 # Example: npm run test -- -g "ipc"
 ```
 ### Running a Single Node.js Test
 ```bash
 node script/node-spec-runner.js parallel/test-crypto-keygen
 ```
 ## Architecture
 Electron embeds Chromium (rendering) and Node.js (backend) to enable desktop apps with web technologies. The parent directory (`../`) is the Chromium source tree.
 ### Process Model
 Electron has two primary process types, mirroring Chromium:
 - **Main process** (`shell/browser/` + `lib/browser/`): Controls app lifecycle, creates windows, system APIs
 - **Renderer process** (`shell/renderer/` + `lib/renderer/`): Runs web content in BrowserWindows
 ### Native ↔ JavaScript Bridge
 Each API is implemented as a C++/JS pair:
 - C++ side: `shell/browser/api/electron_api_{name}.cc/.h` — uses `gin::Wrappable` and `ObjectTemplateBuilder`
 - JS side: `lib/browser/api/{name}.ts` — exports the module, registered in `lib/browser/api/module-list.ts`
 - Binding: `NODE_LINKED_BINDING_CONTEXT_AWARE(electron_browser_{name}, Initialize)` in C++ and registered in `shell/common/node_bindings.cc`
 - Type declaration: `typings/internal-ambient.d.ts` maps `process._linkedBinding('electron_browser_{name}')`
 ### Patches System
 Electron patches upstream dependencies (Chromium, Node.js, V8, etc.) rather than forking them. Patches live in `patches/` organized by target, with `patches/config.json` mapping directories to repos.
 ```text
 patches/{target}/*.patch  →  [e sync]   →  target repo commits
                          ←  [e patches] ←
 ```
 Key rules:
 - Fix existing patches rather than creating new ones
 - Preserve original authorship in TODO comments — never change `TODO(name)` assignees
 - Each patch commit message must explain why the patch exists
 - After modifying patches, run `e patches {target}` to export
 When working on the `roller/chromium/main` branch for Chromium upgrades, use `e sync --3` for 3-way merge conflict resolution.
 ## Conventions
 ### File Naming
 - JS/TS files: kebab-case (`file-name.ts`)
 - C++ files: snake_case with `electron_api_` prefix (`electron_api_safe_storage.cc`)
 - Test files: `api-{module-name}-spec.ts` in `spec/`
 - Source file lists are maintained in `filenames.gni` (with platform-specific sections)
 ### JavaScript/TypeScript
 - Semicolons required (`"semi": ["error", "always"]`)
 - `const` and `let` only (no `var`)
 - Arrow functions preferred
 - Import order enforced: `@electron/internal` → `@electron` → `electron` → external → builtin → relative
 - API naming: `PascalCase` for classes (`BrowserWindow`), `camelCase` for module APIs (`globalShortcut`)
 - Prefer getters/setters over jQuery-style `.text([text])` patterns
 ### C++
 - Follows Chromium coding style, enforced by `clang-format` and `clang-tidy`
 - Uses Chromium abstractions (`base::`, `content::`, etc.)
 - Header guards: `#ifndef ELECTRON_SHELL_BROWSER_API_ELECTRON_API_{NAME}_H_`
 - Platform-specific files: `_mac.mm`, `_win.cc`, `_linux.cc`
 ### Testing
 - Framework: Mocha + Chai + Sinon
 - Test helpers in `spec/lib/` (e.g., `spec-helpers.ts`, `window-helpers.ts`)
 - Use `defer()` from spec-helpers for cleanup, `closeAllWindows()` for window teardown
 - Tests import from `electron/main` or `electron/renderer`
 ### Documentation
 - API docs in `docs/api/` as Markdown, parsed by `@electron/docs-parser` to generate `electron.d.ts`
 - API history tracked via YAML blocks in HTML comments within doc files
 - Docs must pass `npm run lint:docs`
 ### Build Configuration
 - `BUILD.gn`: Main GN build config
 - `buildflags/buildflags.gni`: Feature flags (PDF viewer, extensions, spellchecker)
 - `build/args/`: Build argument profiles (`testing.gn`, `release.gn`, `all.gn`)
 - `DEPS`: Dependency versions and checkout paths
 - `chromium_src/`: Chromium source file overrides (compiled instead of originals)
--- a/.github/problem-matchers/markdownlint.json
+++ b/.github/problem-matchers/markdownlint.json
@@ -1,16 +0,0 @@
 {
  "problemMatcher": [
    {
      "owner": "markdownlint",
      "pattern": [
        {
          "regexp": "^(.+):(\\d+):(\\d+)\\s+(.*)$",
          "file": 1,
          "line": 2,
          "column": 3,
          "message": 4
        }
      ]
    }
  ]
 }
--- a/.github/workflows/apply-patches.yml
+++ b/.github/workflows/apply-patches.yml
@@ -26,7 +26,7 @@ jobs:
    # Use dorny/paths-filter instead of the path filter under the on: pull_request: block
    # so that the output can be used to conditionally run the apply-patches job, which lets
    # the job be marked as a required status check (conditional skip counts as a success).
-    - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
+    - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
      id: filter
      with:
        filters: |
@@ -41,7 +41,7 @@ jobs:
    permissions:
      contents: read
    container:
-      image: ghcr.io/electron/build:eac3529546ea8f3aa356d31e345715eef342233b
+      image: ghcr.io/electron/build:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
      options: --user root
      volumes:
        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
@@ -71,11 +71,3 @@ jobs:
      uses: ./src/electron/.github/actions/checkout
      with:
        target-platform: linux
    - name: Upload Patch Conflict Fix
      if: ${{ failure() }}
      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
      with:
        name: update-patches
        path: patches/update-patches.patch
        if-no-files-found: ignore
        archive: false
--- a/.github/workflows/archaeologist-dig.yml
+++ b/.github/workflows/archaeologist-dig.yml
@@ -17,25 +17,21 @@ jobs:
        with:
          fetch-depth: 0
      - name: Setup Node.js/npm
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
        with:
          node-version: 24.12.x
      - name: Setting Up Dig Site
        env:
          CLONE_URL: ${{ github.event.pull_request.head.repo.clone_url }}
          HEAD_SHA: ${{ github.event.pull_request.head.sha }}
          BASE_REF: ${{ github.event.pull_request.base.ref }}
        run: |
-          echo "remote: $CLONE_URL"
+          echo "remote: ${{ github.event.pull_request.head.repo.clone_url }}"
-          echo "sha $HEAD_SHA"
+          echo "sha ${{ github.event.pull_request.head.sha }}"
-          echo "base ref $BASE_REF"
+          echo "base ref ${{ github.event.pull_request.base.ref }}"
-          git clone https://github.com/electron/electron.git electron
+          git clone https://github.com/electron/electron.git electron          
          cd electron
          mkdir -p artifacts
-          git remote add fork "$CLONE_URL" && git fetch fork
+          git remote add fork ${{ github.event.pull_request.head.repo.clone_url }} && git fetch fork
-          git checkout "$HEAD_SHA"
+          git checkout  ${{ github.event.pull_request.head.sha }}
-          git merge-base "origin/$BASE_REF" HEAD > .dig-old
+          git merge-base origin/${{ github.event.pull_request.base.ref }} HEAD > .dig-old
-          echo "$HEAD_SHA" > .dig-new
+          echo  ${{ github.event.pull_request.head.sha }} > .dig-new
          cp .dig-old artifacts
      - name: Generating Types for SHA in .dig-new
@@ -49,7 +45,7 @@ jobs:
          sha-file: .dig-old
          filename: electron.old.d.ts
      - name: Upload artifacts
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f #v7.0.0
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f #v6.0.0
        with:
          name: artifacts
          path: electron/artifacts
--- a/.github/workflows/audit-branch-ci.yml
+++ b/.github/workflows/audit-branch-ci.yml
@@ -17,7 +17,7 @@ jobs:
      contents: read
    steps:
      - name: Setup Node.js
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
        with:
          node-version: 22.17.x
      - name: Sparse checkout repository
@@ -86,7 +86,6 @@ jobs:
                      !message.startsWith("Response status code does not indicate success") &&
                      !message.startsWith("The hosted runner lost communication with the server") &&
                      !message.startsWith("Dependabot encountered an error performing the update") &&
                      !message.startsWith("The action 'Run Electron Tests' has timed out") &&
                      !/Unable to make request/.test(message) &&
                      !/The requested URL returned error/.test(message),
                  )
@@ -155,7 +154,7 @@ jobs:
            await core.summary.write();
      - name: Send Slack message if errors
        if: ${{ always() && steps.audit-errors.outputs.errorsFound && github.ref == 'refs/heads/main' }}
-        uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1
+        uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
        with:
          payload: |
            link: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
--- a/.github/workflows/branch-created.yml
+++ b/.github/workflows/branch-created.yml
@@ -31,46 +31,16 @@ jobs:
          else
            echo "Not a release branch: $BRANCH_NAME"
          fi
      - name: Determine Next Unsupported Major Version
        id: determine-next-unsupported-major
        if: ${{ steps.check-major-version.outputs.MAJOR }}
        env:
          MAJOR: ${{ steps.check-major-version.outputs.MAJOR }}
        run: |
          # Fetch the release schedule
          SCHEDULE=$(curl -s https://releases.electronjs.org/schedule.json)
          # Get the stableDate for the current major version
          STABLE_DATE=$(echo "$SCHEDULE" | jq -r --arg major "${MAJOR}.0.0" '.[] | select(.version == $major) | .stableDate')
          if [[ -z "$STABLE_DATE" || "$STABLE_DATE" == "null" ]]; then
            echo "Could not find stableDate for version $MAJOR"
            exit 1
          fi
          # Find the oldest version where eolDate >= stableDate of the new major
          # This gives us the oldest supported version when the new major goes stable
          NEXT_UNSUPPORTED_MAJOR=$(echo "$SCHEDULE" | jq -r --arg stableDate "$STABLE_DATE" '
            [.[] | select(.eolDate != null and .eolDate >= $stableDate)] | sort_by(.version | split(".")[0] | tonumber) | first | .version | split(".")[0]
          ')
          if [[ -z "$NEXT_UNSUPPORTED_MAJOR" || "$NEXT_UNSUPPORTED_MAJOR" == "null" ]]; then
            echo "Could not determine oldest supported version"
            exit 1
          fi
          echo "SCHEDULE=$SCHEDULE" >> "$GITHUB_OUTPUT"
          echo "NEXT_UNSUPPORTED_MAJOR=$NEXT_UNSUPPORTED_MAJOR" >> "$GITHUB_OUTPUT"
      - name: New Release Branch Tasks
        if: ${{ steps.check-major-version.outputs.MAJOR }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GH_REPO: electron/electron
          MAJOR: ${{ steps.check-major-version.outputs.MAJOR }}
-          NEXT_UNSUPPORTED_MAJOR: ${{ steps.determine-next-unsupported-major.outputs.NEXT_UNSUPPORTED_MAJOR }}
+          NUM_SUPPORTED_VERSIONS: 3
        run: |
          PREVIOUS_MAJOR=$((MAJOR - 1))
-          UNSUPPORTED_MAJOR=$((NEXT_UNSUPPORTED_MAJOR - 1))
+          UNSUPPORTED_MAJOR=$((MAJOR - NUM_SUPPORTED_VERSIONS - 1))
          # Create new labels
          gh label create $MAJOR-x-y --color 8d9ee8 || true
@@ -107,36 +77,12 @@ jobs:
        if: ${{ steps.check-major-version.outputs.MAJOR }}
        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        id: generate-project-metadata
        env:
          MAJOR: ${{ steps.check-major-version.outputs.MAJOR }}
          NEXT_UNSUPPORTED_MAJOR: ${{ steps.determine-next-unsupported-major.outputs.NEXT_UNSUPPORTED_MAJOR }}
          SCHEDULE: ${{ steps.determine-next-unsupported-major.outputs.SCHEDULE }}
        with:
          script: |
-            const schedule = JSON.parse(process.env.SCHEDULE)
+            const major = ${{ steps.check-major-version.outputs.MAJOR }}
            const major = parseInt(process.env.MAJOR)
            const nextMajor = major + 1
            const prevMajor = major - 1
            const { betaDate, stableDate } = schedule.find(v => v.version === `${major}.0.0`)
            const betaPrepWeek = new Date(betaDate)
            betaPrepWeek.setDate(betaPrepWeek.getDate() - 8)
            const betaPrepWeekEnd = new Date(betaPrepWeek)
            betaPrepWeekEnd.setDate(betaPrepWeekEnd.getDate() + 4)
            const stablePrepWeek = new Date(stableDate)
            stablePrepWeek.setDate(stablePrepWeek.getDate() - 8)
            const stablePrepWeekEnd = new Date(stablePrepWeek)
            stablePrepWeekEnd.setDate(stablePrepWeekEnd.getDate() + 4)
            const stableWeek = new Date(stableDate)
            stableWeek.setDate(stableWeek.getDate() - 1)
            const nextAlphaDate = new Date(stableDate)
            nextAlphaDate.setDate(nextAlphaDate.getDate() + 2)
            core.setOutput("major", major)
            core.setOutput("next-major", nextMajor)
            core.setOutput("prev-major", prevMajor)
@@ -145,19 +91,10 @@ jobs:
                major,
                "next-major": nextMajor,
                "prev-major": prevMajor,
                "ending-support-major": parseInt(process.env.NEXT_UNSUPPORTED_MAJOR),
                "beta-date": betaDate,
                "beta-prep-week": betaPrepWeek.toISOString().split('T')[0],
                "beta-prep-week-end": betaPrepWeekEnd.toISOString().split('T')[0],
                "stable-week": stableWeek.toISOString().split('T')[0],
                "stable-prep-week": stablePrepWeek.toISOString().split('T')[0],
                "stable-prep-week-end": stablePrepWeekEnd.toISOString().split('T')[0],
                "stable-date": stableDate,
                "next-alpha-date": nextAlphaDate.toISOString().split('T')[0],
            }))
      - name: Create Release Project Board
        if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: dsanders11/project-actions/copy-project@5767984408ccc6742f83acc8b8d8ea5e09f329af # v2.0.0
+        uses: dsanders11/project-actions/copy-project@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
        id: create-release-board
        with:
          drafts: true
@@ -177,7 +114,7 @@ jobs:
          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
      - name: Find Previous Release Project Board
        if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: dsanders11/project-actions/find-project@5767984408ccc6742f83acc8b8d8ea5e09f329af # v2.0.0
+        uses: dsanders11/project-actions/find-project@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
        id: find-prev-release-board
        with:
          fail-if-project-not-found: false
@@ -185,7 +122,7 @@ jobs:
          token: ${{ steps.generate-token.outputs.token }}
      - name: Close Previous Release Project Board
        if: ${{ steps.find-prev-release-board.outputs.number }}
-        uses: dsanders11/project-actions/close-project@5767984408ccc6742f83acc8b8d8ea5e09f329af # v2.0.0
+        uses: dsanders11/project-actions/close-project@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
        with:
          project-number: ${{ steps.find-prev-release-board.outputs.number }}
          token: ${{ steps.generate-token.outputs.token }}
--- a/.github/workflows/build-git-cache.yml
+++ b/.github/workflows/build-git-cache.yml
@@ -15,7 +15,7 @@ jobs:
    permissions:
      contents: read
    container:
-      image: ghcr.io/electron/build:eac3529546ea8f3aa356d31e345715eef342233b
+      image: ghcr.io/electron/build:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
      options: --user root
      volumes:
        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
@@ -39,7 +39,7 @@ jobs:
    permissions:
      contents: read
    container:
-      image: ghcr.io/electron/build:eac3529546ea8f3aa356d31e345715eef342233b
+      image: ghcr.io/electron/build:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
      options: --user root --device /dev/fuse --cap-add SYS_ADMIN
      volumes:
        - /mnt/win-cache:/mnt/win-cache
@@ -66,7 +66,7 @@ jobs:
