chore: cherry-pick 4cf9311 from v8 (#48951)

In 6399527761 we changed the path strings
that `node_modules.cc` operates on from single-byte to wide strings.
Unfortunately this means that `generic_path()` that the
"fix: ensure TraverseParent bails on resource path exit" patch was
calling was no longer a safe method to call on Windows if the underlying
string has unicode characters in it.

Here we fix it by using `ConvertGenericPathToUTF8` from the Node.js
internal utilities.

.claude/.gitignore

@@ -1 +0,0 @@
-settings.local.json

.claude/settings.json

@@ -1,24 +0,0 @@
-{
-  "permissions": {
-    "allow": [
-      "Bash(e sync)",
-      "Bash(e patches --list-targets:*)",
-      "Bash(git add:*)",
-      "Bash(git am:*)",
-      "Bash(git commit:*)",
-      "Bash(git log:*)",
-      "Bash(git show:*)",
-      "Bash(e patches:*)",
-      "Bash(e sync:*)",
-      "Skill(electron-chromium-upgrade)",
-      "Read(*)",
-      "Bash(echo:*)",
-      "Bash(e build:*)",
-      "Bash(tee:*)",
-      "Bash(git diff:*)",
-      "Bash(git rev-parse:*)"
-    ],
-    "deny": [],
-    "ask": []
-  }
-}

.claude/skills/electron-chromium-upgrade/SKILL.md

@@ -1,181 +0,0 @@
----
-name: electron-chromium-upgrade
-description: Guide for performing Chromium version upgrades in the Electron project. Use when working on the roller/chromium/main branch to fix patch conflicts during `e sync --3`. Covers the patch application workflow, conflict resolution, analyzing upstream Chromium changes, and proper commit formatting for patch fixes.
----
-
-# Electron Chromium Upgrade: Phase One
-
-## Summary
-
-Run `e sync --3` repeatedly, fixing patch conflicts as they arise, until it succeeds. Then export patches and commit changes atomically.
-
-## Success Criteria
-
-Phase One is complete when:
-- `e sync --3` exits with code 0 (no patch failures)
-- All changes are committed per the commit guidelines
-
-Do not stop until these criteria are met.
-
-**CRITICAL** Do not delete or skip patches unless 100% certain the patch is no longer needed. Complicated conflicts or hard to resolve issues should be presented to the user after you have exhausted all other options. Do not delete the patch just because you can't solve it.
-
-## Context
-
-The `roller/chromium/main` branch is created by automation to update Electron's Chromium dependency SHA. No work has been done to handle breaking changes between the old and new versions.
-
-**Key directories:**
-- Current directory: Electron repo (always run `e` commands here)
-- `..` (parent): Chromium repo (where most patches apply)
-- `patches/`: Patch files organized by target
-- `docs/development/patches.md`: Patch system documentation
-
-## Pre-flight Checks
-
-Run these once at the start of each upgrade session:
-
-1. **Clear rerere cache** (if enabled): `git rerere clear` in both the electron and `..` repos. Stale recorded resolutions from a prior attempt can silently apply wrong merges.
-2. **Ensure pre-commit hooks are installed**: Check that `.git/hooks/pre-commit` exists. If not, run `yarn husky` to install it. The hook runs `lint-staged` which handles clang-format for C++ files.
-
-## Workflow
-
-1. Run `e sync --3` (the `--3` flag enables 3-way merge, always required)
-2. If succeeds → skip to step 5
-3. If patch fails:
-   - Identify target repo and patch from error output
-   - Analyze failure (see references/patch-analysis.md)
-   - Fix conflict in target repo's working directory
-   - Run `git am --continue` in affected repo
-   - Repeat until all patches for that repo apply
-   - IMPORTANT: Once `git am --continue` succeeds you MUST run `e patches {target}` to export fixes
-   - Return to step 1
-4. When `e sync --3` succeeds, run `e patches all`
-5. **Read `references/phase-one-commit-guidelines.md` NOW**, then commit changes following those instructions exactly.
-
-## Commands Reference
-
-| Command | Purpose |
-|---------|---------|
-| `e sync --3` | Clone deps and apply patches with 3-way merge |
-| `git am --continue` | Continue after resolving conflict (run in target repo) |
-| `e patches {target}` | Export commits from target repo to patch files |
-| `e patches all` | Export all patches from all targets |
-| `e patches {target} --commit-updates` | Export patches and auto-commit trivial changes |
-| `e patches --list-targets` | List targets and config paths |
-
-## Patch System Mental Model
-
-```
-patches/{target}/*.patch  →  [e sync --3]  →  target repo commits
-                          ←  [e patches]   ←
-```
-
-## When to Edit Patches
-
-| Situation | Action |
-|-----------|--------|
-| During active `git am` conflict | Fix in target repo, then `git am --continue` |
-| Modifying patch outside conflict | Edit `.patch` file directly |
-| Creating new patch (rare, avoid) | Commit in target repo, then `e patches {target}` |
-
-Fix existing patches 99% of the time rather than creating new ones.
-
-## Patch Fixing Rules
-
-1. **Preserve authorship**: Keep original author in TODO comments (from patch `From:` field)
-2. **Never change TODO assignees**: `TODO(name)` must retain original name
-3. **Update descriptions**: If upstream changed (e.g., `DCHECK` → `CHECK_IS_TEST`), update patch commit message to reflect current state
-
-# Electron Chromium Upgrade: Phase Two
-
-## Summary
-
-Run `e build -k 999 -- --quiet` repeatedly, fixing build issues as they arise, until it succeeds. Then run `e start --version` to validate Electron launches and commit changes atomically.
-
-Run Phase Two immediately after Phase One is complete.
-
-## Success Criteria
-
-Phase Two is complete when:
-- `e build -k 999 -- --quiet` exits with code 0 (no build failures)
-- `e start --version` has been run to check Electron launches
-- All changes are committed per the commit guidelines
-
-Do not stop until these criteria are met. Do not delete code or features, never comment out code in order to take short cut. Make all existing code, logic and intention work.
-
-## Context
-
-The `roller/chromium/main` branch is created by automation to update Electron's Chromium dependency SHA. No work has been done to handle breaking changes between the old and new versions. Chromium APIs frequently are renamed or refactored. In every case the code in Electron must be updated to account for the change in Chromium, strongly avoid making changes to the code in chromium to fix Electrons build.
-
-**Key directories:**
-- Current directory: Electron repo (always run `e` commands here)
-- `..` (parent): Chromium repo (do not touch this code to fix build issues, just read it to obtain context)
-
-## Workflow
-
-1. Run `e build -k 999 -- --quiet` (the `--quiet` flag suppresses per-target status lines, showing only errors and the final result)
-2. If succeeds → skip to step 6
-3. If build fails:
-    - Identify underlying file in "electron" from the compilation error message
-    - Analyze failure
-    - Fix build issue by adapting Electron's code for the change in Chromium
-    - Run `e build -t {target_that_failed}.o` to build just the failed target we were specifically fixing
-        - You can identify the target_that_failed from the failure line in the build log. E.g. `FAILED: 2e506007-8d5d-4f38-bdd1-b5cd77999a77 "./obj/electron/chromium_src/chrome/process_singleton_posix.o" CXX obj/electron/chromium_src/chrome/process_singleton_posix.o` the target name is `obj/electron/chromium_src/chrome/process_singleton_posix.o`
-    - **Read `references/phase-two-commit-guidelines.md` NOW**, then commit changes following those instructions exactly.
-    - Return to step 1
-4. **CRITICAL**: After ANY commit (especially patch commits), immediately run `git status` in the electron repo
-    - Look for other modified `.patch` files that only have index/hunk header changes
-    - These are dependent patches affected by your fix
-    - Commit them immediately with: `git commit -am "chore: update patches (trivial only)"`
-5. Return to step 1
-6. When `e build` succeeds, run `e start --version`
-7. Check if you have any pending changes in the Chromium repo by running `git status`
-    - If you have changes follow the instructions below in "A. Patch Fixes" to correctly commit those modifications into the appropriate patch file
-
-## Commands Reference
-
-| Command | Purpose |
-|---------|---------|
-| `e build -k 999 -- --quiet` | Build Electron, continue on errors, suppress status lines |
-| `e build -t {target}.o` | Build just one specific target to verify a fix |
-| `e start --version` | Validate Electron launches after successful build |
-
-## Two Types of Build Fixes
-
-### A. Patch Fixes (for files in chromium_src or patched Chromium files)
-
-When the error is in a file that Electron patches (check with `grep -l "filename" patches/chromium/*.patch`):
-
-1. Edit the file in the Chromium source tree (e.g., `/src/chrome/browser/...`)
-2. Create a fixup commit targeting the original patch commit:
-    ```bash
-    cd ..  # to chromium repo
-    git add <modified-file>
-    git commit --fixup=<original-patch-commit-hash>
-    GIT_SEQUENCE_EDITOR=: git rebase --autosquash --autostash -i <commit>^
-    ```
-3. Export the updated patch: `e patches chromium`
-4. Commit the updated patch file following `references/phase-one-commit-guidelines.md`.
-
-To find the original patch commit to fixup: `git log --oneline | grep -i "keyword from patch name"`
-
-The base commit for rebase is the Chromium commit before patches were applied. Find it by checking the `refs/patches/upstream-head` ref.
-
-### B. Electron Code Fixes (for files in shell/, electron/, etc.)
-
-When the error is in Electron's own source code:
-
-1. Edit files directly in the electron repo
-2. Commit directly (no patch export needed)
-
-# Critical: Read Before Committing
-
-- Before ANY Phase One commits: Read `references/phase-one-commit-guidelines.md`
-- Before ANY Phase Two commits: Read `references/phase-two-commit-guidelines.md`
-
-# Skill Directory Structure
-This skill has additional reference files in `references/`:
-- patch-analysis.md - How to analyze patch failures
-- phase-one-commit-guidelines.md - Commit format for Phase One
-- phase-two-commit-guidelines.md - Commit format for Phase Two
-
-Read these when referenced in the workflow steps.

.claude/skills/electron-chromium-upgrade/references/patch-analysis.md

@@ -1,119 +0,0 @@
-# Analyzing Patch Failures
-
-## Investigation Steps
-
-1. **Read the patch file** at `patches/{target}/{patch_name}.patch`
-
-2. **Examine current state** of the file in Chromium at mentioned line numbers
-
-3. **Check recent upstream changes:**
-   ```bash
-   cd ..  # or relevant target repo
-   git log --oneline -10 -- {file}
-   ```
-
-4. **Find Chromium CL** in commit messages:
-   ```
-   Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/{CL_NUMBER}
-   ```
-
-## Critical: Resolve by Intent, Not by Mechanical Merge
-
-When resolving a patch conflict, do NOT blindly preserve the patch's old code. Instead:
-
-1. **Understand the upstream CL's full scope** — not just the conflicting hunk.
-   Run `git show <commit> --stat` and read diffs for all affected files.
-   Upstream may have removed structs, members, or methods that the patch
-   references in other hunks or files.
-
-2. **Re-read the patch commit message** to understand its *intent* — what
-   behavior does it need to preserve or add?
-
-3. **Implement the intent against the new upstream code.** If the patch's
-   purpose is "add a feature flag guard", add only the guard — don't also
-   restore old code inside the guard that upstream separately removed.
-
-### Lesson: Upstream Removals Break Patch References
-
-- **Trigger:** Patch conflict involves an upstream refactor (not just context drift)
-- **Strategy:** After identifying the upstream CL, check its full diff for
-  removed types, members, and methods. If the patch's old code references
-  something removed, the resolution must use the new upstream mechanism.
-- **Evidence:** An upstream CL removed a `HeadlessModeWindow` struct from a
-  header, but the conflict was only in a `.mm` file. Mechanically keeping the
-  patch's old line (`headless_mode_window_ = ...`) produced code referencing
-  a nonexistent type — caught only on review, not at patch-apply time.
-
-### Lesson: Separate Patch Purpose from Patch Implementation
-
-- **Trigger:** Conflict between "upstream simplified code" vs "patch has older code"
-- **Strategy:** Identify the *minimal* change the patch needs. If the patch
-  wraps code in a conditional, only add the conditional — don't restore old
-  code that was inside the conditional but was separately cleaned up upstream.
-- **Evidence:** An occlusion patch needed only a feature flag check, but the
-  old patch also contained a version check that upstream intentionally removed.
-  Mechanically preserving the old patch code re-added the removed check.
-
-### Lesson: Finish the Adaptation at Conflict Time
-
-- **Trigger:** A patch conflict involves an upstream API removal or replacement
-- **Strategy:** When resolving the conflict, fully adapt the patch to use the
-  new API in the same commit. Don't remove the old code and leave behind stale
-  references that will "be fixed in Phase Two." Each patch fix commit should be
-  a complete resolution.
-- **Evidence:** A safestorage patch conflicted because Chromium removed Keychain V1.
-  The conflict was resolved by removing V1 hunks, but the remaining code still
-  called V1 methods (`FindGenericPassword` with 3 args, `ItemDelete` with
-  `SecKeychainItemRef`). These should have been adapted to V2 APIs in the same
-  commit, not deferred.
-
-## Common Failure Patterns
-
-| Pattern | Cause | Solution |
-|---------|-------|----------|
-| Context lines don't match | Surrounding code changed | Update context in patch |
-| File not found | File renamed/moved | Update patch target path |
-| Function not found | Refactored upstream | Find new function name |
-| `DCHECK` → `CHECK_IS_TEST` | Macro change | Update to new macro |
-| Deleted code | Feature removed | Verify patch still needed |
-
-## Using Git Blame
-
-To find the CL that changed specific lines:
-
-```bash
-cd ..
-git blame -L {start},{end} -- {file}
-git log -1 {commit_sha}  # Look for Reviewed-on: line
-```
-
-## Verifying Patch Necessity
-
-Before deleting a patch, verify:
-1. The patched functionality was intentionally removed upstream
-2. Electron doesn't need the patch for other reasons
-3. No other code depends on the patched behavior
-
-When in doubt, keep the patch and adapt it.
-
-## Phase Two: Build-Time Patch Issues
-
-Sometimes patches that applied successfully in Phase One cause build errors in Phase Two. This can happen when:
-
-1. **Incomplete types**: A patch disables a header include, but new upstream code uses the type
-2. **Missing members**: A patch modifies a class, but upstream added new code referencing the original
-
-### Finding Which Patch Affects a File
-
-```bash
-grep -l "filename.cc" patches/chromium/*.patch
-```
-
-Matching Existing Patch Patterns
-
-When fixing build errors in patched files, examine the existing patch to understand its style:
-- Does it use #if 0 / #endif guards?
-- Does it use #if BUILDFLAG(...) conditionals?
-- What's the pattern for disabled functionality?
-
-Apply fixes consistent with the existing patch style.

.claude/skills/electron-chromium-upgrade/references/phase-one-commit-guidelines.md

@@ -1,102 +0,0 @@
-# Phase One Commit Guidelines
-
-Only follow these instructions if there are uncommitted changes to `patches/` after Phase One succeeds.
-
-Ignore other instructions about making commit messages, our guidelines are CRITICALLY IMPORTANT and must be followed.
-
-## Each Commit Must Be Complete
-
-When resolving a patch conflict, fully adapt the patch to the new upstream code in the same commit. If the upstream change removes an API the patch uses, update the patch to use the replacement API now — don't leave stale references knowing they'll need fixing later. The goal is that each commit represents a finished resolution, not a partial one that defers known work to a future phase.
-
-## Commit Message Style
-
-**Titles** follow the 60/80-character guideline: simple changes fit within 60 characters, otherwise the limit is 80 characters.
-
-Always include a `Co-Authored-By` trailer identifying the AI model that assisted (e.g., `Co-Authored-By: <AI model attribution>`).
-
-### Patch conflict fixes
-
-Use `fix(patch):` prefix. The title should name the upstream change, not your response to it:
-
-```
-fix(patch): {topic headline}
-
-Ref: {Chromium CL link}
-
-Co-Authored-By: <AI model attribution>
-```
-
-Only add a description body if it provides clarity beyond the title. For straightforward context drift or simple API renames, the title + Ref is sufficient.
-
-Examples:
-- `fix(patch): constant moved to header`
-- `fix(patch): headless mode refactor upstream`
-- `fix(patch): V1 Keychain removal`
-
-### Upstreamed patch removal
-
-When patches are no longer needed (applied cleanly with "already applied" or confirmed upstreamed), group ALL removals into a single commit:
-
-```
-chore: remove upstreamed patch
-```
-
-or (if multiple):
-
-```
-chore: remove upstreamed patches
-```
-
-If the patch file did NOT contain a `Reviewed-on: https://chromium-review.googlesource.com/c/chromium/...` link, add a `Ref:` in the commit. If it did (i.e. cherry-picks), no `Ref:` is needed.
-
-### Trivial patch updates
-
-After all fix commits, stage remaining trivial changes (index, line numbers, context only):
-
-```bash
-git add patches
-git commit -m "chore: update patches (trivial only)"
-```
-
-**Conflict resolution can produce trivial results.** A `git am` conflict doesn't always mean the patch content changed — context drift alone can cause a conflict. After resolving and exporting, inspect the patch diff: if only index hashes, line numbers, and context lines changed (not the patch's own `+`/`-` lines), it's trivial and belongs here, not in a `fix(patch):` commit.
-
-## Atomic Commits
-
-Each patch conflict fix gets its own commit with its own Ref.
-
-IMPORTANT: Try really hard to find the CL reference per the instructions below. Each change you made should in theory have been in response to a change made in Chromium that you identified or can identify. Try for a while to identify and include the ref in the commit message. Do not give up easily.
-
-## Finding CL References
-
-Use `git log` or `git blame` on Chromium source files. Look for:
-
-```
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/XXXXXXX
-```
-
-If no CL found after searching: `Ref: Unable to locate CL`
-
-## Example Commits
-
-### Patch conflict fix (simple — title is sufficient)
-
-```
-fix(patch): constant moved to header
-
-Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7536483
-
-Co-Authored-By: <AI model attribution>
-```
-
-### Patch conflict fix (complex — description adds value)
-
-```
-fix(patch): V1 Keychain removal
-
-Upstream deleted the V1 Keychain API. Removed V1 hunks and adapted
-keychain_password_mac.mm to use KeychainV2 APIs.
-
-Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7540447
-
-Co-Authored-By: <AI model attribution>
-```

.claude/skills/electron-chromium-upgrade/references/phase-two-commit-guidelines.md

@@ -1,84 +0,0 @@
-# Phase Two Commit Guidelines
-
-Only follow these instructions if there are uncommitted changes in the Electron repo after any fixes are made during Phase Two that result a target that was failing, successfully building.
-
-Ignore other instructions about making commit messages, our guidelines are CRITICALLY IMPORTANT and must be followed.
-
-## Commit Message Style
-
-**Titles** follow the 60/80-character guideline: simple changes fit within 60 characters, otherwise the limit is 80 characters. Exception: upstream Chromium CL titles are used verbatim even if longer.
-
-Always include a `Co-Authored-By` trailer identifying the AI model that assisted (e.g., `Co-Authored-By: <AI model attribution>`).
-
-## Two Commit Types
-
-### For Electron Source Changes (shell/, electron/, etc.)
-
-```
-{CL-Number}: {upstream CL's original title}
-
-Ref: {Chromium CL link}
-
-Co-Authored-By: <AI model attribution>
-```
-
-Use the **upstream CL's original commit title** — do not paraphrase or rewrite it. To find it: `git log -1 --format=%s <chromium-commit-hash>`.
-
-Only add a description body if it provides clarity beyond what the title already says (e.g., when Electron's adaptation is non-obvious). For simple renames, method additions, or straightforward API updates, the title + Ref link is sufficient.
-
-Each change should have its own commit and its own Ref. Logically group into commits that make sense rather than one giant commit. You may include multiple "Ref" links if required.
-
-For a CL link in the format `https://chromium-review.googlesource.com/c/chromium/src/+/2958369` the "CL-Number" is `2958369`.
-
-IMPORTANT: Try really hard to find the CL reference. Each change you made should in theory have been in response to a change in Chromium. Do not give up easily.
-
-### For Patch Updates (patches/chromium/*.patch)
-
-Use the same fixup workflow as Phase One and follow `references/phase-one-commit-guidelines.md` for the commit message format (`fix(patch):` prefix, topic style).
-
-## Dependent Patch Header Updates
-
-After any patch modification, check for other affected patches:
-
-```bash
-git status
-# If other .patch files show as modified with only index, line number, and context changes:
-git add patches/
-git commit -m "chore: update patches (trivial only)"
-```
-
-## Finding CL References
-
-Use git log or git blame on Chromium source files. Look for:
-
-```
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/XXXXXXX
-```
-
-If no CL found after searching: `Ref: Unable to locate CL`
-
-## Example Commits
-
-### Electron Source Fix (simple — title is self-explanatory)
-
-```
-7535923: Rename ozone buildflags
-
-Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7535923
-
-Co-Authored-By: <AI model attribution>
-```
-
-### Electron Source Fix (complex — description adds value)
-
-```
-7534194: Convert some functions in ui::Clipboard to async
-
-Adapted ExtractCustomPlatformNames calls to use RunLoop pattern
-consistent with existing ReadImage implementation, since upstream
-converted the API from synchronous return to callback-based.
-
-Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7534194
-
-Co-Authored-By: <AI model attribution>
-```

.devcontainer/docker-compose.yml

@@ -2,7 +2,7 @@ version: '3'
 
 services:
   buildtools:
-    image: ghcr.io/electron/devcontainer:eac3529546ea8f3aa356d31e345715eef342233b
+    image: ghcr.io/electron/devcontainer:933c7d6ff6802706875270bec2e3c891cf8add3f
 
     volumes:
       - ..:/workspaces/gclient/src/electron:cached

.devcontainer/on-create-command.sh

@@ -48,8 +48,7 @@ if [ ! -f $buildtools/configs/evm.testing.json ]; then
             \"gen\": {
                 \"args\": [
                     \"import(\\\"//electron/build/args/testing.gn\\\")\",
-                    \"use_remoteexec = true\",
-                    \"use_siso=true\"
+                    \"use_remoteexec = true\"
                 ],
                 \"out\": \"Testing\"
             },
@@ -59,7 +58,7 @@ if [ ! -f $buildtools/configs/evm.testing.json ]; then
             },
             \"\$schema\": \"file:///home/builduser/.electron_build_tools/evm-config.schema.json\",
             \"configValidationLevel\": \"strict\",
-            \"remoteBuild\": \"siso\",
+            \"remoteBuild\": \"reclient\",
             \"preserveSDK\": 5
         }
     " >$buildtools/configs/evm.testing.json

.github/PULL_REQUEST_TEMPLATE.md

@@ -10,8 +10,7 @@ Contributors guide: https://github.com/electron/electron/blob/main/CONTRIBUTING.
 #### Checklist
 <!-- Remove items that do not apply. For completed items, change [ ] to [x]. -->
 
-- [ ] PR description included
-- [ ] I have built and tested this PR
+- [ ] PR description included and stakeholders cc'd
 - [ ] `npm test` passes
 - [ ] tests are [changed or added](https://github.com/electron/electron/blob/main/docs/development/testing.md)
 - [ ] relevant API documentation, tutorials, and examples are updated and follow the [documentation style guide](https://github.com/electron/electron/blob/main/docs/development/style-guide.md)

.github/actions/build-electron/action.yml

@@ -26,9 +26,6 @@ inputs:
   is-asan:
     description: 'The ASan Linux build'
     required: false
-  upload-out-gen-artifacts:
-    description: 'Whether to upload the out/${dir}/gen artifacts'
-    required: false
 runs:
   using: "composite"
   steps:
@@ -48,7 +45,6 @@ runs:
       shell: bash
       run: echo "::add-matcher::src/electron/.github/problem-matchers/clang.json"
     - name: Build Electron ${{ inputs.step-suffix }}
-      if: ${{ inputs.target-platform != 'win' }}
       shell: bash
       run: |
         rm -rf "src/out/Default/Electron Framework.framework"
@@ -74,37 +70,10 @@ runs:
 
         # Upload build stats to Datadog
         if ! [ -z $DD_API_KEY ]; then
-          npx node electron/script/build-stats.mjs out/Default/siso.INFO --upload-stats || true          
+          npx node electron/script/build-stats.mjs out/Default/siso.INFO --upload-stats || true
         else
           echo "Skipping build-stats.mjs upload because DD_API_KEY is not set"
         fi
-    - name: Build Electron (Windows) ${{ inputs.step-suffix }}
-      if: ${{ inputs.target-platform == 'win' }}
-      shell: powershell
-      run: |
-        cd src\electron
-        git pack-refs
-        cd ..
-
-        $env:NINJA_SUMMARIZE_BUILD = 1
-        if ("${{ inputs.is-release }}" -eq "true") {          
-          e build --target electron:release_build
-        } else {
-          e build --target electron:testing_build
-        }
-        Copy-Item out\Default\.ninja_log out\electron_ninja_log
-        node electron\script\check-symlinks.js
-
-        # Upload build stats to Datadog
-        if ($env:DD_API_KEY) {
-          try {
-            npx node electron\script\build-stats.mjs out\Default\siso.exe.INFO --upload-stats ; $LASTEXITCODE = 0
-          } catch {
-            Write-Host "Build stats upload failed, continuing..."
-          }
-        } else {
-          Write-Host "Skipping build-stats.mjs upload because DD_API_KEY is not set"
-        }
     - name: Verify dist.zip ${{ inputs.step-suffix }}
       shell: bash
       run: |
@@ -215,11 +184,10 @@ runs:
       shell: bash
       run: |
         cd src/electron
-        node script/yarn.js create-typescript-definitions
+        node script/yarn create-typescript-definitions
     - name: Publish Electron Dist ${{ inputs.step-suffix }}
       if: ${{ inputs.is-release == 'true' }}
       shell: bash
-      id: github-upload
       run: |
         rm -rf src/out/Default/obj
         cd src/electron
@@ -230,11 +198,6 @@ runs:
           echo 'Uploading Electron release distribution to GitHub releases'
           script/release/uploaders/upload.py --verbose
         fi
-    - name: Generate artifact attestation
-      if: ${{ inputs.is-release == 'true' }}
-      uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0
-      with:
-        subject-path: ${{ steps.github-upload.outputs.UPLOADED_PATHS }}
     - name: Generate siso report
       if: ${{ inputs.target-platform != 'win' && !cancelled() }}
       shell: bash
@@ -283,9 +246,3 @@ runs:
       with:
         name: src_artifacts_${{ env.ARTIFACT_KEY }}
         path: ./src_artifacts_${{ inputs.artifact-platform }}_${{ inputs.target-arch }}
-    - name: Upload Out Gen Artifacts ${{ inputs.step-suffix }}
-      if: ${{ inputs.upload-out-gen-artifacts == 'true' }}
-      uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
-      with:
-        name: out_gen_artifacts_${{ env.ARTIFACT_KEY }}
-        path: ./src/out/Default/gen