    # This job updates the same git cache as linux, so it needs to run after the linux one.
    needs: build-git-cache-linux
    container:
-      image: ghcr.io/electron/build:eac3529546ea8f3aa356d31e345715eef342233b
+      image: ghcr.io/electron/build:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
      options: --user root
      volumes:
        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -6,7 +6,7 @@ on:
      build-image-sha:
        type: string
        description: 'SHA for electron/build image'
-        default: 'eac3529546ea8f3aa356d31e345715eef342233b'
+        default: 'a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb'
        required: true
      skip-macos:
        type: boolean
@@ -61,7 +61,7 @@ jobs:
    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
      with:
        ref: ${{ github.event.pull_request.head.sha }}
-    - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
+    - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
      id: filter
      with:
        filters: |
@@ -77,7 +77,7 @@ jobs:
      id: set-output
      run: |
        if [ -z "${{ inputs.build-image-sha }}" ]; then
-          echo "build-image-sha=eac3529546ea8f3aa356d31e345715eef342233b" >> "$GITHUB_OUTPUT"
+          echo "build-image-sha=a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb" >> "$GITHUB_OUTPUT"
        else
          echo "build-image-sha=${{ inputs.build-image-sha }}" >> "$GITHUB_OUTPUT"
        fi
@@ -365,18 +365,6 @@ jobs:
      generate-symbols: false
      upload-to-storage: '0'
    secrets: inherit
  test-linux-arm64-64k:
    uses: ./.github/workflows/pipeline-segment-electron-test-64k.yml
    permissions:
      contents: read
      issues: read
      pull-requests: read
    needs: [checkout-linux, linux-arm64]
    with:
      test-runs-on: ubuntu-22.04-arm
      test-container: '{"image":"ghcr.io/electron/test:arm64v8-${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init"}'
    secrets: inherit
  windows-x64:
    permissions:
@@ -446,30 +434,3 @@ jobs:
    - name: GitHub Actions Jobs Done
      run: |
        echo "All GitHub Actions Jobs are done"
  check-signed-commits:
    name: Check signed commits in green PR
    needs: gha-done
    if: ${{ contains(github.event.pull_request.labels.*.name, 'needs-signed-commits')}}
    runs-on: ubuntu-slim
    permissions:
      contents: read
      pull-requests: write
    steps:
      - name: Check signed commits in PR
        uses: 1Password/check-signed-commits-action@ed2885f3ed2577a4f5d3c3fe895432a557d23d52 # v1
        with:
          comment: |
            ⚠️ This PR contains unsigned commits. This repository enforces [commit signatures](https://docs.github.com/en/authentication/managing-commit-signature-verification) 
            for all incoming PRs. To get your PR merged, please sign those commits 
            (`git rebase --exec 'git commit -S --amend --no-edit -n' @{upstream}`) and force push them to this branch 
            (`git push --force-with-lease`)
            For more information on signing commits, see GitHub's documentation on [Telling Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key).
      - name: Remove needs-signed-commits label
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          PR_URL: ${{ github.event.pull_request.html_url }}
        run: |
          gh pr edit $PR_URL --remove-label needs-signed-commits
--- a/.github/workflows/clean-src-cache.yml
+++ b/.github/workflows/clean-src-cache.yml
@@ -7,7 +7,6 @@ name: Clean Source Cache
 on:
  schedule:
    - cron: "0 0 * * *"
  workflow_dispatch:
 permissions: {}
@@ -17,8 +16,6 @@ jobs:
    runs-on: electron-arc-centralus-linux-amd64-32core
    permissions:
      contents: read
    env:
      DD_API_KEY: ${{ secrets.DD_API_KEY }}
    container:
      image: ghcr.io/electron/build:bc2f48b2415a670de18d13605b1cf0eb5fdbaae1
      options: --user root
@@ -26,130 +23,12 @@ jobs:
        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
        - /mnt/win-cache:/mnt/win-cache
    steps:
    - name: Get Disk Space Before Cleanup
      id: disk-before
      shell: bash
      run: |
        echo "Disk space before cleanup:"
        df -h /mnt/cross-instance-cache
        df -h /mnt/win-cache
        CROSS_FREE_BEFORE=$(df -k /mnt/cross-instance-cache | tail -1 | awk '{print $4}')
        CROSS_TOTAL=$(df -k /mnt/cross-instance-cache | tail -1 | awk '{print $2}')
        WIN_FREE_BEFORE=$(df -k /mnt/win-cache | tail -1 | awk '{print $4}')
        WIN_TOTAL=$(df -k /mnt/win-cache | tail -1 | awk '{print $2}')
        echo "cross_free_kb=$CROSS_FREE_BEFORE" >> $GITHUB_OUTPUT
        echo "cross_total_kb=$CROSS_TOTAL" >> $GITHUB_OUTPUT
        echo "win_free_kb=$WIN_FREE_BEFORE" >> $GITHUB_OUTPUT
        echo "win_total_kb=$WIN_TOTAL" >> $GITHUB_OUTPUT
    - name: Cleanup Source Cache
      shell: bash
      run: |
        df -h /mnt/cross-instance-cache
        find /mnt/cross-instance-cache -type f -mtime +15 -delete
        find /mnt/win-cache -type f -mtime +15 -delete
    - name: Get Disk Space After Cleanup
      id: disk-after
      shell: bash
      run: |
        echo "Disk space after cleanup:"
        df -h /mnt/cross-instance-cache
        df -h /mnt/win-cache
-        CROSS_FREE_AFTER=$(df -k /mnt/cross-instance-cache | tail -1 | awk '{print $4}')
+        find /mnt/win-cache -type f -mtime +15 -delete
-        WIN_FREE_AFTER=$(df -k /mnt/win-cache | tail -1 | awk '{print $4}')
+        df -h /mnt/win-cache
        echo "cross_free_kb=$CROSS_FREE_AFTER" >> $GITHUB_OUTPUT
        echo "win_free_kb=$WIN_FREE_AFTER" >> $GITHUB_OUTPUT
    - name: Log Disk Space to Datadog
      if: ${{ env.DD_API_KEY != '' }}
      shell: bash
      env:
        CROSS_FREE_BEFORE: ${{ steps.disk-before.outputs.cross_free_kb }}
        CROSS_FREE_AFTER: ${{ steps.disk-after.outputs.cross_free_kb }}
        CROSS_TOTAL: ${{ steps.disk-before.outputs.cross_total_kb }}
        WIN_FREE_BEFORE: ${{ steps.disk-before.outputs.win_free_kb }}
        WIN_FREE_AFTER: ${{ steps.disk-after.outputs.win_free_kb }}
        WIN_TOTAL: ${{ steps.disk-before.outputs.win_total_kb }}
      run: |
        TIMESTAMP=$(date +%s)
        CROSS_FREE_BEFORE_GB=$(awk "BEGIN {printf \"%.2f\", $CROSS_FREE_BEFORE / 1024 / 1024}")
        CROSS_FREE_AFTER_GB=$(awk "BEGIN {printf \"%.2f\", $CROSS_FREE_AFTER / 1024 / 1024}")
        CROSS_FREED_GB=$(awk "BEGIN {printf \"%.2f\", ($CROSS_FREE_AFTER - $CROSS_FREE_BEFORE) / 1024 / 1024}")
        CROSS_TOTAL_GB=$(awk "BEGIN {printf \"%.2f\", $CROSS_TOTAL / 1024 / 1024}")
        WIN_FREE_BEFORE_GB=$(awk "BEGIN {printf \"%.2f\", $WIN_FREE_BEFORE / 1024 / 1024}")
        WIN_FREE_AFTER_GB=$(awk "BEGIN {printf \"%.2f\", $WIN_FREE_AFTER / 1024 / 1024}")
        WIN_FREED_GB=$(awk "BEGIN {printf \"%.2f\", ($WIN_FREE_AFTER - $WIN_FREE_BEFORE) / 1024 / 1024}")
        WIN_TOTAL_GB=$(awk "BEGIN {printf \"%.2f\", $WIN_TOTAL / 1024 / 1024}")
        echo "cross-instance-cache: free before=${CROSS_FREE_BEFORE_GB}GB, after=${CROSS_FREE_AFTER_GB}GB, freed=${CROSS_FREED_GB}GB, total=${CROSS_TOTAL_GB}GB"
        echo "win-cache: free before=${WIN_FREE_BEFORE_GB}GB, after=${WIN_FREE_AFTER_GB}GB, freed=${WIN_FREED_GB}GB, total=${WIN_TOTAL_GB}GB"
        curl -s -X POST "https://api.datadoghq.com/api/v2/series" \
          -H "Content-Type: application/json" \
          -H "DD-API-KEY: ${DD_API_KEY}" \
          -d @- << EOF
        {
          "series": [
            {
              "metric": "electron.src_cache.disk.free_space_before_cleanup_gb",
              "points": [{"timestamp": ${TIMESTAMP}, "value": ${CROSS_FREE_BEFORE_GB}}],
              "type": 3,
              "unit": "gigabyte",
              "tags": ["volume:cross-instance-cache", "platform:linux"]
            },
            {
              "metric": "electron.src_cache.disk.free_space_after_cleanup_gb",
              "points": [{"timestamp": ${TIMESTAMP}, "value": ${CROSS_FREE_AFTER_GB}}],
              "type": 3,
              "unit": "gigabyte",
              "tags": ["volume:cross-instance-cache", "platform:linux"]
            },
            {
              "metric": "electron.src_cache.disk.space_freed_gb",
              "points": [{"timestamp": ${TIMESTAMP}, "value": ${CROSS_FREED_GB}}],
              "type": 3,
              "unit": "gigabyte",
              "tags": ["volume:cross-instance-cache", "platform:linux"]
            },
            {
              "metric": "electron.src_cache.disk.total_space_gb",
              "points": [{"timestamp": ${TIMESTAMP}, "value": ${CROSS_TOTAL_GB}}],
              "type": 3,
              "unit": "gigabyte",
              "tags": ["volume:cross-instance-cache", "platform:linux"]
            },
            {
              "metric": "electron.src_cache.disk.free_space_before_cleanup_gb",
              "points": [{"timestamp": ${TIMESTAMP}, "value": ${WIN_FREE_BEFORE_GB}}],
              "type": 3,
              "unit": "gigabyte",
              "tags": ["volume:win-cache", "platform:linux"]
            },
            {
              "metric": "electron.src_cache.disk.free_space_after_cleanup_gb",
              "points": [{"timestamp": ${TIMESTAMP}, "value": ${WIN_FREE_AFTER_GB}}],
              "type": 3,
              "unit": "gigabyte",
              "tags": ["volume:win-cache", "platform:linux"]
            },
            {
              "metric": "electron.src_cache.disk.space_freed_gb",
              "points": [{"timestamp": ${TIMESTAMP}, "value": ${WIN_FREED_GB}}],
              "type": 3,
              "unit": "gigabyte",
              "tags": ["volume:win-cache", "platform:linux"]
            },
            {
              "metric": "electron.src_cache.disk.total_space_gb",
              "points": [{"timestamp": ${TIMESTAMP}, "value": ${WIN_TOTAL_GB}}],
              "type": 3,
              "unit": "gigabyte",
              "tags": ["volume:win-cache", "platform:linux"]
            }
          ]
        }
        EOF
        echo "Disk space metrics logged to Datadog"
--- a/.github/workflows/issue-commented.yml
+++ b/.github/workflows/issue-commented.yml
@@ -1,4 +1,4 @@
-name: Issue / Pull Request Commented
+name: Issue Commented
 on:
  issue_comment:
@@ -8,16 +8,16 @@ on:
 permissions: {}
 jobs:
-  blocked-issue-commented:
+  issue-commented:
    name: Remove blocked/{need-info,need-repro} on comment
-    if: ${{ !github.event.issue.pull_request && (contains(github.event.issue.labels.*.name, 'blocked/need-repro') || contains(github.event.issue.labels.*.name, 'blocked/need-info ❌')) && github.event.comment.user.type != 'Bot' }}
+    if: ${{ (contains(github.event.issue.labels.*.name, 'blocked/need-repro') || contains(github.event.issue.labels.*.name, 'blocked/need-info ❌')) && github.event.comment.user.type != 'Bot' }}
-    runs-on: ubuntu-slim
+    runs-on: ubuntu-latest
    steps:
      - name: Get author association
        id: get-author-association
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: &get-author-association |
+        run: |
          AUTHOR_ASSOCIATION=$(gh api /repos/electron/electron/issues/comments/${{ github.event.comment.id }} --jq '.author_association')
          echo "author_association=$AUTHOR_ASSOCIATION" >> "$GITHUB_OUTPUT"
      - name: Generate GitHub App token
@@ -33,56 +33,3 @@ jobs:
          ISSUE_URL: ${{ github.event.issue.html_url }}
        run: |
          gh issue edit $ISSUE_URL --remove-label 'blocked/need-repro','blocked/need-info ❌'
  pr-reviewer-requested:
    name: Maintainer requested reviewer on PR
    if: ${{ github.event.issue.pull_request && startsWith(github.event.comment.body, '/request-review') && github.event.comment.user.type != 'Bot' }}
    runs-on: ubuntu-slim
    steps:
      - name: Get author association
        id: get-author-association
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: *get-author-association
      - name: Generate GitHub App token
        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
        if: ${{ contains(fromJSON('["MEMBER", "OWNER"]'), steps.get-author-association.outputs.author_association) }}
        id: generate-token
        with:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
      - name: Request reviewer
        if: ${{ contains(fromJSON('["MEMBER", "OWNER"]'), steps.get-author-association.outputs.author_association) }}
        env:
          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
          PR_URL: ${{ github.event.issue.html_url }}
          COMMENT_BODY: ${{ github.event.comment.body }}
        run: |
          RAW=$(echo "$COMMENT_BODY" | head -n 1 | sed 's|/request-review\s*||' | xargs)
          if [ -z "$RAW" ]; then
            echo "::warning::No username provided. Usage: /request-review <username>[,<username>,...]"
            exit 0
          fi
          IFS=',' read -ra USERS <<< "$RAW"
          for USER in "${USERS[@]}"; do
            NAME=$(echo "$USER" | sed 's/@//g' | xargs)
            if [ -z "$NAME" ]; then
              continue
            fi
            # Strip "electron/" prefix if present to get the bare name
            BARE_NAME=$(echo "$NAME" | sed 's|^electron/||')
            # If the original name contained "electron/" or looks like a team slug, treat as team
            if [ "$NAME" != "$BARE_NAME" ]; then
              gh pr edit $PR_URL --add-reviewer "electron/$BARE_NAME"
            else
              if ! gh api /orgs/electron/public_members/$BARE_NAME --silent > /dev/null 2>&1; then
                echo "::warning::$BARE_NAME is not a public member of the electron organization."
                continue
              fi
              gh pr edit $PR_URL --add-reviewer "$BARE_NAME"
            fi
          done
--- a/.github/workflows/issue-labeled.yml
+++ b/.github/workflows/issue-labeled.yml
@@ -21,7 +21,7 @@ jobs:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
          org: electron
      - name: Set status
-        uses: dsanders11/project-actions/edit-item@5767984408ccc6742f83acc8b8d8ea5e09f329af # v2.0.0
+        uses: dsanders11/project-actions/edit-item@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
        with:
          token: ${{ steps.generate-token.outputs.token }}
          project-number: 90
@@ -42,7 +42,7 @@ jobs:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
          org: electron
      - name: Set status
-        uses: dsanders11/project-actions/edit-item@5767984408ccc6742f83acc8b8d8ea5e09f329af # v2.0.0
+        uses: dsanders11/project-actions/edit-item@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
        with:
          token: ${{ steps.generate-token.outputs.token }}
          project-number: 90
@@ -61,10 +61,9 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GH_REPO: electron/electron
          ISSUE_NUMBER: ${{ github.event.issue.number }}
        run: |
          set -eo pipefail
-          COMMENT_COUNT=$(gh issue view "$ISSUE_NUMBER" --comments --json comments | jq '[ .comments[] | select(.author.login == "electron-issue-triage" or .authorAssociation == "OWNER" or .authorAssociation == "MEMBER") | select(.body | startswith("<!-- blocked/need-repro -->")) ] | length')
+          COMMENT_COUNT=$(gh issue view ${{ github.event.issue.number }} --comments --json comments | jq '[ .comments[] | select(.author.login == "electron-issue-triage" or .authorAssociation == "OWNER" or .authorAssociation == "MEMBER") | select(.body | startswith("<!-- blocked/need-repro -->")) ] | length')
          if [[ $COMMENT_COUNT -eq 0 ]]; then
            echo "SHOULD_COMMENT=1" >> "$GITHUB_OUTPUT"
          fi
@@ -76,7 +75,7 @@ jobs:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
      - name: Create comment
        if: ${{ steps.check-for-comment.outputs.SHOULD_COMMENT }}
-        uses: actions-cool/issues-helper@200c78641dbf33838311e5a1e0c31bbdb92d7cf0 # v3.8.0
+        uses: actions-cool/issues-helper@e2ff99831a4f13625d35064e2b3dfe65c07a0396 # v3.7.5
        with:
          actions: 'create-comment'
          token: ${{ steps.generate-token.outputs.token }}
--- a/.github/workflows/issue-opened.yml
+++ b/.github/workflows/issue-opened.yml
@@ -20,7 +20,7 @@ jobs:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
          org: electron
      - name: Add to Issue Triage
-        uses: dsanders11/project-actions/add-item@5767984408ccc6742f83acc8b8d8ea5e09f329af # v2.0.0
+        uses: dsanders11/project-actions/add-item@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
        with:
          field: Reporter
          field-value: ${{ github.event.issue.user.login }}
@@ -146,7 +146,7 @@ jobs:
            }
      - name: Create unsupported major comment
        if: ${{ steps.add-labels.outputs.unsupportedMajor }}
-        uses: actions-cool/issues-helper@200c78641dbf33838311e5a1e0c31bbdb92d7cf0 # v3.8.0
+        uses: actions-cool/issues-helper@e2ff99831a4f13625d35064e2b3dfe65c07a0396 # v3.7.5
        with:
          actions: 'create-comment'
          token: ${{ steps.generate-token.outputs.token }}
--- a/.github/workflows/issue-transferred.yml
+++ b/.github/workflows/issue-transferred.yml
@@ -20,7 +20,7 @@ jobs:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
          org: electron
      - name: Remove from issue triage
-        uses: dsanders11/project-actions/delete-item@5767984408ccc6742f83acc8b8d8ea5e09f329af # v2.0.0
+        uses: dsanders11/project-actions/delete-item@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
        with:
          token: ${{ steps.generate-token.outputs.token }}
          project-number: 90
--- a/.github/workflows/issue-unlabeled.yml
+++ b/.github/workflows/issue-unlabeled.yml
@@ -16,11 +16,9 @@ jobs:
    steps:
      - name: Check for any blocked labels
        id: check-for-blocked-labels
        env:
          LABELS_JSON: ${{ toJSON(github.event.issue.labels.*.name) }}
        run: |
          set -eo pipefail
-          BLOCKED_LABEL_COUNT=$(echo "$LABELS_JSON" | jq '[ .[] | select(startswith("blocked/")) ] | length')
+          BLOCKED_LABEL_COUNT=$(echo '${{ toJSON(github.event.issue.labels.*.name) }}' | jq '[ .[] | select(startswith("blocked/")) ] | length')
          if [[ $BLOCKED_LABEL_COUNT -eq 0 ]]; then
            echo "NOT_BLOCKED=1" >> "$GITHUB_OUTPUT"
          fi
@@ -33,7 +31,7 @@ jobs:
          org: electron
      - name: Set status
        if: ${{ steps.check-for-blocked-labels.outputs.NOT_BLOCKED }}
-        uses: dsanders11/project-actions/edit-item@5767984408ccc6742f83acc8b8d8ea5e09f329af # v2.0.0
+        uses: dsanders11/project-actions/edit-item@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
        with:
          token: ${{ steps.generate-token.outputs.token }}
          project-number: 90
--- a/.github/workflows/linux-publish.yml
+++ b/.github/workflows/linux-publish.yml
@@ -6,7 +6,7 @@ on:
      build-image-sha:
        type: string
        description: 'SHA for electron/build image'
-        default: 'eac3529546ea8f3aa356d31e345715eef342233b'
+        default: 'a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb'
      upload-to-storage:
        description: 'Uploads to Azure storage'
        required: false
@@ -46,7 +46,6 @@ jobs:
  publish-x64:
    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
    permissions:
      artifact-metadata: write
      attestations: write
      contents: read
      id-token: write
@@ -66,7 +65,6 @@ jobs:
  publish-arm:
    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
    permissions:
      artifact-metadata: write
      attestations: write
      contents: read
      id-token: write
@@ -86,7 +84,6 @@ jobs:
  publish-arm64:
    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
    permissions:
      artifact-metadata: write
      attestations: write
      contents: read
      id-token: write
--- a/.github/workflows/macos-publish.yml
+++ b/.github/workflows/macos-publish.yml
@@ -6,7 +6,7 @@ on:
      build-image-sha:
        type: string
        description: 'SHA for electron/build image'
-        default: 'eac3529546ea8f3aa356d31e345715eef342233b'
+        default: 'a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb'
        required: true
      upload-to-storage:
        description: 'Uploads to Azure storage'
@@ -50,7 +50,6 @@ jobs:
  publish-x64-darwin:
    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
    permissions:
      artifact-metadata: write
      attestations: write
      contents: read
      id-token: write
@@ -70,7 +69,6 @@ jobs:
  publish-x64-mas:
    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
    permissions:
      artifact-metadata: write
      attestations: write
      contents: read
      id-token: write
@@ -90,7 +88,6 @@ jobs:
  publish-arm64-darwin:
    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
    permissions:
      artifact-metadata: write
      attestations: write
      contents: read
      id-token: write
@@ -110,7 +107,6 @@ jobs:
  publish-arm64-mas:
    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
    permissions:
      artifact-metadata: write
      attestations: write
      contents: read
      id-token: write
--- a/.github/workflows/non-maintainer-dependency-change.yml
+++ b/.github/workflows/non-maintainer-dependency-change.yml
@@ -10,10 +10,6 @@ on:
      - '.yarn/**'
      - '.yarnrc.yml'
 # SECURITY: This workflow uses pull_request_target and has access to secrets.
 # Do NOT checkout or run code from the PR head. All code execution must use
 # the base branch only. Adding a ref to PR head would expose secrets to
 # untrusted code.
 permissions: {}
 jobs:
@@ -49,23 +45,5 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          PR_URL: ${{ github.event.pull_request.html_url }}
          PR_AUTHOR: ${{ github.event.pull_request.user.login }}
        run: |
-          cat <<'REVIEW_EOF' | sed "s/%AUTHOR%/$PR_AUTHOR/g" | gh pr review $PR_URL -r --body-file=-
+          printf "<!-- disallowed-non-maintainer-change -->\n\nHello @${{ github.event.pull_request.user.login }}! It looks like this pull request touches one of our dependency or CI files, and per [our contribution policy](https://github.com/electron/electron/blob/main/CONTRIBUTING.md#dependencies-upgrades-policy) we do not accept these types of changes in PRs." | gh pr review $PR_URL -r --body-file=-
          <!-- disallowed-non-maintainer-change -->
          Hello @%AUTHOR%! It looks like this pull request touches one of our dependency or CI files, and per [our contribution policy](https://github.com/electron/electron/blob/main/CONTRIBUTING.md#dependencies-upgrades-policy) we do not accept these types of changes in PRs.
          To move this PR forward, please:
          1. Revert the dependency/CI file changes from your branch. (e.g. `yarn.lock`, `.yarn/`, `.yarnrc.yml`, `.github/workflows/`, `.github/actions/`)
          2. Ensure your branch [allows maintainer commits](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork) so a maintainer can push the necessary dependency changes on your behalf.