.github/actions/checkout/action.yml

@@ -143,17 +143,16 @@ runs:
           echo "No changes to patches detected"
         fi
       fi
-  - name: Remove patch conflict problem matchers
+  - name: Remove patch conflict problem matcher
     shell: bash
     run: |
       echo "::remove-matcher owner=merge-conflict::"
       echo "::remove-matcher owner=patch-conflict::"
-      echo "::remove-matcher owner=patch-needs-update::"
   - name: Upload patches stats
     if: ${{ inputs.target-platform == 'linux' && github.ref == 'refs/heads/main' }}
     shell: bash
     run: |
-      node src/electron/script/patches-stats.mjs --upload-stats || true
+      npx node src/electron/script/patches-stats.mjs --upload-stats || true
   # delete all .git directories under src/ except for
   # third_party/angle/ and third_party/dawn/ because of build time generation of files
   # gen/angle/commit.h depends on third_party/angle/.git/HEAD

.github/actions/fix-sync/action.yml

@@ -37,22 +37,6 @@ runs:
         installation-dir: third_party/esbuild
         target-platform: ${{ inputs.target-platform }}
         package: infra/3pp/tools/esbuild/${platform}
-    - name: Fix rollup
-      if: ${{ inputs.target-platform != 'linux' }}
-      uses: ./src/electron/.github/actions/cipd-install
-      with:
-        cipd-root-prefix-path: src/third_party/devtools-frontend/src/
-        dependency: rollup_libs
-        deps-file: src/third_party/devtools-frontend/src/DEPS
-        installation-dir: third_party/rollup_libs
-        target-platform: ${{ inputs.target-platform }}
-        package: infra/3pp/tools/rollup_libs/${platform}
-    - name: Sync native rollup libs
-      if: ${{ inputs.target-platform != 'linux' }}
-      shell: bash
-      run : |
-        cd src/third_party/devtools-frontend/src
-        python3 scripts/deps/sync_rollup_libs.py
     - name: Fix rustc
       if: ${{ inputs.target-platform != 'linux' }}
       shell: bash

.github/actions/free-space-macos/action.yml

@@ -64,26 +64,15 @@ runs:
         sudo rm -rf /Applications/Xcode_16.1.app
         sudo rm -rf /Applications/Xcode_16.2.app
         sudo rm -rf /Applications/Xcode_16.3.app
-        sudo rm -rf /Applications/Xcode_26*
         sudo rm -rf /Applications/Google Chrome.app
         sudo rm -rf /Applications/Google Chrome for Testing.app
-        sudo rm -rf /Applications/Firefox.app
-        sudo rm -rf /Applications/Microsoft Edge.app
+        sudo rm -rf	/Applications/Firefox.app
         sudo rm -rf ~/project/src/third_party/catapult/tracing/test_data
         sudo rm -rf ~/project/src/third_party/angle/third_party/VK-GL-CTS
         sudo rm -rf /Users/runner/Library/Android
         sudo rm -rf $JAVA_HOME_11_arm64
         sudo rm -rf $JAVA_HOME_17_arm64
         sudo rm -rf $JAVA_HOME_21_arm64
-        sudo rm -rf $JAVA_HOME_25_arm64
-        sudo rm -rf /Users/runner/.dotnet/
-        sudo rm -rf /Users/runner/.rustup
-
-        # remove homebrew packages we don't need
-        if command -v brew &> /dev/null; then
-          brew uninstall -f --zap aws-sam-cli session-manager-plugin gcc gcc@13 gcc@14 llvm@18 gradle maven ant azure-cli
-          brew autoremove
-        fi
 
         # lipo off some huge binaries arm64 versions to save space
         strip_universal_deep $(xcode-select -p)/../SharedFrameworks

.github/actions/generate-types/action.yml

@@ -13,16 +13,12 @@ runs:
   - name: Generating Types for SHA in ${{ inputs.sha-file }}
     shell: bash
     run: |
-      export ELECTRON_DIR=$(pwd)
-      if [ "${{ inputs.sha-file }}" == ".dig-old" ]; then
-        cd /tmp
-        git clone https://github.com/electron/electron.git
-        cd electron
-      fi
-      git checkout $(cat $ELECTRON_DIR/${{ inputs.sha-file }})
-      node script/yarn.js install --immutable
+      git checkout $(cat ${{ inputs.sha-file }})
+      rm -rf node_modules
+      yarn install --frozen-lockfile --ignore-scripts
       echo "#!/usr/bin/env node\nglobal.x=1" > node_modules/typescript/bin/tsc
       node node_modules/.bin/electron-docs-parser --dir=./ --outDir=./ --moduleVersion=0.0.0-development
       node node_modules/.bin/electron-typescript-definitions --api=electron-api.json --outDir=artifacts
-      mv artifacts/electron.d.ts $ELECTRON_DIR/artifacts/${{ inputs.filename }}
+      mv artifacts/electron.d.ts artifacts/${{ inputs.filename }}
+      git checkout .
     working-directory: ./electron

.github/actions/install-build-tools/action.yml

@@ -15,7 +15,7 @@ runs:
         git config --global core.preloadindex true
         git config --global core.longpaths true
       fi
-      export BUILD_TOOLS_SHA=a0cc95a1884a631559bcca0c948465b725d9295a
+      export BUILD_TOOLS_SHA=a5d9f9052dcc36ee88bef5c8b13acbefd87b7d8d
       npm i -g @electron/build-tools
       # Update depot_tools to ensure python
       e d update_depot_tools

.github/actions/install-dependencies/action.yml

@@ -6,7 +6,7 @@ runs:
   - name: Get yarn cache directory path
     shell: bash
     id: yarn-cache-dir-path
-    run: echo "dir=$(node src/electron/script/yarn.js config get cacheFolder)" >> $GITHUB_OUTPUT
+    run: echo "dir=$(node src/electron/script/yarn cache dir)" >> $GITHUB_OUTPUT
   - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
     id: yarn-cache
     with:
@@ -18,14 +18,4 @@ runs:
     shell: bash
     run: |
       cd src/electron
-      if [ "$TARGET_ARCH" = "x86" ]; then
-        export npm_config_arch="ia32"
-      fi
-      # if running on linux arm skip yarn Builds
-      ARCH=$(uname -m)
-      if [ "$ARCH" = "armv7l" ]; then
-        echo "Skipping yarn build on linux arm"
-        node script/yarn.js install --immutable --mode=skip-build
-      else
-        node script/yarn.js install --immutable
-      fi
+      node script/yarn install --frozen-lockfile --prefer-offline

.github/copilot-instructions.md

@@ -1,122 +0,0 @@
-# Copilot Instructions for Electron
-
-## Build System
-
-Electron uses `@electron/build-tools` (`e` CLI). Install with `npm i -g @electron/build-tools`.
-
-```bash
-e sync              # Fetch sources and apply patches
-e build             # Build Electron (GN + Ninja)
-e build -k 999      # Build, continuing through errors
-e start             # Run built Electron
-e start --version   # Verify Electron launches
-e test              # Run full test suite
-e debug             # Run in debugger (lldb on macOS, gdb on Linux)
-```
-
-### Linting
-
-```bash
-npm run lint              # Run all linters (JS, C++, Python, GN, docs)
-npm run lint:js           # JavaScript/TypeScript only
-npm run lint:clang-format # C++ formatting only
-npm run lint:cpp          # C++ linting only
-npm run lint:docs         # Documentation only
-```
-
-### Running a Single Test
-
-```bash
-npm run test -- -g "pattern"   # Run tests matching a regex pattern
-# Example: npm run test -- -g "ipc"
-```
-
-### Running a Single Node.js Test
-
-```bash
-node script/node-spec-runner.js parallel/test-crypto-keygen
-```
-
-## Architecture
-
-Electron embeds Chromium (rendering) and Node.js (backend) to enable desktop apps with web technologies. The parent directory (`../`) is the Chromium source tree.
-
-### Process Model
-
-Electron has two primary process types, mirroring Chromium:
-
-- **Main process** (`shell/browser/` + `lib/browser/`): Controls app lifecycle, creates windows, system APIs
-- **Renderer process** (`shell/renderer/` + `lib/renderer/`): Runs web content in BrowserWindows
-
-### Native ↔ JavaScript Bridge
-
-Each API is implemented as a C++/JS pair:
-
-- C++ side: `shell/browser/api/electron_api_{name}.cc/.h` — uses `gin::Wrappable` and `ObjectTemplateBuilder`
-- JS side: `lib/browser/api/{name}.ts` — exports the module, registered in `lib/browser/api/module-list.ts`
-- Binding: `NODE_LINKED_BINDING_CONTEXT_AWARE(electron_browser_{name}, Initialize)` in C++ and registered in `shell/common/node_bindings.cc`
-- Type declaration: `typings/internal-ambient.d.ts` maps `process._linkedBinding('electron_browser_{name}')`
-
-### Patches System
-
-Electron patches upstream dependencies (Chromium, Node.js, V8, etc.) rather than forking them. Patches live in `patches/` organized by target, with `patches/config.json` mapping directories to repos.
-
-```text
-patches/{target}/*.patch  →  [e sync]   →  target repo commits
-                          ←  [e patches] ←
-```
-
-Key rules:
-
-- Fix existing patches rather than creating new ones
-- Preserve original authorship in TODO comments — never change `TODO(name)` assignees
-- Each patch commit message must explain why the patch exists
-- After modifying patches, run `e patches {target}` to export
-
-When working on the `roller/chromium/main` branch for Chromium upgrades, use `e sync --3` for 3-way merge conflict resolution.
-
-## Conventions
-
-### File Naming
-
-- JS/TS files: kebab-case (`file-name.ts`)
-- C++ files: snake_case with `electron_api_` prefix (`electron_api_safe_storage.cc`)
-- Test files: `api-{module-name}-spec.ts` in `spec/`
-- Source file lists are maintained in `filenames.gni` (with platform-specific sections)
-
-### JavaScript/TypeScript
-
-- Semicolons required (`"semi": ["error", "always"]`)
-- `const` and `let` only (no `var`)
-- Arrow functions preferred
-- Import order enforced: `@electron/internal` → `@electron` → `electron` → external → builtin → relative
-- API naming: `PascalCase` for classes (`BrowserWindow`), `camelCase` for module APIs (`globalShortcut`)
-- Prefer getters/setters over jQuery-style `.text([text])` patterns
-
-### C++
-
-- Follows Chromium coding style, enforced by `clang-format` and `clang-tidy`
-- Uses Chromium abstractions (`base::`, `content::`, etc.)
-- Header guards: `#ifndef ELECTRON_SHELL_BROWSER_API_ELECTRON_API_{NAME}_H_`
-- Platform-specific files: `_mac.mm`, `_win.cc`, `_linux.cc`
-
-### Testing
-
-- Framework: Mocha + Chai + Sinon
-- Test helpers in `spec/lib/` (e.g., `spec-helpers.ts`, `window-helpers.ts`)
-- Use `defer()` from spec-helpers for cleanup, `closeAllWindows()` for window teardown
-- Tests import from `electron/main` or `electron/renderer`
-
-### Documentation
-
-- API docs in `docs/api/` as Markdown, parsed by `@electron/docs-parser` to generate `electron.d.ts`
-- API history tracked via YAML blocks in HTML comments within doc files
-- Docs must pass `npm run lint:docs`
-
-### Build Configuration
-
-- `BUILD.gn`: Main GN build config
-- `buildflags/buildflags.gni`: Feature flags (PDF viewer, extensions, spellchecker)
-- `build/args/`: Build argument profiles (`testing.gn`, `release.gn`, `all.gn`)
-- `DEPS`: Dependency versions and checkout paths
-- `chromium_src/`: Chromium source file overrides (compiled instead of originals)

.github/problem-matchers/markdownlint.json

@@ -1,16 +0,0 @@
-{
-  "problemMatcher": [
-    {
-      "owner": "markdownlint",
-      "pattern": [
-        {
-          "regexp": "^(.+):(\\d+):(\\d+)\\s+(.*)$",
-          "file": 1,
-          "line": 2,
-          "column": 3,
-          "message": 4
-        }
-      ]
-    }
-  ]
-}

.github/problem-matchers/patch-conflict.json

@@ -19,16 +19,6 @@
           "line": 3
         }
       ]
-    },
-    {
-      "owner": "patch-needs-update",
-      "pattern": [
-        {
-          "regexp": "^((patches\/.*): needs update)$",
-          "message": 1,
-          "file": 2
-        }
-      ]
     }
   ]
 }

.github/workflows/apply-patches.yml

@@ -1,73 +0,0 @@
-name: Apply Patches
-
-on:
-  pull_request:
-
-permissions: {}
-
-concurrency:
-  group: apply-patches-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  setup:
-    if: github.repository == 'electron/electron'
-    runs-on: ubuntu-slim
-    permissions:
-      contents: read
-      pull-requests: read
-    outputs:
-      has-patches: ${{ steps.filter.outputs.patches }}
-    steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-      with:
-        persist-credentials: false
-        ref: ${{ github.event.pull_request.head.sha }}
-    # Use dorny/paths-filter instead of the path filter under the on: pull_request: block
-    # so that the output can be used to conditionally run the apply-patches job, which lets
-    # the job be marked as a required status check (conditional skip counts as a success).
-    - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
-      id: filter
-      with:
-        filters: |
-          patches:
-            - DEPS
-            - 'patches/**'
-
-  apply-patches:
-    needs: setup
-    if: ${{ needs.setup.outputs.has-patches == 'true' }}
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
-    container:
-      image: ghcr.io/electron/build:eac3529546ea8f3aa356d31e345715eef342233b
-      options: --user root
-      volumes:
-        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
-        - /var/run/sas:/var/run/sas
-    env:
-      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
-      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True'
-    steps:
-    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-      with:
-        path: src/electron
-        fetch-depth: 0
-        persist-credentials: false
-        ref: ${{ github.event.pull_request.base.ref }}
-    - name: Merge PR HEAD
-      working-directory: src/electron
-      env:
-        PR_NUMBER: ${{ github.event.pull_request.number }}
-      run: |
-        git config user.email "electron@github.com"
-        git config user.name "Electron Bot"
-        git fetch origin refs/pull/${PR_NUMBER}/head
-        git merge --squash FETCH_HEAD
-        git commit -n -m "Squashed commits"
-    - name: Checkout & Sync & Save
-      uses: ./src/electron/.github/actions/checkout
-      with:
-        target-platform: linux

.github/workflows/archaeologist-dig.yml

@@ -3,23 +3,19 @@ name: Archaeologist
 on:
   pull_request:
 
-permissions: {}
-
 jobs:
    archaeologist-dig:
     name: Archaeologist Dig
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     steps:
       - name: Checkout Electron
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.0.2
         with:
           fetch-depth: 0
       - name: Setup Node.js/npm
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
         with:
-          node-version: 24.12.x
+          node-version: 20.19.x
       - name: Setting Up Dig Site
         run: |
           echo "remote: ${{ github.event.pull_request.head.repo.clone_url }}"
@@ -45,7 +41,7 @@ jobs:
           sha-file: .dig-old
           filename: electron.old.d.ts
       - name: Upload artifacts
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f #v6.0.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2
         with:
           name: artifacts
           path: electron/artifacts

.github/workflows/audit-branch-ci.yml

@@ -11,31 +11,20 @@ permissions: {}
 jobs:
   audit_branch_ci:
     name: Audit CI on Branches
-    if: github.repository == 'electron/electron'
     runs-on: ubuntu-latest
     permissions:
       contents: read
     steps:
       - name: Setup Node.js
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version: 22.17.x
-      - name: Sparse checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          sparse-checkout: |
-            .
-            .github
-            .yarn
-      - run: yarn workspaces focus @electron/gha-workflows
-      - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+      - run: npm install @actions/cache@4.0.3 @electron/fiddle-core@2.0.1
+      - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         id: audit-errors
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
-            const { chdir } = require('node:process');
-            chdir('${{ github.workspace }}/.github/workflows');
-
             const cache = require('@actions/cache');
             const { ElectronVersions } = require('@electron/fiddle-core');
 
@@ -84,8 +73,6 @@ jobs:
                       annotation_level === "failure" &&
                       !message.startsWith("Process completed with exit code") &&
                       !message.startsWith("Response status code does not indicate success") &&
-                      !message.startsWith("The hosted runner lost communication with the server") &&
-                      !message.startsWith("Dependabot encountered an error performing the update") &&
                       !/Unable to make request/.test(message) &&
                       !/The requested URL returned error/.test(message),
                   )

.github/workflows/branch-created.yml

@@ -14,7 +14,7 @@ permissions: {}
 jobs:
   release-branch-created:
     name: Release Branch Created
-    if: ${{ github.repository == 'electron/electron' && (github.event_name == 'workflow_dispatch' || (github.event.ref_type == 'branch' && endsWith(github.event.ref, '-x-y') && !startsWith(github.event.ref, 'roller'))) }}
+    if: ${{ github.event_name == 'workflow_dispatch' || (github.event.ref_type == 'branch' && endsWith(github.event.ref, '-x-y') && !startsWith(github.event.ref, 'roller')) }}
     permissions:
       contents: read
       pull-requests: write
@@ -68,14 +68,14 @@ jobs:
           done
       - name: Generate GitHub App token
         if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.RELEASE_BOARD_GH_APP_CREDS }}
           org: electron
       - name: Generate Release Project Board Metadata
         if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         id: generate-project-metadata
         with:
           script: |

.github/workflows/build-git-cache.yml

@@ -6,16 +6,11 @@ on:
   schedule:
     - cron: "0 0 * * *"
 
-permissions: {}
-
 jobs:
   build-git-cache-linux:
-    if: github.repository == 'electron/electron'
     runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
     container:
-      image: ghcr.io/electron/build:eac3529546ea8f3aa356d31e345715eef342233b
+      image: ghcr.io/electron/build:bc2f48b2415a670de18d13605b1cf0eb5fdbaae1
       options: --user root
       volumes:
         - /mnt/cross-instance-cache:/mnt/cross-instance-cache
@@ -24,7 +19,7 @@ jobs:
       GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True'
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
       with:
         path: src/electron
         fetch-depth: 0
@@ -34,12 +29,9 @@ jobs:
         target-platform: linux
 
   build-git-cache-windows:
-    if: github.repository == 'electron/electron'
     runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
     container:
-      image: ghcr.io/electron/build:eac3529546ea8f3aa356d31e345715eef342233b
+      image: ghcr.io/electron/build:bc2f48b2415a670de18d13605b1cf0eb5fdbaae1
       options: --user root --device /dev/fuse --cap-add SYS_ADMIN
       volumes:
         - /mnt/win-cache:/mnt/win-cache
@@ -49,7 +41,7 @@ jobs:
       TARGET_OS: 'win'
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
       with:
         path: src/electron
         fetch-depth: 0
@@ -59,14 +51,11 @@ jobs:
         target-platform: win
 
   build-git-cache-macos:
-    if: github.repository == 'electron/electron'
     runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
     # This job updates the same git cache as linux, so it needs to run after the linux one.
     needs: build-git-cache-linux
     container:
-      image: ghcr.io/electron/build:eac3529546ea8f3aa356d31e345715eef342233b
+      image: ghcr.io/electron/build:bc2f48b2415a670de18d13605b1cf0eb5fdbaae1
       options: --user root
       volumes:
         - /mnt/cross-instance-cache:/mnt/cross-instance-cache
@@ -75,7 +64,7 @@ jobs:
       GCLIENT_EXTRA_ARGS: '--custom-var=checkout_mac=True --custom-var=host_os=mac'
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
       with:
         path: src/electron
         fetch-depth: 0

.github/workflows/build.yml

@@ -6,7 +6,7 @@ on:
       build-image-sha:
         type: string
         description: 'SHA for electron/build image'
-        default: 'eac3529546ea8f3aa356d31e345715eef342233b'
+        default: '933c7d6ff6802706875270bec2e3c891cf8add3f'
         required: true
       skip-macos:
         type: boolean
@@ -43,14 +43,10 @@ defaults:
   run:
     shell: bash
 
-permissions: {}
-
 jobs:
   setup:
-    if: github.repository == 'electron/electron'
     runs-on: ubuntu-latest
     permissions:
-      contents: read
       pull-requests: read
     outputs:
         docs: ${{ steps.filter.outputs.docs }}
@@ -58,7 +54,7 @@ jobs:
         build-image-sha: ${{ steps.set-output.outputs.build-image-sha }}
         docs-only: ${{ steps.set-output.outputs.docs-only }}
     steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.0.2
       with:
         ref: ${{ github.event.pull_request.head.sha }}
     - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
@@ -77,7 +73,7 @@ jobs:
       id: set-output
       run: |
         if [ -z "${{ inputs.build-image-sha }}" ]; then
-          echo "build-image-sha=eac3529546ea8f3aa356d31e345715eef342233b" >> "$GITHUB_OUTPUT"
+          echo "build-image-sha=933c7d6ff6802706875270bec2e3c891cf8add3f" >> "$GITHUB_OUTPUT"
         else
           echo "build-image-sha=${{ inputs.build-image-sha }}" >> "$GITHUB_OUTPUT"
         fi
@@ -88,8 +84,6 @@ jobs:
     needs: setup
     if: ${{ !inputs.skip-lint }}
     uses: ./.github/workflows/pipeline-electron-lint.yml
-    permissions:
-      contents: read
     with:
       container: '{"image":"ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}","options":"--user root"}'
     secrets: inherit
@@ -99,8 +93,6 @@ jobs:
     needs: [setup, checkout-linux]
     if: ${{ needs.setup.outputs.docs-only == 'true' }}
     uses: ./.github/workflows/pipeline-electron-docs-only.yml
-    permissions:
-      contents: read
     with:
       container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
     secrets: inherit
@@ -110,8 +102,6 @@ jobs:
     needs: setup
     if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-macos}}
     runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
     container:
       image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
       options: --user root
@@ -125,7 +115,7 @@ jobs:
       build-image-sha: ${{ needs.setup.outputs.build-image-sha }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
       with:
         path: src/electron
         fetch-depth: 0
@@ -140,8 +130,6 @@ jobs:
     needs: setup
     if: ${{ !inputs.skip-linux}}
     runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
     container:
       image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
       options: --user root
@@ -157,7 +145,7 @@ jobs:
       build-image-sha: ${{ needs.setup.outputs.build-image-sha}}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
       with:
         path: src/electron
         fetch-depth: 0
@@ -171,8 +159,6 @@ jobs:
     needs: setup
     if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
     runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
     container:
       image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
       options: --user root --device /dev/fuse --cap-add SYS_ADMIN
@@ -189,7 +175,7 @@ jobs:
       build-image-sha: ${{ needs.setup.outputs.build-image-sha}}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
       with:
         path: src/electron
         fetch-depth: 0
@@ -203,8 +189,6 @@ jobs:
   # GN Check Jobs
   macos-gn-check:
     uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
-    permissions:
-      contents: read
     needs: checkout-macos
     with:
       target-platform: macos
@@ -215,8 +199,6 @@ jobs:
 
   linux-gn-check:
     uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
-    permissions:
-      contents: read
     needs: checkout-linux
     if: ${{ needs.setup.outputs.src == 'true' }}
     with:
@@ -229,8 +211,6 @@ jobs:
 
   windows-gn-check:
     uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
-    permissions:
-      contents: read
     needs: checkout-windows
     with:
       target-platform: win
@@ -284,15 +264,13 @@ jobs:
       contents: read
       issues: read
       pull-requests: read
-    uses: ./.github/workflows/pipeline-electron-build-and-tidy-and-test-and-nan.yml
+    uses: ./.github/workflows/pipeline-electron-build-and-test-and-nan.yml
     needs: checkout-linux
     if: ${{ needs.setup.outputs.src == 'true' }}
     with:
       build-runs-on: electron-arc-centralus-linux-amd64-32core
-      clang-tidy-runs-on: electron-arc-centralus-linux-amd64-8core
       test-runs-on: electron-arc-centralus-linux-amd64-4core
       build-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
-      clang-tidy-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
       test-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init"}'
       target-platform: linux
       target-arch: x64
@@ -336,7 +314,7 @@ jobs:
       build-runs-on: electron-arc-centralus-linux-amd64-32core
       test-runs-on: electron-arc-centralus-linux-arm64-4core
       build-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
-      test-container: '{"image":"ghcr.io/electron/test:arm32v7-${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init --memory=12g","volumes":["/home/runner/externals:/mnt/runner-externals"]}'
+      test-container: '{"image":"ghcr.io/electron/test:arm32v7-${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init","volumes":["/home/runner/externals:/mnt/runner-externals"]}'
       target-platform: linux
       target-arch: arm
       is-release: false
@@ -426,10 +404,8 @@ jobs:
   gha-done:
     name: GitHub Actions Completed
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     needs: [docs-only, macos-x64, macos-arm64, linux-x64, linux-x64-asan, linux-arm, linux-arm64, windows-x64, windows-x86, windows-arm64]
-    if: always() && github.repository == 'electron/electron' && !contains(needs.*.result, 'failure')
+    if: always() && !contains(needs.*.result, 'failure')
     steps: 
     - name: GitHub Actions Jobs Done
       run: |

.github/workflows/clean-src-cache.yml

@@ -1,21 +1,16 @@
 name: Clean Source Cache
 
-# Description:
-# This workflow cleans up the source cache on the cross-instance cache volume
-# to free up space. It runs daily at midnight and clears files older than 15 days.
+description: |
+  This workflow cleans up the source cache on the cross-instance cache volume
+  to free up space. It runs daily at midnight and clears files older than 15 days.
 
 on:
   schedule:
     - cron: "0 0 * * *"
 
-permissions: {}
-
 jobs:
   clean-src-cache:
-    if: github.repository == 'electron/electron'
     runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
     container:
       image: ghcr.io/electron/build:bc2f48b2415a670de18d13605b1cf0eb5fdbaae1
       options: --user root