          3. Leave a comment letting reviewers know the dependency change is still needed.
          <details>
          <summary>For maintainers</summary>
          To land this PR, push a verified commit to the contributor's branch with the required dependency/CI changes, then dismiss this review.
          </details>
          REVIEW_EOF
--- a/.github/workflows/pipeline-electron-build-and-tidy-and-test-and-nan.yml
+++ b/.github/workflows/pipeline-electron-build-and-tidy-and-test-and-nan.yml
@@ -110,21 +110,6 @@ jobs:
      test-runs-on: ${{ inputs.test-runs-on }}
      test-container: ${{ inputs.test-container }}
    secrets: inherit
  test-wayland:
    uses: ./.github/workflows/pipeline-segment-electron-test.yml
    permissions:
      contents: read
      issues: read
      pull-requests: read
    needs: build
    if: ${{ inputs.target-platform == 'linux' && inputs.target-arch == 'x64' && !inputs.is-asan }}
    with:
      target-arch: ${{ inputs.target-arch }}
      target-platform: ${{ inputs.target-platform }}
      test-runs-on: ${{ inputs.test-runs-on }}
      test-container: ${{ inputs.test-container }}
      display-server: wayland
    secrets: inherit
  nn-test:
    uses: ./.github/workflows/pipeline-segment-node-nan-test.yml
    permissions:
--- a/.github/workflows/pipeline-electron-lint.yml
+++ b/.github/workflows/pipeline-electron-lint.yml
@@ -46,11 +46,7 @@ jobs:
      shell: bash
      run: |
        chromium_revision="$(grep -A1 chromium_version src/electron/DEPS | tr -d '\n' | cut -d\' -f4)"
-        if [[ ! "$chromium_revision" =~ ^[a-zA-Z0-9._-]+$ ]]; then
+        gn_version="$(curl -sL "https://chromium.googlesource.com/chromium/src/+/${chromium_revision}/DEPS?format=TEXT" | base64 -d | grep gn_version | head -n1 | cut -d\' -f4)"
          echo "::error::Invalid chromium_revision: $chromium_revision"
          exit 1
        fi
        gn_version="$(curl -sL -b ~/.gitcookies "https://chromium.googlesource.com/chromium/src/+/${chromium_revision}/DEPS?format=TEXT" | base64 -d | grep gn_version | head -n1 | cut -d\' -f4)"
        cipd ensure -ensure-file - -root . <<-CIPD
        \$ServiceURL https://chrome-infra-packages.appspot.com/
@@ -64,20 +60,14 @@ jobs:
      shell: bash
      run: |
        chromium_revision="$(grep -A1 chromium_version src/electron/DEPS | tr -d '\n' | cut -d\' -f4)"
        if [[ ! "$chromium_revision" =~ ^[a-zA-Z0-9._-]+$ ]]; then
          echo "::error::Invalid chromium_revision: $chromium_revision"
          exit 1
        fi
        mkdir -p src/buildtools
-        curl -sL -b ~/.gitcookies "https://chromium.googlesource.com/chromium/src/+/${chromium_revision}/buildtools/DEPS?format=TEXT" | base64 -d > src/buildtools/DEPS
+        curl -sL "https://chromium.googlesource.com/chromium/src/+/${chromium_revision}/buildtools/DEPS?format=TEXT" | base64 -d > src/buildtools/DEPS
        gclient sync --spec="solutions=[{'name':'src/buildtools','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':True},'managed':False}]"
-    - name: Add problem matchers
+    - name: Add ESLint problem matcher
      shell: bash
-      run: |
+      run: echo "::add-matcher::src/electron/.github/problem-matchers/eslint-stylish.json"
        echo "::add-matcher::src/electron/.github/problem-matchers/eslint-stylish.json"
        echo "::add-matcher::src/electron/.github/problem-matchers/markdownlint.json"
    - name: Run Lint
      shell: bash
      run: |
--- a/.github/workflows/pipeline-segment-electron-build.yml
+++ b/.github/workflows/pipeline-segment-electron-build.yml
@@ -124,7 +124,7 @@ jobs:
      run: df -h
    - name: Setup Node.js/npm
      if: ${{ inputs.target-platform == 'macos' }}
-      uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f
+      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
      with:
        node-version: 22.21.x
        cache: yarn
--- a/.github/workflows/pipeline-segment-electron-clang-tidy.yml
+++ b/.github/workflows/pipeline-segment-electron-clang-tidy.yml
@@ -126,7 +126,7 @@ jobs:
        cd src/electron
        git pack-refs
    - name: Download Out Gen Artifacts
-      uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
+      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
      with:
        name: out_gen_artifacts_${{ env.ARTIFACT_KEY }}
        path: ./src/out/${{ env.ELECTRON_OUT_DIR }}/gen
--- a/.github/workflows/pipeline-segment-electron-publish.yml
+++ b/.github/workflows/pipeline-segment-electron-publish.yml
@@ -93,7 +93,6 @@ jobs:
        shell: bash
    runs-on: ${{ inputs.build-runs-on }}
    permissions:
      artifact-metadata: write
      attestations: write
      contents: read
      id-token: write
@@ -132,7 +131,7 @@ jobs:
        run: df -h
      - name: Setup Node.js/npm
        if: ${{ inputs.target-platform == 'macos' }}
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
        with:
          node-version: 22.21.x
          cache: yarn
--- a/.github/workflows/pipeline-segment-electron-test-64k.yml
+++ b/.github/workflows/pipeline-segment-electron-test-64k.yml
@@ -1,67 +0,0 @@
 name: Pipeline Segment - Electron Test on Linux ARM64 64k
 on:
  workflow_call:
    inputs:
      test-runs-on:
        type: string
        description: 'What host to run the tests on'
        required: true
      test-container:
        type: string
        description: 'JSON container information for aks runs-on'
        required: false
        default: '{"image":null}'
 concurrency:
  group: electron-test-linux-64k-${{ github.ref_protected == true && github.run_id || github.ref }}
  cancel-in-progress: ${{ github.ref_protected != true }}
 permissions: {}
 env:
  ELECTRON_OUT_DIR: Default
 jobs:
  test-linux-arm64-64k:
    env:
      BUILD_TYPE: linux
      TARGET_ARCH: arm64      
    defaults:
      run:
        shell: bash
    runs-on: ${{ inputs.test-runs-on }}
    permissions:
      contents: read
      issues: read
      pull-requests: read
    steps:
    - name: Checkout Electron
      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
      with:
        path: src/electron
        fetch-depth: 0
        ref: ${{ github.event.pull_request.head.sha }}
    - name: Download Generated Artifacts
      uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
      with:
        name: generated_artifacts_linux_arm64
        path: ./generated_artifacts_linux_arm64
    - name: Restore Generated Artifacts
      run: ./src/electron/script/actions/restore-artifacts.sh
    - name: Unzip Dist
      run: |
        cd src/out/Default
        unzip -:o dist.zip
    - name: Run Electron Tests in QEMU 64k Container
      shell: bash
      env:
        MOCHA_REPORTER: mocha-multi-reporters
        MOCHA_MULTI_REPORTERS: mocha-junit-reporter, tap
        ELECTRON_DISABLE_SECURITY_WARNINGS: 1
        DISPLAY: ':99.0'
      run: |
        container=$(echo '${{ inputs.test-container }}' | jq -r '.image')
        src/electron/script/run-qemu-64k.sh --container $container --testfiles "`pwd`/src"
--- a/.github/workflows/pipeline-segment-electron-test.yml
+++ b/.github/workflows/pipeline-segment-electron-test.yml
@@ -30,14 +30,9 @@ on:
        required: false
        type: boolean
        default: false
      display-server:
        description: 'Display backend for Linux tests: x11 or wayland'
        required: false
        type: string
        default: x11
 concurrency:
-  group: electron-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ inputs.is-asan }}-${{ inputs.display-server }}-${{ github.ref_protected == true && github.run_id || github.ref }}
+  group: electron-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ inputs.is-asan }}-${{ github.ref_protected == true && github.run_id || github.ref }}
  cancel-in-progress: ${{ github.ref_protected != true }}
 permissions: {}
@@ -48,8 +43,6 @@ env:
  ELECTRON_OUT_DIR: Default
  ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
  ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }}
  # @sentry/cli is only needed by release upload-symbols.py; skip the ~17MB CDN download on test jobs
  SENTRYCLI_SKIP_DOWNLOAD: 1
 jobs:
  test:
@@ -66,7 +59,7 @@ jobs:
      fail-fast: false
      matrix:
        build-type: ${{ inputs.target-platform == 'macos' && fromJSON('["darwin","mas"]') || (inputs.target-platform == 'win' && fromJSON('["win"]') || fromJSON('["linux"]')) }}
-        shard: ${{ case(inputs.display-server == 'wayland', fromJSON('[1]'), inputs.target-platform == 'linux', fromJSON('[1, 2, 3]'), fromJSON('[1, 2]')) }}
+        shard: ${{ inputs.target-platform == 'linux' && fromJSON('[1, 2, 3]') || fromJSON('[1, 2]') }}
    env:
      BUILD_TYPE: ${{ matrix.build-type }}
      TARGET_ARCH: ${{ inputs.target-arch }}
@@ -79,7 +72,7 @@ jobs:
        cp $(which node) /mnt/runner-externals/node24/bin/
    - name: Setup Node.js/npm
      if: ${{ inputs.target-platform == 'win' }}
-      uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f
+      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
      with:
        node-version: 22.21.x
    - name: Add TCC permissions on macOS
@@ -175,12 +168,12 @@ jobs:
        echo "DISABLE_CRASH_REPORTER_TESTS=true" >> $GITHUB_ENV
        echo "IS_ASAN=true" >> $GITHUB_ENV
    - name: Download Generated Artifacts
-      uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
+      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
      with:
        name: generated_artifacts_${{ env.ARTIFACT_KEY }}
        path: ./generated_artifacts_${{ matrix.build-type }}_${{ inputs.target-arch }}
    - name: Download Src Artifacts
-      uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
+      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
      with:
        name: src_artifacts_${{ env.ARTIFACT_KEY }}
        path: ./src_artifacts_${{ matrix.build-type }}_${{ inputs.target-arch }}
@@ -198,25 +191,15 @@ jobs:
      run: |
        cd src/out/Default
        unzip -:o dist.zip
-    - name: Import & Trust Self-Signed Codesigning Cert on MacOS
+    #- name: Import & Trust Self-Signed Codesigning Cert on MacOS
-      if: ${{ inputs.target-platform == 'macos' }}
+    #  if: ${{ inputs.target-platform == 'macos' && inputs.target-arch == 'x64' }}
-      run: |
+    #  run: |
-        cd src/electron
+    #    sudo security authorizationdb write com.apple.trust-settings.admin allow
-        ./script/codesign/generate-identity.sh
+    #    cd src/electron
-    # Sign with our self-signed cert so that macOS system integrations
+    #    ./script/codesign/generate-identity.sh
    # (UNNotifications, dock bounce, etc.) work in tests on both architectures.
    # Autoupdater tests sign their own fixture copies via signApp().
    - name: Sign Electron.app for macOS tests
      if: ${{ inputs.target-platform == 'macos' }}
      run: |
        identity=$(src/electron/script/codesign/get-trusted-identity.sh)
        if [ -n "$identity" ]; then
          codesign -s "$identity" --deep --force src/out/Default/Electron.app
        fi
    - name: Run Electron Tests
      shell: bash
      timeout-minutes: 60
      env:
        MOCHA_REPORTER: mocha-multi-reporters
        MOCHA_MULTI_REPORTERS: mocha-junit-reporter, tap
@@ -227,22 +210,7 @@ jobs:
        cd src/electron
        export ELECTRON_TEST_RESULTS_DIR=`pwd`/junit
        # Get which tests are on this shard
-        tests_files=$(node script/split-tests ${{ matrix.shard }} ${{ case(inputs.display-server == 'wayland', 1, inputs.target-platform == 'linux', 3, 2) }})
+        tests_files=$(node script/split-tests ${{ matrix.shard }} ${{ inputs.target-platform == 'linux' && 3 || 2 }})
        if [ "${{ inputs.display-server }}" = "wayland" ]; then
          allowlist_file=script/wayland-test-allowlist.txt
          filtered_tests=""
          for test_file in $tests_files; do
            if grep -Fxq "$test_file" "$allowlist_file"; then
              filtered_tests="$filtered_tests $test_file"
            fi
          done
          tests_files="${filtered_tests# }"
          if [ -z "$tests_files" ]; then
            echo "No tests matched Wayland filter, skipping."
            exit 0
          fi
        fi
        # Run tests
        if [ "${{ inputs.target-platform }}" != "linux" ]; then
@@ -277,28 +245,11 @@ jobs:
            if [ "${{ inputs.target-arch }}" = "arm" ]; then
              runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn.js test --skipYarnInstall --runners=main --enableRerun=3 --trace-uncaught --enable-logging --files $tests_files
            else 
-              if [ "${{ inputs.display-server }}" = "wayland" ]; then
+              runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn.js test --runners=main --enableRerun=3 --trace-uncaught --enable-logging --files $tests_files
                runuser -u builduser -- script/actions/run-tests-wayland.sh script/yarn.js test --runners=main --enableRerun=3 --trace-uncaught --enable-logging --files $tests_files
              else
                runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn.js test --runners=main --enableRerun=3 --trace-uncaught --enable-logging --files $tests_files
              fi
            fi
          fi
        fi
    - name: Take screenshot on timeout or cancellation
      if: ${{ inputs.target-platform != 'linux' && (cancelled() || failure()) }}
      shell: bash
      run: |
        screenshot_dir="src/electron/spec/artifacts"
        mkdir -p "$screenshot_dir"
        screenshot_file="$screenshot_dir/screenshot-timeout-$(date +%Y%m%d%H%M%S).png"
        if [ "${{ inputs.target-platform }}" = "macos" ]; then
          screencapture -x "$screenshot_file" || true
        elif [ "${{ inputs.target-platform }}" = "win" ]; then
          powershell -command "Add-Type -AssemblyName System.Windows.Forms; \$screen = [System.Windows.Forms.Screen]::PrimaryScreen.Bounds; \$bitmap = New-Object System.Drawing.Bitmap(\$screen.Width, \$screen.Height); \$graphics = [System.Drawing.Graphics]::FromImage(\$bitmap); \$graphics.CopyFromScreen(\$screen.Location, [System.Drawing.Point]::Empty, \$screen.Size); \$bitmap.Save('$screenshot_file')" || true
        fi
    - name: Upload Test results to Datadog
      env:
        DD_ENV: ci
@@ -314,10 +265,10 @@ jobs:
        fi
      if: always() && !cancelled()
    - name: Upload Test Artifacts
-      if: always()
+      if: always() && !cancelled()
-      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f #v7.0.0
+      uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f
      with:
-        name: ${{ inputs.target-platform == 'linux' && format('test_artifacts_{0}_{1}_{2}', env.ARTIFACT_KEY, inputs.display-server, matrix.shard) || format('test_artifacts_{0}_{1}', env.ARTIFACT_KEY, matrix.shard) }}
+        name: test_artifacts_${{ env.ARTIFACT_KEY }}_${{ matrix.shard }}
        path: src/electron/spec/artifacts
        if-no-files-found: ignore
    - name: Wait for active SSH sessions
--- a/.github/workflows/pipeline-segment-node-nan-test.yml
+++ b/.github/workflows/pipeline-segment-node-nan-test.yml
@@ -36,8 +36,6 @@ env:
  CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
  ELECTRON_OUT_DIR: Default
  ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
  # @sentry/cli is only needed by release upload-symbols.py; skip the ~17MB CDN download on test jobs
  SENTRYCLI_SKIP_DOWNLOAD: 1
 jobs:
  node-tests:
@@ -67,12 +65,12 @@ jobs:
    - name: Install Dependencies
      uses: ./src/electron/.github/actions/install-dependencies
    - name: Download Generated Artifacts
-      uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
+      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
      with:
        name: generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
        path: ./generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
    - name: Download Src Artifacts
-      uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
+      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
      with:
        name: src_artifacts_linux_${{ env.TARGET_ARCH }}
        path: ./src_artifacts_linux_${{ env.TARGET_ARCH }}
@@ -123,12 +121,12 @@ jobs:
    - name: Install Dependencies
      uses: ./src/electron/.github/actions/install-dependencies
    - name: Download Generated Artifacts
-      uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
+      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
      with:
        name: generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
        path: ./generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
    - name: Download Src Artifacts
-      uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
+      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
      with:
        name: src_artifacts_linux_${{ env.TARGET_ARCH }}
        path: ./src_artifacts_linux_${{ env.TARGET_ARCH }}
--- a/.github/workflows/pr-template-check.yml
+++ b/.github/workflows/pr-template-check.yml
@@ -1,58 +0,0 @@
 name: PR Template Check
 on:
  pull_request_target:
    types: [opened, ready_for_review]
 # SECURITY: This workflow uses pull_request_target and has access to secrets.
 # Do NOT checkout or run code from the PR head. All code execution must use
 # the base branch only. Adding a ref to PR head would expose secrets to
 # untrusted code.
 permissions: {}
 jobs:
  check-pr-template:
    if: ${{ github.event.pull_request.head.repo.fork && !github.event.pull_request.draft && !startsWith(github.head_ref, 'roller/') }}
    name: Check PR Template
    runs-on: ubuntu-slim
    permissions:
      contents: read
      pull-requests: write
    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
        with:
          sparse-checkout: .github/PULL_REQUEST_TEMPLATE.md
          sparse-checkout-cone-mode: false
      - name: Check for required sections
        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
          script: |
            const fs = require('fs');
            const template = fs.readFileSync('.github/PULL_REQUEST_TEMPLATE.md', 'utf8');
            const requiredSections = [...template.matchAll(/^(#{1,4} .+)$/gm)].map(
              (m) => m[1],
            );
            if (requiredSections.length === 0) {
              console.log('No heading sections found in PR template');
              return;
            }
            const body = context.payload.pull_request.body || '';
            const missingSections = requiredSections.filter(
              (section) => !body.includes(section),
            );
            if (missingSections.length > 0) {
              const list = missingSections.map((s) => `- \`${s}\``).join('\n');
              await github.rest.issues.createComment({
                owner: context.repo.owner,
                repo: context.repo.repo,
                issue_number: context.payload.pull_request.number,
                body: `This PR was automatically closed because the PR template was not properly filled out. The following required sections are missing:\n\n${list}\n\nPlease update your PR description to include all required sections and reopen the PR.`,
              });
              await github.rest.pulls.update({
                owner: context.repo.owner,
                repo: context.repo.repo,
                pull_number: context.payload.pull_request.number,
                state: 'closed',
              });
            }
--- a/.github/workflows/pr-triage-automation.yml
+++ b/.github/workflows/pr-triage-automation.yml
@@ -1,44 +0,0 @@
 name: PR Triage Automation
 on:
  pull_request_target:
    types: [synchronize, review_requested]
  issue_comment:
    types: [created]
 # SECURITY: This workflow uses pull_request_target and has access to secrets.
 # Do NOT checkout or run code from the PR head. All code execution must use
 # the base branch only. Adding a ref to PR head would expose secrets to
 # untrusted code.
 permissions: {}
 jobs:
  set-needs-review:
    name: Set status to Needs Review
    if: >-
      (github.event_name == 'pull_request_target'
        && github.event.pull_request.draft != true
        && !contains(github.event.pull_request.labels.*.name, 'wip ⚒')
        && (github.event.action == 'synchronize' || github.event.action == 'review_requested'))
      || (github.event_name == 'issue_comment'
          && github.event.issue.pull_request
          && !contains(github.event.issue.labels.*.name, 'wip ⚒')
          && github.event.comment.user.login == github.event.issue.user.login)
    runs-on: ubuntu-slim
    permissions:
      contents: read
    steps:
      - name: Generate GitHub App token
        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
        id: generate-token
        with:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
          org: electron
      - name: Set status to Needs Review
        uses: dsanders11/project-actions/edit-item@5767984408ccc6742f83acc8b8d8ea5e09f329af # v2.0.0
        with:
          token: ${{ steps.generate-token.outputs.token }}
          project-number: 118
          field: Status
          field-value: 🌀 Needs Review
          fail-if-item-not-found: false
--- a/.github/workflows/pull-request-labeled.yml
+++ b/.github/workflows/pull-request-labeled.yml
@@ -4,10 +4,6 @@ on:
  pull_request_target:
    types: [labeled]
 # SECURITY: This workflow uses pull_request_target and has access to secrets.
 # Do NOT checkout or run code from the PR head. All code execution must use
 # the base branch only. Adding a ref to PR head would expose secrets to
 # untrusted code.
 permissions: {}
 jobs:
@@ -18,7 +14,7 @@ jobs:
    permissions: {}
    steps:
      - name: Trigger Slack workflow
-        uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1
+        uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
        with:
          webhook: ${{ secrets.BACKPORT_REQUESTED_SLACK_WEBHOOK_URL }} 
          webhook-type: webhook-trigger
@@ -42,7 +38,7 @@ jobs:
          creds: ${{ secrets.RELEASE_BOARD_GH_APP_CREDS }}
          org: electron
      - name: Set status
-        uses: dsanders11/project-actions/edit-item@5767984408ccc6742f83acc8b8d8ea5e09f329af # v2.0.0
+        uses: dsanders11/project-actions/edit-item@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
        with:
          token: ${{ steps.generate-token.outputs.token }}
          project-number: 94
@@ -60,7 +56,7 @@ jobs:
      with:
        creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
    - name: Create comment
-      uses: actions-cool/issues-helper@200c78641dbf33838311e5a1e0c31bbdb92d7cf0 # v3.8.0
+      uses: actions-cool/issues-helper@e2ff99831a4f13625d35064e2b3dfe65c07a0396 # v3.7.5
      with:
        actions: 'create-comment'
        token: ${{ steps.generate-token.outputs.token }}
@@ -72,7 +68,7 @@ jobs:
          Hello @${{ github.event.pull_request.user.login }}. Due to the high amount of AI spam PRs we receive, if a PR is detected to be majority AI-generated without disclosure and untested, we will automatically close the PR.
-          We welcome the use of AI tools, as long as the PR meets our quality standards and has clearly been built and tested. If you believe your PR was closed in error, we welcome you to resubmit. However, please read our [CONTRIBUTING.md](https://github.com/electron/electron/blob/main/CONTRIBUTING.md) and [AI Tool Policy](https://github.com/electron/governance/blob/main/policy/ai.md) carefully before reopening. Thanks for your contribution.
+          We welcome the use of AI tools, as long as the PR meets our quality standards and has clearly been built and tested. If you believe your PR was closed in error, we welcome you to resubmit. However, please read our [CONTRIBUTING.md](http://contributing.md/) carefully before reopening. Thanks for your contribution.
    - name: Close the pull request
      env:
        GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
--- a/.github/workflows/pull-request-opened-synchronized.yml
+++ b/.github/workflows/pull-request-opened-synchronized.yml
@@ -1,39 +0,0 @@
 name: Pull Request Opened/Synchronized
 on:
  pull_request_target:
    types: [opened, synchronize]
 # SECURITY: This workflow uses pull_request_target and has access to secrets.
 # Do NOT checkout or run code from the PR head. All code execution must use
 # the base branch only. Adding a ref to PR head would expose secrets to
 # untrusted code.
 permissions: {}
 jobs:
  check-signed-commits:
    name: Check signed commits in PR
    if: ${{ !contains(github.event.pull_request.labels.*.name, 'needs-signed-commits')}}
    runs-on: ubuntu-slim
    permissions:
      contents: read
      pull-requests: write
    steps:
      - name: Check signed commits in PR
        uses: 1Password/check-signed-commits-action@ed2885f3ed2577a4f5d3c3fe895432a557d23d52 # v1
        with:
          comment: |
            ⚠️ This PR contains unsigned commits. This repository enforces [commit signatures](https://docs.github.com/en/authentication/managing-commit-signature-verification) 
            for all incoming PRs. To get your PR merged, please sign those commits 
            (`git rebase --exec 'git commit -S --amend --no-edit -n' @{upstream}`) and force push them to this branch 
            (`git push --force-with-lease`)
            For more information on signing commits, see GitHub's documentation on [Telling Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key).
      - name: Add needs-signed-commits label
        if: ${{ failure() }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          PR_URL: ${{ github.event.pull_request.html_url }}
        run: |
          gh pr edit $PR_URL --add-label needs-signed-commits
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -43,7 +43,7 @@ jobs:
      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
      # format to the repository Actions tab.
      - name: "Upload artifact"
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: SARIF file
          path: results.sarif
@@ -51,6 +51,6 @@ jobs:
      # Upload the results to GitHub's code scanning dashboard.
      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v3.29.5
+        uses: github/codeql-action/upload-sarif@6bc82e05fd0ea64601dd4b465378bbcf57de0314 # v3.29.5
        with:
          sarif_file: results.sarif
--- a/.github/workflows/stable-prep-items.yml
+++ b/.github/workflows/stable-prep-items.yml
@@ -29,7 +29,7 @@ jobs:
          PROJECT_NUMBER=$(gh project list --owner electron --format json | jq -r '.projects | map(select(.title | test("^[0-9]+-x-y$"))) | max_by(.number) | .number')
          echo "PROJECT_NUMBER=$PROJECT_NUMBER" >> "$GITHUB_OUTPUT"
      - name: Update Completed Stable Prep Items
-        uses: dsanders11/project-actions/completed-by@5767984408ccc6742f83acc8b8d8ea5e09f329af # v2.0.0
+        uses: dsanders11/project-actions/completed-by@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
        with:
          field: Prep Status
          field-value: ✅ Complete
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -18,7 +18,7 @@ jobs:
        id: generate-token
        with:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
-      - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # tag: v10.2.0
+      - uses: actions/stale@997185467fa4f803885201cee163a9f38240193d # tag: v10.1.1
        with:
          repo-token: ${{ steps.generate-token.outputs.token }}
          days-before-stale: 90
@@ -42,7 +42,7 @@ jobs:
        id: generate-token
        with:
          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
-      - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # tag: v10.2.0
+      - uses: actions/stale@997185467fa4f803885201cee163a9f38240193d # tag: v10.1.1
        with:
          repo-token: ${{ steps.generate-token.outputs.token }}
          days-before-stale: -1
--- a/.github/workflows/update-website-docs.yml
+++ b/.github/workflows/update-website-docs.yml
@@ -31,7 +31,7 @@ jobs:
            echo "isLatestRelease=false" >> $GITHUB_OUTPUT
          fi
      - name: Trigger website docs update
-        if: ${{ steps.check-if-latest-release.outputs.isLatestRelease == 'true' }}
+        if: ${{ steps.check-if-latest-release.outputs.isLatestRelease }}
        env:
          GH_REPO: electron/website
          GH_TOKEN: ${{ fromJSON(steps.secret-service.outputs.secrets).WEBSITE_DOCS_UPDATER_APP_TOKEN }}
--- a/.github/workflows/windows-publish.yml
+++ b/.github/workflows/windows-publish.yml
@@ -6,7 +6,7 @@ on:
      build-image-sha:
        type: string
        description: 'SHA for electron/build image'
-        default: 'eac3529546ea8f3aa356d31e345715eef342233b'
+        default: 'a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb'
        required: true
      upload-to-storage:
        description: 'Uploads to Azure storage'
@@ -54,7 +54,6 @@ jobs:
  publish-x64-win:
    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
    permissions:
      artifact-metadata: write
      attestations: write
      contents: read
      id-token: write
@@ -73,7 +72,6 @@ jobs:
  publish-arm64-win:
    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
    permissions:
      artifact-metadata: write
      attestations: write
      contents: read
      id-token: write
@@ -92,7 +90,6 @@ jobs:
  publish-x86-win:
    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
    permissions:
      artifact-metadata: write
      attestations: write
      contents: read
      id-token: write
--- a/.gitignore
+++ b/.gitignore
@@ -42,7 +42,6 @@ spec/.hash
 # Generated native addon files
 /spec/fixtures/native-addon/echo/build/
 /spec/fixtures/native-addon/dialog-helper/build/
 # If someone runs tsc this is where stuff will end up
 ts-gen
--- a/.remarkrc
+++ b/.remarkrc
@@ -0,0 +1,6 @@
 {
  "plugins": [
    ["remark-lint-code-block-style", "fenced"],
    ["remark-lint-fenced-code-flag"]
  ]
 }
--- a/.yarnrc.yml
+++ b/.yarnrc.yml
@@ -9,8 +9,4 @@ npmMinimalAgeGate: 10080
 npmPreapprovedPackages:
  - "@electron/*"
 httpProxy: "${HTTP_PROXY:-}"
 httpsProxy: "${HTTPS_PROXY:-}"
 yarnPath: .yarn/releases/yarn-4.12.0.cjs
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -321,33 +321,12 @@ grit("resources") {
    "grit/electron_resources.h",
    "electron_resources.pak",
  ]
  if (translate_genders) {
    outputs += [
      "electron_resources_MASCULINE.pak",
      "electron_resources_FEMININE.pak",
      "electron_resources_NEUTER.pak",
    ]
  }
  foreach(locale, all_chrome_locales) {
    outputs += [ "electron_strings_$locale.pak" ]
    if (translate_genders) {
      outputs += [
        "electron_strings_${locale}_MASCULINE.pak",
        "electron_strings_${locale}_FEMININE.pak",
        "electron_strings_${locale}_NEUTER.pak",
      ]
    }
  }
  # Mojo manifest overlays are generated.
  grit_flags = [
    "-E",
    "target_gen_dir=" + rebase_path(target_gen_dir, root_build_dir),
  ]
  if (translate_genders) {
    grit_flags += [ "--translate-genders" ]
  }
  deps = [ ":copy_shell_devtools_discovery_page" ]
@@ -471,7 +450,6 @@ source_set("electron_lib") {
    "//chrome:strings",
    "//chrome/app:command_ids",
    "//chrome/app/resources:platform_locale_settings",
    "//chrome/common/notifications",
    "//components/autofill/core/common:features",
    "//components/certificate_transparency",
    "//components/compose:buildflags",
@@ -618,7 +596,6 @@ source_set("electron_lib") {
    use_libcxx_modules = false
    deps += [
      "//components/os_crypt/async/browser:keychain_key_provider",
      "//components/os_crypt/common:keychain_password_mac",
      "//components/remote_cocoa/app_shim",
      "//components/remote_cocoa/browser",
@@ -641,7 +618,6 @@ source_set("electron_lib") {
      "SecurityInterface.framework",
      "ServiceManagement.framework",
      "StoreKit.framework",
      "UserNotifications.framework",
    ]
    weak_frameworks = [ "QuickLookThumbnailing.framework" ]
@@ -682,9 +658,6 @@ source_set("electron_lib") {
      ":libnotify_loader",
      "//build/config/linux/gtk",
      "//components/crash/content/browser",
      "//components/os_crypt/async/browser:freedesktop_secret_key_provider",
      "//components/os_crypt/async/browser:posix_key_provider",
      "//components/os_crypt/async/browser:secret_portal_key_provider",
      "//dbus",
      "//device/bluetooth",
      "//third_party/crashpad/crashpad/client",
@@ -725,7 +698,6 @@ source_set("electron_lib") {
    deps += [
      "//components/app_launch_prefetch",
      "//components/crash/core/app:crash_export_thunks",
      "//components/os_crypt/async/browser:dpapi_key_provider",
      "//third_party/libxml:xml_writer",
      "//ui/wm",
      "//ui/wm/public",
@@ -1017,17 +989,7 @@ if (is_mac) {
    }
  }
-  # Electron defines its own plugin helper (using CHILD_EMBEDDER_FIRST + 1) to
+  foreach(helper_params, content_mac_helpers) {
  # allow loading of unsigned or third-party-signed libraries.
  _electron_plugin_helper_params = [
    "plugin",
    ".plugin",
    " (Plugin)",
  ]
  electron_mac_helpers =
      content_mac_helpers + [ _electron_plugin_helper_params ]
  foreach(helper_params, electron_mac_helpers) {
    _helper_target = helper_params[0]
    _helper_bundle_id = helper_params[1]
    _helper_suffix = helper_params[2]
@@ -1080,7 +1042,7 @@ if (is_mac) {
      ":stripped_squirrel_framework",
    ]
-    foreach(helper_params, electron_mac_helpers) {
+    foreach(helper_params, content_mac_helpers) {
      sources +=
          [ "$root_out_dir/${electron_helper_name}${helper_params[2]}.app" ]
      public_deps += [ ":electron_helper_app_${helper_params[0]}" ]
@@ -1184,7 +1146,7 @@ if (is_mac) {
      deps = [ ":electron_framework" ]
    }
-    foreach(helper_params, electron_mac_helpers) {
+    foreach(helper_params, content_mac_helpers) {
      _helper_target = helper_params[0]
      _helper_bundle_id = helper_params[1]
      _helper_suffix = helper_params[2]
@@ -1236,7 +1198,7 @@ if (is_mac) {
        deps += [ ":crashpad_handler_syms" ]
      }
-      foreach(helper_params, electron_mac_helpers) {
+      foreach(helper_params, content_mac_helpers) {
        _helper_target = helper_params[0]
        deps += [ ":electron_helper_syms_${_helper_target}" ]
      }
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -127,22 +127,6 @@ patches/{target}/*.patch  →  [e sync --3]  →  target repo commits
 2. Create a git commit
 3. Run `e patches <target>` to export
 **Fixing patch conflicts on an existing PR:**
 If asked to fix a patch conflict on a branch that already has an open PR, check the PR's failed **Apply Patches** CI run for an `update-patches` artifact before running `e sync` locally. CI has already performed the 3-way merge and exported the resolved patch diff — applying it is much faster than a full local sync.
 ```bash
 # Find the failed Apply Patches run for the PR and download the artifact
 gh run list --repo electron/electron --branch <pr-branch> --workflow "Apply Patches" --limit 1
 gh run download <run-id> --repo electron/electron --name update-patches
 # Apply the CI-generated fix, then push
 git am update-patches.patch
 git push
 ```
 If no artifact exists (e.g. the 3-way merge itself failed), fall back to `e sync --3` and resolve manually.
 ## Testing
 **Test location:** `spec/` directory
@@ -171,33 +155,6 @@ e test                    # Run full test suite
 When working on the `roller/chromium/main` branch to upgrade Chromium activate the "Electron Chromium Upgrade" skill.
 ## Pull Requests
 PR bodies must always include a `Notes:` section as the **last line** of the body. This is a consumer-facing release note for Electron app developers — describe the user-visible fix or change, not internal implementation details. Use `Notes: none` if there is no user-facing change.
 ### PR Labeling (write-access only)
 When the user has write access to `electron/electron`, add these labels when creating PRs:
 **Semver label** — one of:
 - `semver/none` — build changes, refactors, CI, or anything with no end-user impact
 - `semver/patch` — backwards-compatible bug fixes
 - `semver/minor` — backwards-compatible new functionality
 - `semver/major` — incompatible API changes
 **Backport target labels** — add `target/{N}-x-y` for each supported release branch the change should land on. Default policy:
 - **Bug fixes** — backport to all active release lines _except the oldest_
 - **Security fixes** — backport to all active release lines _including the oldest_
 - **Features (semver/minor) and breaking changes (semver/major)** — no backport labels; main-only by default
 To find which release branches are active, check label colors — active `target/*` labels use color `#ad244f`, older/EOL ones use `#ededed`:
 ```bash
 gh label list --repo electron/electron --search target/ --json name,color --jq '.[] | select(.color == "ad244f") | .name'
 ```
 ## Code Style
 **C++:** Follows Chromium style, enforced by clang-format
@@ -208,7 +165,6 @@ gh label list --repo electron/electron --search target/ --json name,color --jq '
 ```bash
 npm run lint              # Run all linters
 npm run lint:clang-format # C++ formatting
 npm run lint:api-history  # Validate API history YAML blocks in docs
 ```
 ## Key Files
--- a/4
+++ b/4
@@ -2,9 +2,9 @@ gclient_gn_args_from = 'src'
 vars = {
  'chromium_version':
-    '148.0.7763.0',
+    '146.0.7650.0',
  'node_version':
-    'v24.14.1',
+    'v24.13.0',
  'nan_version':
    '675cefebca42410733da8a454c8d9391fcebfbc2',
  'squirrel.mac_version':
--- a/build/args/all.gn
+++ b/build/args/all.gn
@@ -2,7 +2,7 @@ is_electron_build = true
 root_extra_deps = [ "//electron" ]
 # Registry of NMVs --> https://github.com/nodejs/node/blob/main/doc/abi_version_registry.json
-node_module_version = 146
+node_module_version = 145
 v8_promise_internal_field_count = 1
 v8_embedder_string = "-electron.0"
@@ -51,6 +51,9 @@ is_cfi = false
 use_qt5 = false
 use_qt6 = false
 # Disables the builtins PGO for V8
 v8_builtins_profiling_log_file = ""
 # https://chromium.googlesource.com/chromium/src/+/main/docs/dangling_ptr.md
 # TODO(vertedinde): hunt down dangling pointers on Linux
 enable_dangling_raw_ptr_checks = false
--- a/build/electron_paks.gni
+++ b/build/electron_paks.gni
@@ -183,7 +183,6 @@ template("electron_paks") {
      "${root_gen_dir}/components/strings/components_locale_settings_",
      "${root_gen_dir}/components/strings/components_strings_",
      "${root_gen_dir}/device/bluetooth/strings/bluetooth_strings_",
      "${root_gen_dir}/electron/electron_strings_",
      "${root_gen_dir}/extensions/strings/extensions_strings_",
      "${root_gen_dir}/services/strings/services_strings_",
      "${root_gen_dir}/third_party/blink/public/strings/blink_strings_",
@@ -200,7 +199,6 @@ template("electron_paks") {
      "//components/strings:components_locale_settings",
      "//components/strings:components_strings",
      "//device/bluetooth/strings",
      "//electron:resources",
      "//extensions/strings",
      "//services/strings",
      "//third_party/blink/public/strings",
--- a/build/electron_resources.grd
+++ b/build/electron_resources.grd
@@ -9,189 +9,10 @@
      <emit emit_type='prepend'></emit>
    </output>
    <output filename="electron_resources.pak" type="data_package" />
    <output filename="electron_strings_af.pak" type="data_package" lang="af" />
    <output filename="electron_strings_am.pak" type="data_package" lang="am" />
    <output filename="electron_strings_ar.pak" type="data_package" lang="ar" />
    <output filename="electron_strings_as.pak" type="data_package" lang="as" />
    <output filename="electron_strings_az.pak" type="data_package" lang="az" />
    <output filename="electron_strings_be.pak" type="data_package" lang="be" />
    <output filename="electron_strings_bg.pak" type="data_package" lang="bg" />
    <output filename="electron_strings_bn.pak" type="data_package" lang="bn" />
    <output filename="electron_strings_bs.pak" type="data_package" lang="bs" />
    <output filename="electron_strings_ca.pak" type="data_package" lang="ca" />
    <output filename="electron_strings_cs.pak" type="data_package" lang="cs" />