.github/workflows/issue-commented.yml

@@ -1,4 +1,4 @@
-name: Issue / Pull Request Commented
+name: Issue Commented
 
 on:
   issue_comment:
@@ -8,20 +8,20 @@ on:
 permissions: {}
 
 jobs:
-  blocked-issue-commented:
+  issue-commented:
     name: Remove blocked/{need-info,need-repro} on comment
-    if: ${{ !github.event.issue.pull_request && (contains(github.event.issue.labels.*.name, 'blocked/need-repro') || contains(github.event.issue.labels.*.name, 'blocked/need-info ❌')) && github.event.comment.user.type != 'Bot' }}
-    runs-on: ubuntu-slim
+    if: ${{ (contains(github.event.issue.labels.*.name, 'blocked/need-repro') || contains(github.event.issue.labels.*.name, 'blocked/need-info ❌')) && github.event.comment.user.type != 'Bot' }}
+    runs-on: ubuntu-latest
     steps:
       - name: Get author association
         id: get-author-association
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: &get-author-association |
+        run: |
           AUTHOR_ASSOCIATION=$(gh api /repos/electron/electron/issues/comments/${{ github.event.comment.id }} --jq '.author_association')
           echo "author_association=$AUTHOR_ASSOCIATION" >> "$GITHUB_OUTPUT"
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         if: ${{ !contains(fromJSON('["MEMBER", "OWNER", "COLLABORATOR"]'), steps.get-author-association.outputs.author_association) }}
         id: generate-token
         with:
@@ -33,56 +33,3 @@ jobs:
           ISSUE_URL: ${{ github.event.issue.html_url }}
         run: |
           gh issue edit $ISSUE_URL --remove-label 'blocked/need-repro','blocked/need-info ❌'
-
-  pr-reviewer-requested:
-    name: Maintainer requested reviewer on PR
-    if: ${{ github.event.issue.pull_request && startsWith(github.event.comment.body, '/request-review') && github.event.comment.user.type != 'Bot' }}
-    runs-on: ubuntu-slim
-    steps:
-      - name: Get author association
-        id: get-author-association
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: *get-author-association
-      - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
-        if: ${{ contains(fromJSON('["MEMBER", "OWNER"]'), steps.get-author-association.outputs.author_association) }}
-        id: generate-token
-        with:
-          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
-      - name: Request reviewer
-        if: ${{ contains(fromJSON('["MEMBER", "OWNER"]'), steps.get-author-association.outputs.author_association) }}
-        env:
-          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
-          PR_URL: ${{ github.event.issue.html_url }}
-          COMMENT_BODY: ${{ github.event.comment.body }}
-        run: |
-          RAW=$(echo "$COMMENT_BODY" | head -n 1 | sed 's|/request-review\s*||' | xargs)
-
-          if [ -z "$RAW" ]; then
-            echo "::warning::No username provided. Usage: /request-review <username>[,<username>,...]"
-            exit 0
-          fi
-
-          IFS=',' read -ra USERS <<< "$RAW"
-          for USER in "${USERS[@]}"; do
-            NAME=$(echo "$USER" | sed 's/@//g' | xargs)
-            if [ -z "$NAME" ]; then
-              continue
-            fi
-
-            # Strip "electron/" prefix if present to get the bare name
-            BARE_NAME=$(echo "$NAME" | sed 's|^electron/||')
-
-            # If the original name contained "electron/" or looks like a team slug, treat as team
-            if [ "$NAME" != "$BARE_NAME" ]; then
-              gh pr edit $PR_URL --add-reviewer "electron/$BARE_NAME"
-            else
-              if ! gh api /orgs/electron/public_members/$BARE_NAME --silent > /dev/null 2>&1; then
-                echo "::warning::$BARE_NAME is not a public member of the electron organization."
-                continue
-              fi
-
-              gh pr edit $PR_URL --add-reviewer "$BARE_NAME"
-            fi
-          done

.github/workflows/issue-labeled.yml

@@ -4,18 +4,17 @@ on:
   issues:
     types: [labeled]
 
-permissions: {}
+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read
 
 jobs:
   issue-labeled-with-status:
     name: status/{confirmed,reviewed} label added
     if: github.event.label.name == 'status/confirmed' || github.event.label.name == 'status/reviewed'
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
@@ -32,11 +31,9 @@ jobs:
     name: blocked/* label added
     if: startsWith(github.event.label.name, 'blocked/')
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
@@ -69,13 +66,13 @@ jobs:
           fi
       - name: Generate GitHub App token
         if: ${{ steps.check-for-comment.outputs.SHOULD_COMMENT }}
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
       - name: Create comment
         if: ${{ steps.check-for-comment.outputs.SHOULD_COMMENT }}
-        uses: actions-cool/issues-helper@71b62d7da76e59ff7b193904feb6e77d4dbb2777 # v3.7.6
+        uses: actions-cool/issues-helper@50068f49b7b2b3857270ead65e2d02e4459b022c # v3.6.2
         with:
           actions: 'create-comment'
           token: ${{ steps.generate-token.outputs.token }}

.github/workflows/issue-opened.yml

@@ -11,10 +11,9 @@ jobs:
   add-to-issue-triage:
     if: ${{ contains(github.event.issue.labels.*.name, 'bug :beetle:') }}
     runs-on: ubuntu-latest
-    permissions: {}
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
@@ -29,37 +28,25 @@ jobs:
   set-labels:
     if: ${{ contains(github.event.issue.labels.*.name, 'bug :beetle:') }}
     runs-on: ubuntu-latest
-    permissions: {}
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
           org: electron
-      - name: Sparse checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          sparse-checkout: |
-            .
-            .github
-            .yarn
-      - run: yarn workspaces focus @electron/gha-workflows
+      - run: npm install @electron/fiddle-core@1.3.3 mdast-util-from-markdown@2.0.0 unist-util-select@5.1.0 semver@7.6.0
       - name: Add labels
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         id: add-labels
         env:
           ISSUE_BODY: ${{ github.event.issue.body }}
         with:
           github-token: ${{ steps.generate-token.outputs.token }}
           script: |
-            const { chdir } = require('node:process');
-            chdir('${{ github.workspace }}/.github/workflows');
-
-            const { ElectronVersions } = require('@electron/fiddle-core');
-            const { fromMarkdown } = require('mdast-util-from-markdown');
-            const { select } = require('unist-util-select');
-            const semver = require('semver');
+            const { fromMarkdown } = await import('${{ github.workspace }}/node_modules/mdast-util-from-markdown/index.js');
+            const { select } = await import('${{ github.workspace }}/node_modules/unist-util-select/index.js');
+            const semver = await import('${{ github.workspace }}/node_modules/semver/index.js');
 
             const [ owner, repo ] = '${{ github.repository }}'.split('/');
             const issue_number = ${{ github.event.issue.number }};
@@ -90,6 +77,7 @@ jobs:
                     labelExists = true;
                   } catch {}
 
+                  const { ElectronVersions } = await import('${{ github.workspace }}/node_modules/@electron/fiddle-core/dist/index.js');
                   const electronVersions = await ElectronVersions.create(undefined, { ignoreCache: true });
                   const validVersions = [...electronVersions.supportedMajors, ...electronVersions.prereleaseMajors];
 
@@ -146,7 +134,7 @@ jobs:
             }
       - name: Create unsupported major comment
         if: ${{ steps.add-labels.outputs.unsupportedMajor }}
-        uses: actions-cool/issues-helper@71b62d7da76e59ff7b193904feb6e77d4dbb2777 # v3.7.6
+        uses: actions-cool/issues-helper@50068f49b7b2b3857270ead65e2d02e4459b022c # v3.6.2
         with:
           actions: 'create-comment'
           token: ${{ steps.generate-token.outputs.token }}

.github/workflows/issue-transferred.yml

@@ -10,11 +10,10 @@ jobs:
   issue-transferred:
     name: Issue Transferred
     runs-on: ubuntu-latest
-    permissions: {}
     if: ${{ !github.event.changes.new_repository.private }}
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}

.github/workflows/issue-unlabeled.yml

@@ -4,15 +4,14 @@ on:
   issues:
     types: [unlabeled]
 
-permissions: {}
+permissions:
+  contents: read
 
 jobs:
   issue-unlabeled-blocked:
     name: All blocked/* labels removed
     if: startsWith(github.event.label.name, 'blocked/') && github.event.issue.state == 'open'
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     steps:
       - name: Check for any blocked labels
         id: check-for-blocked-labels
@@ -24,7 +23,7 @@ jobs:
           fi
       - name: Generate GitHub App token
         if: ${{ steps.check-for-blocked-labels.outputs.NOT_BLOCKED }}
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}

.github/workflows/linux-publish.yml

@@ -6,7 +6,7 @@ on:
       build-image-sha:
         type: string
         description: 'SHA for electron/build image'
-        default: 'eac3529546ea8f3aa356d31e345715eef342233b'
+        default: '933c7d6ff6802706875270bec2e3c891cf8add3f'
       upload-to-storage:
         description: 'Uploads to Azure storage'
         required: false
@@ -17,14 +17,9 @@ on:
         type: boolean
         default: false
 
-permissions: {}
-
 jobs:
   checkout-linux:
-    if: github.repository == 'electron/electron'
     runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
     container:
       image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
       options: --user root
@@ -36,7 +31,7 @@ jobs:
       GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True'
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
       with:
         path: src/electron
         fetch-depth: 0
@@ -44,12 +39,7 @@ jobs:
       uses: ./src/electron/.github/actions/checkout
 
   publish-x64:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-linux
     with:
       environment: production-release
@@ -64,12 +54,7 @@ jobs:
     secrets: inherit
 
   publish-arm:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-linux
     with:
       environment: production-release
@@ -84,12 +69,7 @@ jobs:
     secrets: inherit
 
   publish-arm64:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-linux
     with:
       environment: production-release

.github/workflows/macos-disk-cleanup.yml

@@ -1,105 +0,0 @@
-name: macOS Disk Space Cleanup
-
-# Description:
-# This workflow runs the disk space reclaimer on macOS runners every night
-# and logs disk space metrics to Datadog for monitoring.
-
-on:
-  schedule:
-    - cron: "0 0 * * *"
-  workflow_dispatch:
-
-permissions: {}
-
-jobs:
-  macos-disk-cleanup:
-    if: github.repository == 'electron/electron'
-    strategy:
-      fail-fast: false
-      matrix:
-        runner:
-          - macos-15
-          - macos-15-large
-          - macos-15-xlarge
-    runs-on: ${{ matrix.runner }}
-    permissions:
-      contents: read
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          sparse-checkout: |
-            .github/actions/free-space-macos
-          sparse-checkout-cone-mode: false
-
-      - name: Get Disk Space Before Cleanup
-        id: disk-before
-        shell: bash
-        run: |
-          echo "Disk space before cleanup:"
-          df -h /
-          FREE_SPACE_BEFORE=$(df -k / | tail -1 | awk '{print $4}')
-          echo "free_kb=$FREE_SPACE_BEFORE" >> $GITHUB_OUTPUT
-
-      - name: Free Space on macOS
-        uses: ./.github/actions/free-space-macos
-
-      - name: Get Disk Space After Cleanup
-        id: disk-after
-        shell: bash
-        run: |
-          echo "Disk space after cleanup:"
-          df -h /
-          FREE_SPACE_AFTER=$(df -k / | tail -1 | awk '{print $4}')
-          echo "free_kb=$FREE_SPACE_AFTER" >> $GITHUB_OUTPUT
-
-      - name: Log Disk Space to Datadog
-        if: ${{ env.DD_API_KEY != '' }}
-        shell: bash
-        env:
-          DD_API_KEY: ${{ secrets.DD_API_KEY }}
-          FREE_BEFORE: ${{ steps.disk-before.outputs.free_kb }}
-          FREE_AFTER: ${{ steps.disk-after.outputs.free_kb }}
-          MATRIX_RUNNER: ${{ matrix.runner }}
-        run: |
-          TIMESTAMP=$(date +%s)
-          FREE_BEFORE_GB=$(echo "scale=2; $FREE_BEFORE / 1024 / 1024" | bc)
-          FREE_AFTER_GB=$(echo "scale=2; $FREE_AFTER / 1024 / 1024" | bc)
-          SPACE_FREED_GB=$(echo "scale=2; ($FREE_AFTER - $FREE_BEFORE) / 1024 / 1024" | bc)
-
-          echo "Free space before: ${FREE_BEFORE_GB}GB"
-          echo "Free space after: ${FREE_AFTER_GB}GB"
-          echo "Space freed: ${SPACE_FREED_GB}GB"
-
-          curl -s -X POST "https://api.datadoghq.com/api/v2/series" \
-            -H "Content-Type: application/json" \
-            -H "DD-API-KEY: ${DD_API_KEY}" \
-            -d @- << EOF
-          {
-            "series": [
-              {
-                "metric": "electron.macos.disk.free_space_before_cleanup_gb",
-                "points": [{"timestamp": ${TIMESTAMP}, "value": ${FREE_BEFORE_GB}}],
-                "type": 3,
-                "unit": "gigabyte",
-                "tags": ["runner:${MATRIX_RUNNER}", "platform:macos"]
-              },
-              {
-                "metric": "electron.macos.disk.free_space_after_cleanup_gb",
-                "points": [{"timestamp": ${TIMESTAMP}, "value": ${FREE_AFTER_GB}}],
-                "type": 3,
-                "unit": "gigabyte",
-                "tags": ["runner:${MATRIX_RUNNER}", "platform:macos"]
-              },
-              {
-                "metric": "electron.macos.disk.space_freed_gb",
-                "points": [{"timestamp": ${TIMESTAMP}, "value": ${SPACE_FREED_GB}}],
-                "type": 3,
-                "unit": "gigabyte",
-                "tags": ["runner:${MATRIX_RUNNER}", "platform:macos"]
-              }
-            ]
-          }
-          EOF
-
-          echo "Disk space metrics logged to Datadog"

.github/workflows/macos-publish.yml

@@ -6,7 +6,7 @@ on:
       build-image-sha:
         type: string
         description: 'SHA for electron/build image'
-        default: 'eac3529546ea8f3aa356d31e345715eef342233b'
+        default: '933c7d6ff6802706875270bec2e3c891cf8add3f'
         required: true
       upload-to-storage:
         description: 'Uploads to Azure storage'
@@ -18,14 +18,9 @@ on:
         type: boolean
         default: false
 
-permissions: {}
-
 jobs:
   checkout-macos:
-    if: github.repository == 'electron/electron'
     runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
     container:
       image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
       options: --user root
@@ -37,7 +32,7 @@ jobs:
       GCLIENT_EXTRA_ARGS: '--custom-var=checkout_mac=True --custom-var=host_os=mac'
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
       with:
         path: src/electron
         fetch-depth: 0
@@ -48,12 +43,7 @@ jobs:
         target-platform: macos
 
   publish-x64-darwin:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-macos
     with:
       environment: production-release
@@ -68,12 +58,7 @@ jobs:
     secrets: inherit
 
   publish-x64-mas:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-macos
     with:
       environment: production-release
@@ -88,12 +73,7 @@ jobs:
     secrets: inherit
 
   publish-arm64-darwin:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-macos
     with:
       environment: production-release
@@ -108,12 +88,7 @@ jobs:
     secrets: inherit
 
   publish-arm64-mas:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-macos
     with:
       environment: production-release

.github/workflows/non-maintainer-dependency-change.yml

@@ -7,8 +7,6 @@ on:
       - 'spec/yarn.lock'
       - '.github/workflows/**'
       - '.github/actions/**'
-      - '.yarn/**'
-      - '.yarnrc.yml'
 
 permissions: {}
 

.github/workflows/package.json

@@ -1,13 +0,0 @@
-{
-  "name": "@electron/gha-workflows",
-  "version": "0.0.0-development",
-  "private": true,
-  "type": "module",
-  "dependencies": {
-    "@actions/cache": "^4.0.3",
-    "@electron/fiddle-core": "^2.0.1",
-    "mdast-util-from-markdown": "^2.0.0",
-    "semver": "^7.7.2",
-    "unist-util-select": "^5.1.0"
-  }
-}

.github/workflows/pipeline-electron-build-and-test-and-nan.yml

@@ -55,8 +55,6 @@ on:
         type: boolean
         default: false
 
-permissions: {}
-
 concurrency:
   group: electron-build-and-test-and-nan-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
   cancel-in-progress: ${{ github.ref_protected != true }}
@@ -64,8 +62,6 @@ concurrency:
 jobs:
   build:
     uses: ./.github/workflows/pipeline-segment-electron-build.yml
-    permissions:
-      contents: read
     with:
       build-runs-on: ${{ inputs.build-runs-on }}
       build-container: ${{ inputs.build-container }}
@@ -78,10 +74,6 @@ jobs:
     secrets: inherit
   test:
     uses: ./.github/workflows/pipeline-segment-electron-test.yml
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
     needs: build
     with:
       target-arch: ${{ inputs.target-arch }}
@@ -91,8 +83,6 @@ jobs:
     secrets: inherit
   nn-test:
     uses: ./.github/workflows/pipeline-segment-node-nan-test.yml
-    permissions:
-      contents: read
     needs: build
     with:
       target-arch: ${{ inputs.target-arch }}

.github/workflows/pipeline-electron-build-and-test.yml

@@ -64,13 +64,14 @@ concurrency:
   group: electron-build-and-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
   cancel-in-progress: ${{ github.ref_protected != true }}
 
-permissions: {}
+permissions:
+  contents: read
+  issues: read
+  pull-requests: read  
 
 jobs:
   build:
     uses: ./.github/workflows/pipeline-segment-electron-build.yml
-    permissions:
-      contents: read
     with:
       build-runs-on: ${{ inputs.build-runs-on }}
       build-container: ${{ inputs.build-container }}
@@ -85,10 +86,6 @@ jobs:
     secrets: inherit
   test:
     uses: ./.github/workflows/pipeline-segment-electron-test.yml
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
     needs: build
     with:
       target-arch: ${{ inputs.target-arch }}

.github/workflows/pipeline-electron-build-and-tidy-and-test-and-nan.yml

@@ -1,151 +0,0 @@
-name: Electron Build & Clang Tidy & Test (+ Node + NaN) Pipeline
-
-on:
-  workflow_call:
-    inputs:
-      target-platform:
-        type: string
-        description: 'Platform to run on, can be macos, win or linux.'
-        required: true
-      target-arch:
-        type: string
-        description: 'Arch to build for, can be x64, arm64 or arm'
-        required: true
-      build-runs-on:
-        type: string
-        description: 'What host to run the build'
-        required: true
-      clang-tidy-runs-on:
-        type: string
-        description: 'What host to run clang-tidy on'
-        required: true
-      test-runs-on:
-        type: string
-        description: 'What host to run the tests on'
-        required: true
-      build-container:
-        type: string
-        description: 'JSON container information for aks runs-on'
-        required: false
-        default: '{"image":null}'
-      clang-tidy-container:
-        type: string
-        description: 'JSON container information to run clang-tidy on'
-        required: false
-        default: '{"image":null}'
-      test-container:
-        type: string
-        description: 'JSON container information for testing'
-        required: false
-        default: '{"image":null}'
-      is-release:
-        description: 'Whether this build job is a release job'
-        required: true
-        type: boolean
-        default: false
-      gn-build-type:
-        description: 'The gn build type - testing or release'
-        required: true
-        type: string
-        default: testing
-      generate-symbols: 
-        description: 'Whether or not to generate symbols'
-        required: true
-        type: boolean
-        default: false
-      upload-to-storage: 
-        description: 'Whether or not to upload build artifacts to external storage'
-        required: true
-        type: string
-        default: '0'
-      is-asan: 
-        description: 'Building the Address Sanitizer (ASan) Linux build'
-        required: false
-        type: boolean
-        default: false
-
-permissions: {}
-
-concurrency:
-  group: electron-build-and-test-and-nan-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
-  cancel-in-progress: ${{ github.ref_protected != true }}
-
-jobs:
-  build:
-    uses: ./.github/workflows/pipeline-segment-electron-build.yml
-    permissions:
-      contents: read
-    with:
-      build-runs-on: ${{ inputs.build-runs-on }}
-      build-container: ${{ inputs.build-container }}
-      target-platform: ${{ inputs.target-platform }}
-      target-arch: ${{ inputs.target-arch }}
-      is-release: ${{ inputs.is-release }}
-      gn-build-type: ${{ inputs.gn-build-type }}
-      generate-symbols: ${{ inputs.generate-symbols }}
-      upload-to-storage: ${{ inputs.upload-to-storage }}
-      upload-out-gen-artifacts: true
-    secrets: inherit
-  clang-tidy:
-    uses: ./.github/workflows/pipeline-segment-electron-clang-tidy.yml
-    permissions:
-      contents: read
-    needs: build
-    with:
-      clang-tidy-runs-on: ${{ inputs.clang-tidy-runs-on }}
-      clang-tidy-container: ${{ inputs.clang-tidy-container }}
-      target-platform: ${{ inputs.target-platform }}
-      target-arch: ${{ inputs.target-arch }}
-    secrets: inherit
-  test:
-    uses: ./.github/workflows/pipeline-segment-electron-test.yml
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
-    needs: build
-    with:
-      target-arch: ${{ inputs.target-arch }}
-      target-platform: ${{ inputs.target-platform }}
-      test-runs-on: ${{ inputs.test-runs-on }}
-      test-container: ${{ inputs.test-container }}
-    secrets: inherit
-  test-wayland:
-    uses: ./.github/workflows/pipeline-segment-electron-test.yml
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
-    needs: build
-    if: ${{ inputs.target-platform == 'linux' && inputs.target-arch == 'x64' && !inputs.is-asan }}
-    with:
-      target-arch: ${{ inputs.target-arch }}
-      target-platform: ${{ inputs.target-platform }}
-      test-runs-on: ${{ inputs.test-runs-on }}
-      test-container: ${{ inputs.test-container }}
-      display-server: wayland
-    secrets: inherit
-  test-linux-64k:
-    uses: ./.github/workflows/pipeline-segment-electron-test-64k.yml
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
-    needs: build
-    if: ${{ inputs.target-platform == 'linux' && inputs.target-arch == 'arm64' && !inputs.is-asan }}
-    with:
-      test-runs-on: ${{ inputs.test-runs-on }}
-      test-container: ${{ inputs.test-container }}    
-    secrets: inherit    
-  nn-test:
-    uses: ./.github/workflows/pipeline-segment-node-nan-test.yml
-    permissions:
-      contents: read
-    needs: build
-    with:
-      target-arch: ${{ inputs.target-arch }}
-      target-platform: ${{ inputs.target-platform }}
-      test-runs-on: ${{ inputs.test-runs-on }}
-      test-container: ${{ inputs.test-container }}
-      gn-build-type: ${{ inputs.gn-build-type }}
-    secrets: inherit

.github/workflows/pipeline-electron-build-and-tidy-and-test.yml

@@ -1,121 +0,0 @@
-name: Electron Build & Clang Tidy & Test Pipeline
-
-on:
-  workflow_call:
-    inputs:
-      target-platform:
-        type: string
-        description: 'Platform to run on, can be macos, win or linux'
-        required: true
-      target-arch:
-        type: string
-        description: 'Arch to build for, can be x64, arm64 or arm'
-        required: true
-      build-runs-on:
-        type: string
-        description: 'What host to run the build'
-        required: true
-      clang-tidy-runs-on:
-        type: string
-        description: 'What host to run clang-tidy on'
-        required: true
-      test-runs-on:
-        type: string
-        description: 'What host to run the tests on'
-        required: true
-      build-container:
-        type: string
-        description: 'JSON container information for aks runs-on'
-        required: false
-        default: '{"image":null}'
-      clang-tidy-container:
-        type: string
-        description: 'JSON container information to run clang-tidy on'
-        required: false
-        default: '{"image":null}'
-      test-container:
-        type: string
-        description: 'JSON container information for testing'
-        required: false
-        default: '{"image":null}'
-      is-release:
-        description: 'Whether this build job is a release job'
-        required: true
-        type: boolean
-        default: false
-      gn-build-type:
-        description: 'The gn build type - testing or release'
-        required: true
-        type: string
-        default: testing
-      generate-symbols: 
-        description: 'Whether or not to generate symbols'
-        required: true
-        type: boolean
-        default: false
-      upload-to-storage: 
-        description: 'Whether or not to upload build artifacts to external storage'
-        required: true
-        type: string
-        default: '0'
-      is-asan: 
-        description: 'Building the Address Sanitizer (ASan) Linux build'
-        required: false
-        type: boolean
-        default: false
-      enable-ssh:
-        description: 'Enable SSH debugging'
-        required: false
-        type: boolean
-        default: false
-
-concurrency:
-  group: electron-build-and-tidy-and-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
-  cancel-in-progress: ${{ github.ref_protected != true }}
-
-permissions: {}
-
-jobs:
-  build:
-    uses: ./.github/workflows/pipeline-segment-electron-build.yml
-    permissions:
-      contents: read
-    with:
-      build-runs-on: ${{ inputs.build-runs-on }}
-      build-container: ${{ inputs.build-container }}
-      target-platform: ${{ inputs.target-platform }}
-      target-arch: ${{ inputs.target-arch }}
-      is-release: ${{ inputs.is-release }}
-      gn-build-type: ${{ inputs.gn-build-type }}
-      generate-symbols: ${{ inputs.generate-symbols }}
-      upload-to-storage: ${{ inputs.upload-to-storage }}
-      is-asan: ${{ inputs.is-asan }}
-      enable-ssh: ${{ inputs.enable-ssh }}
-      upload-out-gen-artifacts: true
-    secrets: inherit
-  clang-tidy:
-    uses: ./.github/workflows/pipeline-segment-electron-clang-tidy.yml
-    permissions:
-      contents: read
-    needs: build
-    with:
-      clang-tidy-runs-on: ${{ inputs.clang-tidy-runs-on }}
-      clang-tidy-container: ${{ inputs.clang-tidy-container }}
-      target-platform: ${{ inputs.target-platform }}
-      target-arch: ${{ inputs.target-arch }}
-    secrets: inherit
-  test:
-    uses: ./.github/workflows/pipeline-segment-electron-test.yml
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
-    needs: build
-    with:
-      target-arch: ${{ inputs.target-arch }}
-      target-platform: ${{ inputs.target-platform }}
-      test-runs-on: ${{ inputs.test-runs-on }}
-      test-container: ${{ inputs.test-container }}
-      is-asan: ${{ inputs.is-asan }}
-      enable-ssh: ${{ inputs.enable-ssh }}
-    secrets: inherit

.github/workflows/pipeline-electron-docs-only.yml

@@ -8,8 +8,6 @@ on:
         description: 'Container to run the docs-only ts compile in'
         type: string
 
-permissions: {}
-
 concurrency:
   group: electron-docs-only-${{ github.ref }}
   cancel-in-progress: true
@@ -21,13 +19,11 @@ jobs:
   docs-only:
     name: Docs Only Compile
     runs-on: electron-arc-centralus-linux-amd64-4core
-    permissions:
-      contents: read
     timeout-minutes: 20
     container: ${{ fromJSON(inputs.container) }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
       with:
         path: src/electron
         fetch-depth: 0
@@ -43,7 +39,7 @@ jobs:
       with:
         target-platform: linux
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
       with:
         path: src/electron
         fetch-depth: 0
@@ -54,12 +50,12 @@ jobs:
       shell: bash
       run: |
         cd src/electron
-        node script/yarn.js create-typescript-definitions
-        node script/yarn.js tsc -p tsconfig.default_app.json --noEmit
+        node script/yarn create-typescript-definitions
+        node script/yarn tsc -p tsconfig.default_app.json --noEmit
         for f in build/webpack/*.js
         do
             out="${f:29}"
             if [ "$out" != "base.js" ]; then
-            node script/yarn.js webpack --config $f --output-filename=$out --output-path=./.tmp --env mode=development
+            node script/yarn webpack --config $f --output-filename=$out --output-path=./.tmp --env mode=development
             fi
         done

.github/workflows/pipeline-electron-lint.yml

@@ -8,8 +8,6 @@ on:
         description: 'Container to run lint in'
         type: string
 
-permissions: {}
-
 concurrency:
   group: electron-lint-${{ github.ref_protected == true && github.run_id || github.ref }}
   cancel-in-progress: ${{ github.ref_protected != true }}
@@ -21,13 +19,11 @@ jobs:
   lint:
     name: Lint
     runs-on: electron-arc-centralus-linux-amd64-4core
-    permissions:
-      contents: read
     timeout-minutes: 20
     container: ${{ fromJSON(inputs.container) }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
       with:
         path: src/electron
         fetch-depth: 0
@@ -65,11 +61,9 @@ jobs:
         curl -sL "https://chromium.googlesource.com/chromium/src/+/${chromium_revision}/buildtools/DEPS?format=TEXT" | base64 -d > src/buildtools/DEPS
 
         gclient sync --spec="solutions=[{'name':'src/buildtools','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':True},'managed':False}]"
-    - name: Add problem matchers
+    - name: Add ESLint problem matcher
       shell: bash
-      run: |
-        echo "::add-matcher::src/electron/.github/problem-matchers/eslint-stylish.json"
-        echo "::add-matcher::src/electron/.github/problem-matchers/markdownlint.json"
+      run: echo "::add-matcher::src/electron/.github/problem-matchers/eslint-stylish.json"
     - name: Run Lint
       shell: bash
       run: |
@@ -80,15 +74,11 @@ jobs:
         # but then we would lint its contents (at least gn format), and it doesn't pass it.
 
         cd src/electron
-        node script/yarn.js install --immutable
-        node script/yarn.js lint
+        node script/yarn install --frozen-lockfile
+        node script/yarn lint
     - name: Run Script Typechecker
       shell: bash
       run: |
         cd src/electron
-        node script/yarn.js tsc -p tsconfig.script.json
-    - name: Check GHA Workflows
-      shell: bash
-      run: |
-        cd src/electron
-        node script/copy-pipeline-segment-publish.js --check
+        node script/yarn tsc -p tsconfig.script.json
+    

.github/workflows/pipeline-segment-electron-build.yml

@@ -53,19 +53,12 @@ on:
         required: false
         type: boolean
         default: false
-      upload-out-gen-artifacts:
-        description: 'Whether to upload the src/gen artifacts'
-        required: false
-        type: boolean
-        default: false
       enable-ssh:
         description: 'Enable SSH debugging'
         required: false
         type: boolean
         default: false
 
-permissions: {}
-
 concurrency:
   group: electron-build-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ inputs.target-variant }}-${{ inputs.is-asan }}-${{ github.ref_protected == true && github.run_id || github.ref }}
   cancel-in-progress: ${{ github.ref_protected != true }}
@@ -88,8 +81,6 @@ jobs:
       run:
         shell: bash
     runs-on: ${{ inputs.build-runs-on }}
-    permissions:
-      contents: read
     container: ${{ fromJSON(inputs.build-container) }}
     environment: ${{ inputs.environment }}
     env:
@@ -100,7 +91,7 @@ jobs:
       run: |
         mkdir src
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
       with:
         path: src/electron
         fetch-depth: 0
@@ -124,9 +115,9 @@ jobs:
       run: df -h
     - name: Setup Node.js/npm
       if: ${{ inputs.target-platform == 'macos' }}
-      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
+      uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
       with:
-        node-version: 22.21.x
+        node-version: 20.19.x
         cache: yarn
         cache-dependency-path: src/electron/yarn.lock
     - name: Install Dependencies
@@ -168,7 +159,7 @@ jobs:
       if: ${{ inputs.target-platform == 'linux' }}
       uses: ./src/electron/.github/actions/restore-cache-aks
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
       with:
         path: src/electron
         fetch-depth: 0
@@ -206,7 +197,6 @@ jobs:
         generate-symbols: '${{ inputs.generate-symbols }}'
         upload-to-storage: '${{ inputs.upload-to-storage }}'
         is-asan: '${{ inputs.is-asan }}'
-        upload-out-gen-artifacts: '${{ inputs.upload-out-gen-artifacts }}'
     - name: Set GN_EXTRA_ARGS for MAS Build
       if: ${{ inputs.target-platform == 'macos' && (inputs.target-variant == 'all' || inputs.target-variant == 'mas') }}
       run: |

.github/workflows/pipeline-segment-electron-clang-tidy.yml

@@ -1,159 +0,0 @@
-name: Pipeline Segment - Electron Clang-Tidy
-
-on:
-  workflow_call:
-    inputs:
-      target-platform:
-        type: string
-        description: 'Platform to run on, can be macos, win or linux'
-        required: true
-      target-arch:
-        type: string
-        description: 'Arch to build for, can be x64, arm64 or arm'
-        required: true
-      clang-tidy-runs-on:
-        type: string
-        description: 'What host to run clang-tidy on'
-        required: true
-      clang-tidy-container:
-        type: string
-        description: 'JSON container information for aks runs-on'
-        required: false
-        default: '{"image":null}'
-
-permissions: {}
-
-concurrency:
-  group: electron-clang-tidy-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' && '--custom-var=checkout_mac=True --custom-var=host_os=mac' || (inputs.target-platform == 'linux' && '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' || '--custom-var=checkout_win=True') }}
-  ELECTRON_OUT_DIR: Default
-
-jobs:
-  clang-tidy:
-    defaults:
-      run:
-        shell: bash
-    runs-on: ${{ inputs.clang-tidy-runs-on }}
-    permissions:
-      contents: read
-    container: ${{ fromJSON(inputs.clang-tidy-container) }}
-    env:
-      BUILD_TYPE: ${{ inputs.target-platform == 'macos' && 'darwin' || inputs.target-platform }}
-      TARGET_ARCH: ${{ inputs.target-arch }}
-      TARGET_PLATFORM: ${{ inputs.target-platform }}
-      ARTIFACT_KEY: ${{ inputs.target-platform == 'macos' && 'darwin' || inputs.target-platform }}_${{ inputs.target-arch }}
-    steps:
-    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-      with:
-        path: src/electron
-        fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Cleanup disk space on macOS
-      if: ${{ inputs.target-platform == 'macos' }}
-      shell: bash
-      run: |   
-        sudo mkdir -p $TMPDIR/del-target
-
-        tmpify() {
-          if [ -d "$1" ]; then
-            sudo mv "$1" $TMPDIR/del-target/$(echo $1|shasum -a 256|head -n1|cut -d " " -f1)
-          fi
-        }   
-        tmpify /Library/Developer/CoreSimulator
-        tmpify ~/Library/Developer/CoreSimulator
-        sudo rm -rf $TMPDIR/del-target
-    - name: Check disk space after freeing up space
-      if: ${{ inputs.target-platform == 'macos' }}
-      run: df -h
-    - name: Set Chromium Git Cookie
-      uses: ./src/electron/.github/actions/set-chromium-cookie
-    - name: Install Build Tools
-      uses: ./src/electron/.github/actions/install-build-tools
-    - name: Enable windows toolchain
-      if: ${{ inputs.target-platform == 'win' }}
-      run: |
-        echo "ELECTRON_DEPOT_TOOLS_WIN_TOOLCHAIN=1" >> $GITHUB_ENV
-    - name: Generate DEPS Hash
-      run: |
-        node src/electron/script/generate-deps-hash.js
-        DEPSHASH=v1-src-cache-$(cat src/electron/.depshash)
-        echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
-        echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
-    - name: Restore src cache via AZCopy
-      if: ${{ inputs.target-platform == 'macos' }}
-      uses: ./src/electron/.github/actions/restore-cache-azcopy
-      with:
-        target-platform: ${{ inputs.target-platform }}      
-    - name: Restore src cache via AKS
-      if: ${{ inputs.target-platform == 'linux' || inputs.target-platform == 'win' }}
-      uses: ./src/electron/.github/actions/restore-cache-aks
-      with:
-        target-platform: ${{ inputs.target-platform }}
-    - name: Run Electron Only Hooks
-      run: |
-        echo "solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False},'managed':False}]" > tmpgclient
-        if [ "${{ inputs.target-platform }}" = "win" ]; then
-          echo "solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False,'install_sysroot':False,'checkout_win':True},'managed':False}]" > tmpgclient
-          echo "target_os=['win']" >> tmpgclient
-        fi
-        e d gclient runhooks --gclientfile=tmpgclient
-
-        # Fix VS Toolchain
-        if [ "${{ inputs.target-platform }}" = "win" ]; then
-          rm -rf src/third_party/depot_tools/win_toolchain/vs_files
-          e d python3 src/build/vs_toolchain.py update --force
-        fi
-    - name: Regenerate DEPS Hash
-      run: |
-        (cd src/electron && git checkout .) && node src/electron/script/generate-deps-hash.js
-        echo "DEPSHASH=$(cat src/electron/.depshash)" >> $GITHUB_ENV
-    - name: Add CHROMIUM_BUILDTOOLS_PATH to env
-      run: echo "CHROMIUM_BUILDTOOLS_PATH=$(pwd)/src/buildtools" >> $GITHUB_ENV
-    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-      with:
-        path: src/electron
-        fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Install Dependencies
-      uses: ./src/electron/.github/actions/install-dependencies
-    - name: Default GN gen
-      run: |
-        cd src/electron
-        git pack-refs
-    - name: Download Out Gen Artifacts
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
-      with:
-        name: out_gen_artifacts_${{ env.ARTIFACT_KEY }}
-        path: ./src/out/${{ env.ELECTRON_OUT_DIR }}/gen
-    - name: Add Clang problem matcher
-      shell: bash
-      run: echo "::add-matcher::src/electron/.github/problem-matchers/clang.json"
-    - name: Run Clang-Tidy
-      run: |
-        e init -f --root=$(pwd) --out=${ELECTRON_OUT_DIR} testing --target-cpu ${TARGET_ARCH}
-
-        export GN_EXTRA_ARGS="target_cpu=\"${TARGET_ARCH}\""
-        if [ "${{ inputs.target-platform }}" = "win" ]; then
-          export GN_EXTRA_ARGS="$GN_EXTRA_ARGS use_v8_context_snapshot=true target_os=\"win\""
-        fi
-
-        e build --only-gen
-
-        cd src/electron
-        node script/yarn.js lint:clang-tidy --jobs 8 --out-dir ../out/${ELECTRON_OUT_DIR}
-    - name: Remove Clang problem matcher
-      shell: bash
-      run: echo "::remove-matcher owner=clang::"
-    - name: Wait for active SSH sessions
-      if: always() && !cancelled()
-      shell: bash
-      run: |
-        while [ -f /var/.ssh-lock ]
-        do
-          sleep 60
-        done

.github/workflows/pipeline-segment-electron-gn-check.yml

@@ -26,8 +26,6 @@ on:
         type: string
         default: testing
 
-permissions: {}
-
 concurrency:
   group: electron-gn-check-${{ inputs.target-platform }}-${{ github.ref }}
   cancel-in-progress: true
@@ -43,12 +41,10 @@ jobs:
       run:
         shell: bash
     runs-on: ${{ inputs.check-runs-on }}
-    permissions:
-      contents: read
     container: ${{ fromJSON(inputs.check-container) }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
       with:
         path: src/electron
         fetch-depth: 0
@@ -115,7 +111,7 @@ jobs:
     - name: Add CHROMIUM_BUILDTOOLS_PATH to env
       run: echo "CHROMIUM_BUILDTOOLS_PATH=$(pwd)/src/buildtools" >> $GITHUB_ENV
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
       with:
         path: src/electron
         fetch-depth: 0

.github/workflows/pipeline-segment-electron-publish.yml

@@ -1,243 +0,0 @@
-# AUTOGENERATED FILE - DO NOT EDIT MANUALLY
-# ONLY EDIT .github/workflows/pipeline-segment-electron-build.yml
-
-name: Pipeline Segment - Electron Build
-on:
-  workflow_call:
-    inputs:
-      environment:
-        description: using the production or testing environment
-        required: false
-        type: string
-      target-platform:
-        type: string
-        description: Platform to run on, can be macos, win or linux
-        required: true
-      target-arch:
-        type: string
-        description: Arch to build for, can be x64, arm64, ia32 or arm
-        required: true
-      target-variant:
-        type: string
-        description: Variant to build for, no effect on non-macOS target platforms. Can
-          be darwin, mas or all.
-        default: all
-      build-runs-on:
-        type: string
-        description: What host to run the build
-        required: true
-      build-container:
-        type: string
-        description: JSON container information for aks runs-on
-        required: false
-        default: '{"image":null}'
-      is-release:
-        description: Whether this build job is a release job
-        required: true
-        type: boolean
-        default: false
-      gn-build-type:
-        description: The gn build type - testing or release
-        required: true
-        type: string
-        default: testing
-      generate-symbols:
-        description: Whether or not to generate symbols
-        required: true
-        type: boolean
-        default: false
-      upload-to-storage:
-        description: Whether or not to upload build artifacts to external storage
-        required: true
-        type: string
-        default: "0"
-      is-asan:
-        description: Building the Address Sanitizer (ASan) Linux build
-        required: false
-        type: boolean
-        default: false
-      upload-out-gen-artifacts:
-        description: Whether to upload the src/gen artifacts
-        required: false
-        type: boolean
-        default: false
-      enable-ssh:
-        description: Enable SSH debugging
-        required: false
-        type: boolean
-        default: false
-permissions: {}
-concurrency:
-  group: electron-build-${{ inputs.target-platform }}-${{ inputs.target-arch
-    }}-${{ inputs.target-variant }}-${{ inputs.is-asan }}-${{
-    github.ref_protected == true && github.run_id || github.ref }}
-  cancel-in-progress: ${{ github.ref_protected != true }}
-env:
-  CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
-  CHROMIUM_GIT_COOKIE_WINDOWS_STRING: ${{ secrets.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }}
-  DD_API_KEY: ${{ secrets.DD_API_KEY }}
-  ELECTRON_ARTIFACTS_BLOB_STORAGE: ${{ secrets.ELECTRON_ARTIFACTS_BLOB_STORAGE }}
-  ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
-  SUDOWOODO_EXCHANGE_URL: ${{ secrets.SUDOWOODO_EXCHANGE_URL }}
-  SUDOWOODO_EXCHANGE_TOKEN: ${{ secrets.SUDOWOODO_EXCHANGE_TOKEN }}
-  GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' &&
-    '--custom-var=checkout_mac=True --custom-var=host_os=mac' ||
-    inputs.target-platform == 'win' && '--custom-var=checkout_win=True' ||
-    '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' }}
-  ELECTRON_OUT_DIR: Default
-  ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }}
-jobs:
-  build:
-    defaults:
-      run:
-        shell: bash
-    runs-on: ${{ inputs.build-runs-on }}
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
-    container: ${{ fromJSON(inputs.build-container) }}
-    environment: ${{ inputs.environment }}
-    env:
-      TARGET_ARCH: ${{ inputs.target-arch }}
-      TARGET_PLATFORM: ${{ inputs.target-platform }}
-    steps:
-      - name: Create src dir
-        run: |
-          mkdir src
-      - name: Checkout Electron
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-        with:
-          path: src/electron
-          fetch-depth: 0
-          ref: ${{ github.event.pull_request.head.sha }}
-      - name: Setup SSH Debugging
-        if: ${{ inputs.target-platform == 'macos' && (inputs.enable-ssh ||
-          env.ACTIONS_STEP_DEBUG == 'true') }}
-        uses: ./src/electron/.github/actions/ssh-debug
-        with:
-          tunnel: "true"
-        env:
-          CLOUDFLARE_TUNNEL_CERT: ${{ secrets.CLOUDFLARE_TUNNEL_CERT }}
-          CLOUDFLARE_TUNNEL_HOSTNAME: ${{ vars.CLOUDFLARE_TUNNEL_HOSTNAME }}
-          CLOUDFLARE_USER_CA_CERT: ${{ secrets.CLOUDFLARE_USER_CA_CERT }}
-          AUTHORIZED_USERS: ${{ secrets.SSH_DEBUG_AUTHORIZED_USERS }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - name: Free up space (macOS)
-        if: ${{ inputs.target-platform == 'macos' }}
-        uses: ./src/electron/.github/actions/free-space-macos
-      - name: Check disk space after freeing up space
-        if: ${{ inputs.target-platform == 'macos' }}
-        run: df -h
-      - name: Setup Node.js/npm
-        if: ${{ inputs.target-platform == 'macos' }}
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
-        with:
-          node-version: 22.21.x
-          cache: yarn
-          cache-dependency-path: src/electron/yarn.lock
-      - name: Install Dependencies
-        uses: ./src/electron/.github/actions/install-dependencies
-      - name: Install AZCopy
-        if: ${{ inputs.target-platform == 'macos' }}
-        run: brew install azcopy
-      - name: Set GN_EXTRA_ARGS for Linux
-        if: ${{ inputs.target-platform == 'linux' }}
-        run: >
-          if [ "${{ inputs.target-arch  }}" = "arm" ]; then
-            if [ "${{ inputs.is-release  }}" = true ]; then
-              GN_EXTRA_ARGS='target_cpu="arm" build_tflite_with_xnnpack=false symbol_level=1'
-            else
-              GN_EXTRA_ARGS='target_cpu="arm" build_tflite_with_xnnpack=false'
-            fi
-          elif [ "${{ inputs.target-arch }}" = "arm64" ]; then
-            GN_EXTRA_ARGS='target_cpu="arm64" fatal_linker_warnings=false enable_linux_installer=false'
-          elif [ "${{ inputs.is-asan }}" = true ]; then
-            GN_EXTRA_ARGS='is_asan=true'
-          fi
-
-          echo "GN_EXTRA_ARGS=$GN_EXTRA_ARGS" >> $GITHUB_ENV
-      - name: Set Chromium Git Cookie
-        uses: ./src/electron/.github/actions/set-chromium-cookie
-      - name: Install Build Tools
-        uses: ./src/electron/.github/actions/install-build-tools
-      - name: Generate DEPS Hash
-        run: |
-          node src/electron/script/generate-deps-hash.js
-          DEPSHASH=v1-src-cache-$(cat src/electron/.depshash)
-          echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
-          echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
-      - name: Restore src cache via AZCopy
-        if: ${{ inputs.target-platform != 'linux' }}
-        uses: ./src/electron/.github/actions/restore-cache-azcopy
-        with:
-          target-platform: ${{ inputs.target-platform }}
-      - name: Restore src cache via AKS
-        if: ${{ inputs.target-platform == 'linux' }}
-        uses: ./src/electron/.github/actions/restore-cache-aks
-      - name: Checkout Electron
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-        with:
-          path: src/electron
-          fetch-depth: 0
-          ref: ${{ github.event.pull_request.head.sha }}
-      - name: Fix Sync
-        if: ${{ inputs.target-platform != 'linux' }}
-        uses: ./src/electron/.github/actions/fix-sync
-        with:
-          target-platform: ${{ inputs.target-platform }}
-        env:
-          ELECTRON_DEPOT_TOOLS_DISABLE_LOG: true
-      - name: Init Build Tools
-        run: >
-          e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }}
-          --import ${{ inputs.gn-build-type }} --target-cpu ${{
-          inputs.target-arch }} --remote-build siso
-      - name: Run Electron Only Hooks
-        run: |
-          e d gclient runhooks --spec="solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False},'managed':False}]"
-      - name: Regenerate DEPS Hash
-        run: >
-          (cd src/electron && git checkout .) && node
-          src/electron/script/generate-deps-hash.js
-
-          echo "DEPSHASH=$(cat src/electron/.depshash)" >> $GITHUB_ENV
-      - name: Add CHROMIUM_BUILDTOOLS_PATH to env
-        run: echo "CHROMIUM_BUILDTOOLS_PATH=$(pwd)/src/buildtools" >> $GITHUB_ENV
-      - name: Free up space (macOS)
-        if: ${{ inputs.target-platform == 'macos' }}
-        uses: ./src/electron/.github/actions/free-space-macos
-      - name: Build Electron
-        if: ${{ inputs.target-platform != 'macos' || (inputs.target-variant == 'all' ||
-          inputs.target-variant == 'darwin') }}
-        uses: ./src/electron/.github/actions/build-electron
-        with:
-          target-arch: ${{ inputs.target-arch }}
-          target-platform: ${{ inputs.target-platform }}
-          artifact-platform: ${{ inputs.target-platform == 'macos' && 'darwin' ||
-            inputs.target-platform }}
-          is-release: ${{ inputs.is-release }}
-          generate-symbols: ${{ inputs.generate-symbols }}
-          upload-to-storage: ${{ inputs.upload-to-storage }}
-          is-asan: ${{ inputs.is-asan }}
-          upload-out-gen-artifacts: ${{ inputs.upload-out-gen-artifacts }}
-      - name: Set GN_EXTRA_ARGS for MAS Build
-        if: ${{ inputs.target-platform == 'macos' && (inputs.target-variant == 'all' ||
-          inputs.target-variant == 'mas') }}
-        run: |
-          echo "MAS_BUILD=true" >> $GITHUB_ENV
-          GN_EXTRA_ARGS='is_mas_build=true'
-          echo "GN_EXTRA_ARGS=$GN_EXTRA_ARGS" >> $GITHUB_ENV
-      - name: Build Electron (MAS)
-        if: ${{ inputs.target-platform == 'macos' && (inputs.target-variant == 'all' ||
-          inputs.target-variant == 'mas') }}
-        uses: ./src/electron/.github/actions/build-electron
-        with:
-          target-arch: ${{ inputs.target-arch }}
-          target-platform: ${{ inputs.target-platform }}
-          artifact-platform: mas
-          is-release: ${{ inputs.is-release }}
-          generate-symbols: ${{ inputs.generate-symbols }}
-          upload-to-storage: ${{ inputs.upload-to-storage }}
-          step-suffix: (mas)

.github/workflows/pipeline-segment-electron-test-64k.yml

@@ -1,64 +0,0 @@
-name: Pipeline Segment - Electron Test on Linux ARM64 64k
-
-on:
-  workflow_call:
-    inputs:
-      test-runs-on:
-        type: string
-        description: 'What host to run the tests on'
-        required: true
-      test-container:
-        type: string
-        description: 'JSON container information for aks runs-on'
-        required: false
-        default: '{"image":null}'
-
-concurrency:
-  group: electron-test-linux-64k-${{ github.ref_protected == true && github.run_id || github.ref }}
-  cancel-in-progress: ${{ github.ref_protected != true }}
-
-permissions: {}
-
-env:
-  ELECTRON_OUT_DIR: Default
-
-jobs:
-  test-linux-arm64-64k:
-    defaults:
-      run:
-        shell: bash
-    runs-on: ${{ inputs.test-runs-on }}
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
-    steps:
-    - name: Download Generated Artifacts
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
-      with:
-        name: generated_artifacts_linux_arm64
-        path: ./generated_artifacts_linux_arm64
-    - name: Download Src Artifacts
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
-      with:
-        name: src_artifacts_linux_arm64
-        path: ./src_artifacts_linux_arm64
-    - name: Restore Generated Artifacts
-      run: ./src/electron/script/actions/restore-artifacts.sh
-    - name: Unzip Dist
-      run: |
-        cd src/out/Default
-        unzip -:o dist.zip
-
-    - name: Run Electron Tests in QEMU 64k Container
-      shell: bash
-      env:
-        MOCHA_REPORTER: mocha-multi-reporters
-        MOCHA_MULTI_REPORTERS: mocha-junit-reporter, tap
-        ELECTRON_DISABLE_SECURITY_WARNINGS: 1
-        DISPLAY: ':99.0'
-      run: |
-        container=$(echo '${{ inputs.test-container }}' | jq -r '.image')
-        echo "Running tests in container: $container"
-        src/electron/script/run-qemu-64k.sh --container="$container" --testfiles=`pwd`/src
-        

.github/workflows/pipeline-segment-electron-test.yml

@@ -30,17 +30,15 @@ on:
         required: false
         type: boolean
         default: false
-      display-server:
-        description: 'Display backend for Linux tests: x11 or wayland'
-        required: false
-        type: string
-        default: x11
 
 concurrency:
-  group: electron-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ inputs.is-asan }}-${{ inputs.display-server }}-${{ github.ref_protected == true && github.run_id || github.ref }}
+  group: electron-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ inputs.is-asan }}-${{ github.ref_protected == true && github.run_id || github.ref }}
   cancel-in-progress: ${{ github.ref_protected != true }}
 
-permissions: {}
+permissions:
+  contents: read
+  issues: read
+  pull-requests: read
 
 env:
   CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
@@ -55,16 +53,12 @@ jobs:
       run:
         shell: bash
     runs-on: ${{ inputs.test-runs-on }}
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
     container: ${{ fromJSON(inputs.test-container) }}
     strategy:
       fail-fast: false
       matrix:
         build-type: ${{ inputs.target-platform == 'macos' && fromJSON('["darwin","mas"]') || (inputs.target-platform == 'win' && fromJSON('["win"]') || fromJSON('["linux"]')) }}
-        shard: ${{ case(inputs.display-server == 'wayland', fromJSON('[1]'), inputs.target-platform == 'linux', fromJSON('[1, 2, 3]'), fromJSON('[1, 2]')) }}
+        shard: ${{ inputs.target-platform == 'linux' && fromJSON('[1, 2, 3]') || fromJSON('[1, 2]') }}
     env:
       BUILD_TYPE: ${{ matrix.build-type }}
       TARGET_ARCH: ${{ inputs.target-arch }}
@@ -74,12 +68,11 @@ jobs:
       if: ${{ inputs.target-arch == 'arm' && inputs.target-platform == 'linux' }}
       run: |
         cp $(which node) /mnt/runner-externals/node20/bin/
-        cp $(which node) /mnt/runner-externals/node24/bin/
     - name: Setup Node.js/npm
       if: ${{ inputs.target-platform == 'win' }}
-      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
+      uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
       with:
-        node-version: 22.21.x
+        node-version: 20.19.x
     - name: Add TCC permissions on macOS
       if: ${{ inputs.target-platform == 'macos' }}
       run: |
@@ -124,7 +117,7 @@ jobs:
       if: ${{ inputs.target-platform == 'macos' }}
       run: sudo xcode-select --switch /Applications/Xcode_16.4.app
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
       with:
         path: src/electron
         fetch-depth: 0
@@ -173,12 +166,12 @@ jobs:
         echo "DISABLE_CRASH_REPORTER_TESTS=true" >> $GITHUB_ENV
         echo "IS_ASAN=true" >> $GITHUB_ENV
     - name: Download Generated Artifacts
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
+      uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0
       with:
         name: generated_artifacts_${{ env.ARTIFACT_KEY }}
         path: ./generated_artifacts_${{ matrix.build-type }}_${{ inputs.target-arch }}
     - name: Download Src Artifacts
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
+      uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0
       with:
         name: src_artifacts_${{ env.ARTIFACT_KEY }}
         path: ./src_artifacts_${{ matrix.build-type }}_${{ inputs.target-arch }}
@@ -202,7 +195,10 @@ jobs:
     #    sudo security authorizationdb write com.apple.trust-settings.admin allow
     #    cd src/electron
     #    ./script/codesign/generate-identity.sh
-
+    - name: Install Datadog CLI
+      run: |
+        cd src/electron
+        node script/yarn global add @datadog/datadog-ci
     - name: Run Electron Tests
       shell: bash
       env:
@@ -215,22 +211,7 @@ jobs:
         cd src/electron
         export ELECTRON_TEST_RESULTS_DIR=`pwd`/junit
         # Get which tests are on this shard
-        tests_files=$(node script/split-tests ${{ matrix.shard }} ${{ case(inputs.display-server == 'wayland', 1, inputs.target-platform == 'linux', 3, 2) }})
-        if [ "${{ inputs.display-server }}" = "wayland" ]; then
-          allowlist_file=script/wayland-test-allowlist.txt
-          filtered_tests=""
-          for test_file in $tests_files; do
-            if grep -Fxq "$test_file" "$allowlist_file"; then
-              filtered_tests="$filtered_tests $test_file"
-            fi
-          done
-          tests_files="${filtered_tests# }"
-
-          if [ -z "$tests_files" ]; then
-            echo "No tests matched Wayland filter, skipping."
-            exit 0
-          fi
-        fi
+        tests_files=$(node script/split-tests ${{ matrix.shard }} ${{ inputs.target-platform == 'linux' && 3 || 2 }})
 