    <output filename="electron_strings_cy.pak" type="data_package" lang="cy" />
    <output filename="electron_strings_da.pak" type="data_package" lang="da" />
    <output filename="electron_strings_de.pak" type="data_package" lang="de" />
    <output filename="electron_strings_el.pak" type="data_package" lang="el" />
    <output filename="electron_strings_en-GB.pak" type="data_package" lang="en-GB" />
    <output filename="electron_strings_en-US.pak" type="data_package" lang="en" />
    <output filename="electron_strings_es-419.pak" type="data_package" lang="es-419" />
    <output filename="electron_strings_es.pak" type="data_package" lang="es" />
    <output filename="electron_strings_et.pak" type="data_package" lang="et" />
    <output filename="electron_strings_eu.pak" type="data_package" lang="eu" />
    <output filename="electron_strings_fa.pak" type="data_package" lang="fa" />
    <output filename="electron_strings_fi.pak" type="data_package" lang="fi" />
    <output filename="electron_strings_fil.pak" type="data_package" lang="fil" />
    <output filename="electron_strings_fr-CA.pak" type="data_package" lang="fr-CA" />
    <output filename="electron_strings_fr.pak" type="data_package" lang="fr" />
    <output filename="electron_strings_gl.pak" type="data_package" lang="gl" />
    <output filename="electron_strings_gu.pak" type="data_package" lang="gu" />
    <output filename="electron_strings_hi.pak" type="data_package" lang="hi" />
    <output filename="electron_strings_hr.pak" type="data_package" lang="hr" />
    <output filename="electron_strings_hu.pak" type="data_package" lang="hu" />
    <output filename="electron_strings_hy.pak" type="data_package" lang="hy" />
    <output filename="electron_strings_id.pak" type="data_package" lang="id" />
    <output filename="electron_strings_is.pak" type="data_package" lang="is" />
    <output filename="electron_strings_it.pak" type="data_package" lang="it" />
    <output filename="electron_strings_he.pak" type="data_package" lang="he" />
    <output filename="electron_strings_ja.pak" type="data_package" lang="ja" />
    <output filename="electron_strings_ka.pak" type="data_package" lang="ka" />
    <output filename="electron_strings_kk.pak" type="data_package" lang="kk" />
    <output filename="electron_strings_km.pak" type="data_package" lang="km" />
    <output filename="electron_strings_kn.pak" type="data_package" lang="kn" />
    <output filename="electron_strings_ko.pak" type="data_package" lang="ko" />
    <output filename="electron_strings_ky.pak" type="data_package" lang="ky" />
    <output filename="electron_strings_lo.pak" type="data_package" lang="lo" />
    <output filename="electron_strings_lt.pak" type="data_package" lang="lt" />
    <output filename="electron_strings_lv.pak" type="data_package" lang="lv" />
    <output filename="electron_strings_mk.pak" type="data_package" lang="mk" />
    <output filename="electron_strings_ml.pak" type="data_package" lang="ml" />
    <output filename="electron_strings_mn.pak" type="data_package" lang="mn" />
    <output filename="electron_strings_mr.pak" type="data_package" lang="mr" />
    <output filename="electron_strings_ms.pak" type="data_package" lang="ms" />
    <output filename="electron_strings_my.pak" type="data_package" lang="my" />
    <output filename="electron_strings_ne.pak" type="data_package" lang="ne" />
    <output filename="electron_strings_nl.pak" type="data_package" lang="nl" />
    <!-- The translation console uses 'no' for Norwegian Bokmål. It should
         be 'nb'. -->
    <output filename="electron_strings_nb.pak" type="data_package" lang="no" />
    <output filename="electron_strings_or.pak" type="data_package" lang="or" />
    <output filename="electron_strings_pa.pak" type="data_package" lang="pa" />
    <output filename="electron_strings_pl.pak" type="data_package" lang="pl" />
    <output filename="electron_strings_pt-BR.pak" type="data_package" lang="pt-BR" />
    <output filename="electron_strings_pt-PT.pak" type="data_package" lang="pt-PT" />
    <output filename="electron_strings_ro.pak" type="data_package" lang="ro" />
    <output filename="electron_strings_ru.pak" type="data_package" lang="ru" />
    <output filename="electron_strings_si.pak" type="data_package" lang="si" />
    <output filename="electron_strings_sk.pak" type="data_package" lang="sk" />
    <output filename="electron_strings_sl.pak" type="data_package" lang="sl" />
    <output filename="electron_strings_sq.pak" type="data_package" lang="sq" />
    <output filename="electron_strings_sr-Latn.pak" type="data_package" lang="sr-Latn" />
    <output filename="electron_strings_sr.pak" type="data_package" lang="sr" />
    <output filename="electron_strings_sv.pak" type="data_package" lang="sv" />
    <output filename="electron_strings_sw.pak" type="data_package" lang="sw" />
    <output filename="electron_strings_ta.pak" type="data_package" lang="ta" />
    <output filename="electron_strings_te.pak" type="data_package" lang="te" />
    <output filename="electron_strings_th.pak" type="data_package" lang="th" />
    <output filename="electron_strings_tr.pak" type="data_package" lang="tr" />
    <output filename="electron_strings_uk.pak" type="data_package" lang="uk" />
    <output filename="electron_strings_ur.pak" type="data_package" lang="ur" />
    <output filename="electron_strings_uz.pak" type="data_package" lang="uz" />
    <output filename="electron_strings_vi.pak" type="data_package" lang="vi" />
    <output filename="electron_strings_zh-CN.pak" type="data_package" lang="zh-CN" />
    <output filename="electron_strings_zh-HK.pak" type="data_package" lang="zh-HK" />
    <output filename="electron_strings_zh-TW.pak" type="data_package" lang="zh-TW" />
    <output filename="electron_strings_zu.pak" type="data_package" lang="zu" />
    <!-- CARO TODO: Pseudolocales? -->
    <output filename="electron_strings_ar-XB.pak" type="data_package" lang="ar-XB" />
    <output filename="electron_strings_en-XA.pak" type="data_package" lang="en-XA" />
  </outputs>
-  <translations>
+  <release seq="1" allow_pseudo="false">
    <file path="translations/electron_strings_af.xtb" lang="af" />
    <file path="translations/electron_strings_am.xtb" lang="am" />
    <file path="translations/electron_strings_ar.xtb" lang="ar" />
    <file path="translations/electron_strings_as.xtb" lang="as" />
    <file path="translations/electron_strings_az.xtb" lang="az" />
    <file path="translations/electron_strings_be.xtb" lang="be" />
    <file path="translations/electron_strings_bg.xtb" lang="bg" />
    <file path="translations/electron_strings_bn.xtb" lang="bn" />
    <file path="translations/electron_strings_bs.xtb" lang="bs" />
    <file path="translations/electron_strings_ca.xtb" lang="ca" />
    <file path="translations/electron_strings_cs.xtb" lang="cs" />
    <file path="translations/electron_strings_cy.xtb" lang="cy" />
    <file path="translations/electron_strings_da.xtb" lang="da" />
    <file path="translations/electron_strings_de.xtb" lang="de" />
    <file path="translations/electron_strings_el.xtb" lang="el" />
    <file path="translations/electron_strings_en-GB.xtb" lang="en-GB" />
    <file path="translations/electron_strings_es-419.xtb" lang="es-419" />
    <file path="translations/electron_strings_es.xtb" lang="es" />
    <file path="translations/electron_strings_et.xtb" lang="et" />
    <file path="translations/electron_strings_eu.xtb" lang="eu" />
    <file path="translations/electron_strings_fa.xtb" lang="fa" />
    <file path="translations/electron_strings_fi.xtb" lang="fi" />
    <file path="translations/electron_strings_fil.xtb" lang="fil" />
    <file path="translations/electron_strings_fr-CA.xtb" lang="fr-CA" />
    <file path="translations/electron_strings_fr.xtb" lang="fr" />
    <file path="translations/electron_strings_gl.xtb" lang="gl" />
    <file path="translations/electron_strings_gu.xtb" lang="gu" />
    <file path="translations/electron_strings_hi.xtb" lang="hi" />
    <file path="translations/electron_strings_hr.xtb" lang="hr" />
    <file path="translations/electron_strings_hu.xtb" lang="hu" />
    <file path="translations/electron_strings_hy.xtb" lang="hy" />
    <file path="translations/electron_strings_id.xtb" lang="id" />
    <file path="translations/electron_strings_is.xtb" lang="is" />
    <file path="translations/electron_strings_it.xtb" lang="it" />
    <!-- The translation console uses 'iw' for Hebrew, but we use 'he'. -->
    <file path="translations/electron_strings_iw.xtb" lang="he" />
    <file path="translations/electron_strings_ja.xtb" lang="ja" />
    <file path="translations/electron_strings_ka.xtb" lang="ka" />
    <file path="translations/electron_strings_kk.xtb" lang="kk" />
    <file path="translations/electron_strings_km.xtb" lang="km" />
    <file path="translations/electron_strings_kn.xtb" lang="kn" />
    <file path="translations/electron_strings_ko.xtb" lang="ko" />
    <file path="translations/electron_strings_ky.xtb" lang="ky" />
    <file path="translations/electron_strings_lo.xtb" lang="lo" />
    <file path="translations/electron_strings_lt.xtb" lang="lt" />
    <file path="translations/electron_strings_lv.xtb" lang="lv" />
    <file path="translations/electron_strings_mk.xtb" lang="mk" />
    <file path="translations/electron_strings_ml.xtb" lang="ml" />
    <file path="translations/electron_strings_mn.xtb" lang="mn" />
    <file path="translations/electron_strings_mr.xtb" lang="mr" />
    <file path="translations/electron_strings_ms.xtb" lang="ms" />
    <file path="translations/electron_strings_my.xtb" lang="my" />
    <file path="translations/electron_strings_ne.xtb" lang="ne" />
    <file path="translations/electron_strings_nl.xtb" lang="nl" />
    <file path="translations/electron_strings_no.xtb" lang="no" />
    <file path="translations/electron_strings_or.xtb" lang="or" />
    <file path="translations/electron_strings_pa.xtb" lang="pa" />
    <file path="translations/electron_strings_pl.xtb" lang="pl" />
    <file path="translations/electron_strings_pt-BR.xtb" lang="pt-BR" />
    <file path="translations/electron_strings_pt-PT.xtb" lang="pt-PT" />
    <file path="translations/electron_strings_ro.xtb" lang="ro" />
    <file path="translations/electron_strings_ru.xtb" lang="ru" />
    <file path="translations/electron_strings_si.xtb" lang="si" />
    <file path="translations/electron_strings_sk.xtb" lang="sk" />
    <file path="translations/electron_strings_sl.xtb" lang="sl" />
    <file path="translations/electron_strings_sq.xtb" lang="sq" />
    <file path="translations/electron_strings_sr-Latn.xtb" lang="sr-Latn" />
    <file path="translations/electron_strings_sr.xtb" lang="sr" />
    <file path="translations/electron_strings_sv.xtb" lang="sv" />
    <file path="translations/electron_strings_sw.xtb" lang="sw" />
    <file path="translations/electron_strings_ta.xtb" lang="ta" />
    <file path="translations/electron_strings_te.xtb" lang="te" />
    <file path="translations/electron_strings_th.xtb" lang="th" />
    <file path="translations/electron_strings_tr.xtb" lang="tr" />
    <file path="translations/electron_strings_uk.xtb" lang="uk" />
    <file path="translations/electron_strings_ur.xtb" lang="ur" />
    <file path="translations/electron_strings_uz.xtb" lang="uz" />
    <file path="translations/electron_strings_vi.xtb" lang="vi" />
    <file path="translations/electron_strings_zh-CN.xtb" lang="zh-CN" />
    <file path="translations/electron_strings_zh-HK.xtb" lang="zh-HK" />
    <file path="translations/electron_strings_zh-TW.xtb" lang="zh-TW" />
    <file path="translations/electron_strings_zu.xtb" lang="zu" />
  </translations>
  <release seq="1">
    <messages fallback_to_english="true">
      <message name="IDS_MAC_NOTIFICATION_INLINE_REPLY_BUTTON" desc="Label for the inline reply button inside a macOS notification.">
        Reply
      </message>
      <message name="IDS_MAC_NOTIFICATION_SHOW_BUTTON" desc="Label for the default action button inside a macOS notification.">
        Show
      </message>
    </messages>
    <includes>
      <include name="IDR_CONTENT_SHELL_DEVTOOLS_DISCOVERY_PAGE" file="${target_gen_dir}/shell_devtools_discovery_page.html" use_base_dir="false" type="BINDATA" />
    </includes>
  </release>
-</grit>
+</grit>
--- a/build/fuses/fuses.json5
+++ b/build/fuses/fuses.json5
@@ -9,6 +9,5 @@
  "embedded_asar_integrity_validation": "0",
  "only_load_app_from_asar": "0",
  "load_browser_process_specific_v8_snapshot": "0",
-  "grant_file_protocol_extra_privileges": "1",
+  "grant_file_protocol_extra_privileges": "1"
  "wasm_trap_handlers": "1"
 }
--- a/build/siso/backend.star
+++ b/build/siso/backend.star
@@ -0,0 +1,21 @@
 # -*- bazel-starlark -*-
 load("@builtin//struct.star", "module")
 def __platform_properties(ctx):
    container_image = "docker://gcr.io/chops-public-images-prod/rbe/siso-chromium/linux@sha256:d7cb1ab14a0f20aa669c23f22c15a9dead761dcac19f43985bf9dd5f41fbef3a"
    return {
        "default": {
            "OSFamily": "Linux",
            "container-image": container_image,
        },
        "large": {
            "OSFamily": "Linux",
            "container-image": container_image,
        },
    }
 backend = module(
    "backend",
    platform_properties = __platform_properties,
 )
--- a/build/siso/main.star
+++ b/build/siso/main.star
@@ -0,0 +1,66 @@
 load("@builtin//encoding.star", "json")
 load("@builtin//path.star", "path")
 load("@builtin//runtime.star", "runtime")
 load("@builtin//struct.star", "module")
 load("@config//main.star", upstream_init = "init")
 load("@config//win_sdk.star", "win_sdk")
 load("@config//gn_logs.star", "gn_logs")
 def init(ctx):
    mod = upstream_init(ctx)
    step_config = json.decode(mod.step_config)
    # Buildbarn doesn't support input_root_absolute_path so disable that
    for rule in step_config["rules"]:    
      input_root_absolute_path = rule.get("input_root_absolute_path", False)
      if input_root_absolute_path:
        rule.pop("input_root_absolute_path", None)