         # Run tests
         if [ "${{ inputs.target-platform }}" != "linux" ]; then
@@ -243,7 +224,7 @@ jobs:
               export ELECTRON_FORCE_TEST_SUITE_EXIT="true"
             fi
           fi
-          node script/yarn.js test --runners=main --enableRerun=3 --trace-uncaught --enable-logging --files $tests_files
+          node script/yarn test --runners=main --enableRerun=3 --trace-uncaught --enable-logging --files $tests_files
         else
           chown :builduser .. && chmod g+w ..
           chown -R :builduser . && chmod -R g+w .
@@ -260,18 +241,9 @@ jobs:
             export MOCHA_TIMEOUT=180000
             echo "Piping output to ASAN_SYMBOLIZE ($ASAN_SYMBOLIZE)"
             cd electron
-            runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn.js test --runners=main --trace-uncaught --enable-logging --files $tests_files | $ASAN_SYMBOLIZE
+            runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn test --runners=main --trace-uncaught --enable-logging --files $tests_files | $ASAN_SYMBOLIZE
           else
-            if [ "${{ inputs.target-arch }}" = "arm" ]; then
-              runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn.js test --skipYarnInstall --runners=main --enableRerun=3 --trace-uncaught --enable-logging --files $tests_files
-            else 
-              if [ "${{ inputs.display-server }}" = "wayland" ]; then
-                runuser -u builduser -- script/actions/run-tests-wayland.sh script/yarn.js test --runners=main --enableRerun=3 --trace-uncaught --enable-logging --files $tests_files
-              else
-                runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn.js test --runners=main --enableRerun=3 --trace-uncaught --enable-logging --files $tests_files
-              fi
-            fi
-            
+            runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn test --runners=main --trace-uncaught --enable-logging --files $tests_files
           fi
         fi
     - name: Upload Test results to Datadog
@@ -283,16 +255,15 @@ jobs:
         DD_TAGS: "os.architecture:${{ inputs.target-arch }},os.family:${{ inputs.target-platform }},os.platform:${{ inputs.target-platform }},asan:${{ inputs.is-asan }}"
       run: |
         if ! [ -z $DD_API_KEY ] && [ -f src/electron/junit/test-results-main.xml ]; then
-          cd src/electron
-          export DATADOG_PATH=`node script/yarn.js bin datadog-ci`
-          $DATADOG_PATH junit upload junit/test-results-main.xml
-        fi
+          export DATADOG_PATH=`node src/electron/script/yarn global bin`
+          $DATADOG_PATH/datadog-ci junit upload src/electron/junit/test-results-main.xml
+        fi          
       if: always() && !cancelled()
     - name: Upload Test Artifacts
       if: always() && !cancelled()
-      uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
       with:
-        name: ${{ inputs.target-platform == 'linux' && format('test_artifacts_{0}_{1}_{2}', env.ARTIFACT_KEY, inputs.display-server, matrix.shard) || format('test_artifacts_{0}_{1}', env.ARTIFACT_KEY, matrix.shard) }}
+        name: test_artifacts_${{ env.ARTIFACT_KEY }}_${{ matrix.shard }}
         path: src/electron/spec/artifacts
         if-no-files-found: ignore
     - name: Wait for active SSH sessions

.github/workflows/pipeline-segment-node-nan-test.yml

@@ -26,8 +26,6 @@ on:
         type: string
         default: testing
 
-permissions: {}
-
 concurrency:
   group: electron-node-nan-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
   cancel-in-progress: ${{ github.ref_protected != true }}
@@ -41,8 +39,6 @@ jobs:
   node-tests:
     name: Run Node.js Tests
     runs-on: electron-arc-centralus-linux-amd64-8core
-    permissions:
-      contents: read
     timeout-minutes: 30
     env: 
       TARGET_ARCH: ${{ inputs.target-arch }}
@@ -50,7 +46,7 @@ jobs:
     container: ${{ fromJSON(inputs.test-container) }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
       with:
         path: src/electron
         fetch-depth: 0
@@ -65,12 +61,12 @@ jobs:
     - name: Install Dependencies
       uses: ./src/electron/.github/actions/install-dependencies
     - name: Download Generated Artifacts
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
+      uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0
       with:
         name: generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
         path: ./generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
     - name: Download Src Artifacts
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
+      uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0
       with:
         name: src_artifacts_linux_${{ env.TARGET_ARCH }}
         path: ./src_artifacts_linux_${{ env.TARGET_ARCH }}
@@ -97,8 +93,6 @@ jobs:
   nan-tests:
     name: Run Nan Tests
     runs-on: electron-arc-centralus-linux-amd64-4core
-    permissions:
-      contents: read
     timeout-minutes: 30
     env: 
       TARGET_ARCH: ${{ inputs.target-arch }}
@@ -106,7 +100,7 @@ jobs:
     container: ${{ fromJSON(inputs.test-container) }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
       with:
         path: src/electron
         fetch-depth: 0
@@ -121,12 +115,12 @@ jobs:
     - name: Install Dependencies
       uses: ./src/electron/.github/actions/install-dependencies
     - name: Download Generated Artifacts
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
+      uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0
       with:
         name: generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
         path: ./generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
     - name: Download Src Artifacts
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
+      uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0
       with:
         name: src_artifacts_linux_${{ env.TARGET_ARCH }}
         path: ./src_artifacts_linux_${{ env.TARGET_ARCH }}
@@ -138,16 +132,10 @@ jobs:
         unzip -:o dist.zip
     - name: Setup Linux for Headless Testing
       run: sh -e /etc/init.d/xvfb start
-    - name: Add Clang problem matcher
-      shell: bash
-      run: echo "::add-matcher::src/electron/.github/problem-matchers/clang.json"
     - name: Run Nan Tests
       run: |
         cd src
         node electron/script/nan-spec-runner.js
-    - name: Remove Clang problem matcher
-      shell: bash
-      run: echo "::remove-matcher owner=clang::"
     - name: Wait for active SSH sessions
       shell: bash
       if: always() && !cancelled()

.github/workflows/pull-request-labeled.yml

@@ -11,7 +11,6 @@ jobs:
     name: backport/requested label added
     if: github.event.label.name == 'backport/requested 🗳'
     runs-on: ubuntu-latest
-    permissions: {}
     steps:
       - name: Trigger Slack workflow
         uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
@@ -29,10 +28,9 @@ jobs:
     name: deprecation-review/complete label added
     if: github.event.label.name == 'deprecation-review/complete ✅'
     runs-on: ubuntu-latest
-    permissions: {}
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.RELEASE_BOARD_GH_APP_CREDS }}
@@ -44,35 +42,3 @@ jobs:
           project-number: 94
           field: Status
           field-value: ✅ Reviewed
-  pull-request-labeled-ai-pr:
-    name: ai-pr label added
-    if: github.event.label.name == 'ai-pr'
-    runs-on: ubuntu-latest
-    permissions: {}
-    steps:
-    - name: Generate GitHub App token
-      uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
-      id: generate-token
-      with:
-        creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
-    - name: Create comment
-      uses: actions-cool/issues-helper@71b62d7da76e59ff7b193904feb6e77d4dbb2777 # v3.7.6
-      with:
-        actions: 'create-comment'
-        token: ${{ steps.generate-token.outputs.token }}
-        issue-number: ${{ github.event.pull_request.number }}
-        body: |
-          <!-- ai-pr -->
-
-          *AI PR Detected*
-
-          Hello @${{ github.event.pull_request.user.login }}. Due to the high amount of AI spam PRs we receive, if a PR is detected to be majority AI-generated without disclosure and untested, we will automatically close the PR.
-
-          We welcome the use of AI tools, as long as the PR meets our quality standards and has clearly been built and tested. If you believe your PR was closed in error, we welcome you to resubmit. However, please read our [CONTRIBUTING.md](http://contributing.md/) carefully before reopening. Thanks for your contribution.
-    - name: Close the pull request
-      env:
-        GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
-        GH_REPO: electron/electron
-        PR_NUMBER: ${{ github.event.pull_request.number }}
-      run: |
-        gh pr close "$PR_NUMBER"

.github/workflows/rerun-apply-patches.yml

@@ -1,71 +0,0 @@
-name: Rerun PR Apply Patches
-
-on:
-  push:
-    branches:
-      - main
-      - '[1-9][0-9]-x-y'
-    paths:
-      - 'DEPS'
-      - 'patches/**'
-
-permissions: {}
-
-jobs:
-  rerun-apply-patches:
-    runs-on: ubuntu-latest
-    permissions:
-      actions: write
-      checks: read
-      contents: read
-      pull-requests: read
-    steps:
-      - name: Find PRs and Rerun Apply Patches
-        env:
-          GH_REPO: ${{ github.repository }}
-          GH_TOKEN: ${{ github.token }}
-        run: |
-          BRANCH="${GITHUB_REF#refs/heads/}"
-
-          # Find all open PRs targeting this branch
-          PRS=$(gh pr list --base "$BRANCH" --state open --limit 250 --json number)
-
-          echo "$PRS" | jq -c '.[]' | while read -r pr; do
-            PR_NUMBER=$(echo "$pr" | jq -r '.number')
-            echo "Processing PR #${PR_NUMBER}"
-
-            # Find the Apply Patches workflow check for this PR
-            CHECK=$(gh pr view "$PR_NUMBER" --json statusCheckRollup --jq '[.statusCheckRollup[] | select(.workflowName == "Apply Patches" and .name == "apply-patches")] | first')
-
-            if [ -z "$CHECK" ] || [ "$CHECK" = "null" ]; then
-              echo "  No Apply Patches workflow found for PR #${PR_NUMBER}"
-              continue
-            fi
-
-            CONCLUSION=$(echo "$CHECK" | jq -r '.conclusion')
-            if [ "$CONCLUSION" = "SKIPPED" ]; then
-              echo "  apply-patches job was skipped for PR #${PR_NUMBER} (no patches)"
-              continue
-            fi
-
-            LINK=$(echo "$CHECK" | jq -r '.detailsUrl')
-
-            # Extract the run ID from the link (format: .../runs/RUN_ID/job/JOB_ID)
-            RUN_ID=$(echo "$LINK" | grep -oE 'runs/[0-9]+' | cut -d'/' -f2)
-
-            if [ -z "$RUN_ID" ]; then
-              echo "  Could not extract run ID from link: ${LINK}"
-              continue
-            fi
-
-            # Check if the workflow is currently in progress
-            RUN_STATUS=$(gh run view "$RUN_ID" --json status --jq '.status')
-
-            if [ "$RUN_STATUS" = "in_progress" ] || [ "$RUN_STATUS" = "queued" ] || [ "$RUN_STATUS" = "waiting" ]; then
-              echo "  Workflow run ${RUN_ID} is ${RUN_STATUS}, cancelling..."
-              gh run cancel "$RUN_ID" --force
-              gh run watch "$RUN_ID"
-            fi
-
-            gh run rerun "$RUN_ID"
-          done

.github/workflows/scorecards.yml

@@ -13,7 +13,6 @@ permissions: read-all
 jobs:
   analysis:
     name: Scorecards analysis
-    if: github.repository == 'electron/electron'
     runs-on: ubuntu-latest
     permissions:
       # Needed to upload the results to code-scanning dashboard.
@@ -23,13 +22,13 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
 
       # This is a pre-submit / pre-release.
       - name: "Run analysis"
-        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
+        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
         with:
           results_file: results.sarif
           results_format: sarif
@@ -43,7 +42,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: SARIF file
           path: results.sarif
@@ -51,6 +50,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v3.29.5
+        uses: github/codeql-action/upload-sarif@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.5
         with:
           sarif_file: results.sarif

.github/workflows/semantic.yml

@@ -7,7 +7,8 @@ on:
       - edited
       - synchronize
 
-permissions: {}
+permissions:
+  contents: read
 
 jobs:
   main:

.github/workflows/stable-prep-items.yml

@@ -10,12 +10,10 @@ permissions: {}
 jobs:
   check-stable-prep-items:
     name: Check Stable Prep Items
-    if: github.repository == 'electron/electron'
     runs-on: ubuntu-latest
-    permissions: {}
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.RELEASE_BOARD_GH_APP_CREDS }}

.github/workflows/stale.yml

@@ -9,16 +9,14 @@ permissions: {}
 
 jobs:
   stale:
-    if: github.repository == 'electron/electron'
     runs-on: ubuntu-latest
-    permissions: {}
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
-      - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # tag: v10.2.0
+      - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # tag: v9.1.0
         with:
           repo-token: ${{ steps.generate-token.outputs.token }}
           days-before-stale: 90
@@ -29,20 +27,19 @@ jobs:
             This issue has been automatically marked as stale. **If this issue is still affecting you, please leave any comment** (for example, "bump"), and we'll keep it open. If you have any new additional information—in particular, if this is still reproducible in the [latest version of Electron](https://www.electronjs.org/releases/stable) or in the [beta](https://www.electronjs.org/releases/beta)—please include it with your comment!
           close-issue-message: >
             This issue has been closed due to inactivity, and will not be monitored.  If this is a bug and you can reproduce this issue on a [supported version of Electron](https://www.electronjs.org/docs/latest/tutorial/electron-timelines#timeline) please open a new issue and include instructions for reproducing the issue.
-          exempt-issue-labels: "discussion,security \U0001F512,enhancement :sparkles:,status/confirmed,stale-exempt,upgrade-follow-up,tracking-upstream"
+          exempt-issue-labels: "discussion,security \U0001F512,enhancement :sparkles:,status/confirmed,stale-exempt,upgrade-follow-up"
           only-pr-labels: not-a-real-label
   pending-repro:
     runs-on: ubuntu-latest
-    permissions: {}
-    if: ${{ always() && github.repository == 'electron/electron' }}
+    if: ${{ always() }}
     needs: stale
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
-      - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # tag: v10.2.0
+      - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # tag: v9.1.0
         with:
           repo-token: ${{ steps.generate-token.outputs.token }}
           days-before-stale: -1

.github/workflows/update-website-docs.yml

@@ -1,39 +0,0 @@
-name: Update Website Docs
-
-on:
-  release:
-    types: [published]
-
-permissions: {}
-
-jobs:
-  update-website-docs:
-    name: Update Website Docs
-    runs-on: ubuntu-latest
-    environment: website-docs-updater
-    permissions:
-      contents: read
-      id-token: write # needed for secret-service-action
-    steps:
-      - name: Get GitHub App token
-        id: secret-service
-        uses: electron/secret-service-action@3476425e8b30555aac15b1b7096938e254b0e155 # v1.0.0
-      - name: Check if this release is the latest
-        id: check-if-latest-release
-        env:
-          GH_REPO: electron/electron
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          LATEST_RELEASE_TAG="$(gh release view --json tagName --jq '.tagName')"
-          if [ "$LATEST_RELEASE_TAG" = "${GITHUB_REF#refs/tags/}" ]; then
-            echo "isLatestRelease=true" >> $GITHUB_OUTPUT
-          else
-            echo "isLatestRelease=false" >> $GITHUB_OUTPUT
-          fi
-      - name: Trigger website docs update
-        if: ${{ steps.check-if-latest-release.outputs.isLatestRelease == 'true' }}
-        env:
-          GH_REPO: electron/website
-          GH_TOKEN: ${{ fromJSON(steps.secret-service.outputs.secrets).WEBSITE_DOCS_UPDATER_APP_TOKEN }}
-        run: |
-          gh workflow run update-docs.yml -f sha=$GITHUB_SHA

.github/workflows/windows-publish.yml

@@ -6,7 +6,7 @@ on:
       build-image-sha:
         type: string
         description: 'SHA for electron/build image'
-        default: 'eac3529546ea8f3aa356d31e345715eef342233b'
+        default: '933c7d6ff6802706875270bec2e3c891cf8add3f'
         required: true
       upload-to-storage:
         description: 'Uploads to Azure storage'
@@ -18,14 +18,9 @@ on:
         type: boolean
         default: false
 
-permissions: {}
-
 jobs:
   checkout-windows:
-    if: github.repository == 'electron/electron'
     runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
     container:
       image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
       options: --user root --device /dev/fuse --cap-add SYS_ADMIN
@@ -41,7 +36,7 @@ jobs:
       build-image-sha: ${{ inputs.build-image-sha }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
       with:
         path: src/electron
         fetch-depth: 0
@@ -52,12 +47,7 @@ jobs:
         target-platform: win
 
   publish-x64-win:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-windows
     with:
       environment: production-release
@@ -71,12 +61,7 @@ jobs:
     secrets: inherit
 
   publish-arm64-win:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-windows
     with:
       environment: production-release
@@ -90,12 +75,7 @@ jobs:
     secrets: inherit
 
   publish-x86-win:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-windows
     with:
       environment: production-release

.gitignore

@@ -53,5 +53,3 @@ ts-gen
 patches/mtime-cache.json
 
 spec/fixtures/logo.png
-
-.yarn/install-state.gz

.yarnrc.yml

@@ -1,12 +0,0 @@
-enableScripts: false
-
-nmHoistingLimits: workspaces
-
-nodeLinker: node-modules
-
-npmMinimalAgeGate: 10080
-
-npmPreapprovedPackages:
-  - "@electron/*"
-
-yarnPath: .yarn/releases/yarn-4.12.0.cjs

BUILD.gn

@@ -446,7 +446,6 @@ source_set("electron_lib") {
     "shell/services/node/public/mojom",
     "//base:base_static",
     "//base/allocator:buildflags",
-    "//build/util:chromium_git_revision",
     "//chrome:strings",
     "//chrome/app:command_ids",
     "//chrome/app/resources:platform_locale_settings",
@@ -481,7 +480,6 @@ source_set("electron_lib") {
     "//device/bluetooth",
     "//device/bluetooth/public/cpp",
     "//gin",
-    "//gpu/ipc/client",
     "//media/capture/mojom:video_capture",
     "//media/mojo/mojom",
     "//media/mojo/mojom:web_speech_recognition",
@@ -502,7 +500,6 @@ source_set("electron_lib") {
     "//third_party/blink/public/platform/media",
     "//third_party/boringssl",
     "//third_party/electron_node:libnode",
-    "//third_party/highway:libhwy",
     "//third_party/inspector_protocol:crdtp",
     "//third_party/leveldatabase",
     "//third_party/libyuv",
@@ -530,7 +527,6 @@ source_set("electron_lib") {
     "//base",
     "//base:i18n",
     "//content/public/app",
-    "//ui/base/unowned_user_data",
   ]
 
   include_dirs = [
@@ -596,8 +592,6 @@ source_set("electron_lib") {
     use_libcxx_modules = false
 
     deps += [
-      "//components/os_crypt/async/browser:keychain_key_provider",
-      "//components/os_crypt/common:keychain_password_mac",
       "//components/remote_cocoa/app_shim",
       "//components/remote_cocoa/browser",
       "//content/browser:mac_helpers",
@@ -659,9 +653,6 @@ source_set("electron_lib") {
       ":libnotify_loader",
       "//build/config/linux/gtk",
       "//components/crash/content/browser",
-      "//components/os_crypt/async/browser:freedesktop_secret_key_provider",
-      "//components/os_crypt/async/browser:posix_key_provider",
-      "//components/os_crypt/async/browser:secret_portal_key_provider",
       "//dbus",
       "//device/bluetooth",
       "//third_party/crashpad/crashpad/client",
@@ -702,7 +693,6 @@ source_set("electron_lib") {
     deps += [
       "//components/app_launch_prefetch",
       "//components/crash/core/app:crash_export_thunks",
-      "//components/os_crypt/async/browser:dpapi_key_provider",
       "//third_party/libxml:xml_writer",
       "//ui/wm",
       "//ui/wm/public",
@@ -770,13 +760,11 @@ source_set("electron_lib") {
   if (enable_pdf_viewer) {
     deps += [
       "//chrome/browser/resources/pdf:resources",
-      "//chrome/browser/ui:browser_element_identifiers",
       "//components/pdf/browser",
       "//components/pdf/browser:interceptors",
       "//components/pdf/common:constants",
       "//components/pdf/common:util",
       "//components/pdf/renderer",
-      "//components/user_education/webui",
       "//pdf",
       "//pdf:content_restriction",
     ]

CLAUDE.md

@@ -1,230 +0,0 @@
-# Electron Development Guide
-
-## Project Overview
-
-Electron is a framework for building cross-platform desktop applications using web technologies. It embeds Chromium for rendering and Node.js for backend functionality.
-
-## Directory Structure
-
-```text
-electron/                 # This repo (run `e` commands here)
-├── shell/               # Core C++ application code
-│   ├── browser/         # Main process implementation (107+ API modules)
-│   ├── renderer/        # Renderer process code
-│   ├── common/          # Shared code between processes
-│   ├── app/             # Application entry points
-│   └── services/        # Node.js service integration
-├── lib/                 # TypeScript/JavaScript library code
-│   ├── browser/         # Main process JS (47 API implementations)
-│   ├── renderer/        # Renderer process JS
-│   └── common/          # Shared JS modules
-├── patches/             # Patches for upstream dependencies
-│   ├── chromium/        # ~159 patches to Chromium
-│   ├── node/            # ~48 patches to Node.js
-│   └── ...              # Other targets (v8, boringssl, etc.)
-├── spec/                # Test suite (1189+ TypeScript test files)
-├── docs/                # API documentation and guides
-├── build/               # Build configuration
-├── script/              # Build and automation scripts
-└── chromium_src/        # Chromium source overrides
-../                      # Parent directory is Chromium source
-```
-
-## Build Tools Setup
-
-Electron uses `@electron/build-tools` for development. The `e` command is the primary CLI.
-
-**Installation:**
-
-```bash
-npm i -g @electron/build-tools
-```
-
-**Configuration location:** `~/.electron_build_tools/configs/`
-
-## Essential Commands
-
-### Configuration Management
-
-| Command | Purpose |
-|---------|---------|
-| `e init <name> --root=<path> --bootstrap testing` | Create new build config and sync |
-| `e use <name>` | Switch to a different build configuration |
-| `e show current` | Display active configuration name |
-| `e show configs` | List all available configurations |
-
-### Build & Development Loop
-
-| Command | Purpose |
-|---------|---------|
-| `e sync` | Fetch/update all source code and apply patches |
-| `e sync --3` | Sync with 3-way merge (required for Chromium upgrades) |
-| `e build` | Build Electron (runs GN + Ninja) |
-| `e build -k 999` | Build and continue on errors (up to 999) |
-| `e build -t <target>` | Build specific target (e.g., `electron:node_headers`) |
-| `e start` | Run the built Electron executable |
-| `e start --version` | Verify Electron launches and print version |
-| `e test` | Run the test suite |
-| `e debug` | Run Electron in debugger (lldb on macOS, gdb on Linux) |
-
-### Patch Management
-
-| Command | Purpose |
-|---------|---------|
-| `e patches <target>` | Export patches for a target (chromium, node, v8, etc.) |
-| `e patches all` | Export all patches from all targets |
-| `e patches --list-targets` | List available patch targets |
-
-## Typical Development Workflow
-
-```bash
-# 1. Ensure you're on the right config
-e show current
-
-# 2. Sync to get latest code
-e sync
-
-# 3. Make your changes in shell/ or lib/ or ../
-
-# 4. Build
-e build
-
-# 5. Test your changes (Leave the user to do this, don't run these commands unless asked)
-e start
-e test
-
-# 6. If you modified patched files in Chromium:
-cd ..  # Go to Chromium repo
-git add <files>
-git commit -m "description of change"
-cd electron
-e patches chromium  # Export the patch
-```
-
-## Patches System
-
-Electron patches upstream dependencies (Chromium, Node.js, V8, etc.) to add features or modify behavior.
-
-**How patches work:**
-
-```text
-patches/{target}/*.patch  →  [e sync --3]  →  target repo commits
-                          ←  [e patches]   ←
-```
-
-**Patch configuration:** `patches/config.json` maps patch directories to target repos.
-
-**Key rules:**
-
-- Fix existing patches 99% of the time rather than creating new ones
-- Preserve original authorship in TODO comments
-- Never change TODO assignees (`TODO(name)` must retain original name)
-- Each patch file includes commit message explaining its purpose
-
-**Creating/modifying patches:**
-
-1. Make changes in the target repo (e.g., `../` for Chromium)
-2. Create a git commit
-3. Run `e patches <target>` to export
-
-## Testing
-
-**Test location:** `spec/` directory
-
-**Running tests:**
-
-```bash
-e test                    # Run full test suite
-```
-
-**Test frameworks:** Mocha, Chai, Sinon
-
-## Build Configuration
-
-**GN build arguments:** Located in `build/args/`:
-
-- `testing.gn` - Debug/testing builds
-- `release.gn` - Release builds
-- `all.gn` - Common arguments for all builds
-
-**Main build file:** `BUILD.gn`
-
-**Feature flags:** `buildflags/buildflags.gni`
-
-## Chromium Upgrade Workflow
-
-When working on the `roller/chromium/main` branch to upgrade Chromium activate the "Electron Chromium Upgrade" skill.
-
-## Pull Requests
-
-PR bodies must always include a `Notes:` section as the **last line** of the body. This is a consumer-facing release note for Electron app developers — describe the user-visible fix or change, not internal implementation details. Use `Notes: none` if there is no user-facing change.
-
-## Code Style
-
-**C++:** Follows Chromium style, enforced by clang-format
-**TypeScript/JavaScript:** ESLint configuration in `.eslintrc.json`
-
-**Linting:**
-
-```bash
-npm run lint              # Run all linters
-npm run lint:clang-format # C++ formatting
-```
-
-## Key Files
-
-| File | Purpose |
-|------|---------|
-| `BUILD.gn` | Main GN build configuration |
-| `DEPS` | Dependency versions and checkout paths |
-| `patches/config.json` | Patch target configuration |
-| `filenames.gni` | Source file lists by platform |
-| `package.json` | Node.js dependencies and scripts |
-
-## Environment Variables
-
-| Variable | Purpose |
-|----------|---------|
-| `GN_EXTRA_ARGS` | Additional GN arguments (useful in CI) |
-| `ELECTRON_RUN_AS_NODE=1` | Run Electron as Node.js |
-
-## Useful Git Commands for Chromium
-
-```bash
-# Find CL that changed a file
-cd ..
-git log --oneline -10 -- {file}
-git blame -L {start},{end} -- {file}
-
-# Look for Chromium CL reference in commit
-git log -1 {commit_sha}  # Find "Reviewed-on:" line
-
-# Find which patch affects a file
-grep -l "filename.cc" patches/chromium/*.patch
-```
-
-## CI/CD
-
-GitHub Actions workflows in `.github/workflows/`:
-
-- `build.yml` - Main build workflow
-- `pipeline-electron-lint.yml` - Linting
-- `pipeline-segment-electron-test.yml` - Testing
-
-## Common Issues
-
-**Patch conflict during sync:**
-
-- Use `e sync --3` for 3-way merge
-- Check if file was renamed/moved upstream
-- Verify patch is still needed
-
-**Build error in patched file:**
-
-- Find the patch: `grep -l "filename" patches/chromium/*.patch`
-- Match existing patch style (#if 0 guards, BUILDFLAG conditionals, etc.)
-
-**Remote build issues:**
-
-- Try `e build --no-remote` to build locally
-- Check reclient/siso configuration in your build config

DEPS

@@ -2,17 +2,17 @@ gclient_gn_args_from = 'src'
 
 vars = {
   'chromium_version':
-    '147.0.7699.0',
+    '142.0.7444.162',
   'node_version':
-    'v24.13.1',
+    'v22.21.1',
   'nan_version':
-    '675cefebca42410733da8a454c8d9391fcebfbc2',
+    'e14bdcd1f72d62bca1d541b66da43130384ec213',
   'squirrel.mac_version':
     '0e5d146ba13101a1302d59ea6e6e0b3cace4ae38',
   'reactiveobjc_version':
     '74ab5baccc6f7202c8ac69a8d1e152c29dc1ea76',
   'mantle_version':
-    '2a8e2123a3931038179ee06105c9e6ec336b12ea',
+    '78d3966b3c331292ea29ec38661b25df0a245948',
   'engflow_reclient_configs_version':
     '955335c30a752e9ef7bff375baab5e0819b6c00d',
 
@@ -30,6 +30,9 @@ vars = {
   # The path of the sysroots.json file.
   'sysroots_json_path': 'electron/script/sysroots.json',
 
+  # KEEP IN SYNC WITH utils.js FILE
+  'yarn_version': '1.22.22',
+
   # To be able to build clean Chromium from sources.
   'apply_patches': True,
 
@@ -152,7 +155,7 @@ hooks = [
     'action': [
       'python3',
       '-c',
-      'import os, subprocess; os.chdir(os.path.join("src", "electron")); subprocess.check_call(["node", ".yarn/releases/yarn-4.12.0.cjs", "install", "--immutable"]);',
+      'import os, subprocess; os.chdir(os.path.join("src", "electron")); subprocess.check_call(["python3", "script/lib/npx.py", "yarn@' + (Var("yarn_version")) + '", "install", "--frozen-lockfile"]);',
     ],
   },
   {

SECURITY.md

@@ -8,12 +8,6 @@ The Electron team will send a response indicating the next steps in handling you
 
 Report security bugs in third-party modules to the person or team maintaining the module. You can also report a vulnerability through the [npm contact form](https://www.npmjs.com/support) by selecting "I'm reporting a security vulnerability".
 
-## Escalation
-
-If you do not receive an acknowledgement of your report within 6 business days, or if you cannot find a private security contact for the project, you may escalate to the OpenJS Foundation CNA at `security@lists.openjsf.org`.
-
-If the project acknowledges your report but does not provide any further response or engagement within 14 days, escalation is also appropriate.
-
 ## The Electron Security Notification Process
 
 For context on Electron's security notification process, please see the [Notifications](https://github.com/electron/governance/blob/main/wg-security/membership-and-notifications.md#notifications) section of the Security WG's [Membership and Notifications](https://github.com/electron/governance/blob/main/wg-security/membership-and-notifications.md) Governance document.

build/args/all.gn

@@ -2,7 +2,7 @@ is_electron_build = true
 root_extra_deps = [ "//electron" ]
 
 # Registry of NMVs --> https://github.com/nodejs/node/blob/main/doc/abi_version_registry.json
-node_module_version = 145
+node_module_version = 140
 
 v8_promise_internal_field_count = 1
 v8_embedder_string = "-electron.0"

build/fuses/fuses.json5

@@ -9,6 +9,5 @@
   "embedded_asar_integrity_validation": "0",
   "only_load_app_from_asar": "0",
   "load_browser_process_specific_v8_snapshot": "0",
-  "grant_file_protocol_extra_privileges": "1",
-  "wasm_trap_handlers": "1"
+  "grant_file_protocol_extra_privileges": "1"
 }

build/siso/backend.star

@@ -0,0 +1,21 @@
+# -*- bazel-starlark -*-
+
+load("@builtin//struct.star", "module")
+
+def __platform_properties(ctx):
+    container_image = "docker://gcr.io/chops-public-images-prod/rbe/siso-chromium/linux@sha256:d7cb1ab14a0f20aa669c23f22c15a9dead761dcac19f43985bf9dd5f41fbef3a"
+    return {
+        "default": {
+            "OSFamily": "Linux",
+            "container-image": container_image,
+        },
+        "large": {
+            "OSFamily": "Linux",
+            "container-image": container_image,
+        },
+    }
+
+backend = module(
+    "backend",
+    platform_properties = __platform_properties,
+)

build/siso/main.star

@@ -0,0 +1,66 @@
+load("@builtin//encoding.star", "json")
+load("@builtin//path.star", "path")
+load("@builtin//runtime.star", "runtime")
+load("@builtin//struct.star", "module")
+load("@config//main.star", upstream_init = "init")
+load("@config//win_sdk.star", "win_sdk")
+load("@config//gn_logs.star", "gn_logs")
+
+def init(ctx):
+    mod = upstream_init(ctx)
+    step_config = json.decode(mod.step_config)
+
+    # Buildbarn doesn't support input_root_absolute_path so disable that
+    for rule in step_config["rules"]:    
+      input_root_absolute_path = rule.get("input_root_absolute_path", False)
+      if input_root_absolute_path:
+        rule.pop("input_root_absolute_path", None)
+
+    # Only wrap clang rules with a remote wrapper if not on Linux. These are currently only
+    # needed for X-Compile builds, which run on Windows and Mac.
+    if runtime.os != "linux":
+      for rule in step_config["rules"]:
+        if rule["name"].startswith("clang/") or rule["name"].startswith("clang-cl/"):
+          rule["remote_wrapper"] = "../../buildtools/reclient_cfgs/chromium-browser-clang/clang_remote_wrapper"
+          if "inputs" not in rule:
+            rule["inputs"] = []
+          rule["inputs"].append("buildtools/reclient_cfgs/chromium-browser-clang/clang_remote_wrapper")
+          rule["inputs"].append("third_party/llvm-build/Release+Asserts_linux/bin/clang")
+
+      if "executables" not in step_config:
+        step_config["executables"] = []
+      step_config["executables"].append("buildtools/reclient_cfgs/chromium-browser-clang/clang_remote_wrapper")
+      step_config["executables"].append("third_party/llvm-build/Release+Asserts_linux/bin/clang")
+
+    if runtime.os == "darwin":
+      # Update platforms to match our default siso config instead of reclient configs.
+      step_config["platforms"].update({
+          "clang": step_config["platforms"]["default"],
+          "clang_large": step_config["platforms"]["default"],          
+      })      
+
+    if runtime.os == "windows":
+      # Add additional Windows SDK headers needed by Electron      
+      win_toolchain_dir = win_sdk.toolchain_dir(ctx)
+      if win_toolchain_dir:
+        sdk_version = gn_logs.read(ctx).get("windows_sdk_version")
+        step_config["input_deps"][win_toolchain_dir + ":headers"].extend([
+          # third_party/electron_node/deps/uv/include/uv/win.h includes mswsock.h
+          path.join(win_toolchain_dir, "Windows Kits/10/Include", sdk_version, "um/mswsock.h"),
+          # third_party/electron_node/src/debug_utils.cc includes lm.h
+          path.join(win_toolchain_dir, "Windows Kits/10/Include", sdk_version, "um/Lm.h"),          
+        ])
+      
+      # Update platforms to match our default siso config instead of reclient configs.
+      step_config["platforms"].update({
+          "clang-cl": step_config["platforms"]["default"],
+          "clang-cl_large": step_config["platforms"]["default"],
+          "lld-link": step_config["platforms"]["default"],
+      })
+
+    return module(
+      "config",
+      step_config = json.encode(step_config),
+      filegroups = mod.filegroups,
+      handlers = mod.handlers,
+    )

chromium_src/BUILD.gn

@@ -383,8 +383,6 @@ static_library("chrome") {
         "//chrome/browser/pdf/chrome_pdf_stream_delegate.h",
         "//chrome/browser/pdf/pdf_extension_util.cc",
         "//chrome/browser/pdf/pdf_extension_util.h",
-        "//chrome/browser/pdf/pdf_help_bubble_handler_factory.cc",
-        "//chrome/browser/pdf/pdf_help_bubble_handler_factory.h",
         "//chrome/browser/pdf/pdf_viewer_stream_manager.cc",
         "//chrome/browser/pdf/pdf_viewer_stream_manager.h",
         "//chrome/browser/plugins/pdf_iframe_navigation_throttle.cc",
@@ -393,8 +391,6 @@ static_library("chrome") {
       deps += [
         "//components/pdf/browser",
         "//components/pdf/renderer",
-        "//ui/base/interaction",
-        "//ui/webui/resources/cr_components/help_bubble:mojo_bindings",
       ]
     }
   } else {

default_app/main.ts

@@ -110,9 +110,11 @@ async function loadApplicationPackage (packagePath: string) {
       } else if (packageJson.name) {
         app.name = packageJson.name;
       }
-
-      app.setDesktopName(packageJson.desktopName || `${app.name}.desktop`);
-
+      if (packageJson.desktopName) {
+        app.setDesktopName(packageJson.desktopName);
+      } else {
+        app.setDesktopName(`${app.name}.desktop`);
+      }
       // Set v8 flags, deliberately lazy load so that apps that do not use this
       // feature do not pay the price
       if (packageJson.v8Flags) {

docs/api/app.md

@@ -250,9 +250,7 @@ Returns:
 
 Emitted when the user clicks the native macOS new tab button. The new
 tab button is only visible if the current `BrowserWindow` has a
-`tabbingIdentifier`.
-
-You must create a window in this handler in order for macOS tabbing to work as expected.
+`tabbingIdentifier`
 
 ### Event: 'browser-window-blur'
 
@@ -614,7 +612,7 @@ Returns `string` - The current application directory.
     may backup this directory to cloud storage.
   * `sessionData` The directory for storing data generated by `Session`, such
     as localStorage, cookies, disk cache, downloaded dictionaries, network
-    state, DevTools files. By default this points to `userData`. Chromium may
+    state, devtools files. By default this points to `userData`. Chromium may
     write very large disk cache here, so if your app does not rely on browser
     storage like localStorage or cookies to save user data, it is recommended
     to set this directory to other locations to avoid polluting the `userData`
@@ -635,7 +633,7 @@ Returns `string` - The current application directory.
 Returns `string` - A path to a special directory or file associated with `name`. On
 failure, an `Error` is thrown.
 
-If `app.getPath('logs')` is called without calling `app.setAppLogsPath()` being called first, a default log directory will be created equivalent to calling `app.setAppLogsPath()` without a `path` parameter.
+If `app.getPath('logs')` is called without called `app.setAppLogsPath()` being called first, a default log directory will be created equivalent to calling `app.setAppLogsPath()` without a `path` parameter.
 
 ### `app.getFileIcon(path[, options])`
 
@@ -650,7 +648,7 @@ Returns `Promise<NativeImage>` - fulfilled with the app's icon, which is a [Nati
 
 Fetches a path's associated icon.
 
-On _Windows_, there are 2 kinds of icons:
+On _Windows_, there a 2 kinds of icons:
 
 * Icons associated with certain file extensions, like `.mp3`, `.png`, etc.
 * Icons inside the file itself, like `.exe`, `.dll`, `.ico`.
@@ -766,7 +764,7 @@ app.getPreferredSystemLanguages() // ['fr-CA', 'en-US', 'zh-Hans-FI', 'es-419']
 
 Both the available languages and regions and the possible return values differ between the two operating systems.
 
-As can be seen with the example above, on Windows, it is possible that a preferred system language has no country code, and that one of the preferred system languages corresponds with the language used for the regional format. On macOS, the region serves more as a default country code: the user doesn't need to have Finnish as a preferred language to use Finland as the region, and the country code `FI` is used as the country code for preferred system languages that do not have associated countries in the language name.
+As can be seen with the example above, on Windows, it is possible that a preferred system language has no country code, and that one of the preferred system languages corresponds with the language used for the regional format. On macOS, the region serves more as a default country code: the user doesn't need to have Finnish as a preferred language to use Finland as the region,and the country code `FI` is used as the country code for preferred system languages that do not have associated countries in the language name.
 
 ### `app.addRecentDocument(path)` _macOS_ _Windows_
 
@@ -1124,19 +1122,6 @@ Updates the current activity if its type matches `type`, merging the entries fro
 
 Changes the [Application User Model ID][app-user-model-id] to `id`.
 
-### `app.setToastActivatorCLSID(id)` _Windows_
-
-* `id` string
-
-Changes the [Toast Activator CLSID][toast-activator-clsid] to `id`. If one is not set via this method, it will be randomly generated for the app.
-
-* The value must be a valid GUID/CLSID in one of the following forms:
-  * Canonical brace-wrapped: `{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}` (preferred)
-  * Canonical without braces: `XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX` (braces will be added automatically)
-* Hex digits are case-insensitive.
-
-This method should be called early (before showing notifications) so the value is baked into the registration/shortcut. Supplying an empty string or an unparsable value throws and leaves the existing (or generated) CLSID unchanged. If this method is never called, a random CLSID is generated once per run and exposed via `app.toastActivatorCLSID`.
-
 ### `app.setActivationPolicy(policy)` _macOS_
 
 * `policy` string - Can be 'regular', 'accessory', or 'prohibited'.
@@ -1241,7 +1226,7 @@ Returns `boolean` - whether hardware acceleration is currently enabled.
 ### `app.disableDomainBlockingFor3DAPIs()`
 
 By default, Chromium disables 3D APIs (e.g. WebGL) until restart on a per
-domain basis if the GPU process crashes too frequently. This function
+domain basis if the GPU processes crashes too frequently. This function
 disables that behavior.
 
 This method can only be called before app is ready.
@@ -1300,8 +1285,6 @@ For `infoType` equal to `basic`:
 
 Using `basic` should be preferred if only basic information like `vendorId` or `deviceId` is needed.
 
-Promise is rejected if the GPU is completely disabled, i.e. no hardware and software implementations are available.
-
 ### `app.setBadgeCount([count])` _Linux_ _macOS_
 
 * `count` Integer (optional) - If a value is provided, set the badge to the provided value otherwise, on macOS, display a plain white dot (e.g. unknown number of notifications). On Linux, if a value is not provided the badge will not display.
@@ -1332,7 +1315,7 @@ Returns `boolean` - Whether the current desktop environment is Unity launcher.
 ### `app.getLoginItemSettings([options])` _macOS_ _Windows_
 
 * `options` Object (optional)
-  * `type` string (optional) _macOS_ - Can be `mainAppService`, `agentService`, `daemonService`, or `loginItemService`. Defaults to `mainAppService`. Only available on macOS 13 and up. See [app.setLoginItemSettings](app.md#appsetloginitemsettingssettings-macos-windows) for more information about each type.
+  * `type` string (optional) _macOS_ - Can be one of `mainAppService`, `agentService`, `daemonService`, or `loginItemService`. Defaults to `mainAppService`. Only available on macOS 13 and up. See [app.setLoginItemSettings](app.md#appsetloginitemsettingssettings-macos-windows) for more information about each type.
   * `serviceName` string (optional) _macOS_ - The name of the service. Required if `type` is non-default. Only available on macOS 13 and up.
   * `path` string (optional) _Windows_ - The executable path to compare against. Defaults to `process.execPath`.
   * `args` string[] (optional) _Windows_ - The command-line arguments to compare against. Defaults to an empty array.
@@ -1347,13 +1330,13 @@ Returns `Object`:
 * `wasOpenedAtLogin` boolean _macOS_ - `true` if the app was opened at login automatically.
 * `wasOpenedAsHidden` boolean _macOS_ _Deprecated_ - `true` if the app was opened as a hidden login item. This indicates that the app should not open any windows at startup. This setting is not available on [MAS builds][mas-builds] or on macOS 13 and up.
 * `restoreState` boolean _macOS_ _Deprecated_ - `true` if the app was opened as a login item that should restore the state from the previous session. This indicates that the app should restore the windows that were open the last time the app was closed. This setting is not available on [MAS builds][mas-builds] or on macOS 13 and up.
-* `status` string _macOS_ - can be `not-registered`, `enabled`, `requires-approval`, or `not-found`.
+* `status` string _macOS_ - can be one of `not-registered`, `enabled`, `requires-approval`, or `not-found`.
 * `executableWillLaunchAtLogin` boolean _Windows_ - `true` if app is set to open at login and its run key is not deactivated. This differs from `openAtLogin` as it ignores the `args` option, this property will be true if the given executable would be launched at login with **any** arguments.
 * `launchItems` Object[] _Windows_
   * `name` string _Windows_ - name value of a registry entry.
   * `path` string _Windows_ - The executable to an app that corresponds to a registry entry.
   * `args` string[] _Windows_ - the command-line arguments to pass to the executable.
-  * `scope` string _Windows_ - can be `user` or `machine`. Indicates whether the registry entry is under `HKEY_CURRENT USER` or `HKEY_LOCAL_MACHINE`.
+  * `scope` string _Windows_ - one of `user` or `machine`. Indicates whether the registry entry is under `HKEY_CURRENT USER` or `HKEY_LOCAL_MACHINE`.
   * `enabled` boolean _Windows_ - `true` if the app registry key is startup approved and therefore shows as `enabled` in Task Manager and Windows settings.
 
 ### `app.setLoginItemSettings(settings)` _macOS_ _Windows_
@@ -1719,13 +1702,8 @@ platforms) that allows you to perform actions on your app icon in the user's doc
 
 A `boolean` property that returns  `true` if the app is packaged, `false` otherwise. For many apps, this property can be used to distinguish development and production environments.
 
-### `app.toastActivatorCLSID` _Windows_ _Readonly_
-
-A `string` property that returns the app's [Toast Activator CLSID][toast-activator-clsid].
-
 [tasks]:https://learn.microsoft.com/en-us/windows/win32/shell/taskbar-extensions#tasks
 [app-user-model-id]: https://learn.microsoft.com/en-us/windows/win32/shell/appids
-[toast-activator-clsid]: https://learn.microsoft.com/en-us/windows/win32/properties/props-system-appusermodel-toastactivatorclsid
 [electron-forge]: https://www.electronforge.io/
 [electron-packager]: https://github.com/electron/packager
 [CFBundleURLTypes]: https://developer.apple.com/library/ios/documentation/General/Reference/InfoPlistKeyReference/Articles/CoreFoundationKeys.html#//apple_ref/doc/uid/TP40009249-102207-TPXREF115

docs/api/auto-updater.md

@@ -32,19 +32,9 @@ update process. Apps that need to disable ATS can add the
 
 ### Windows
 
-On Windows, the `autoUpdater` module automatically selects the appropriate update mechanism
-based on how your app is packaged:
-
-* **MSIX packages**: If your app is running as an MSIX package (created with [electron-windows-msix][msix-lib] and detected via [`process.windowsStore`](process.md#processwindowsstore-readonly)),
-  the module uses the MSIX updater, which supports direct MSIX file links and JSON update feeds.
-* **Squirrel.Windows**: For apps installed via traditional installers (created with
-  [electron-winstaller][installer-lib] or [Electron Forge's Squirrel.Windows maker][electron-forge-lib]),
-  the module uses Squirrel.Windows for updates.
-
-You don't need to configure which updater to use; Electron automatically detects the packaging
-format and uses the appropriate one.
-
-#### Squirrel.Windows
+On Windows, you have to install your app into a user's machine before you can
+use the `autoUpdater`, so it is recommended that you use
+[electron-winstaller][installer-lib] or [Electron Forge's Squirrel.Windows maker][electron-forge-lib] to generate a Windows installer.
 
 Apps built with Squirrel.Windows will trigger [custom launch events](https://github.com/Squirrel/Squirrel.Windows/blob/51f5e2cb01add79280a53d51e8d0cfa20f8c9f9f/docs/using/custom-squirrel-events-non-cs.md#application-startup-commands)
 that must be handled by your Electron application to ensure proper setup and teardown.
@@ -65,14 +55,6 @@ The installer generated with Squirrel.Windows will create a shortcut icon with a
 same ID for your app with `app.setAppUserModelId` API, otherwise Windows will
 not be able to pin your app properly in task bar.
 
-#### MSIX Packages
-
-When your app is packaged as an MSIX, the `autoUpdater` module provides additional
-functionality:
-
-* Use the `allowAnyVersion` option in `setFeedURL()` to allow updates to older versions (downgrades)
-* Support for direct MSIX file links or JSON update feeds (similar to Squirrel.Mac format)
-
 ## Events
 
 The `autoUpdater` object emits the following events:
@@ -110,7 +92,7 @@ Returns:
 
 Emitted when an update has been downloaded.
 
-With Squirrel.Windows only `releaseName` is available.
+On Windows only `releaseName` is available.
 
 > [!NOTE]
 > It is not strictly necessary to handle this event. A successfully
@@ -118,13 +100,6 @@ With Squirrel.Windows only `releaseName` is available.
 
 ### Event: 'before-quit-for-update'
 
-<!--
-```YAML history
-added:
-  - pr-url: https://github.com/electron/electron/pull/12619
-```
--->
-
 This event is emitted after a user calls `quitAndInstall()`.
 
 When this API is called, the `before-quit` event is not emitted before all windows are closed. As a result you should listen to this event if you wish to perform actions before the windows are closed while a process is quitting, as well as listening to `before-quit`.
@@ -135,23 +110,11 @@ The `autoUpdater` object has the following methods:
 
 ### `autoUpdater.setFeedURL(options)`
 
-<!--
-```YAML history
-changes:
-  - pr-url: https://github.com/electron/electron/pull/5879
-    description: "Added `headers` as a second parameter."
-  - pr-url: https://github.com/electron/electron/pull/11925
-    description: "Changed API to accept a single `options` argument (contains `url`, `headers`, and `serverType` properties)."
-```
--->
-
 * `options` Object
-  * `url` string - The update server URL. For _Windows_ MSIX, this can be either a direct link to an MSIX file (e.g., `https://example.com/update.msix`) or a JSON endpoint that returns update information (see the [Squirrel.Mac][squirrel-mac] README for more information).
+  * `url` string
   * `headers` Record\<string, string\> (optional) _macOS_ - HTTP request headers.
   * `serverType` string (optional) _macOS_ - Can be `json` or `default`, see the [Squirrel.Mac][squirrel-mac]
     README for more information.
-  * `allowAnyVersion` boolean (optional) _Windows_ - If `true`, allows downgrades to older versions for MSIX packages.
-    Defaults to `false`.
 
 Sets the `url` and initialize the auto updater.
 
@@ -188,4 +151,3 @@ closed.
 [electron-forge-lib]: https://www.electronforge.io/config/makers/squirrel.windows
 [app-user-model-id]: https://learn.microsoft.com/en-us/windows/win32/shell/appids
 [event-emitter]: https://nodejs.org/api/events.html#events_class_eventemitter
-[msix-lib]:  https://github.com/electron-userland/electron-windows-msix

docs/api/base-window.md

@@ -351,11 +351,7 @@ Emitted when the window has closed a sheet.
 
 #### Event: 'new-window-for-tab' _macOS_
 
-Emitted when the user clicks the native macOS new tab button. The new
-tab button is only visible if the current `BrowserWindow` has a
-`tabbingIdentifier`.
-
-You must create a window in this handler in order for macOS tabbing to work as expected.
+Emitted when the native new tab button is clicked.
 
 #### Event: 'system-context-menu' _Windows_ _Linux_
 
@@ -760,9 +756,6 @@ Returns [`Rectangle`](structures/rectangle.md) - The `bounds` of the window as `
 > [!NOTE]
 > On macOS, the y-coordinate value returned will be at minimum the [Tray](tray.md) height. For example, calling `win.setBounds({ x: 25, y: 20, width: 800, height: 600 })` with a tray height of 38 means that `win.getBounds()` will return `{ x: 25, y: 38, width: 800, height: 600 }`.
 
-> [!NOTE]
-> On Wayland, this method will return `{ x: 0, y: 0, ... }` as introspecting or programmatically changing the global window coordinates is prohibited.
-
 #### `win.getBackgroundColor()`
 
 Returns `string` - Gets the background color of the window in Hex (`#RRGGBB`) format.
@@ -976,9 +969,6 @@ Moves window to `x` and `y`.
 
 Returns `Integer[]` - Contains the window's current position.
 
-> [!NOTE]
-> On Wayland, this method will return `[0, 0]` as introspecting or programmatically changing the global window coordinates is prohibited.
-
 #### `win.setTitle(title)`
 
 * `title` string
@@ -1053,7 +1043,7 @@ under this mode apps can choose to optimize their UI for tablets, such as
 enlarging the titlebar and hiding titlebar buttons.
 
 This API returns whether the window is in tablet mode, and the `resize` event
-can be used to listen to changes to tablet mode.
+can be be used to listen to changes to tablet mode.
 
 #### `win.getMediaSourceId()`
 

docs/api/browser-window.md

@@ -435,11 +435,7 @@ Emitted when the window has closed a sheet.
 
 #### Event: 'new-window-for-tab' _macOS_
 
-Emitted when the user clicks the native macOS new tab button. The new
-tab button is only visible if the current `BrowserWindow` has a
-`tabbingIdentifier`.
-
-You must create a window in this handler in order for macOS tabbing to work as expected.
+Emitted when the native new tab button is clicked.
 
 #### Event: 'system-context-menu' _Windows_ _Linux_
 
@@ -866,9 +862,6 @@ Returns [`Rectangle`](structures/rectangle.md) - The `bounds` of the window as `
 > [!NOTE]
 > On macOS, the y-coordinate value returned will be at minimum the [Tray](tray.md) height. For example, calling `win.setBounds({ x: 25, y: 20, width: 800, height: 600 })` with a tray height of 38 means that `win.getBounds()` will return `{ x: 25, y: 38, width: 800, height: 600 }`.
 