    # Only wrap clang rules with a remote wrapper if not on Linux. These are currently only
    # needed for X-Compile builds, which run on Windows and Mac.
    if runtime.os != "linux":
      for rule in step_config["rules"]:
        if rule["name"].startswith("clang/") or rule["name"].startswith("clang-cl/"):
          rule["remote_wrapper"] = "../../buildtools/reclient_cfgs/chromium-browser-clang/clang_remote_wrapper"
          if "inputs" not in rule:
            rule["inputs"] = []
          rule["inputs"].append("buildtools/reclient_cfgs/chromium-browser-clang/clang_remote_wrapper")
          rule["inputs"].append("third_party/llvm-build/Release+Asserts_linux/bin/clang")
      if "executables" not in step_config:
        step_config["executables"] = []
      step_config["executables"].append("buildtools/reclient_cfgs/chromium-browser-clang/clang_remote_wrapper")
      step_config["executables"].append("third_party/llvm-build/Release+Asserts_linux/bin/clang")
    if runtime.os == "darwin":
      # Update platforms to match our default siso config instead of reclient configs.
      step_config["platforms"].update({
          "clang": step_config["platforms"]["default"],
          "clang_large": step_config["platforms"]["default"],          
      })      
    if runtime.os == "windows":
      # Add additional Windows SDK headers needed by Electron      
      win_toolchain_dir = win_sdk.toolchain_dir(ctx)
      if win_toolchain_dir:
        sdk_version = gn_logs.read(ctx).get("windows_sdk_version")
        step_config["input_deps"][win_toolchain_dir + ":headers"].extend([
          # third_party/electron_node/deps/uv/include/uv/win.h includes mswsock.h
          path.join(win_toolchain_dir, "Windows Kits/10/Include", sdk_version, "um/mswsock.h"),
          # third_party/electron_node/src/debug_utils.cc includes lm.h
          path.join(win_toolchain_dir, "Windows Kits/10/Include", sdk_version, "um/Lm.h"),          
        ])
      # Update platforms to match our default siso config instead of reclient configs.
      step_config["platforms"].update({
          "clang-cl": step_config["platforms"]["default"],
          "clang-cl_large": step_config["platforms"]["default"],
          "lld-link": step_config["platforms"]["default"],
      })
    return module(
      "config",
      step_config = json.encode(step_config),
      filegroups = mod.filegroups,
      handlers = mod.handlers,
    )
--- a/build/translations/electron_strings_af.xtb
+++ b/build/translations/electron_strings_af.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="af">
  <translation id="2727175239389218057">Antwoord</translation>
  <translation id="5300589172476337783">Wys</translation>
 </translationbundle>
--- a/build/translations/electron_strings_am.xtb
+++ b/build/translations/electron_strings_am.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="am">
  <translation id="2727175239389218057">ምላሽ ስጥ</translation>
  <translation id="5300589172476337783">አሳይ</translation>
 </translationbundle>
--- a/build/translations/electron_strings_ar.xtb
+++ b/build/translations/electron_strings_ar.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="ar">
  <translation id="2727175239389218057">الرّد</translation>
  <translation id="5300589172476337783">عرض</translation>
 </translationbundle>
--- a/build/translations/electron_strings_as.xtb
+++ b/build/translations/electron_strings_as.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="as">
  <translation id="2727175239389218057">প্ৰত্যুত্তৰ দিয়ক</translation>
  <translation id="5300589172476337783">দেখুৱাওক</translation>
 </translationbundle>
--- a/build/translations/electron_strings_az.xtb
+++ b/build/translations/electron_strings_az.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="az">
  <translation id="2727175239389218057">Cavablayın</translation>
  <translation id="5300589172476337783">Göstərin</translation>
 </translationbundle>
--- a/build/translations/electron_strings_be.xtb
+++ b/build/translations/electron_strings_be.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="be">
  <translation id="2727175239389218057">Адказаць</translation>
  <translation id="5300589172476337783">Паказаць</translation>
 </translationbundle>
--- a/build/translations/electron_strings_bg.xtb
+++ b/build/translations/electron_strings_bg.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="bg">
  <translation id="2727175239389218057">Отговор</translation>
  <translation id="5300589172476337783">Показване</translation>
 </translationbundle>
--- a/build/translations/electron_strings_bn.xtb
+++ b/build/translations/electron_strings_bn.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="bn">
  <translation id="2727175239389218057">উত্তর দিন</translation>
  <translation id="5300589172476337783">দেখান</translation>
 </translationbundle>
--- a/build/translations/electron_strings_bs.xtb
+++ b/build/translations/electron_strings_bs.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="bs">
  <translation id="2727175239389218057">Odgovori</translation>
  <translation id="5300589172476337783">Prikaži</translation>
 </translationbundle>
--- a/build/translations/electron_strings_ca.xtb
+++ b/build/translations/electron_strings_ca.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="ca">
  <translation id="2727175239389218057">Respon</translation>
  <translation id="5300589172476337783">Mostra</translation>
 </translationbundle>
--- a/build/translations/electron_strings_cs.xtb
+++ b/build/translations/electron_strings_cs.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="cs">
  <translation id="2727175239389218057">Odpovědět</translation>
  <translation id="5300589172476337783">Zobrazit</translation>
 </translationbundle>
--- a/build/translations/electron_strings_cy.xtb
+++ b/build/translations/electron_strings_cy.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="cy">
  <translation id="2727175239389218057">Ateb</translation>
  <translation id="5300589172476337783">Arddangos</translation>
 </translationbundle>
--- a/build/translations/electron_strings_da.xtb
+++ b/build/translations/electron_strings_da.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="da">
  <translation id="2727175239389218057">Svar</translation>
  <translation id="5300589172476337783">Vis</translation>
 </translationbundle>
--- a/build/translations/electron_strings_de.xtb
+++ b/build/translations/electron_strings_de.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="de">
  <translation id="2727175239389218057">Antworten</translation>
  <translation id="5300589172476337783">Anzeigen</translation>
 </translationbundle>
--- a/build/translations/electron_strings_el.xtb
+++ b/build/translations/electron_strings_el.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="el">
  <translation id="2727175239389218057">Απάντηση</translation>
  <translation id="5300589172476337783">Εμφάνιση</translation>
 </translationbundle>
--- a/build/translations/electron_strings_en-GB.xtb
+++ b/build/translations/electron_strings_en-GB.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="en-GB">
  <translation id="2727175239389218057">Reply</translation>
  <translation id="5300589172476337783">Show</translation>
 </translationbundle>
--- a/build/translations/electron_strings_es-419.xtb
+++ b/build/translations/electron_strings_es-419.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="es-419">
  <translation id="2727175239389218057">Responder</translation>
  <translation id="5300589172476337783">Mostrar</translation>
 </translationbundle>
--- a/build/translations/electron_strings_es.xtb
+++ b/build/translations/electron_strings_es.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="es">
  <translation id="2727175239389218057">Responder</translation>
  <translation id="5300589172476337783">Mostrar</translation>
 </translationbundle>
--- a/build/translations/electron_strings_et.xtb
+++ b/build/translations/electron_strings_et.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="et">
  <translation id="2727175239389218057">Vasta</translation>
  <translation id="5300589172476337783">Kuva</translation>
 </translationbundle>
--- a/build/translations/electron_strings_eu.xtb
+++ b/build/translations/electron_strings_eu.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="eu">
  <translation id="2727175239389218057">Erantzun</translation>
  <translation id="5300589172476337783">Erakutsi</translation>
 </translationbundle>
--- a/build/translations/electron_strings_fa.xtb
+++ b/build/translations/electron_strings_fa.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="fa">
  <translation id="2727175239389218057">پاسخ دادن</translation>
  <translation id="5300589172476337783">نمایش</translation>
 </translationbundle>
--- a/build/translations/electron_strings_fi.xtb
+++ b/build/translations/electron_strings_fi.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="fi">
  <translation id="2727175239389218057">Vastaa</translation>
  <translation id="5300589172476337783">Näytä</translation>
 </translationbundle>
--- a/build/translations/electron_strings_fil.xtb
+++ b/build/translations/electron_strings_fil.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="fil">
  <translation id="2727175239389218057">Sumagot</translation>
  <translation id="5300589172476337783">Ipakita</translation>
 </translationbundle>
--- a/build/translations/electron_strings_fr-CA.xtb
+++ b/build/translations/electron_strings_fr-CA.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="fr-CA">
  <translation id="2727175239389218057">Répondre</translation>
  <translation id="5300589172476337783">Afficher</translation>
 </translationbundle>
--- a/build/translations/electron_strings_fr.xtb
+++ b/build/translations/electron_strings_fr.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="fr">
  <translation id="2727175239389218057">Répondre</translation>
  <translation id="5300589172476337783">Afficher</translation>
 </translationbundle>
--- a/build/translations/electron_strings_gl.xtb
+++ b/build/translations/electron_strings_gl.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="gl">
  <translation id="2727175239389218057">Responder</translation>
  <translation id="5300589172476337783">Mostrar</translation>
 </translationbundle>
--- a/build/translations/electron_strings_gu.xtb
+++ b/build/translations/electron_strings_gu.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="gu">
  <translation id="2727175239389218057">જવાબ આપો</translation>
  <translation id="5300589172476337783">બતાવો</translation>
 </translationbundle>
--- a/build/translations/electron_strings_hi.xtb
+++ b/build/translations/electron_strings_hi.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="hi">
  <translation id="2727175239389218057">जवाब दें</translation>
  <translation id="5300589172476337783">दिखाएं</translation>
 </translationbundle>
--- a/build/translations/electron_strings_hr.xtb
+++ b/build/translations/electron_strings_hr.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="hr">
  <translation id="2727175239389218057">Odgovori</translation>
  <translation id="5300589172476337783">Prikaži</translation>
 </translationbundle>
--- a/build/translations/electron_strings_hu.xtb
+++ b/build/translations/electron_strings_hu.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="hu">
  <translation id="2727175239389218057">Válasz</translation>
  <translation id="5300589172476337783">Megjelenítés</translation>
 </translationbundle>
--- a/build/translations/electron_strings_hy.xtb
+++ b/build/translations/electron_strings_hy.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="hy">
  <translation id="2727175239389218057">Պատասխանել</translation>
  <translation id="5300589172476337783">Ցույց տալ</translation>
 </translationbundle>
--- a/build/translations/electron_strings_id.xtb
+++ b/build/translations/electron_strings_id.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="id">
  <translation id="2727175239389218057">Balas</translation>
  <translation id="5300589172476337783">Tampilkan</translation>
 </translationbundle>
--- a/build/translations/electron_strings_is.xtb
+++ b/build/translations/electron_strings_is.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="is">
  <translation id="2727175239389218057">Svara</translation>
  <translation id="5300589172476337783">Sýna</translation>
 </translationbundle>
--- a/build/translations/electron_strings_it.xtb
+++ b/build/translations/electron_strings_it.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="it">
  <translation id="2727175239389218057">Rispondi</translation>
  <translation id="5300589172476337783">Mostra</translation>
 </translationbundle>
--- a/build/translations/electron_strings_iw.xtb
+++ b/build/translations/electron_strings_iw.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="iw">
  <translation id="2727175239389218057">מענה</translation>
  <translation id="5300589172476337783">הצגה</translation>
 </translationbundle>
--- a/build/translations/electron_strings_ja.xtb
+++ b/build/translations/electron_strings_ja.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="ja">
  <translation id="2727175239389218057">返信</translation>
  <translation id="5300589172476337783">表示</translation>
 </translationbundle>
--- a/build/translations/electron_strings_ka.xtb
+++ b/build/translations/electron_strings_ka.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="ka">
  <translation id="2727175239389218057">პასუხი</translation>
  <translation id="5300589172476337783">ჩვენება</translation>
 </translationbundle>
--- a/build/translations/electron_strings_kk.xtb
+++ b/build/translations/electron_strings_kk.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="kk">
  <translation id="2727175239389218057">Жауап беру</translation>
  <translation id="5300589172476337783">Көрсету</translation>
 </translationbundle>
--- a/build/translations/electron_strings_km.xtb
+++ b/build/translations/electron_strings_km.xtb
@@ -1,6 +0,0 @@
 <?xml version="1.0" ?>
 <!DOCTYPE translationbundle>
 <translationbundle lang="km">
  <translation id="2727175239389218057">ឆ្លើយតប</translation>
  <translation id="5300589172476337783">បង្ហាញ</translation>
 </translationbundle>
--- a/Show More
+++ b/Show More