-> [!NOTE]
-> On Wayland, this method will return `{ x: 0, y: 0, ... }` as introspecting or programmatically changing the global window coordinates is prohibited.
-
 #### `win.getBackgroundColor()`
 
 Returns `string` - Gets the background color of the window in Hex (`#RRGGBB`) format.
@@ -1094,9 +1087,6 @@ Not supported on Wayland (Linux).
 
 Returns `Integer[]` - Contains the window's current position.
 
-> [!NOTE]
-> On Wayland, this method will return `[0, 0]` as introspecting or programmatically changing the global window coordinates is prohibited.
-
 #### `win.setTitle(title)`
 
 * `title` string
@@ -1169,7 +1159,7 @@ under this mode apps can choose to optimize their UI for tablets, such as
 enlarging the titlebar and hiding titlebar buttons.
 
 This API returns whether the window is in tablet mode, and the `resize` event
-can be used to listen to changes to tablet mode.
+can be be used to listen to changes to tablet mode.
 
 #### `win.getMediaSourceId()`
 
@@ -1262,8 +1252,7 @@ Captures a snapshot of the page within `rect`. Omitting `rect` will capture the
 
 Returns `Promise<void>` - the promise will resolve when the page has finished loading
 (see [`did-finish-load`](web-contents.md#event-did-finish-load)), and rejects
-if the page fails to load (see
-[`did-fail-load`](web-contents.md#event-did-fail-load)). A noop rejection handler is already attached, which avoids unhandled rejection errors. If the existing page has a beforeUnload handler, [`did-fail-load`](web-contents.md#event-did-fail-load) will be called unless [`will-prevent-unload`](web-contents.md#event-did-fail-load) is handled.
+if the page fails to load (see [`did-fail-load`](web-contents.md#event-did-fail-load)).
 
 Same as [`webContents.loadURL(url[, options])`](web-contents.md#contentsloadurlurl-options).
 

docs/api/client-request.md

@@ -264,7 +264,7 @@ will not be allowed. The `finish` event is emitted just after the end operation.
 Cancels an ongoing HTTP transaction. If the request has already emitted the
 `close` event, the abort operation will have no effect. Otherwise an ongoing
 event will emit `abort` and `close` events. Additionally, if there is an ongoing
-response object, it will emit the `aborted` event.
+response object,it will emit the `aborted` event.
 
 #### `request.followRedirect()`
 

docs/api/clipboard.md

@@ -2,13 +2,10 @@
 
 > Perform copy and paste operations on the system clipboard.
 
-Process: [Main](../glossary.md#main-process), [Renderer](../glossary.md#renderer-process) _Deprecated_ (non-sandboxed only)
-
-> [!NOTE]
-> Using the `clipboard` API from the renderer process is deprecated.
+Process: [Main](../glossary.md#main-process), [Renderer](../glossary.md#renderer-process) (non-sandboxed only)
 
 > [!IMPORTANT]
-> If you want to call this API from a renderer process,
+> If you want to call this API from a renderer process with context isolation enabled,
 > place the API call in your preload script and
 > [expose](../tutorial/context-isolation.md#after-context-isolation-enabled) it using the
 > [`contextBridge`](context-bridge.md) API.

docs/api/command-line-switches.md

@@ -49,10 +49,6 @@ Disables the disk cache for HTTP requests.
 
 Disable HTTP/2 and SPDY/3.1 protocols.
 
-### --disable-geolocation _macOS_
-
-Disables the Geolocation API. Permission requests for geolocation will be denied internally regardless of the decision made by a handler set via `session.setPermissionRequestHandler`. This functionality is currently implemented only for macOS. Has no effect on other platforms.
-
 ### --disable-renderer-backgrounding
 
 Prevents Chromium from lowering the priority of invisible pages' renderer
@@ -172,7 +168,7 @@ Enables net log events to be saved and writes them to `path`.
 Sets the verbosity of logging when used together with `--enable-logging`.
 `N` should be one of [Chrome's LogSeverities][severities].
 
-Note that two complementary logging mechanisms in Chromium -- `LOG()`
+Note that two complimentary logging mechanisms in Chromium -- `LOG()`
 and `VLOG()` -- are controlled by different switches. `--log-level`
 controls `LOG()` messages, while `--v` and `--vmodule` control `VLOG()`
 messages. So you may want to use a combination of these three switches
@@ -197,11 +193,6 @@ Disables the Chromium [sandbox](https://www.chromium.org/developers/design-docum
 Forces renderer process and Chromium helper processes to run un-sandboxed.
 Should only be used for testing.
 
-### --no-stdio-init
-
-Disable stdio initialization during node initialization.
-Used to avoid node initialization crash when the nul device is disabled on Windows platform.
-
 ### --proxy-bypass-list=`hosts`
 
 Instructs Electron to bypass the proxy server for the given semi-colon-separated
@@ -317,7 +308,7 @@ By default inspector websocket url is available in stderr and under /json/list e
 
 ### `--experimental-network-inspection`
 
-Enable support for DevTools network inspector events, for visibility into requests made by the nodejs `http` and `https` modules.
+Enable support for devtools network inspector events, for visibility into requests made by the nodejs `http` and `https` modules.
 
 ### `--no-deprecation`
 
@@ -354,11 +345,6 @@ Affects the default output directory of [v8.setHeapSnapshotNearHeapLimit](https:
 
 Disable exposition of [Navigator API][] on the global scope from Node.js.
 
-### `--experimental-transform-types`
-
-Enables the [transformation](https://nodejs.org/api/typescript.html#type-stripping)
-of TypeScript-only syntax into JavaScript code.
-
 ## Chromium Flags
 
 There isn't a documented list of all Chromium switches, but there are a few ways to find them.
@@ -375,13 +361,6 @@ Keep in mind that standalone switches can sometimes be split into individual fea
 
 Finally, you'll need to ensure that the version of Chromium in Electron matches the version of the browser you're using to cross-reference the switches.
 
-### Chromium features relevant to Electron apps
-
-* `AlwaysLogLOAFURL`: enables script attribution for
-  [`long-animation-frame`](https://developer.mozilla.org/en-US/docs/Web/API/Performance_API/Long_animation_frame_timing)
-  `PerformanceObserver` events for non-http(s), non-data, non-blob URLs (such as `file:` or custom
-  protocol URLs).
-
 [app]: app.md
 [append-switch]: command-line.md#commandlineappendswitchswitch-value
 [debugging-main-process]: ../tutorial/debugging-main-process.md

docs/api/cookies.md

@@ -51,12 +51,7 @@ Returns:
 * `event` Event
 * `cookie` [Cookie](structures/cookie.md) - The cookie that was changed.
 * `cause` string - The cause of the change with one of the following values:
-  * `inserted` -  The cookie was inserted.
-  * `inserted-no-change-overwrite` - The newly inserted cookie overwrote a cookie but
-    did not result in any change. For example, inserting an identical cookie will produce this cause.
-  * `inserted-no-value-change-overwrite` - The newly inserted cookie overwrote a cookie but
-    did not result in any value change, but it's web observable (e.g. updates the expiry).
-  * `explicit` - The cookie was deleted directly by a consumer's action.
+  * `explicit` - The cookie was changed directly by a consumer's action.
   * `overwrite` - The cookie was automatically removed due to an insert
     operation that overwrote it.
   * `expired` - The cookie was automatically removed as it expired.
@@ -107,7 +102,7 @@ the response.
     cookie and will not be retained between sessions.
   * `sameSite` string (optional) - The [Same Site](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#SameSite_cookies) policy to apply to this cookie.  Can be `unspecified`, `no_restriction`, `lax` or `strict`.  Default is `lax`.
 
-Returns `Promise<void>` - A promise which resolves when the cookie has been set.
+Returns `Promise<void>` - A promise which resolves when the cookie has been set
 
 Sets a cookie with `details`.
 
@@ -116,16 +111,16 @@ Sets a cookie with `details`.
 * `url` string - The URL associated with the cookie.
 * `name` string - The name of cookie to remove.
 
-Returns `Promise<void>` - A promise which resolves when the cookie has been removed.
+Returns `Promise<void>` - A promise which resolves when the cookie has been removed
 
-Removes the cookies matching `url` and `name`.
+Removes the cookies matching `url` and `name`
 
 #### `cookies.flushStore()`
 
-Returns `Promise<void>` - A promise which resolves when the cookie store has been flushed.
+Returns `Promise<void>` - A promise which resolves when the cookie store has been flushed
 
-Writes any unwritten cookies data to disk.
+Writes any unwritten cookies data to disk
 
-Cookies written by any method will not be written to disk immediately, but will be written every 30 seconds or 512 operations.
+Cookies written by any method will not be written to disk immediately, but will be written every 30 seconds or 512 operations
 
 Calling this method can cause the cookie to be written to disk immediately.

docs/api/corner-smoothing-css.md

@@ -49,7 +49,7 @@ Use the `system-ui` keyword to match the smoothness to the OS design language.
 | Value: | `60%` | `0%` |
 | Example: | ![A rectangle with round corners whose smoothness matches macOS](../images/corner-smoothing-example-60.svg) | ![A rectangle with round corners whose smoothness matches Windows and Linux](../images/corner-smoothing-example-0.svg) |
 
-### Controlling availability
+### Controlling availibility
 
 This CSS rule can be disabled using the Blink feature flag `ElectronCSSCornerSmoothing`.
 

docs/api/debugger.md

@@ -44,7 +44,7 @@ Returns:
 * `reason` string - Reason for detaching debugger.
 
 Emitted when the debugging session is terminated. This happens either when
-`webContents` is closed or DevTools is invoked for the attached `webContents`.
+`webContents` is closed or devtools is invoked for the attached `webContents`.
 
 #### Event: 'message'
 

docs/api/desktop-capturer.md

@@ -94,45 +94,18 @@ The `desktopCapturer` module has the following methods:
 Returns `Promise<DesktopCapturerSource[]>` - Resolves with an array of [`DesktopCapturerSource`](structures/desktop-capturer-source.md) objects, each `DesktopCapturerSource` represents a screen or an individual window that can be captured.
 
 > [!NOTE]
-
-> * Capturing audio requires `NSAudioCaptureUsageDescription` Info.plist key on macOS 14.2 Sonoma and higher - [read more](#macos-versions-142-or-higher).
-> * Capturing the screen contents requires user consent on macOS 10.15 Catalina or higher, which can detected by [`systemPreferences.getMediaAccessStatus`][].
+> Capturing the screen contents requires user consent on macOS 10.15 Catalina or higher,
+> which can detected by [`systemPreferences.getMediaAccessStatus`][].
 
 [`navigator.mediaDevices.getUserMedia`]: https://developer.mozilla.org/en/docs/Web/API/MediaDevices/getUserMedia
 [`systemPreferences.getMediaAccessStatus`]: system-preferences.md#systempreferencesgetmediaaccessstatusmediatype-windows-macos
 
 ## Caveats
 
-### Linux
-
 `desktopCapturer.getSources(options)` only returns a single source on Linux when using Pipewire.
 
 PipeWire supports a single capture for both screens and windows. If you request the window and screen type, the selected source will be returned as a window capture.
 
----
+`navigator.mediaDevices.getUserMedia` does not work on macOS for audio capture due to a fundamental limitation whereby apps that want to access the system's audio require a [signed kernel extension](https://developer.apple.com/library/archive/documentation/Security/Conceptual/System_Integrity_Protection_Guide/KernelExtensions/KernelExtensions.html). Chromium, and by extension Electron, does not provide this.
 
-### MacOS versions 14.2 or higher
-
-`NSAudioCaptureUsageDescription` Info.plist key must be added in-order for audio to be captured by `desktopCapturer`. If instead you are running electron from another program like a terminal or IDE then that parent program must contain the Info.plist key.
-
-This is in order to facillitate use of Apple's new [CoreAudio Tap API](https://developer.apple.com/documentation/CoreAudio/capturing-system-audio-with-core-audio-taps#Configure-the-sample-code-project) by Chromium.
-
-> [!WARNING]
-> Failure of `desktopCapturer` to start an audio stream due to `NSAudioCaptureUsageDescription` permission not present will still create a dead audio stream however no warnings or errors are displayed.
-
-As of electron `v39.0.0-beta.4` Chromium [made Apple's new `CoreAudio Tap API` the default](https://source.chromium.org/chromium/chromium/src/+/ad17e8f8b93d5f34891b06085d373a668918255e) for desktop audio capture. There is no fallback to the older `Screen & System Audio Recording` permissions system even if [CoreAudio Tap API](https://developer.apple.com/documentation/CoreAudio/capturing-system-audio-with-core-audio-taps) stream creation fails.
-
-If you need to continue using `Screen & System Audio Recording` permissions for `desktopCapturer` on macOS versions 14.2 and later, you can apply a chromium feature flag to force use of that older permissions system:
-
-```js
-// main.js (right beneath your require/import statments)
-app.commandLine.appendSwitch('disable-features', 'MacCatapLoopbackAudioForScreenShare')
-```
-
----
-
-### MacOS versions 12.7.6 or lower
-
-`navigator.mediaDevices.getUserMedia` does not work on macOS versions 12.7.6 and prior for audio capture due to a fundamental limitation whereby apps that want to access the system's audio require a [signed kernel extension](https://developer.apple.com/library/archive/documentation/Security/Conceptual/System_Integrity_Protection_Guide/KernelExtensions/KernelExtensions.html). Chromium, and by extension Electron, does not provide this. Only in macOS 13 and onwards does Apple provide APIs to capture desktop audio without the need for a signed kernel extension.
-
-It is possible to circumvent this limitation by capturing system audio with another macOS app like [BlackHole](https://existential.audio/blackhole/) or [Soundflower](https://rogueamoeba.com/freebies/soundflower/) and passing it through a virtual audio input device. This virtual device can then be queried with `navigator.mediaDevices.getUserMedia`.
+It is possible to circumvent this limitation by capturing system audio with another macOS app like Soundflower and passing it through a virtual audio input device. This virtual device can then be queried with `navigator.mediaDevices.getUserMedia`.

docs/api/dialog.md

@@ -30,7 +30,7 @@ The `dialog` module has the following methods:
     * `openFile` - Allow files to be selected.
     * `openDirectory` - Allow directories to be selected.
     * `multiSelections` - Allow multiple paths to be selected.
-    * `showHiddenFiles` _macOS_ _Windows_ _Deprecated_ - Show hidden files in dialog. Deprecated on Linux.
+    * `showHiddenFiles` - Show hidden files in dialog.
     * `createDirectory` _macOS_ - Allow creating new directories from dialog.
     * `promptToCreate` _Windows_ - Prompt for creation if the file path entered
       in the dialog does not exist. This does not actually create the file at
@@ -102,7 +102,7 @@ dialog.showOpenDialogSync(mainWindow, {
     * `openFile` - Allow files to be selected.
     * `openDirectory` - Allow directories to be selected.
     * `multiSelections` - Allow multiple paths to be selected.
-    * `showHiddenFiles` _macOS_ _Windows_ _Deprecated_ - Show hidden files in dialog. Deprecated on Linux.
+    * `showHiddenFiles` - Show hidden files in dialog.
     * `createDirectory` _macOS_ - Allow creating new directories from dialog.
     * `promptToCreate` _Windows_ - Prompt for creation if the file path entered
       in the dialog does not exist. This does not actually create the file at
@@ -185,7 +185,7 @@ dialog.showOpenDialog(mainWindow, {
   * `showsTagField` boolean (optional) _macOS_ - Show the tags input box,
     defaults to `true`.
   * `properties` string[] (optional)
-    * `showHiddenFiles` _macOS_ _Windows_ _Deprecated_ - Show hidden files in dialog. Deprecated on Linux.
+    * `showHiddenFiles` - Show hidden files in dialog.
     * `createDirectory` _macOS_ - Allow creating new directories from dialog.
     * `treatPackageAsDirectory` _macOS_ - Treat packages, such as `.app` folders,
       as a directory instead of a file.
@@ -215,7 +215,7 @@ The `filters` specifies an array of file types that can be displayed, see
     displayed in front of the filename text field.
   * `showsTagField` boolean (optional) _macOS_ - Show the tags input box, defaults to `true`.
   * `properties` string[] (optional)
-    * `showHiddenFiles` _macOS_ _Windows_ _Deprecated_ - Show hidden files in dialog. Deprecated on Linux.
+    * `showHiddenFiles` - Show hidden files in dialog.
     * `createDirectory` _macOS_ - Allow creating new directories from dialog.
     * `treatPackageAsDirectory` _macOS_ - Treat packages, such as `.app` folders,
       as a directory instead of a file.
@@ -344,7 +344,7 @@ Displays a modal dialog that shows an error message.
 
 This API can be called safely before the `ready` event the `app` module emits,
 it is usually used to report errors in early stage of startup. If called
-before the app `ready` event on Linux, the message will be emitted to stderr,
+before the app `ready`event on Linux, the message will be emitted to stderr,
 and no GUI dialog will appear.
 
 ### `dialog.showCertificateTrustDialog([window, ]options)` _macOS_ _Windows_

docs/api/environment-variables.md

@@ -159,22 +159,6 @@ Notification activated (com.github.Electron:notification:EAF7B87C-A113-43D7-8E76
 Notification replied to (com.github.Electron:notification:EAF7B87C-A113-43D7-8E76-F88EC9D73D44)
 ```
 
-### `ELECTRON_DEBUG_MSIX_UPDATER`
-
-Adds extra logs to MSIX updater operations on Windows to aid in debugging. Extra logging will be displayed when MSIX update operations are initiated, including package updates, package registration, and restart registration. This helps diagnose issues with MSIX package updates and deployments.
-
-Sample output:
-
-```sh
-UpdateMsix called with URI: https://example.com/app.msix
-DoUpdateMsix: Starting
-Calling AddPackageByUriAsync... URI: https://example.com/app.msix
-Update options - deferRegistration: true, developerMode: false, forceShutdown: false, forceTargetShutdown: false, forceUpdateFromAnyVersion: false
-Waiting for deployment...
-Deployment finished.
-MSIX Deployment completed.
-```
-
 ### `ELECTRON_LOG_ASAR_READS`
 
 When Electron reads from an ASAR file, log the read offset and file path to
@@ -202,14 +186,3 @@ the one downloaded by `npm install`. Usage:
 ```sh
 export ELECTRON_OVERRIDE_DIST_PATH=/Users/username/projects/electron/out/Testing
 ```
-
-### `ELECTRON_SKIP_BINARY_DOWNLOAD`
-
-If you want to install your project's dependencies but don't need to use Electron functionality,
-you can set the `ELECTRON_SKIP_BINARY_DOWNLOAD` environment variable to prevent the binary from being
-downloaded. For instance, this feature can be useful in continuous integration environments when
-running unit tests that mock out the `electron` module.
-
-```sh
-ELECTRON_SKIP_BINARY_DOWNLOAD=1 npm install
-```

docs/api/extensions-api.md

@@ -57,7 +57,7 @@ The following methods are available on instances of `Extensions`:
 * `options` Object (optional)
   * `allowFileAccess` boolean - Whether to allow the extension to read local files over `file://`
     protocol and inject content scripts into `file://` pages. This is required e.g. for loading
-    DevTools extensions on `file://` URLs. Defaults to false.
+    devtools extensions on `file://` URLs. Defaults to false.
 
 Returns `Promise<Extension>` - resolves when the extension is loaded.
 
@@ -83,7 +83,7 @@ const path = require('node:path')
 app.whenReady().then(async () => {
   await session.defaultSession.extensions.loadExtension(
     path.join(__dirname, 'react-devtools'),
-    // allowFileAccess is required to load the DevTools extension on file:// URLs.
+    // allowFileAccess is required to load the devtools extension on file:// URLs.
     { allowFileAccess: true }
   )
   // Note that in order to use the React DevTools extension, you'll need to

docs/api/incoming-message.md

@@ -34,7 +34,7 @@ Returns:
 * `error` Error - Typically holds an error string identifying failure root cause.
 
 Emitted when an error was encountered while streaming response data events. For
-instance, if the server closes the underlying connection while the response is still
+instance, if the server closes the underlying while the response is still
 streaming, an `error` event will be emitted on the response object and a `close`
 event will subsequently follow on the request object.
 

docs/api/menu-item.md

@@ -17,7 +17,7 @@ See [`Menu`](menu.md) for examples.
 * `options` Object
   * `click` Function (optional) - Will be called with
     `click(menuItem, window, event)` when the menu item is clicked.
-    * `menuItem` [MenuItem](menu-item.md)
+    * `menuItem` MenuItem
     * `window` [BaseWindow](base-window.md) | undefined - This will not be defined if no window is open.
     * `event` [KeyboardEvent](structures/keyboard-event.md)
   * `role` string (optional) - Can be `undo`, `redo`, `cut`, `copy`, `paste`, `pasteAndMatchStyle`, `delete`, `selectAll`, `reload`, `forceReload`, `toggleDevTools`, `resetZoom`, `zoomIn`, `zoomOut`, `toggleSpellChecker`, `togglefullscreen`, `window`, `minimize`, `close`, `help`, `about`, `services`, `hide`, `hideOthers`, `unhide`, `quit`, `showSubstitutions`, `toggleSmartQuotes`, `toggleSmartDashes`, `toggleTextReplacement`, `startSpeaking`, `stopSpeaking`, `zoom`, `front`, `appMenu`, `fileMenu`, `editMenu`, `viewMenu`, `shareMenu`, `recentDocuments`, `toggleTabBar`, `selectNextTab`, `selectPreviousTab`, `showAllTabs`, `mergeAllWindows`, `clearRecentDocuments`, `moveTabToNewWindow` or `windowMenu` - Define the action of the menu item, when specified the
@@ -91,7 +91,7 @@ It can be called with `menuItem.click(event, focusedWindow, focusedWebContents)`
 
 #### `menuItem.submenu`
 
-A [`Menu`](menu.md) (optional) containing the menu
+A `Menu` (optional) containing the menu
 item's submenu, if present.
 
 #### `menuItem.type`
@@ -107,7 +107,7 @@ A `string` (optional) indicating the item's role, if set. Can be `undo`, `redo`,
 
 #### `menuItem.accelerator`
 
-An `Accelerator | null` indicating the item's accelerator, if set.
+An `Accelerator` (optional) indicating the item's accelerator, if set.
 
 #### `menuItem.userAccelerator` _Readonly_ _macOS_
 
@@ -171,4 +171,4 @@ A `number` indicating an item's sequential unique id.
 
 #### `menuItem.menu`
 
-A [`Menu`](menu.md) that the item is a part of.
+A `Menu` that the item is a part of.

docs/api/menu.md

@@ -2,15 +2,10 @@
 
 ## Class: Menu
 
-> Create application menus and context menus.
+> Create native application menus and context menus.
 
 Process: [Main](../glossary.md#main-process)
 
-The presentation of menus varies depending on the operating system:
-
-- Under Windows and Linux, menus are visually similar to Chromium.
-- Under macOS, these will be native menus.
-
 > [!TIP]
 > See also: [A detailed guide about how to implement menus in your application](../tutorial/menus.md).
 
@@ -28,7 +23,7 @@ The `Menu` class has the following static methods:
 
 #### `Menu.setApplicationMenu(menu)`
 
-- `menu` [Menu](menu.md) | null
+- `menu` Menu | null
 
 Sets `menu` as the application menu on macOS. On Windows and Linux, the
 `menu` will be set as each window's top menu.
@@ -39,7 +34,7 @@ indicate which letter should get a generated accelerator. For example, using
 opens the associated menu. The indicated character in the button label then gets an
 underline, and the `&` character is not displayed on the button label.
 
-In order to escape the `&` character in an item name, add a preceding `&`. For example, `&&File` would result in `&File` displayed on the button label.
+In order to escape the `&` character in an item name, add a proceeding `&`. For example, `&&File` would result in `&File` displayed on the button label.
 
 Passing `null` will suppress the default menu. On Windows and Linux,
 this has the additional effect of removing the menu bar from the window.
@@ -70,9 +65,9 @@ for more information on macOS' native actions.
 
 #### `Menu.buildFromTemplate(template)`
 
-- `template` (MenuItemConstructorOptions | [MenuItem](menu-item.md))[]
+- `template` (MenuItemConstructorOptions | MenuItem)[]
 
-Returns [`Menu`](menu.md)
+Returns `Menu`
 
 Generally, the `template` is an array of `options` for constructing a
 [MenuItem](menu-item.md). The usage can be referenced above.
@@ -123,7 +118,7 @@ Appends the `menuItem` to the menu.
 
 - `id` string
 
-Returns [`MenuItem | null`](menu-item.md) - the item with the specified `id`
+Returns `MenuItem | null` the item with the specified `id`
 
 #### `menu.insert(pos, menuItem)`
 

docs/api/native-theme.md

@@ -36,7 +36,7 @@ everything will be reset to the OS default.  By default `themeSource` is `system
 Settings this property to `dark` will have the following effects:
 
 * `nativeTheme.shouldUseDarkColors` will be `true` when accessed
-* Any UI Electron renders on Linux and Windows including context menus, DevTools, etc. will use the dark UI.
+* Any UI Electron renders on Linux and Windows including context menus, devtools, etc. will use the dark UI.
 * Any UI the OS renders on macOS including menus, window frames, etc. will use the dark UI.
 * The [`prefers-color-scheme`](https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme) CSS query will match `dark` mode.
 * The `updated` event will be emitted
@@ -44,7 +44,7 @@ Settings this property to `dark` will have the following effects:
 Settings this property to `light` will have the following effects:
 
 * `nativeTheme.shouldUseDarkColors` will be `false` when accessed
-* Any UI Electron renders on Linux and Windows including context menus, DevTools, etc. will use the light UI.
+* Any UI Electron renders on Linux and Windows including context menus, devtools, etc. will use the light UI.
 * Any UI the OS renders on macOS including menus, window frames, etc. will use the light UI.
 * The [`prefers-color-scheme`](https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme) CSS query will match `light` mode.
 * The `updated` event will be emitted
@@ -83,4 +83,4 @@ Currently, Windows high contrast is the only system setting that triggers forced
 
 ### `nativeTheme.prefersReducedTransparency` _Readonly_
 
-A `boolean` that indicates whether the user has chosen via system accessibility settings to reduce transparency at the OS level.
+A `boolean` that indicates the whether the user has chosen via system accessibility settings to reduce transparency at the OS level.

docs/api/notification.md

@@ -67,22 +67,6 @@ Emitted when the notification is shown to the user. Note that this event can be
 multiple times as a notification can be shown multiple times through the
 `show()` method.
 
-```js
-const { Notification, app } = require('electron')
-
-app.whenReady().then(() => {
-  const n = new Notification({
-    title: 'Title!',
-    subtitle: 'Subtitle!',
-    body: 'Body!'
-  })
-
-  n.on('show', () => console.log('Notification shown!'))
-
-  n.show()
-})
-```
-
 #### Event: 'click'
 
 Returns:
@@ -91,22 +75,6 @@ Returns:
 
 Emitted when the notification is clicked by the user.
 
-```js
-const { Notification, app } = require('electron')
-
-app.whenReady().then(() => {
-  const n = new Notification({
-    title: 'Title!',
-    subtitle: 'Subtitle!',
-    body: 'Body!'
-  })
-
-  n.on('click', () => console.log('Notification clicked!'))
-
-  n.show()
-})
-```
-
 #### Event: 'close'
 
 Returns:
@@ -120,85 +88,21 @@ is closed.
 
 On Windows, the `close` event can be emitted in one of three ways: programmatic dismissal with `notification.close()`, by the user closing the notification, or via system timeout. If a notification is in the Action Center after the initial `close` event is emitted, a call to `notification.close()` will remove the notification from the action center but the `close` event will not be emitted again.
 
-```js
-const { Notification, app } = require('electron')
-
-app.whenReady().then(() => {
-  const n = new Notification({
-    title: 'Title!',
-    subtitle: 'Subtitle!',
-    body: 'Body!'
-  })
-
-  n.on('close', () => console.log('Notification closed!'))
-
-  n.show()
-})
-```
-
-#### Event: 'reply' _macOS_ _Windows_
+#### Event: 'reply' _macOS_
 
 Returns:
 
-* `details` Event\<\>
-  * `reply` string - The string the user entered into the inline reply field.
-* `reply` string _Deprecated_
+* `event` Event
+* `reply` string - The string the user entered into the inline reply field.
 
 Emitted when the user clicks the "Reply" button on a notification with `hasReply: true`.
 
-```js
-const { Notification, app } = require('electron')
-
-app.whenReady().then(() => {
-  const n = new Notification({
-    title: 'Send a Message',
-    body: 'Body Text',
-    hasReply: true,
-    replyPlaceholder: 'Message text...'
-  })
-
-  n.on('reply', (e, reply) => console.log(`User replied: ${reply}`))
-  n.on('click', () => console.log('Notification clicked'))
-
-  n.show()
-})
-```
-
-#### Event: 'action' _macOS_ _Windows_
+#### Event: 'action' _macOS_
 
 Returns:
 
-* `details` Event\<\>
-  * `actionIndex` number - The index of the action that was activated.
-  * `selectionIndex` number _Windows_ - The index of the selected item, if one was chosen. -1 if none was chosen.
-* `actionIndex` number _Deprecated_
-* `selectionIndex` number _Windows_ _Deprecated_
-
-```js
-const { Notification, app } = require('electron')
-
-app.whenReady().then(() => {
-  const items = ['One', 'Two', 'Three']
-  const n = new Notification({
-    title: 'Choose an Action!',
-    actions: [
-      { type: 'button', text: 'Action 1' },
-      { type: 'button', text: 'Action 2' },
-      { type: 'selection', text: 'Apply', items }
-    ]
-  })
-
-  n.on('click', () => console.log('Notification clicked'))
-  n.on('action', (e) => {
-    console.log(`User triggered action at index: ${e.actionIndex}`)
-    if (e.selectionIndex > -1) {
-      console.log(`User chose selection item '${items[e.selectionIndex]}'`)
-    }
-  })
-
-  n.show()
-})
-```
+* `event` Event
+* `index` number - The index of the action that was activated.
 
 #### Event: 'failed' _Windows_
 
@@ -209,22 +113,6 @@ Returns:
 
 Emitted when an error is encountered while creating and showing the native notification.
 
-```js
-const { Notification, app } = require('electron')
-
-app.whenReady().then(() => {
-  const n = new Notification({
-    title: 'Bad Action'
-  })
-
-  n.on('failed', (e, err) => {
-    console.log('Notification failed: ', err)
-  })
-
-  n.show()
-})
-```
-
 ### Instance Methods
 
 Objects created with the `new Notification()` constructor have the following instance methods:
@@ -238,42 +126,12 @@ call this method before the OS will display it.
 If the notification has been shown before, this method will dismiss the previously
 shown notification and create a new one with identical properties.
 
-```js
-const { Notification, app } = require('electron')
-
-app.whenReady().then(() => {
-  const n = new Notification({
-    title: 'Title!',
-    subtitle: 'Subtitle!',
-    body: 'Body!'
-  })
-
-  n.show()
-})
-```
-
 #### `notification.close()`
 
 Dismisses the notification.
 
 On Windows, calling `notification.close()` while the notification is visible on screen will dismiss the notification and remove it from the Action Center. If `notification.close()` is called after the notification is no longer visible on screen, calling `notification.close()` will try remove it from the Action Center.
 
-```js
-const { Notification, app } = require('electron')
-
-app.whenReady().then(() => {
-  const n = new Notification({
-    title: 'Title!',
-    subtitle: 'Subtitle!',
-    body: 'Body!'
-  })
-
-  n.show()
-
-  setTimeout(() => n.close(), 5000)
-})
-```
-
 ### Instance Properties
 
 #### `notification.title`

docs/api/process.md

@@ -71,7 +71,7 @@ will disable the support for `asar` archives in Node's built-in modules.
 
 ### `process.noDeprecation`
 
-A `boolean` (optional) that controls whether or not deprecation warnings are printed to `stderr`.
+A `boolean` that controls whether or not deprecation warnings are printed to `stderr`.
 Setting this to `true` will silence deprecation warnings. This property is used
 instead of the `--no-deprecation` command line flag.
 
@@ -99,13 +99,13 @@ property is used instead of the `--throw-deprecation` command line flag.
 
 A `boolean` that controls whether or not deprecations printed to `stderr` include
  their stack trace. Setting this to `true` will print stack traces for deprecations.
- This property is used instead of the `--trace-deprecation` command line flag.
+ This property is instead of the `--trace-deprecation` command line flag.
 
 ### `process.traceProcessWarnings`
 
 A `boolean` that controls whether or not process warnings printed to `stderr` include
  their stack trace. Setting this to `true` will print stack traces for process warnings
- (including deprecations). This property is used instead of the `--trace-warnings` command
+ (including deprecations). This property is instead of the `--trace-warnings` command
  line flag.
 
 ### `process.type` _Readonly_
@@ -128,8 +128,8 @@ A `string` representing Electron's version string.
 
 ### `process.windowsStore` _Readonly_
 
-A `boolean`. If the app is running as an MSIX package (including AppX for Windows Store),
-this property is `true`, otherwise it is `undefined`.
+A `boolean`. If the app is running as a Windows Store app (appx), this property is `true`,
+for otherwise it is `undefined`.
 
 ### `process.contextId` _Readonly_
 

docs/api/safe-storage.md

@@ -7,44 +7,21 @@ Process: [Main](../glossary.md#main-process)
 This module adds extra protection to data being stored on disk by using OS-provided cryptography systems. Current
 security semantics for each platform are outlined below.
 
-> [!NOTE]
-> We recommend using the asynchronous API (`encryptStringAsync`/`decryptStringAsync`) over the synchronous API.
-> The async API is non-blocking, supports key rotation, and handles temporary unavailability gracefully.
-> The synchronous API may be deprecated in a future version of Electron.
-
-## Platform-Specific Key Providers
-
-### Synchronous API
-
 * **macOS**: Encryption keys are stored for your app in [Keychain Access](https://support.apple.com/en-ca/guide/keychain-access/kyca1083/mac) in a way that prevents
 other applications from loading them without user override. Therefore, content is protected from other users and other apps running in the same userspace.
-* **Windows**: Encryption keys are generated via [DPAPI](https://learn.microsoft.com/en-us/windows/win32/api/dpapi/nf-dpapi-cryptprotectdata). As per the Windows documentation: "Typically, only a user with the same logon credential as the user who encrypted the data can typically decrypt the data". Therefore, content is protected from other users on the same machine, but not from other apps running in the
+* **Windows**: Encryption keys are generated via [DPAPI](https://learn.microsoft.com/en-us/windows/win32/api/dpapi/nf-dpapi-cryptprotectdata).
+As per the Windows documentation: "Typically, only a user with the same logon credential as the user who encrypted the data can typically
+decrypt the data". Therefore, content is protected from other users on the same machine, but not from other apps running in the
 same userspace.
 * **Linux**: Encryption keys are generated and stored in a secret store that varies depending on your window manager and system setup. Options currently supported are `kwallet`, `kwallet5`, `kwallet6` and `gnome-libsecret`, but more may be available in future versions of Electron. As such, the
 security semantics of content protected via the `safeStorage` API vary between window managers and secret stores.
-  * Note that not all Linux setups have an available secret store. If no secret store is available, items stored in using the `safeStorage` API will be unprotected as they are encrypted via hardcoded plaintext password. You can detect when this happens when `safeStorage.getSelectedStorageBackend()` returns `basic_text`.
+  * Note that not all Linux setups have an available secret store. If no secret store is available, items stored in using the `safeStorage` API will be unprotected
+as they are encrypted via hardcoded plaintext password. You can detect when this happens when `safeStorage.getSelectedStorageBackend()` returns `basic_text`.
 
-Note that on macOS, access to the system Keychain is required and
+Note that on Mac, access to the system Keychain is required and
 these calls can block the current thread to collect user input.
 The same is true for Linux, if a password management tool is available.
 
-### Asynchronous API
-
-The asynchronous API uses pluggable key providers that vary by platform:
-
-* **macOS**: Encryption keys are stored and retrieved from [Keychain Access](https://developer.apple.com/documentation/security/keychain-items). This provides the same security model as the synchronous API, protecting content from other users and other apps running in the same userspace.
-* **Windows**: Encryption keys are protected via [DPAPI](https://learn.microsoft.com/en-us/windows/win32/api/dpapi). This provides the same security model as the synchronous API, protecting content from other users on the same machine but not from other apps running in the same userspace.
-* **Linux**: Multiple key providers may be available depending on the desktop environment:
-  * [`org.freedesktop.portal.Secret`](https://flatpak.github.io/xdg-desktop-portal/docs/doc-org.freedesktop.portal.Secret.html): Uses the Portal Secret D-Bus interface to retrieve application-specific secrets. This is the preferred provider for sandboxed environments like Flatpak.
-  * [Secret Service API](https://specifications.freedesktop.org/secret-service/latest/): Uses the freedesktop.org Secret Service API (e.g., GNOME Keyring) for key storage.
-  * A fallback provider is used for environments without a secret service available.
-
-Unlike the synchronous API, these operations are non-blocking and support additional features like key rotation (indicated by `shouldReEncrypt`) and temporary unavailability handling (indicated by `isTemporarilyUnavailable`).
-
-## Events
-
-The `safeStorage` module emits the following events:
-
 ## Methods
 
 The `safeStorage` module has the following methods:
@@ -57,10 +34,6 @@ On Linux, returns true if the app has emitted the `ready` event and the secret k
 On MacOS, returns true if Keychain is available.
 On Windows, returns true once the app has emitted the `ready` event.
 
-### `safeStorage.isAsyncEncryptionAvailable()`
-
-Returns `Promise<Boolean>` - Whether encryption is available for asynchronous safeStorage operations.
-
 ### `safeStorage.encryptString(plainText)`
 
 * `plainText` string
@@ -76,21 +49,7 @@ This function will throw an error if encryption fails.
 Returns `string` - the decrypted string. Decrypts the encrypted buffer
 obtained  with `safeStorage.encryptString` back into a string.
 
-### `safeStorage.encryptStringAsync(plainText)`
-
-* `plainText` string
-
-Returns `Promise<Buffer>` -  An array of bytes representing the encrypted string.
-
-### `safeStorage.decryptStringAsync(encrypted)`
-
-* `encrypted` Buffer
-
-Returns `Promise<Object>` - Resolve with an object containing the following:
-
-* `shouldReEncrypt` boolean - whether data that has just been returned from the decrypt operation should be
-  re-encrypted, as the key has been rotated or a new  key is available that provides a different security level. If `true`, you should call `decryptStringAsync` again to receive the new decrypted string.
-* `result` string - the decrypted string.
+This function will throw an error if decryption fails.
 
 ### `safeStorage.setUsePlainTextEncryption(usePlainText)`
 

docs/api/session.md

@@ -66,7 +66,7 @@ The `session` module has the following properties:
 
 ### `session.defaultSession`
 
-A `Session` object, the default session object of the app, available after `app.whenReady` is called.
+A `Session` object, the default session object of the app.
 
 ## Class: Session
 
@@ -1216,7 +1216,7 @@ function createWindow () {
 
   mainWindow.webContents.session.setBluetoothPairingHandler((details, callback) => {
     bluetoothPinCallback = callback
-    // Send an IPC message to the renderer to prompt the user to confirm the pairing.
+    // Send a IPC message to the renderer to prompt the user to confirm the pairing.
     // Note that this will require logic in the renderer to handle this message and
     // display a prompt to the user.
     mainWindow.webContents.send('bluetooth-pairing-request', details)
@@ -1264,7 +1264,7 @@ session.defaultSession.allowNTLMCredentialsForDomains('*')
 
 Overrides the `userAgent` and `acceptLanguages` for this session.
 
-The `acceptLanguages` must be a comma separated ordered list of language codes, for
+The `acceptLanguages` must a comma separated ordered list of language codes, for
 example `"en-US,fr,de,ko,zh-CN,ja"`.
 
 This doesn't affect existing `WebContents`, and each `WebContents` can use
@@ -1512,7 +1512,7 @@ will not work on non-persistent (in-memory) sessions.
 * `options` Object (optional)
   * `allowFileAccess` boolean - Whether to allow the extension to read local files over `file://`
     protocol and inject content scripts into `file://` pages. This is required e.g. for loading
-    DevTools extensions on `file://` URLs. Defaults to false.
+    devtools extensions on `file://` URLs. Defaults to false.
 
 Returns `Promise<Extension>` - resolves when the extension is loaded.
 
@@ -1538,7 +1538,7 @@ const path = require('node:path')
 app.whenReady().then(async () => {
   await session.defaultSession.loadExtension(
     path.join(__dirname, 'react-devtools'),
-    // allowFileAccess is required to load the DevTools extension on file:// URLs.
+    // allowFileAccess is required to load the devtools extension on file:// URLs.
     { allowFileAccess: true }
   )
   // Note that in order to use the React DevTools extension, you'll need to

docs/api/share-menu.md

@@ -9,13 +9,6 @@ For including the share menu as a submenu of other menus, please use the
 
 ## Class: ShareMenu
 
-<!--
-```YAML history
-added:
-  - pr-url: https://github.com/electron/electron/pull/25629
-```
--->
-
 > Create share menu on macOS.
 
 Process: [Main](../glossary.md#main-process)

docs/api/shared-texture.md

@@ -1,58 +0,0 @@
-# sharedTexture
-
-> Import shared textures into Electron and converts platform specific handles into [`VideoFrame`](https://developer.mozilla.org/en-US/docs/Web/API/VideoFrame). Supports all Web rendering systems, and can be transferred across Electron processes. Read [here](../../shell/common/api/shared_texture/README.md) for more information.
-
-Process: [Main](../glossary.md#main-process), [Renderer](../glossary.md#renderer-process)
-
-## Methods
-
-The `sharedTexture` module has the following methods:
-
-**Note:** Experimental APIs are marked as such and could be removed in the future.
-
-### `sharedTexture.importSharedTexture(options)` _Experimental_
-
-* `options` Object - Options for importing shared textures.
-  * `textureInfo` [SharedTextureImportTextureInfo](structures/shared-texture-import-texture-info.md) - The information of the shared texture to import.
-  * `allReferencesReleased` Function (optional) - Called when all references in all processes are released. You should keep the imported texture valid until this callback is called.
-
-Imports the shared texture from the given options.
-
-> [!NOTE]
-> This method is only available in the main process.
-
-Returns [`SharedTextureImported`](structures/shared-texture-imported.md) - The imported shared texture.
-
-### `sharedTexture.sendSharedTexture(options, ...args)` _Experimental_
-
-* `options` Object - Options for sending shared texture.
-  * `frame` [WebFrameMain](web-frame-main.md) - The target frame to transfer the shared texture to. For `WebContents`, you can pass `webContents.mainFrame`. If you provide a `webFrameMain` that is not a main frame, you'll need to enable `webPreferences.nodeIntegrationInSubFrames` for this, since this feature requires [IPC](https://www.electronjs.org/docs/latest/api/web-frame-main#frameipc-readonly) between main and the frame.
-  * `importedSharedTexture` [SharedTextureImported](structures/shared-texture-imported.md) - The imported shared texture.
-* `...args` any[] - Additional arguments to pass to the renderer process.
-
-Send the imported shared texture to a renderer process. You must register a receiver at renderer process before calling this method. This method has a 1000ms timeout. Ensure the receiver is set and the renderer process is alive before calling this method.
-
-> [!NOTE]
-> This method is only available in the main process.
-
-Returns `Promise<void>` - Resolves when the transfer is complete.
-
-### `sharedTexture.setSharedTextureReceiver(callback)` _Experimental_
-
-* `callback` Function\<Promise\<void\>\> - The function to receive the imported shared texture.
-  * `receivedSharedTextureData` Object - The data received from the main process.
-    * `importedSharedTexture` [SharedTextureImported](structures/shared-texture-imported.md) - The imported shared texture.
-  * `...args` any[] - Additional arguments passed from the main process.
-
-Set a callback to receive imported shared textures from the main process.
-
-> [!NOTE]
-> This method is only available in the renderer process.
-
-## Properties
-
-The `sharedTexture` module has the following properties:
-
-### `sharedTexture.subtle` _Experimental_
-
-A [`SharedTextureSubtle`](structures/shared-texture-subtle.md) property, provides subtle APIs for interacting with shared texture for advanced users.

docs/api/shell.md

@@ -29,14 +29,6 @@ Show the given file in a file manager. If possible, select the file.
 
 ### `shell.openPath(path)`
 
-<!--
-```YAML history
-added:
-  - pr-url: https://github.com/electron/electron/pull/20682
-    breaking-changes-header: api-changed-shellopenitem-is-now-shellopenpath
-```
--->
-
 * `path` string
 
 Returns `Promise<string>` - Resolves with a string containing the error message corresponding to the failure if a failure occurred, otherwise "".
@@ -45,18 +37,6 @@ Open the given file in the desktop's default manner.
 
 ### `shell.openExternal(url[, options])`
 
-<!--
-```YAML history
-changes:
-  - pr-url: https://github.com/electron/electron/pull/4508
-    description: "Added `activate` option."
-  - pr-url: https://github.com/electron/electron/pull/15065
-    description: "Added `workingDirectory` option."
-  - pr-url: https://github.com/electron/electron/pull/37139
-    description: "Added `logUsage` option."
-```
--->
-
 * `url` string - Max 2081 characters on Windows.
 * `options` Object (optional)
   * `activate` boolean (optional) _macOS_ - `true` to bring the opened application to the foreground. The default is `true`.
@@ -70,14 +50,6 @@ Open the given external protocol URL in the desktop's default manner. (For examp
 
 ### `shell.trashItem(path)`
 
-<!--
-```YAML history
-added:
-  - pr-url: https://github.com/electron/electron/pull/25114
-    breaking-changes-header: deprecated-shellmoveitemtotrash
-```
--->
-
 * `path` string - path to the item to be moved to the trash.
 
 Returns `Promise<void>` - Resolves when the operation has been completed.
@@ -86,10 +58,6 @@ Rejects if there was an error while deleting the requested item.
 This moves a path to the OS-specific trash location (Trash on macOS, Recycle
 Bin on Windows, and a desktop-environment-specific location on Linux).
 
-The path must use the default path separator for the platform (backslash on
-Windows). Use `path.resolve()` from the `node:path` module to ensure correct
-handling on all filesystems.
-
 ### `shell.beep()`
 
 Play the beep sound.

docs/api/structures/base-window-options.md

@@ -72,9 +72,6 @@
   some GTK+3 desktop environments. Default is `false`.
 * `transparent` boolean (optional) - Makes the window [transparent](../../tutorial/custom-window-styles.md#transparent-windows).
   Default is `false`. On Windows, does not work unless the window is frameless.
-  When you add a [`View`](../view.md) to a `BaseWindow`, you'll need to call
-  [`view.setBackgroundColor`](../view.md#viewsetbackgroundcolorcolor) with a transparent
-  background color on that view to make its background transparent as well.
 * `type` string (optional) - The type of window, default is normal window. See more about
   this below.
 * `visualEffectState` string (optional) _macOS_ - Specify how the material
@@ -102,9 +99,9 @@
 * `trafficLightPosition` [Point](point.md) (optional) _macOS_ -
   Set a custom position for the traffic light buttons in frameless windows.
 * `roundedCorners` boolean (optional) _macOS_ _Windows_ - Whether frameless window
-  should have rounded corners. Default is `true`. On Windows versions older than
-  Windows 11 Build 22000 this property has no effect, and frameless windows will
-  not have rounded corners.
+  should have rounded corners. Default is `true`. Setting this property
+  to `false` will prevent the window from being fullscreenable on macOS.
+  On Windows versions older than Windows 11 Build 22000 this property has no effect, and frameless windows will not have rounded corners.
 * `thickFrame` boolean (optional) _Windows_ - Use `WS_THICKFRAME` style for
   frameless windows on Windows, which adds the standard window frame. Setting it
   to `false` will remove window shadow and window animations, and disable window

docs/api/structures/display.md

@@ -7,7 +7,7 @@
 * `depthPerComponent` number - The number of bits per color component.
 * `detected` boolean - `true` if the display is detected by the system.
 * `displayFrequency` number - The display refresh rate.
-* `id` number - Unique identifier associated with the display. A value of -1 means the display is invalid or the correct `id` is not yet known, and a value of -10 means the display is a virtual display assigned to a unified desktop.
+* `id` number - Unique identifier associated with the display. A value of of -1 means the display is invalid or the correct `id` is not yet known, and a value of -10 means the display is a virtual display assigned to a unified desktop.
 * `internal` boolean - `true` for an internal display and `false` for an external display.
 * `label` string - User-friendly label, determined by the platform.
 * `maximumCursorSize` [Size](size.md) - Maximum cursor size in native pixels.

docs/api/structures/notification-action.md

@@ -1,15 +1,13 @@
 # NotificationAction Object
 
-* `type` string - The type of action, can be `button` or `selection`. `selection` is only supported on Windows.
+* `type` string - The type of action, can be `button`.
 * `text` string (optional) - The label for the given action.
-* `items` string[] (optional) _Windows_ - The list of items for the `selection` action `type`.
 
 ## Platform / Action Support
 
 | Action Type | Platform Support | Usage of `text` | Default `text` | Limitations |
 |-------------|------------------|-----------------|----------------|-------------|
-| `button`    | macOS, Windows   | Used as the label for the button | "Show" on macOS (localized) if first `button`, otherwise empty; Windows uses provided `text` | macOS: Only the first one is used as primary; others shown as additional actions (hover). Incompatible with `hasReply` (beyond first ignored). |
-| `selection` | Windows          | Used as the label for the submit button for the selection menu | "Select" | Requires an `items` array property specifying option labels. Emits the `action` event with `(index, selectedIndex)` where `selectedIndex` is the chosen option (>= 0). Ignored on platforms that do not support selection actions. |
+| `button`    | macOS            | Used as the label for the button | "Show" (or a localized string by system default if first of such `button`, otherwise empty) | Only the first one is used. If multiple are provided, those beyond the first will be listed as additional actions (displayed when mouse active over the action button). Any such action also is incompatible with `hasReply` and will be ignored if `hasReply` is `true`. |
 
 ### Button support on macOS
 
@@ -17,37 +15,6 @@ In order for extra notification buttons to work on macOS your app must meet the
 following criteria.
 
 * App is signed
-* App has its `NSUserNotificationAlertStyle` set to `alert` in the `Info.plist`.
+* App has it's `NSUserNotificationAlertStyle` set to `alert` in the `Info.plist`.
 
 If either of these requirements are not met the button won't appear.
-
-### Selection support on Windows
-
-To add a selection (combo box) style action, include an action with `type: 'selection'`, a `text` label for the submit button, and an `items` array of strings:
-
-```js
-const { Notification, app } = require('electron')
-
-app.whenReady().then(() => {
-  const items = ['One', 'Two', 'Three']
-  const n = new Notification({
-    title: 'Choose an option',
-    actions: [{
-      type: 'selection',
-      text: 'Apply',
-      items
-    }]
-  })
-
-  n.on('action', (e) => {
-    console.log(`User triggered action at index: ${e.actionIndex}`)
-    if (e.selectionIndex > 0) {
-      console.log(`User chose selection item '${items[e.selectionIndex]}'`)
-    }
-  })
-
-  n.show()
-})
-```
-
-When the user activates the selection action, the notification's `action` event will be emitted with two parameters: `actionIndex` (the action's index in the `actions` array) and `selectedIndex` (the zero-based index of the chosen item, or `-1` if unavailable). On non-Windows platforms selection actions are ignored.

docs/api/structures/shared-texture-handle.md

@@ -1,6 +1,6 @@
 # SharedTextureHandle Object
 
-* `ntHandle` Buffer (optional) _Windows_ - NT HANDLE holds the shared texture. Note that this NT HANDLE is local to current process.  Output textures of `rgba`, `bgra`, `rgbaf16` formats don't have a keyed mutex on the texture handle, but `nv12` format texture handles do have a keyed mutex.
+* `ntHandle` Buffer (optional) _Windows_ - NT HANDLE holds the shared texture. Note that this NT HANDLE is local to current process.
 * `ioSurface` Buffer (optional) _macOS_ - IOSurfaceRef holds the shared texture. Note that this IOSurface is local to current process (not global).
 * `nativePixmap` Object (optional) _Linux_ - Structure contains planes of shared texture.
   * `planes` Object[] _Linux_ - Each plane's info of the shared texture.

docs/api/structures/shared-texture-import-texture-info.md

@@ -1,13 +0,0 @@
-# SharedTextureImportTextureInfo Object
-
-* `pixelFormat` string - The pixel format of the texture.
-  * `bgra` - 32bpp BGRA (byte-order), 1 plane.
-  * `rgba` - 32bpp RGBA (byte-order), 1 plane.
-  * `rgbaf16` - Half float RGBA, 1 plane.
-  * `nv12` - 12bpp with Y plane followed by a 2x2 interleaved UV plane.
-  * `p010le` - 4:2:0 10-bit YUV (little-endian), Y plane followed by a 2x2 interleaved UV plane.
-* `colorSpace` [ColorSpace](color-space.md) (optional) - The color space of the texture.
-* `codedSize` [Size](size.md) - The full dimensions of the shared texture.
-* `visibleRect` [Rectangle](rectangle.md) (optional) - A subsection of [0, 0, codedSize.width, codedSize.height]. In common cases, it is the full section area.
-* `timestamp` number (optional) - A timestamp in microseconds that will be reflected to `VideoFrame`.
-* `handle` [SharedTextureHandle](shared-texture-handle.md) - The shared texture handle.